Does nShift Delivery have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is nShift Delivery compatible with WordPress 6.9.4?

According to WordPress.org data, nShift Delivery 1.0.3 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is nShift Delivery compatible with PHP 7.4+?

nShift Delivery requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is nShift Delivery updated?

nShift Delivery was last updated on Apr 13, 2026. Frequent updates are generally a positive security signal.

What is nShift Delivery's security score?

nShift Delivery has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

nShift Delivery Security & Risk Analysis

wordpress.org/plugins/nshift-delivery

WooCommerce Shipping Solved. Create labels, customs docs, returns & branded tracking in one platform. Join 20,000+ stores using nShift Delivery today

0 active installs v1.0.3 PHP 7.4+ WP 6.3+ Updated Apr 13, 2026

checkout-shipping-ratesdelivery-and-fulfillmentautomated-shipping

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is nShift Delivery Safe to Use in 2026?

Generally Safe

Score 100/100

nShift Delivery has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The nshift-delivery v1.0.3 plugin exhibits a mixed security posture. On the positive side, it demonstrates strong practices regarding SQL queries, exclusively using prepared statements, and ensures all output is properly escaped, which are crucial for preventing common web vulnerabilities. The absence of file operations and external HTTP requests, as well as no known vulnerabilities or CVEs in its history, further contribute to a generally favorable security outlook.

However, there are notable areas of concern that significantly elevate the risk. The plugin exposes two AJAX handlers without any authentication checks, creating a direct pathway for unauthenticated attackers to interact with potentially sensitive functionality. While the REST API route has permission callbacks, the lack of similar checks on the AJAX endpoints is a critical oversight. The absence of nonce checks on these AJAX handlers further compounds this issue, making them susceptible to Cross-Site Request Forgery (CSRF) attacks.

In conclusion, while the plugin's core data handling (SQL, output) and historical vulnerability record are commendable, the presence of unprotected AJAX endpoints represents a significant and exploitable attack surface. This weakness overshadows the plugin's strengths and requires immediate attention to mitigate potential security breaches.

Key Concerns

AJAX handlers without authentication checks
AJAX handlers without nonce checks
External HTTP requests

Vulnerabilities

None known

nShift Delivery Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

nShift Delivery Release Timeline

v1.0.3Current

Code Analysis

Analyzed Apr 16, 2026

nShift Delivery Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

4 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped4 total outputs

Attack Surface

2 unprotected

nShift Delivery Attack Surface

Entry Points3

Unprotected2

AJAX Handlers 2

authwp_ajax_nshift_delivery_get_drop_pointscheckout.php:41

noprivwp_ajax_nshift_delivery_get_drop_pointscheckout.php:45

REST API Routes 1

GET/wp-json/wc/v3/nshift/order/(?P<order_id>\d+)nshift-delivery.php:108

WordPress Hooks 9

actionwoocommerce_initcheckout.php:9

actionwoocommerce_set_additional_field_valuecheckout.php:28

actionbefore_woocommerce_initnshift-delivery.php:21

actionwoocommerce_shipping_initnshift-delivery.php:38

filterwoocommerce_get_settings_shippingnshift-delivery.php:73

actionrest_api_initnshift-delivery.php:107

actionwoocommerce_update_ordernshift-delivery.php:123

actionnshift_push_ordernshift-delivery.php:140

filterwoocommerce_shipping_methodsshipping-method.php:7

Maintenance & Trust

nShift Delivery Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedApr 13, 2026

PHP min version7.4

Downloads39

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

nShift Delivery Alternatives

Webshipper – Automated Shipping

webshipper-automated-shipping

100

Automated shipping for WooCommerce.

400 No CVEs

BuckyDrop – Branded Dropshipping for WooCommerce

buckydrop-dropshipping-for-woocommerce

100

Find dropshipping products from Alibaba/1688/Taobao/Weidian/Yupoo/Poizon, import them to your WooCommerce store, and automate your order processes.

300 No CVEs

Developer Profile

nShift Delivery Developer Profile

nShift

2 plugins · 400 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect nShift Delivery

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/nshift-delivery/shipping-method.php/wp-content/plugins/nshift-delivery/adapter.php/wp-content/plugins/nshift-delivery/api.php/wp-content/plugins/nshift-delivery/checkout.php/wp-content/plugins/nshift-delivery/helper.php

Script Paths

/wp-content/plugins/nshift-delivery/js/nshift-checkout.js

Version Parameters

nshift-delivery/js/nshift-checkout.js?ver=

HTML / DOM Fingerprints

Data Attributes

data-nshift-delivery-id

JS Globals

nshift_delivery_get_drop_points

REST Endpoints

/wp-json/wc/v3/nshift/order/

FAQ