WP-Safety

Shipping Live rates for Australia Post for WooCommerce Security & Risk Analysis

wordpress.org/plugins/octolize-australia-post-shipping

Offer your customers the Australia Post shipping methods with real-time calculated shipping rates for domestic and international shipping.

300 active installs v2.0.17 PHP 7.4+ WP 6.4+ Updated Mar 3, 2026
australia-postaustralia-post-live-ratesaustralia-post-ratesaustralia-post-shippingaustralia-post-woocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Shipping Live rates for Australia Post for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Shipping Live rates for Australia Post for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The "octolize-australia-post-shipping" plugin v2.0.17 exhibits a mixed security posture. On the positive side, the attack surface is minimal with only one AJAX handler, and importantly, this handler appears to be protected by authentication. The plugin also demonstrates a reasonable effort in employing prepared statements for SQL queries and includes nonce and capability checks, indicating an awareness of common WordPress security best practices.

However, significant concerns arise from the static code analysis. The presence of 30 "dangerous functions," including `proc_open`, `shell_exec`, and `exec`, is a major red flag, suggesting a high potential for command injection or other severe vulnerabilities if not handled with extreme care and robust input validation. Furthermore, a low percentage (27%) of properly escaped output is alarming, exposing the application to Cross-Site Scripting (XSS) vulnerabilities. The taint analysis, while not reporting critical or high severity issues currently, shows flows with unsanitized paths, which, when combined with the dangerous functions and poor output escaping, creates a precarious situation.

The lack of any recorded vulnerability history is a strength, implying the plugin has been relatively secure in the past. However, this historical data should not be relied upon to mitigate the risks identified in the current code analysis. The current version's codebase presents substantial risks due to the combination of powerful, potentially unsafe functions and inadequate output sanitization.

Key Concerns

  • High number of dangerous functions used
  • Low percentage of properly escaped output
  • Flows with unsanitized paths found
  • Bundled outdated Guzzle library
Vulnerabilities
None known

Shipping Live rates for Australia Post for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Shipping Live rates for Australia Post for WooCommerce Code Analysis

Dangerous Functions
30
Raw SQL Queries
2
7 prepared
Unescaped Output
217
82 escaped
Nonce Checks
13
Capability Checks
7
File Operations
105
External Requests
4
Bundled Libraries
1

