Does Moova have any unpatched vulnerabilities?

No. All known vulnerabilities in Moova have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Moova compatible with PHP 7.0+?

Moova requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Moova updated?

Moova was last updated on Nov 20, 2025. Frequent updates are generally a positive security signal.

What is Moova's security score?

Moova has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Moova Security & Risk Analysis

wordpress.org/plugins/moova-for-woocommerce

Plugin to connect Moova's Shipping services with WooCommerce

10 active installs v7.3 PHP 7.0+ WP 6.5+ Updated Nov 20, 2025

envioslogisticashipmentswoocommerce

A · Safe

CVEs total1

Unpatched0

Last CVEAug 13, 2021

Download

Safety Verdict

Is Moova Safe to Use in 2026?

Generally Safe

Score 100/100

Moova has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Aug 13, 2021Updated 4mo ago

Risk Assessment

The moova-for-woocommerce plugin version 7.3 exhibits a mixed security posture. On the positive side, it demonstrates good practices regarding SQL queries, utilizing prepared statements exclusively, and a high percentage of properly escaped output. The absence of dangerous functions and external HTTP requests is also commendable. However, a significant concern arises from the large attack surface, particularly the 6 AJAX handlers that lack authentication checks. This oversight presents a substantial risk of unauthorized access and potential manipulation of plugin functionalities. The presence of one known medium-severity Cross-site Scripting (XSS) vulnerability in its history, although currently patched, indicates a past weakness that warrants continued vigilance. While the plugin has no currently unpatched vulnerabilities and a low number of taint flows, the unprotected AJAX endpoints are a critical area that could be exploited to introduce new vulnerabilities.

Key Concerns

6 AJAX handlers without auth checks
1 medium severity vulnerability in history

Vulnerabilities

Moova Security Vulnerabilities

CVEs by Year

1 CVE in 2021

2021

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2021-34664medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Moova for WooCommerce <= 3.5 - Reflected Cross-Site Scripting

Aug 13, 2021 Patched in 3.6 (892d)

Code Analysis

Analyzed Mar 16, 2026

Moova Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

99 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

99% escaped100 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

get_ajax_moova_custom_fields (Checkout\Checkout.php:64)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

6 unprotected

Moova Attack Surface

Entry Points8

Unprotected6

AJAX Handlers 6

authwp_ajax_generate_order_shipping_labelHooks.php:24

authwp_ajax_change_order_statusHooks.php:25

authwp_ajax_get_autocomplete_streetHooks.php:26

authwp_ajax_set_rate_minimum_shippingsHooks.php:27

authwp_ajax_moova_custom_fieldsHooks.php:57

noprivwp_ajax_moova_custom_fieldsHooks.php:58

Shortcodes 2

[moova_tracking_form] Hooks.php:31

[sm_logistics_tracking_form] Hooks.php:32

WordPress Hooks 27

actionadmin_noticesHooks.php:6

actionadmin_enqueue_scriptsHooks.php:10

actionadmin_initHooks.php:13

actionadmin_initHooks.php:14

filterwoocommerce_shipping_methodsHooks.php:18

filterwoocommerce_cart_shipping_method_full_labelHooks.php:19

actionwoocommerce_order_status_changedHooks.php:22

actionadd_meta_boxesHooks.php:23

actionwoocommerce_saved_order_itemsHooks.php:29

actionwoocommerce_api_wc-moova-ordersHooks.php:35

filterbulk_actions-edit-shop_orderHooks.php:38

filterbulk_actions-woocommerce_page_wc-ordersHooks.php:39

filterhandle_bulk_actions-edit-shop_orderHooks.php:41

actionadmin_noticesHooks.php:42

filterhandle_bulk_actions-edit-shop_orderHooks.php:45

actionadmin_noticesHooks.php:46

filterhandle_bulk_actions-edit-shop_orderHooks.php:49

actionadmin_noticesHooks.php:50

filterwoocommerce_default_address_fieldsHooks.php:56

actionwoocommerce_checkout_update_order_reviewHooks.php:59

filterwoocommerce_admin_billing_fieldsHooks.php:60

filterwoocommerce_admin_shipping_fieldsHooks.php:61

actionwoocommerce_after_checkout_formHooks.php:62

filterwoocommerce_thankyou_order_received_textHooks.php:63

actionplugins_loadedwoo-moova.php:49

actionadmin_menuwoo-moova.php:50

actionadmin_enqueue_scriptswoo-moova.php:51

Maintenance & Trust

Moova Maintenance & Trust

Maintenance Signals

WordPress version tested

Last updatedNov 20, 2025

PHP min version7.0

Downloads10K

Community Trust

Rating100/100

Number of ratings1

Active installs10

Alternatives

Moova Alternatives

DrEnvio for WooCommerce

drenvio-for-woocommerce

Permite que tus clientes coticen por más de 10 paqueterías desde el checkout de tu tienda y con esto aumenta tu conversión.

100 No CVEs

Emissary for Woocommerce

emissary-for-woocommerce

El software esencial de logística para su negocio. Muestre costos de envío variables en función de la dirección de su tienda y la dirección del client …

10 No CVEs

Shiptastic for WooCommerce

shiptastic-for-woocommerce

100

Shiptastic for WooCommerce is your all-in-one shipping and fulfillment solution for WooCommerce.

10K No CVEs

SEUR Oficial

seur

Add SEUR shipping method to WooCommerce. The SEUR plugin for WooCommerce allows you to manage your order dispatches in a fast and easy way

1K 5 CVEs

SuperFrete

superfrete

100

Integração com a plataforma SuperFrete para WooCommerce.

1K No CVEs

Developer Profile

Moova Developer Profile

moova

1 plugin · 10 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

892 days

View full developer profile

Detection Fingerprints

How We Detect Moova

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/moova-for-woocommerce/assets/css/settings.css/wp-content/plugins/moova-for-woocommerce/assets/css/rate.css/wp-content/plugins/moova-for-woocommerce/assets/js/orders.min.js/wp-content/plugins/moova-for-woocommerce/assets/js/settings.js/wp-content/plugins/moova-for-woocommerce/assets/js/rate.js

Script Paths

HTML / DOM Fingerprints

CSS Classes

wc-moova-settings-csswc-moova-rate-csswc-moova-orders-jswc-moova-settings-jswc-moova-rating-js

FAQ