WP-Safety

Mojito Shipping Security & Risk Analysis

wordpress.org/plugins/mojito-shipping

Weight-based rates for WooCommerce. Simple method shipping support. Correos de Costa Rica web service support for tracking codes. Multisite support.

90 active installs v1.5.10 PHP 7.4+ WP 5.2+ Updated Jan 28, 2025
ecommerceshippingweight-based-shippingwoocommercewoocommerce-shipping
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Mojito Shipping Safe to Use in 2026?

Generally Safe

Score 92/100

Mojito Shipping has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The mojito-shipping plugin exhibits a concerning security posture primarily due to a significant number of unprotected AJAX handlers. While the plugin demonstrates strengths in other areas, such as 100% use of prepared statements for SQL queries and a clean vulnerability history, the lack of authentication checks on 12 AJAX entry points presents a substantial risk. This wide attack surface without proper authorization controls means that any user, potentially even unauthenticated ones, could trigger unintended functionality within these AJAX endpoints. The taint analysis also highlights a weakness, with 13 out of 15 flows having unsanitized paths, although thankfully no critical or high severity issues were identified in this analysis. The presence of bundled Freemius library, version 1.0, could also represent a potential risk if it contains known vulnerabilities. Overall, the plugin has good practices regarding database interactions and a clean historical record, but the critical flaw of numerous unprotected AJAX handlers demands immediate attention to mitigate potential security breaches.

Key Concerns

  • Large attack surface without auth checks
  • Unsanitized paths in taint flows
  • Bundled outdated library (Freemius v1.0)
  • Low output escaping coverage
Vulnerabilities
None known

Mojito Shipping Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Mojito Shipping Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
40
41 escaped
Nonce Checks
1
Capability Checks
0
File Operations
9
External Requests
8
Bundled Libraries
1

Bundled Libraries

Freemius1.0

Output Escaping

51% escaped81 total outputs
Data Flows
13 unsanitized

Data Flow Analysis

15 flows13 with unsanitized paths
get_pymexpress_cantons_list_ajax (includes\class-mojito-shipping-address.php:457)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
12 unprotected

Mojito Shipping Attack Surface

Entry Points12
Unprotected12

AJAX Handlers 12

authwp_ajax_mojito_shipping_ccr_manual_request_guide_numberincludes\class-mojito-shipping.php:373
authwp_ajax_mojito_shipping_ccr_manual_register_guide_numberincludes\class-mojito-shipping.php:378
authwp_ajax_mojito_shipping_ccr_download_pdfincludes\class-mojito-shipping.php:383
authwp_ajax_mojito_shipping_ccr_download_pdf_customerincludes\class-mojito-shipping.php:389
authwp_ajax_mojito_shipping_pymexpress_manual_request_guide_numberincludes\class-mojito-shipping.php:419
authwp_ajax_mojito_shipping_pymexpress_manual_register_guide_numberincludes\class-mojito-shipping.php:424
authwp_ajax_mojito_shipping_pymexpress_download_pdfincludes\class-mojito-shipping.php:429
authwp_ajax_mojito_shipping_pymexpress_download_pdf_customerincludes\class-mojito-shipping.php:435
authwp_ajax_mojito_shipping_pymexpress_get_provinces_listincludes\class-mojito-shipping.php:442
authwp_ajax_mojito_shipping_pymexpress_get_cantons_listincludes\class-mojito-shipping.php:443
authwp_ajax_mojito_shipping_pymexpress_get_district_listincludes\class-mojito-shipping.php:444
authwp_ajax_mojito_shipping_pymexpress_get_cities_listincludes\class-mojito-shipping.php:445
WordPress Hooks 44
filterwoocommerce_admin_billing_fieldsincludes\class-mojito-shipping-address.php:54
filterwoocommerce_admin_shipping_fieldsincludes\class-mojito-shipping-address.php:55
actionwp_enqueue_scriptsincludes\class-mojito-shipping-address.php:62
actionadmin_enqueue_scriptsincludes\class-mojito-shipping-address.php:63
filterwoocommerce_statesincludes\class-mojito-shipping-address.php:68
filterwoocommerce_default_address_fieldsincludes\class-mojito-shipping-address.php:73
actionwp_headincludes\class-mojito-shipping-address.php:78
filterwoocommerce_package_ratesincludes\class-mojito-shipping-method-ccr.php:89
filterwoocommerce_cart_shipping_method_full_labelincludes\class-mojito-shipping-method-ccr.php:93
filterwoocommerce_package_ratesincludes\class-mojito-shipping-method-pymexpress.php:101
filterwoocommerce_cart_shipping_method_full_labelincludes\class-mojito-shipping-method-pymexpress.php:106
actioninitincludes\class-mojito-shipping.php:122
actionplugins_loadedincludes\class-mojito-shipping.php:297
actionadmin_enqueue_scriptsincludes\class-mojito-shipping.php:316
actionadmin_enqueue_scriptsincludes\class-mojito-shipping.php:317
actionadmin_menuincludes\class-mojito-shipping.php:318
actionwp_enqueue_scriptsincludes\class-mojito-shipping.php:332
actionwp_enqueue_scriptsincludes\class-mojito-shipping.php:333
actionwoocommerce_checkout_after_customer_detailsincludes\class-mojito-shipping.php:356
actionwoocommerce_checkout_update_order_metaincludes\class-mojito-shipping.php:358
actionwoocommerce_thankyouincludes\class-mojito-shipping.php:360
actionwoocommerce_order_details_after_order_table_itemsincludes\class-mojito-shipping.php:362
actionwoocommerce_admin_order_data_after_billing_addressincludes\class-mojito-shipping.php:364
actionload-post.phpincludes\class-mojito-shipping.php:366
actionwoocommerce_email_after_order_tableincludes\class-mojito-shipping.php:368
actionwoocommerce_checkout_after_customer_detailsincludes\class-mojito-shipping.php:402
actionwoocommerce_checkout_update_order_metaincludes\class-mojito-shipping.php:404
actionwoocommerce_order_status_changedincludes\class-mojito-shipping.php:406
actionwoocommerce_order_details_after_order_table_itemsincludes\class-mojito-shipping.php:408
actionwoocommerce_admin_order_data_after_billing_addressincludes\class-mojito-shipping.php:410
actionload-post.phpincludes\class-mojito-shipping.php:412
actionwoocommerce_email_after_order_tableincludes\class-mojito-shipping.php:414
filterget_custom_logoincludes\class-mojito-shipping.php:1308
filterget_custom_logoincludes\class-mojito-shipping.php:2433
actionwoocommerce_shipping_initincludes\class-mojito-shipping.php:2547
filterwoocommerce_shipping_methodsincludes\class-mojito-shipping.php:2561
actionwoocommerce_shipping_initincludes\class-mojito-shipping.php:2572
filterwoocommerce_shipping_methodsincludes\class-mojito-shipping.php:2586
actionwoocommerce_shipping_initincludes\class-mojito-shipping.php:2597
filterwoocommerce_shipping_methodsincludes\class-mojito-shipping.php:2612
actionwoocommerce_shipping_initincludes\class-mojito-shipping.php:2623
filterwoocommerce_shipping_methodsincludes\class-mojito-shipping.php:2637
actionadmin_noticesmojito-shipping.php:58
actionbefore_woocommerce_initmojito-shipping.php:124

