Does MultiParcels Shipping For WooCommerce have any unpatched vulnerabilities?

No. All known vulnerabilities in MultiParcels Shipping For WooCommerce have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is MultiParcels Shipping For WooCommerce compatible with WordPress 6.9.4?

According to WordPress.org data, MultiParcels Shipping For WooCommerce 1.30.18 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is MultiParcels Shipping For WooCommerce compatible with PHP 7.4+?

MultiParcels Shipping For WooCommerce requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is MultiParcels Shipping For WooCommerce updated?

MultiParcels Shipping For WooCommerce was last updated on Feb 18, 2026. Frequent updates are generally a positive security signal.

What is MultiParcels Shipping For WooCommerce's security score?

MultiParcels Shipping For WooCommerce has a WP-Safety security score of 89/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

MultiParcels Shipping For WooCommerce Security & Risk Analysis

wordpress.org/plugins/multiparcels-shipping-for-woocommerce

Easiest, fastest and the cheapest way to integrate couriers with all deliveries methods to send parcels with just a few button clicks.

4K active installs v1.30.18 PHP 7.4+ WP 4.4+ Updated Feb 18, 2026

dpdinpostomnivapacketaunisend

A · Safe

CVEs total8

Unpatched0

Last CVEDec 5, 2025

Download

Safety Verdict

Is MultiParcels Shipping For WooCommerce Safe to Use in 2026?

Generally Safe

Score 89/100

MultiParcels Shipping For WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

8 known CVEsLast CVE: Dec 5, 2025Updated 1mo ago

Risk Assessment

The "multiparcels-shipping-for-woocommerce" plugin v1.30.18 presents a mixed security posture. While the static analysis shows good practices like a high percentage of prepared SQL statements and properly escaped output, and importantly, no critical or high severity taint flows, there are significant concerns. The plugin exposes 22 AJAX handlers, with 2 of them lacking any authentication checks, creating a direct entry point for unauthorized actions. The vulnerability history is a major red flag, with a total of 8 known CVEs, including 2 high severity vulnerabilities related to Missing Authorization and Cross-Site Request Forgery (CSRF). The presence of medium severity vulnerabilities in the past, such as SQL Injection and Cross-Site Scripting, also indicates a pattern of past security weaknesses. The last reported vulnerability in late 2025 suggests that while current unpatched vulnerabilities might be zero, the plugin has a history of being a target.

Key Concerns

Unprotected AJAX handlers
Total known CVEs (8)
High severity known CVEs (2)
Medium severity known CVEs (6)
SQL queries without prepared statements
Low percentage of capability checks

Vulnerabilities

MultiParcels Shipping For WooCommerce Security Vulnerabilities

CVEs by Year

6 CVEs in 2023

2023

1 CVE in 2024

2024

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

High

Medium

8 total CVEs

CVE-2025-62995medium · 4.3Missing Authorization

MultiParcels Shipping For WooCommerce <= 1.30.12 - Missing Authorization

Dec 5, 2025 Patched in 1.30.13 (15d)

CVE-2024-32095medium · 4.3Cross-Site Request Forgery (CSRF)

MultiParcels Shipping For WooCommerce < 1.16.9 - Cross-Site Request Forgery

Apr 11, 2024 Patched in 1.16.9 (7d)

CVE-2023-3366medium · 4.3Cross-Site Request Forgery (CSRF)

MultiParcels Shipping For WooCommerce <= 1.15.1 - Cross-Site Request Forgery

Jul 31, 2023 Patched in 1.15.2 (176d)

CVE-2023-3954medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

MultiParcels Shipping For WooCommerce <= 1.15.3 - Reflected Cross-Site Scripting

Jul 31, 2023 Patched in 1.15.4 (176d)

WF-c5ce2d08-6e01-4a7c-a2d5-ba98639107a8-multiparcels-shipping-for-woocommercehigh · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

MultiParcels Shipping For WooCommerce <= 1.15.5 - Unauthenticated Stored Cross-Site Scripting

Jul 25, 2023 Patched in 1.15.6 (182d)

CVE-2023-3671medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

MultiParcels Shipping For WooCommerce <= 1.15.3 - Reflected Cross-Site Scripting

Jul 17, 2023 Patched in 1.15.4 (190d)

CVE-2023-2843high · 8.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

MultiParcels Shipping For WooCommerce <= 1.14.12 - Authenticated(Subscriber+) SQL Injection via id

Jul 17, 2023 Patched in 1.14.15 (190d)

CVE-2023-3365medium · 6.3Missing Authorization

MultiParcels Shipping For WooCommerce <= 1.14.13 - Missing Authorization via get_history

