Does Muambator Webhooks para WooCommerce have any unpatched vulnerabilities?

No. All known vulnerabilities in Muambator Webhooks para WooCommerce have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Muambator Webhooks para WooCommerce compatible with WordPress 4.9.29?

According to WordPress.org data, Muambator Webhooks para WooCommerce 1.1.0 has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

Is Muambator Webhooks para WooCommerce compatible with PHP 5.6+?

Muambator Webhooks para WooCommerce requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Muambator Webhooks para WooCommerce updated?

Muambator Webhooks para WooCommerce was last updated on Oct 11, 2018. Frequent updates are generally a positive security signal.

What is Muambator Webhooks para WooCommerce's security score?

Muambator Webhooks para WooCommerce has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Muambator Webhooks para WooCommerce Security & Risk Analysis

wordpress.org/plugins/muambator-webhooks-para-woocommerce

Integration with Muambator PRO Webhooks

10 active installs v1.1.0 PHP 5.6+ WP 4.0+ Updated Oct 11, 2018

correiosdeliverymuambatorshippingwoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Muambator Webhooks para WooCommerce Safe to Use in 2026?

Generally Safe

Score 85/100

Muambator Webhooks para WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago

Risk Assessment

The "muambator-webhooks-para-woocommerce" plugin v1.1.0 exhibits several significant security weaknesses that warrant concern, despite its lack of recorded vulnerabilities in its history. The static analysis reveals a substantial attack surface with one unprotected REST API route. This is particularly worrying as REST API endpoints are often targeted for unauthorized data access or manipulation. The code signals further highlight critical issues: 100% of SQL queries are not using prepared statements, and a very low 7% of outputs are properly escaped. This combination strongly suggests a high risk of SQL injection and Cross-Site Scripting (XSS) vulnerabilities, especially given that the taint analysis found flows with unsanitized paths. While there are no known CVEs, this can often be an indicator of a plugin that hasn't been thoroughly audited or has flown under the radar, rather than a testament to its security. The lack of nonce and capability checks on the identified entry points further exacerbates these risks, allowing unauthenticated or unauthorized users to potentially interact with sensitive functionalities.

Key Concerns

REST API routes without permission callbacks
SQL queries without prepared statements
Low output escaping percentage
Flows with unsanitized paths
No nonce checks
No capability checks

Vulnerabilities

None known

Muambator Webhooks para WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Muambator Webhooks para WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

2 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared2 total queries

Output Escaping

7% escaped28 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

mbwebhook_tracking_render (templates\muambator-order-tracking-details.php:20)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Muambator Webhooks para WooCommerce Attack Surface

Entry Points1

Unprotected1

REST API Routes 1

POST/wp-json/mb-webhook/v1/receiveincludes\mb-webhook-process.php:10

WordPress Hooks 10

actioninitincludes\mb-webhook-db.php:9

actionrest_api_initincludes\mb-webhook-process.php:7

actionadmin_menutemplates\mbwebhooks-csv-export.php:99

actionadmin_post_export_mb_csvtemplates\mbwebhooks-csv-export.php:130

actionadd_meta_boxestemplates\mbwebhooks-order-block.php:8

actionadmin_menutemplates\muambator-order-tracking-details.php:7

actionadmin_menutemplates\muambator-webhook.php:25

actionadmin_inittemplates\muambator-webhook.php:35

actionwoocommerce_initWC_MBWebhook_class.php:10

actionplugins_loadedWC_MBWebhook_class.php:11

Maintenance & Trust

Muambator Webhooks para WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedOct 11, 2018

PHP min version5.6

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Muambator Webhooks para WooCommerce Alternatives

Claudio Sanches – Correios for WooCommerce

woocommerce-correios

Integration between the Correios and WooCommerce

30K No CVEs

Frenet Shipping Gateway for WooCommerce – Correios, Etiquetas e Rastreio

woo-shipping-gateway

100

Frete inteligente, simples e acessível para negócios que querem crescer

5K No CVEs

Shiprocket

shiprocket

Auto Sync your Woocommerce store orders & ship them at lowest shipping rates. Automate your shipping, save time & money.

10K 1 unpatched

MyParcel

woocommerce-myparcel

Export your WooCommerce orders to MyParcel (www.myparcel.nl) and print labels directly from the WooCommerce admin

9K 1 CVE

YITH WooCommerce Order & Shipment Tracking

yith-woocommerce-order-tracking

Add an easy tool to manage order shipping information of your shop and to notified your customers about the shipping.

7K 1 CVE

Developer Profile

Muambator Webhooks para WooCommerce Developer Profile

Flecha

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Muambator Webhooks para WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/muambator-webhooks-para-woocommerce/assets/img/black.png/wp-content/plugins/muambator-webhooks-para-woocommerce/assets/img/blue.png/wp-content/plugins/muambator-webhooks-para-woocommerce/assets/img/brown.png/wp-content/plugins/muambator-webhooks-para-woocommerce/assets/img/gray.png/wp-content/plugins/muambator-webhooks-para-woocommerce/assets/img/green.png/wp-content/plugins/muambator-webhooks-para-woocommerce/assets/img/orange.png/wp-content/plugins/muambator-webhooks-para-woocommerce/assets/img/red.png/wp-content/plugins/muambator-webhooks-para-woocommerce/assets/img/white.png+1 more

HTML / DOM Fingerprints

CSS Classes

wp-heading-inline

HTML Comments

Check if WooCommerce and WooCommerce Correios is activeRegister tracking code metabox.CSV Generation action

Data Attributes

name="mb-additional-email"name="mb-csv-months-track-email"name="mb-csv-status-check"name="mb-trackings-metafield"action="<?php echo admin_url( 'admin-post.php' ); ?>"name="action" value="export_mb_csv"+2 more

REST Endpoints

/mb-webhook/v1/receive

FAQ