Dangerous Functions Found

proc_open$this->process = proc_open($this->command, static::DESCRIPTOR_SPEC, $this->pipes, $this->cwd);vendor_prefixed\monolog\monolog\src\Monolog\Handler\ProcessHandler.php:104
shell_exec$branches = shell_exec('git branch -v --no-abbrev');vendor_prefixed\monolog\monolog\src\Monolog\Processor\GitProcessor.php:60
shell_exec$result = explode(' ', trim((string) shell_exec('hg id -nb')));vendor_prefixed\monolog\monolog\src\Monolog\Processor\MercurialProcessor.php:59
unserializeforeach ($deprecations ? unserialize($deprecations) : [] as $deprecation) {vendor_prefixed\symfony\browser-kit\AbstractBrowser.php:383
unserializereturn unserialize($process->getOutput());vendor_prefixed\symfony\browser-kit\AbstractBrowser.php:395
shell_exec$sttyMode = shell_exec('stty -g');vendor_prefixed\symfony\console\Application.php:841
shell_execshell_exec('stty ' . $sttyMode);vendor_prefixed\symfony\console\Application.php:844
proc_open$isTtySupported = (bool) @proc_open('echo 1 >/dev/null', [['file', '/dev/tty', 'r'], ['file', '/dev/vendor_prefixed\symfony\console\Cursor.php:154
shell_exec$sttyMode = shell_exec('stty -g');vendor_prefixed\symfony\console\Cursor.php:159
shell_execshell_exec('stty -icanon -echo');vendor_prefixed\symfony\console\Cursor.php:160
shell_execshell_exec(sprintf('stty %s', $sttyMode));vendor_prefixed\symfony\console\Cursor.php:163
shell_exec$sttyMode = shell_exec('stty -g');vendor_prefixed\symfony\console\Helper\QuestionHelper.php:216
shell_execshell_exec('stty -icanon -echo');vendor_prefixed\symfony\console\Helper\QuestionHelper.php:221
shell_execshell_exec('stty ' . $sttyMode);vendor_prefixed\symfony\console\Helper\QuestionHelper.php:233
shell_execshell_exec('stty ' . $sttyMode);vendor_prefixed\symfony\console\Helper\QuestionHelper.php:318
shell_exec$sExec = shell_exec('"' . $exe . '"');vendor_prefixed\symfony\console\Helper\QuestionHelper.php:351
shell_exec$sttyMode = shell_exec('stty -g');vendor_prefixed\symfony\console\Helper\QuestionHelper.php:360
shell_execshell_exec('stty -echo');vendor_prefixed\symfony\console\Helper\QuestionHelper.php:361
shell_execshell_exec('stty ' . $sttyMode);vendor_prefixed\symfony\console\Helper\QuestionHelper.php:367
shell_execreturn self::$stty = (bool) shell_exec('stty 2> ' . ('\\' === \DIRECTORY_SEPARATOR ? 'NUL' : '/dev/nvendor_prefixed\symfony\console\Terminal.php:62
proc_openif (!$process = @proc_open($command, $descriptorspec, $pipes, null, null, ['suppress_errors' => \truvendor_prefixed\symfony\console\Terminal.php:137
exec$execResult = exec('command -v -- ' . escapeshellarg($name));vendor_prefixed\symfony\process\ExecutableFinder.php:76
proc_open$this->process = @proc_open($commandline, $descriptors, $this->processPipes->pipes, $this->cwd, $envvendor_prefixed\symfony\process\Process.php:318
proc_open$isTtySupported = (bool) @proc_open('echo 1 >/dev/null', [['file', '/dev/tty', 'r'], ['file', '/dev/vendor_prefixed\symfony\process\Process.php:1098
proc_openreturn $result = (bool) @proc_open('echo 1 >/dev/null', [['pty'], ['pty'], ['pty']], $pipes);vendor_prefixed\symfony\process\Process.php:1116
execexec(sprintf('taskkill /F /T /PID %d 2>&1', $pid), $output, $exitCode);vendor_prefixed\symfony\process\Process.php:1323
proc_open} elseif ($ok = proc_open(sprintf('kill -%d %d', $signal, $pid), [2 => ['pipe', 'w']], $pipes)) {vendor_prefixed\symfony\process\Process.php:1335
unserializereturn unserialize(self::parseScalar(substr($scalar, 12)));vendor_prefixed\symfony\yaml\Inline.php:543
unserializereturn unserialize($value);vendor_prefixed\wpdesk\wp-forms\src\Serializer\SerializeSerializer.php:15
unserializereturn unserialize($this->container->get($id));vendor_prefixed\wpdesk\wp-persistence\src\Decorator\SerializedPersistentContainer.php:24

Bundled Libraries

Guzzle1.1

SQL Query Safety

78% prepared9 total queries

Output Escaping

27% escaped299 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths
log (vendor_prefixed\symfony\console\Command\CompleteCommand.php:140)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Shipping Live rates for Australia Post for WooCommerce Attack Surface