Jul 17, 2023 Patched in 1.14.14 (190d)

Code Analysis

Analyzed Mar 16, 2026

MultiParcels Shipping For WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

19 prepared

Unescaped Output

122

834 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

59% prepared32 total queries

Output Escaping

87% escaped956 total outputs

Data Flows

All sanitized

Data Flow Analysis

15 flows

delete_shipping (includes\class-mp-amazing-shipping.php:131)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

MultiParcels Shipping For WooCommerce Attack Surface

Entry Points23

Unprotected2

AJAX Handlers 22

authwp_ajax_dismiss_admin_noticeincludes\persist-admin-notices-dismissal.php:97

authwp_ajax_multiparcels_order_pickup_pointsincludes\shipping\class-wc-mp-shipping-helper.php:88

noprivwp_ajax_multiparcels_checkout_get_pickup_pointsincludes\shipping\class-wc-mp-shipping-helper.php:90

authwp_ajax_multiparcels_checkout_get_pickup_pointsincludes\shipping\class-wc-mp-shipping-helper.php:92

noprivwp_ajax_multiparcels_checkout_get_pickup_points_classicincludes\shipping\class-wc-mp-shipping-helper.php:94

authwp_ajax_multiparcels_checkout_get_pickup_points_classicincludes\shipping\class-wc-mp-shipping-helper.php:96

noprivwp_ajax_multiparcels_set_terminal_valueincludes\shipping\class-wc-mp-shipping-helper.php:98

authwp_ajax_multiparcels_set_terminal_valueincludes\shipping\class-wc-mp-shipping-helper.php:100

noprivwp_ajax_multiparcels_checkout_get_pickup_points_blocksincludes\shipping\class-wc-mp-shipping-helper.php:102

authwp_ajax_multiparcels_checkout_get_pickup_points_blocksincludes\shipping\class-wc-mp-shipping-helper.php:104

noprivwp_ajax_multiparcels_checkout_get_pickup_points_siuntos_autobusais_blocksincludes\shipping\class-wc-mp-shipping-helper.php:106

authwp_ajax_multiparcels_checkout_get_pickup_points_siuntos_autobusais_blocksincludes\shipping\class-wc-mp-shipping-helper.php:108

noprivwp_ajax_multiparcels_is_preferred_delivery_time_availableincludes\shipping\class-wc-mp-shipping-helper.php:118

authwp_ajax_multiparcels_is_preferred_delivery_time_availableincludes\shipping\class-wc-mp-shipping-helper.php:122

noprivwp_ajax_multiparcels_venipak_door_codeincludes\shipping\class-wc-mp-shipping-helper.php:128

authwp_ajax_multiparcels_venipak_door_codeincludes\shipping\class-wc-mp-shipping-helper.php:132

authwp_ajax_load_additional_blockmultiparcels-shipping-for-woocommerce.php:984

noprivwp_ajax_load_additional_blockmultiparcels-shipping-for-woocommerce.php:985

authwp_ajax_checkout_blocks_hide_inputs_for_terminalmultiparcels-shipping-for-woocommerce.php:987

noprivwp_ajax_checkout_blocks_hide_inputs_for_terminalmultiparcels-shipping-for-woocommerce.php:988

authwp_ajax_multiparcels_store_pickup_selectionmultiparcels-shipping-for-woocommerce.php:999

noprivwp_ajax_multiparcels_store_pickup_selectionmultiparcels-shipping-for-woocommerce.php:1000

Shortcodes 1

[fee] includes\abstracts\abstract-wc-mp-shipping-method.php:1422

WordPress Hooks 81

actionadmin_post_multiparcels_request_api_keyincludes\class-mp-actions.php:29

actionadmin_post_multiparcels_update_dataincludes\class-mp-actions.php:31

actionadmin_post_multiparcels_run_automatic_confirmationincludes\class-mp-actions.php:33

actionadmin_post_multiparcels_carrier_changeincludes\class-mp-actions.php:35

actionmultiparcels_update_data_cronincludes\class-mp-actions.php:37

actionadmin_menuincludes\class-mp-admin.php:169

actionadmin_initincludes\class-mp-admin.php:173

actionadmin_menuincludes\class-mp-mass-shipping.php:39

actionbulk_actions-woocommerce_page_wc-ordersincludes\class-mp-mass-shipping.php:45

actionbulk_actions-edit-shop_orderincludes\class-mp-mass-shipping.php:48

actionbulk_actions-edit-shop_orderincludes\class-mp-mass-shipping.php:52

filterhandle_bulk_actions-woocommerce_page_wc-ordersincludes\class-mp-mass-shipping.php:62