Scheduled Events 4

mojito-shipping-pymexpress-cron-control-check-ip
mojito-shipping-pymexpress-cron-control-check-api
mojito-shipping-pymexpress-cron-control-complete-orders
mojito-shipping-pymexpress-cron-control-update-exchange-rate
Maintenance & Trust

Mojito Shipping Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedJan 28, 2025
PHP min version7.4
Downloads7K

Community Trust

Rating100/100
Number of ratings4
Active installs90
Alternatives

Mojito Shipping Alternatives

AfterShip Shipping: Free Shipping Labels for WooCommerce, Discounted Shipping Rates

AfterShip Shipping: Free Shipping Labels for WooCommerce, Discounted Shipping Rates

postmen-woo-shipping

A
100

WooCommerce Shipping - Print shipping labels faster, compare costs and delivery time across 60 carrier services to optimize your shipping routes.

200 No CVEs
Weight Based Shipping Table Rate for WooCommerce – Flexible Shipping

Weight Based Shipping Table Rate for WooCommerce – Flexible Shipping

flexible-shipping

A
99

Weight based shipping methods for WooCommerce. Flexible shipping with table rate rules by cart weight and order value. Accurate rates at checkout.

100K 2 CVEs
Weight Based Shipping for WooCommerce

Weight Based Shipping for WooCommerce

weight-based-shipping-for-woocommerce

A
100

Weight Based Shipping is a flexible and widely-used solution to calculate shipping costs based on the total cart weight and value.

60K 1 CVE
Russian Post and EMS for WooCommerce

Russian Post and EMS for WooCommerce

russian-post-and-ems-for-woocommerce

A
85

The plugin allows you to automatically calculate shipping costs of "Russian Post" or "EMS"

1K No CVEs
Express, Certified Post, Bike Delivery and Iranian Postal Companies for WooCommerce

Express, Certified Post, Bike Delivery and Iranian Postal Companies for WooCommerce

woocommerce-iran-post-shipping

A
100

Express & Certified Post, Bike Delivery and Iranian Postal Companies for WooCommerce

1K No CVEs
Developer Profile

Mojito Shipping Developer Profile

quantumdev

2 plugins · 390 total installs

88
trust score
Avg Security Score
92/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Mojito Shipping

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/mojito-shipping/admin/css/mojito-shipping-admin.css/wp-content/plugins/mojito-shipping/admin/js/mojito-shipping-admin.js/wp-content/plugins/mojito-shipping/includes/class-mojito-shipping.php/wp-content/plugins/mojito-shipping/load-freemius.php
Script Paths
/wp-content/plugins/mojito-shipping/admin/js/mojito-shipping-admin.js
Version Parameters
mojito-shipping/admin/css/mojito-shipping-admin.css?ver=mojito-shipping/admin/js/mojito-shipping-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
mojito-shipping-settings-debug
Data Attributes
data-input-iddata-label-id
JS Globals
mojito_shipping_fsmojito_shipping
FAQ

Frequently Asked Questions about Mojito Shipping