Entry Points1
Unprotected0

AJAX Handlers 1

authwp_ajax_wpdesk_notice_dismissvendor_prefixed\wpdesk\wp-notice\src\WPDesk\Notice\AjaxHandler.php:42
WordPress Hooks 72
actioninitsrc\Plugin.php:118
actioninitsrc\Plugin.php:120
actioninitsrc\Plugin.php:170
filterwoocommerce_shipping_methodssrc\Plugin.php:234
filterpre_option_woocommerce_settings_shipping_recommendations_hiddensrc\Plugin.php:236
actioninitsrc\Plugin.php:245
actionoctolize_australia_post_shipping_settings_sidebarsrc\SettingsSidebar.php:16
actionadmin_enqueue_scriptsvendor_prefixed\octolize\wp-octolize-brand-assets\src\Brand\Assets\AdminAssets.php:54
actionadmin_noticesvendor_prefixed\octolize\wp-octolize-tracker\src\OptInNotice\OptInNotice.php:41
actionadmin_footervendor_prefixed\octolize\wp-octolize-tracker\src\OptInNotice\OptInNotice.php:55
filterwpdesk_tracker_notice_screensvendor_prefixed\octolize\wp-octolize-tracker\src\TrackerInitializer.php:82
actionplugins_loadedvendor_prefixed\octolize\wp-octolize-tracker\src\TrackerInitializer.php:83
actioncurrent_screenvendor_prefixed\octolize\wp-onboarding\src\Onboarding\Onboarding.php:64
actionadmin_enqueue_scriptsvendor_prefixed\octolize\wp-onboarding\src\Onboarding\Onboarding.php:70
actionadmin_footervendor_prefixed\octolize\wp-onboarding\src\Onboarding\Onboarding.php:71
filterwpdesk_tracker_deactivation_datavendor_prefixed\octolize\wp-onboarding\src\Onboarding\OnboardingDeactivationData.php:31
filterwpdesk_tracker_datavendor_prefixed\octolize\wp-onboarding\src\Onboarding\OnboardingTrackerData.php:38
actionupgrader_process_completevendor_prefixed\octolize\wp-onboarding\src\Onboarding\PluginUpgrade\PluginUpgradeWatcher.php:31
actionadmin_enqueue_scriptsvendor_prefixed\octolize\wp-shipping-extensions\src\ShippingExtensions\Assets.php:37
filteroctolize/shipping-extensions/header-promovendor_prefixed\octolize\wp-shipping-extensions\src\ShippingExtensions\BlackFriday2025Promo.php:15
filteroctolize/shipping-extensions/should-add-badgevendor_prefixed\octolize\wp-shipping-extensions\src\ShippingExtensions\BlackFriday2025Promo.php:16
actionoctolize/shipping-extensions/view-trackingvendor_prefixed\octolize\wp-shipping-extensions\src\ShippingExtensions\BlackFriday2025Promo.php:17
actionadmin_menuvendor_prefixed\octolize\wp-shipping-extensions\src\ShippingExtensions\Page.php:40
actionin_admin_headervendor_prefixed\octolize\wp-shipping-extensions\src\ShippingExtensions\PageViewTracker.php:29
actionwpdesk_tracker_startedvendor_prefixed\octolize\wp-shipping-extensions\src\ShippingExtensions\Tracker\Tracker.php:29
actionadmin_headvendor_prefixed\octolize\wp-shipping-extensions\src\ShippingExtensions\WooCommerceSuggestions.php:12
actionadmin_enqueue_scriptsvendor_prefixed\wpdesk\wp-builder\src\Plugin\AbstractPlugin.php:148
actionwp_enqueue_scriptsvendor_prefixed\wpdesk\wp-builder\src\Plugin\AbstractPlugin.php:149
actionadmin_footervendor_prefixed\wpdesk\wp-helpscout-beacon\src\Beacon\Beacon.php:66
actionadmin_enqueue_scriptsvendor_prefixed\wpdesk\wp-helpscout-beacon\src\Beacon\Beacon.php:67
actionadmin_enqueue_scriptsvendor_prefixed\wpdesk\wp-notice\src\WPDesk\Notice\AjaxHandler.php:41
actionadmin_noticesvendor_prefixed\wpdesk\wp-notice\src\WPDesk\Notice\Notice.php:144
actionadmin_footervendor_prefixed\wpdesk\wp-notice\src\WPDesk\Notice\Notice.php:145
filterwp_autoloader_loader_loaders_to_loadvendor_prefixed\wpdesk\wp-plugin-flow-common\src\Initialization\PluginDisablerByFileTrait.php:45
filterwp_autoloader_loader_loaders_to_createvendor_prefixed\wpdesk\wp-plugin-flow-common\src\Initialization\PluginDisablerByFileTrait.php:46
actionplugins_loadedvendor_prefixed\wpdesk\wp-plugin-flow-common\src\Initialization\Simple\SimplePaidStrategy.php:58
actionplugins_loadedvendor_prefixed\wpdesk\wp-plugin-flow-common\src\PluginBootstrap.php:81
actionbefore_woocommerce_initvendor_prefixed\wpdesk\wp-plugin-flow-common\src\PluginBootstrap.php:88
actionactivated_pluginvendor_prefixed\wpdesk\wp-plugin-flow-common\src\PluginBootstrap.php:102