filterhandle_bulk_actions-edit-shop_orderincludes\class-mp-mass-shipping.php:65

filterhandle_bulk_actions-edit-shop_orderincludes\class-mp-mass-shipping.php:69

actionadmin_noticesincludes\class-mp-notices.php:43

actionadmin_noticesincludes\class-mp-notices.php:64

actionadmin_noticesincludes\class-mp-notices.php:76

filterwoocommerce_shipping_initincludes\class-mp-woocommerce.php:37

filterwoocommerce_shipping_methodsincludes\class-mp-woocommerce.php:39

actionwoocommerce_after_checkout_formincludes\class-mp-woocommerce.php:43

filterwoocommerce_order_get_formatted_shipping_addressincludes\class-mp-woocommerce.php:47

actioninitincludes\class-mp-woocommerce.php:51

filterwoocommerce_cart_shipping_method_full_labelincludes\class-mp-woocommerce.php:100

actionwoocommerce_product_options_shippingincludes\class-mp-woocommerce.php:106

actionwoocommerce_process_product_metaincludes\class-mp-woocommerce.php:112

actionproduct_cat_add_form_fieldsincludes\class-mp-woocommerce.php:118

actionproduct_cat_edit_form_fieldsincludes\class-mp-woocommerce.php:122

actionedited_product_catincludes\class-mp-woocommerce.php:130

actioncreate_product_catincludes\class-mp-woocommerce.php:132

filterhttp_request_argsincludes\class-mp-woocommerce.php:137

filterwoocommerce_checkout_fieldsincludes\class-mp-woocommerce.php:144

filterwoocommerce_email_classesincludes\class-mp-woocommerce.php:148

actionmultiparcels_automatic_confirmation_cronincludes\class-mp-woocommerce.php:154

actionadd_meta_boxesincludes\class-mp-woocommerce.php:161

actionadd_meta_boxesincludes\class-mp-woocommerce.php:164

actionwoocommerce_process_shop_order_metaincludes\class-mp-woocommerce.php:172

actionsave_postincludes\class-mp-woocommerce.php:175

actionsave_postincludes\class-mp-woocommerce.php:179

actionwpo_wcpdf_after_order_dataincludes\class-mp-woocommerce.php:191

actioninitincludes\class-mp-woocommerce.php:197

filterwoocommerce_checkout_fieldsincludes\class-mp-woocommerce.php:199

filterwoocommerce_checkout_fieldsincludes\class-mp-woocommerce.php:217

filtermanage_woocommerce_page_wc-orders_columnsincludes\class-mp-woocommerce.php:222

filtermanage_edit-shop_order_columnsincludes\class-mp-woocommerce.php:225

filtermanage_edit-shop_order_columnsincludes\class-mp-woocommerce.php:229

actionmanage_woocommerce_page_wc-orders_custom_columnincludes\class-mp-woocommerce.php:235

actionmanage_shop_order_posts_custom_columnincludes\class-mp-woocommerce.php:303

actionmanage_shop_order_posts_custom_columnincludes\class-mp-woocommerce.php:307

actionadd_meta_boxesincludes\class-mp-woocommerce.php:313

actionwoocommerce_admin_order_data_after_shipping_addressincludes\class-mp-woocommerce.php:317

actionwoocommerce_process_shop_order_metaincludes\class-mp-woocommerce.php:325

actionsave_postincludes\class-mp-woocommerce.php:328

actionsave_postincludes\class-mp-woocommerce.php:332

actionwoocommerce_order_status_completedincludes\class-mp-woocommerce.php:337

actionadmin_enqueue_scriptsincludes\class-mp-woocommerce.php:2568

actionadmin_enqueue_scriptsincludes\class-mp-woocommerce.php:2617

actionadmin_enqueue_scriptsincludes\class-mp-woocommerce.php:2672

actionmultiparcels_automatic_confirmation_failedincludes\emails\class-multiparcels-automatic-confirmation-failed-email.php:63

actionadmin_enqueue_scriptsincludes\persist-admin-notices-dismissal.php:95

actionwoocommerce_email_customer_detailsincludes\shipping\class-wc-mp-shipping-helper.php:56

actionwoocommerce_admin_order_data_after_shipping_addressincludes\shipping\class-wc-mp-shipping-helper.php:64

actionwoocommerce_admin_shipping_fieldsincludes\shipping\class-wc-mp-shipping-helper.php:66

actionwoocommerce_order_details_after_order_tableincludes\shipping\class-wc-mp-shipping-helper.php:74

actionwoocommerce_after_checkout_validationincludes\shipping\class-wc-mp-shipping-helper.php:78

actionwoocommerce_after_checkout_validationincludes\shipping\class-wc-mp-shipping-helper.php:80

