Does Morkva Nova Post have any unpatched vulnerabilities?

No. All known vulnerabilities in Morkva Nova Post have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Morkva Nova Post compatible with WordPress 6.9.4?

According to WordPress.org data, Morkva Nova Post 0.4.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Morkva Nova Post compatible with PHP 7.4+?

Morkva Nova Post requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Morkva Nova Post updated?

Morkva Nova Post was last updated on Unknown. Frequent updates are generally a positive security signal.

What is Morkva Nova Post's security score?

Morkva Nova Post has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Morkva Nova Post Security & Risk Analysis

wordpress.org/plugins/mrkv-nova-post

Nova Post - European logistics company operating in Germany, Austria, Moldova, Latvia, Estonia, Lithuania, Poland, Romania, Slovakia, Czech Republic, …

10 active installs v0.4.1 PHP 7.4+ WP 5.4+ Updated Unknown

nova-post

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Morkva Nova Post Safe to Use in 2026?

Generally Safe

Score 100/100

Morkva Nova Post has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs

Risk Assessment

The 'mrkv-nova-post' plugin version 0.4.1 exhibits a mixed security posture. On the positive side, it has no known historical vulnerabilities (CVEs) and its static analysis shows a complete absence of dangerous functions, direct SQL queries, and file operations. The plugin also correctly utilizes prepared statements for all SQL queries, which is a strong indicator of secure database interaction. Taint analysis reveals no identified unsanitized paths, suggesting a good effort in preventing data injection vulnerabilities.

However, there are notable areas of concern. A significant portion (56%) of output is not properly escaped, leaving it potentially vulnerable to Cross-Site Scripting (XSS) attacks. While the plugin has a small attack surface consisting of two AJAX handlers, the static analysis indicates that none of these entry points have explicit authentication checks. This is a critical oversight that could allow unauthenticated users to trigger plugin functionality. Furthermore, the plugin makes 7 external HTTP requests, and the security implications of these requests are not detailed in the provided data, but they represent a potential attack vector if not handled securely.

In conclusion, while the plugin's developers have demonstrated good practices regarding SQL and taint analysis, the lack of output escaping and, more importantly, the absence of authentication checks on AJAX handlers present significant security risks. The clean vulnerability history is a positive sign, but it does not negate the identified weaknesses in the current version. Addressing the XSS and authentication vulnerabilities on AJAX endpoints should be a high priority.

Key Concerns

High percentage of unescaped output
AJAX handlers without authentication checks
External HTTP requests (potential risk)

Vulnerabilities

None known

Morkva Nova Post Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Morkva Nova Post Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

44 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2

Output Escaping

44% escaped100 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

get_novapost_warehouse (classes\woocommerce\checkout\class-mrkv-nova-checkout.php:166)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Morkva Nova Post Attack Surface

Entry Points2

Unprotected0

AJAX Handlers 2

authwp_ajax_novapost_warehouse_autocompleteclasses\woocommerce\checkout\class-mrkv-nova-checkout.php:20

noprivwp_ajax_novapost_warehouse_autocompleteclasses\woocommerce\checkout\class-mrkv-nova-checkout.php:21

WordPress Hooks 15

actionadmin_enqueue_scriptsclasses\settings\class-mrkv-nova-admin-assets.php:16

actionadmin_menuclasses\settings\class-mrkv-nova-menu.php:16

actionadmin_initclasses\settings\class-mrkv-nova-options.php:16

actionwoocommerce_checkout_processclasses\woocommerce\checkout\class-mrkv-nova-checkout-validation.php:16

filterwoocommerce_checkout_fieldsclasses\woocommerce\checkout\class-mrkv-nova-checkout-validation.php:17

filterwoocommerce_checkout_posted_dataclasses\woocommerce\checkout\class-mrkv-nova-checkout-validation.php:18

filterwoocommerce_ship_to_different_address_checkedclasses\woocommerce\checkout\class-mrkv-nova-checkout-validation.php:106

filterbody_classclasses\woocommerce\checkout\class-mrkv-nova-checkout.php:15

actionwp_enqueue_scriptsclasses\woocommerce\checkout\class-mrkv-nova-checkout.php:16

actionwoocommerce_after_checkout_billing_formclasses\woocommerce\checkout\class-mrkv-nova-checkout.php:17

filterwoocommerce_package_ratesclasses\woocommerce\checkout\class-mrkv-nova-checkout.php:18

actionwoocommerce_checkout_create_orderclasses\woocommerce\checkout\class-mrkv-nova-order.php:15

actionwoocommerce_shipping_initclasses\woocommerce\class-mrkv-nova-woocommerce.php:24

filterwoocommerce_shipping_methodsclasses\woocommerce\class-mrkv-nova-woocommerce.php:26

actionbefore_woocommerce_initmrkv-nova-post.php:21

Maintenance & Trust

Morkva Nova Post Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedUnknown

PHP min version7.4

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Morkva Nova Post Alternatives

WC Ukraine Shipping – Integration of Nova Poshta and Ukrposhta for WooCommerce

wc-ukr-shipping

100

Connect Nova Poshta, Ukrposhta, Meest or international delivery services with your store. Create labels, track orders and calculate rates in one place …

7K No CVEs

Nova Post for WooCommerce

nova-post-for-woocommerce

100

Official Nova Post shipping plugin for WooCommerce. Create shipments, calculate rates, print labels and track deliveries across Europe and Ukraine.

0 No CVEs

Developer Profile

Morkva Nova Post Developer Profile

Ihor Kit

14 plugins · 3K total installs

trust score

Avg Security Score

98/100

Avg Patch Time

11 days

View full developer profile

Detection Fingerprints

How We Detect Morkva Nova Post

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/mrkv-nova-post/assets/css/mrkv-nova-post-admin.css/wp-content/plugins/mrkv-nova-post/assets/css/selectWoo.min.css/wp-content/plugins/mrkv-nova-post/assets/js/selectWoo.js/wp-content/plugins/mrkv-nova-post/assets/js/mrkv-nova-post-admin.js/wp-content/plugins/mrkv-nova-post/assets/css/style.css/wp-content/plugins/mrkv-nova-post/assets/js/mrkv-nova-post.js

Script Paths

assets/js/selectWoo.jsassets/js/mrkv-nova-post-admin.jsassets/js/mrkv-nova-post.js

Version Parameters

mrkv-nova-post/assets/css/selectWoo.min.css?ver=mrkv-nova-post/assets/js/selectWoo.js?ver=mrkv-nova-post/assets/css/style.css?ver=mrkv-nova-post/assets/js/mrkv-nova-post.js?ver=

HTML / DOM Fingerprints

CSS Classes

mrkvnp-plugin-is-activemrkv-nova-post-fieldsmrkv-nova-post-select

Data Attributes

data-noncedata-url

JS Globals

mrkv_nova_globalsmrkvnovanonce

REST Endpoints

/wp-json/mrkv-nova-post/v1/settings

FAQ