filterdoing_it_wrong_trigger_errorvendor_prefixed\wpdesk\wp-plugin-flow-common\src\PluginBootstrap.php:123
actionwoocommerce_active_payments_checkout_shipping_methodvendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\ActivePayments\Integration.php:39
actionadmin_noticesvendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\AddMethodReminder\AddMethodReminder.php:44
actionadmin_initvendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\AddMethodReminder\ClickNoticeTracker.php:23
filterwpdesk_tracker_deactivation_datavendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\AddMethodReminder\DeactivationTrackerData.php:26
filterwpdesk_tracker_datavendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\AddMethodReminder\TrackerData.php:25
actionadmin_enqueue_scriptsvendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\Assets.php:59
actionadmin_enqueue_scriptsvendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\Assets.php:60
actionwp_enqueue_scriptsvendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\Assets.php:61
actionwoocommerce_review_order_after_shippingvendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\CollectionPoints\CheckoutHandler.php:89
actionwoocommerce_checkout_update_order_reviewvendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\CollectionPoints\CheckoutHandler.php:90
actionwoocommerce_after_shipping_ratevendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\EstimatedDelivery\EstimatedDeliveryDatesDisplay.php:56
filterwoocommerce_package_ratesvendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\EstimatedDelivery\EstimatedDeliveryDatesDisplay.php:57
actionwoocommerce_hidden_order_itemmetavendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\EstimatedDelivery\EstimatedDeliveryDatesDisplay.php:58
filterwoocommerce_order_item_display_meta_keyvendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\OrderMetaData\AdminOrderMetaDataDisplay.php:70
filterwoocommerce_order_item_display_meta_valuevendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\OrderMetaData\AdminOrderMetaDataDisplay.php:71
filterwoocommerce_hidden_order_itemmetavendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\OrderMetaData\AdminOrderMetaDataDisplay.php:72
actionwoocommerce_order_details_after_order_tablevendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\OrderMetaData\FrontOrderMetaDataDisplay.php:44
actionwoocommerce_email_order_metavendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\OrderMetaData\FrontOrderMetaDataDisplay.php:45
actionadmin_noticesvendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\ThirdParty\Germanized\TaxSettingsNotice.php:18
actionadmin_enqueue_scriptsvendor_prefixed\wpdesk\wp-wpdesk-rating-petition\src\PopupPetition\PopupPetitionDisplayer.php:34
actionadmin_noticesvendor_prefixed\wpdesk\wp-wpdesk-rating-petition\src\RatingPetitionNotice.php:82
actionadmin_noticesvendor_prefixed\wpdesk\wp-wpdesk-rating-petition\src\RatingPetitionNotice.php:83
actionwpdesk_notice_dismissed_noticevendor_prefixed\wpdesk\wp-wpdesk-rating-petition\src\RatingPetitionNotice.php:84
actionadmin_enqueue_scriptsvendor_prefixed\wpdesk\wp-wpdesk-rating-petition\src\TextPetitionDisplayer.php:39
filteradmin_footer_textvendor_prefixed\wpdesk\wp-wpdesk-rating-petition\src\TextPetitionDisplayer.php:62
actionadmin_initvendor_prefixed\wpdesk\wp-wpdesk-rating-petition\src\TimeWatcher\ShippingMethodInstanceWatcher.php:75
actionwoocommerce_shipping_zone_method_addedvendor_prefixed\wpdesk\wp-wpdesk-rating-petition\src\TimeWatcher\ShippingMethodInstanceWatcher.php:76
actionadmin_enqueue_scriptsvendor_prefixed\wpdesk\wp-wpdesk-tracker\src\PSR\WPDesk\Tracker\Assets.php:28
actionadmin_menuvendor_prefixed\wpdesk\wp-wpdesk-tracker\src\PSR\WPDesk\Tracker\OptInPage.php:35
actionadmin_initvendor_prefixed\wpdesk\wp-wpdesk-tracker\src\PSR\WPDesk\Tracker\OptInPage.php:36
actionadmin_noticesvendor_prefixed\wpdesk\wp-wpdesk-tracker\src\PSR\WPDesk\Tracker\OptOut.php:28
filterplugin_row_metavendor_prefixed\wpdesk\wp-wpdesk-tracker\src\PSR\WPDesk\Tracker\PluginActionLinks.php:36
Maintenance & Trust