actionwoocommerce_checkout_update_order_metaincludes\shipping\class-wc-mp-shipping-helper.php:84

actionwoocommerce_email_before_order_tableincludes\shipping\class-wc-mp-shipping-helper.php:138

actionwoocommerce_emailincludes\shipping\class-wc-mp-shipping-helper.php:139

actionplugins_loadedmultiparcels-shipping-for-woocommerce.php:241

actionadmin_post_serve_labelmultiparcels-shipping-for-woocommerce.php:252

actionadmin_post_nopriv_serve_labelmultiparcels-shipping-for-woocommerce.php:253

filterupgrader_pre_installmultiparcels-shipping-for-woocommerce.php:299

filterupgrader_post_installmultiparcels-shipping-for-woocommerce.php:300

actionwoocommerce_store_api_checkout_order_processedmultiparcels-shipping-for-woocommerce.php:578

filterwoocommerce_default_address_fieldsmultiparcels-shipping-for-woocommerce.php:774

actionbefore_woocommerce_initmultiparcels-shipping-for-woocommerce.php:1002

actionadmin_noticesmultiparcels-shipping-for-woocommerce.php:1038

actionadmin_noticesmultiparcels-shipping-for-woocommerce.php:1050

actionadmin_initmultiparcels-shipping-for-woocommerce.php:1170

actionwp_enqueue_scriptsmultiparcels-shipping-for-woocommerce.php:1201

filtercron_schedulesmultiparcels-shipping-for-woocommerce.php:1774

Scheduled Events 3

multiparcels_update_data_cron

multiparcels_automatic_confirmation_cron

multiparcels_update_data_cron

Maintenance & Trust

MultiParcels Shipping For WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 18, 2026

PHP min version7.4

Downloads140K

Community Trust

Rating92/100

Number of ratings62

Active installs4K

Alternatives

MultiParcels Shipping For WooCommerce Alternatives

Csomagpontok és Címkék WooCommerce-hez

hungarian-pickup-points-for-woocommerce

Csomagpont választó és címkenyomtató WooCommerce-hez, házhozszállításhoz is. MPL, Foxpost, GLS, DPD, Express One, Postapont, Packeta és még sok más

7K 1 CVE

Apaczka: integracja z WooCommerce

apaczka-pl

100

Zarządzaj wysyłkami różnych kurierów w jednym miejscu

4K No CVEs

InPost PL

inpost-for-woocommerce

100

InPost PL dla WooCommerce to dedykowana wtyczka do integracji, stworzona z myślą o małych i średnich firmach, które chcą w szybki i wygodny sposób zin …

10K No CVEs

Inpost Paczkomaty

inpost-paczkomaty

Umożliwia dodanie Paczkomaty Inpost jako forma dostawy produktów. Zawiera mapkę gdzie można wybrać paczkomat w którym chce się odebrać przesyłkę.

8K No CVEs

DHL Shipping Germany for WooCommerce

dhl-for-woocommerce

100

Automate e-commerce orders with Official DHL for WooCommerce. Covers DHL Paket and Deutsche Post International.

4K No CVEs

Developer Profile

MultiParcels Shipping For WooCommerce Developer Profile

multiparcels

1 plugin · 4K total installs

trust score

Avg Security Score

89/100

Avg Patch Time

141 days

View full developer profile

Detection Fingerprints

How We Detect MultiParcels Shipping For WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/multiparcels-shipping-for-woocommerce/assets/css/main.css/wp-content/plugins/multiparcels-shipping-for-woocommerce/assets/js/checkout.js/wp-content/plugins/multiparcels-shipping-for-woocommerce/assets/js/admin.js/wp-content/plugins/multiparcels-shipping-for-woocommerce/assets/js/frontend.js

Script Paths

/wp-content/plugins/multiparcels-shipping-for-woocommerce/assets/js/checkout.js/wp-content/plugins/multiparcels-shipping-for-woocommerce/assets/js/admin.js/wp-content/plugins/multiparcels-shipping-for-woocommerce/assets/js/frontend.js

Version Parameters

multiparcels-shipping-for-woocommerce/assets/css/main.css?ver=multiparcels-shipping-for-woocommerce/assets/js/checkout.js?ver=multiparcels-shipping-for-woocommerce/assets/js/admin.js?ver=multiparcels-shipping-for-woocommerce/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

multiparcels-shipping-for-woocommercemp_carrier_selector

HTML Comments

Data Attributes

data-mp-product-iddata-mp-product-weightdata-mp-product-volumedata-mp-cart-iddata-mp-customer-id

JS Globals

MultiParcelsFrontendmp_shipping_vars

FAQ