Shipping Live rates for Australia Post for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 3, 2026
PHP min version7.4
Downloads14K

Community Trust

Rating92/100
Number of ratings5
Active installs300
Alternatives

Shipping Live rates for Australia Post for WooCommerce Alternatives

ELEX WooCommerce Australia Post Shipping

ELEX WooCommerce Australia Post Shipping

elex-australia-post-shipping

A
100

The Ultimate WooCommerce Australia Post Shipping Plugin from Team ELEXtensions. The plugin integrates Australia Post APIs with WooCommerce.

200 No CVEs
Australia Post WooCommerce Extension

Australia Post WooCommerce Extension

australian-post-woocommerce-extension

A
100

Australia Post WooCommerce Extension integrates Australia Post with WooCommerce, calculating shipping costs and delivery times for customers.

3K No CVEs
Shippit for WooCommerce

Shippit for WooCommerce

shippit-simplified-australia-shipping

A
100

Multi-carrier shipping technology.

1K No CVEs
ReachShip WooCommerce Multi-Carrier & Conditional Shipping

ReachShip WooCommerce Multi-Carrier & Conditional Shipping

elex-reachship-multi-carrier-conditional-shipping

A
98

Multi-carrier WooCommerce shipping plugin to get rates, print labels, pickups & track DHL, FedEx, UPS, USPS, Australia Post via ReachShip API.

300 1 CVE
IH Shipping for Australia Post

IH Shipping for Australia Post

ih-shipping-for-auspost

A
100

A shipping integration that adds real-time Australia Post calculations (Parcel Post) with volumetric box packing.

0 No CVEs
Developer Profile

Shipping Live rates for Australia Post for WooCommerce Developer Profile

Octolize Shipping Plugins

11 plugins · 114K total installs

79
trust score
Avg Security Score
100/100
Avg Patch Time
91 days
View full developer profile
Detection Fingerprints

How We Detect Shipping Live rates for Australia Post for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/octolize-australia-post-shipping/vendor_prefixed/octolize/wp-octolize-brand-assets/src/Brand/Assets/../assets/dist/css/admin.css/wp-content/plugins/octolize-australia-post-shipping/vendor_prefixed/octolize/wp-onboarding/assets/css/onboarding.css/wp-content/plugins/octolize-australia-post-shipping/vendor_prefixed/octolize/wp-onboarding/assets/js/onboarding.js
Script Paths
/wp-content/plugins/octolize-australia-post-shipping/vendor_prefixed/octolize/wp-octolize-brand-assets/src/Brand/Assets/../assets/dist/css/admin.css/wp-content/plugins/octolize-australia-post-shipping/vendor_prefixed/octolize/wp-onboarding/assets/css/onboarding.css/wp-content/plugins/octolize-australia-post-shipping/vendor_prefixed/octolize/wp-onboarding/assets/js/onboarding.js
Version Parameters
octolize-australia-post-shipping/vendor_prefixed/octolize/wp-octolize-brand-assets/src/Brand/Assets/../assets/dist/css/admin.css?ver=octolize-australia-post-shipping/vendor_prefixed/octolize/wp-onboarding/assets/css/onboarding.css?ver=octolize-australia-post-shipping/vendor_prefixed/octolize/wp-onboarding/assets/js/onboarding.js?ver=

HTML / DOM Fingerprints

CSS Classes
octolize-onboarding-modal
HTML Comments
THIS VARIABLE CAN BE CHANGED AUTOMATICALLY
Data Attributes
data-autostartdata-logo-imgdata-pagedata-ajax-urldata-ajax-noncedata-ajax-action-event+2 more
JS Globals
OctolizeOnboarding
FAQ

Frequently Asked Questions about Shipping Live rates for Australia Post for WooCommerce