WP-Safety

Shipping Live Rates for Royal Mail for WooCommerce Security & Risk Analysis

wordpress.org/plugins/octolize-royal-mail-shipping

Offer Royal Mail shipping methods in WooCommerce with real-time rates. Show dynamic prices at cart and checkout based on weight and addresses.

300 active installs v2.0.23 PHP 7.4+ WP 6.4+ Updated Mar 31, 2026
royal-mailroyal-mail-live-ratesroyal-mail-ratesroyal-mail-shippingroyal-mail-woocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Shipping Live Rates for Royal Mail for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Shipping Live Rates for Royal Mail for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The octolize-royal-mail-shipping plugin v2.0.22 exhibits a generally good security posture regarding known vulnerabilities and entry points. The absence of any recorded CVEs and the fact that all identified entry points appear to have authentication checks are positive indicators. The plugin also demonstrates good practices in SQL query handling, with a high percentage utilizing prepared statements.

However, the static analysis reveals significant concerns. A substantial number of dangerous functions like `proc_open`, `unserialize`, and `shell_exec` are present, which can be exploited if not handled with extreme care and proper sanitization. Furthermore, only 27% of output escaping is properly implemented, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities. The presence of unsanitized paths in taint analysis, even if not classified as critical or high severity in this scan, warrants attention due to the potential for file path manipulation.

The plugin's vulnerability history, or lack thereof, suggests a potentially mature and well-maintained codebase, or alternatively, a lack of deep security auditing focused on the identified dangerous functions and output sanitization issues. The strengths lie in its controlled entry points and SQL practices, but the weaknesses in output escaping and the use of dangerous functions present clear and actionable risks that need to be addressed to improve its overall security.

Key Concerns

  • High percentage of improperly escaped output
  • Presence of dangerous functions (proc_open, unserialize, shell_exec)
  • Flows with unsanitized paths
Vulnerabilities
None known

Shipping Live Rates for Royal Mail for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Shipping Live Rates for Royal Mail for WooCommerce Release Timeline

v2.0.23Current
v2.0.22
v2.0.21
v2.0.20
v2.0.19
v2.0.18
v2.0.17
v2.0.16
v2.0.15
v2.0.14
v2.0.13
v2.0.12
v2.0.11
v2.0.10
v2.0.8
v2.0.7
v2.0.6
v2.0.5
v2.0.4
v2.0.3
Code Analysis
Analyzed Mar 16, 2026

Shipping Live Rates for Royal Mail for WooCommerce Code Analysis

Dangerous Functions
28
Raw SQL Queries
2
7 prepared
Unescaped Output
210
76 escaped
Nonce Checks
12
Capability Checks
7
File Operations
75
External Requests
1
Bundled Libraries
0

Dangerous Functions Found

proc_open$this->process = proc_open($this->command, static::DESCRIPTOR_SPEC, $this->pipes, $this->cwd);vendor_prefixed\monolog\monolog\src\Monolog\Handler\ProcessHandler.php:104
unserializeforeach ($deprecations ? unserialize($deprecations) : [] as $deprecation) {vendor_prefixed\symfony\browser-kit\AbstractBrowser.php:383
unserializereturn unserialize($process->getOutput());vendor_prefixed\symfony\browser-kit\AbstractBrowser.php:395
shell_exec$sttyMode = shell_exec('stty -g');vendor_prefixed\symfony\console\Application.php:841
shell_execshell_exec('stty ' . $sttyMode);vendor_prefixed\symfony\console\Application.php:844
proc_open$isTtySupported = (bool) @proc_open('echo 1 >/dev/null', [['file', '/dev/tty', 'r'], ['file', '/dev/vendor_prefixed\symfony\console\Cursor.php:154
shell_exec$sttyMode = shell_exec('stty -g');vendor_prefixed\symfony\console\Cursor.php:159
shell_execshell_exec('stty -icanon -echo');vendor_prefixed\symfony\console\Cursor.php:160
shell_execshell_exec(sprintf('stty %s', $sttyMode));vendor_prefixed\symfony\console\Cursor.php:163
shell_exec$sttyMode = shell_exec('stty -g');vendor_prefixed\symfony\console\Helper\QuestionHelper.php:216
shell_execshell_exec('stty -icanon -echo');vendor_prefixed\symfony\console\Helper\QuestionHelper.php:221
shell_execshell_exec('stty ' . $sttyMode);vendor_prefixed\symfony\console\Helper\QuestionHelper.php:233
shell_execshell_exec('stty ' . $sttyMode);vendor_prefixed\symfony\console\Helper\QuestionHelper.php:318
shell_exec$sExec = shell_exec('"' . $exe . '"');vendor_prefixed\symfony\console\Helper\QuestionHelper.php:351
shell_exec$sttyMode = shell_exec('stty -g');vendor_prefixed\symfony\console\Helper\QuestionHelper.php:360
shell_execshell_exec('stty -echo');vendor_prefixed\symfony\console\Helper\QuestionHelper.php:361
shell_execshell_exec('stty ' . $sttyMode);vendor_prefixed\symfony\console\Helper\QuestionHelper.php:367
shell_execreturn self::$stty = (bool) shell_exec('stty 2> ' . ('\\' === \DIRECTORY_SEPARATOR ? 'NUL' : '/dev/nvendor_prefixed\symfony\console\Terminal.php:62
proc_openif (!$process = @proc_open($command, $descriptorspec, $pipes, null, null, ['suppress_errors' => \truvendor_prefixed\symfony\console\Terminal.php:137
exec$execResult = exec('command -v -- ' . escapeshellarg($name));vendor_prefixed\symfony\process\ExecutableFinder.php:76
proc_open$this->process = @proc_open($commandline, $descriptors, $this->processPipes->pipes, $this->cwd, $envvendor_prefixed\symfony\process\Process.php:318
proc_open$isTtySupported = (bool) @proc_open('echo 1 >/dev/null', [['file', '/dev/tty', 'r'], ['file', '/dev/vendor_prefixed\symfony\process\Process.php:1098
proc_openreturn $result = (bool) @proc_open('echo 1 >/dev/null', [['pty'], ['pty'], ['pty']], $pipes);vendor_prefixed\symfony\process\Process.php:1116
execexec(sprintf('taskkill /F /T /PID %d 2>&1', $pid), $output, $exitCode);vendor_prefixed\symfony\process\Process.php:1323
proc_open} elseif ($ok = proc_open(sprintf('kill -%d %d', $signal, $pid), [2 => ['pipe', 'w']], $pipes)) {vendor_prefixed\symfony\process\Process.php:1335
unserializereturn unserialize(self::parseScalar(substr($scalar, 12)));vendor_prefixed\symfony\yaml\Inline.php:543
unserializereturn unserialize($value);vendor_prefixed\wpdesk\wp-forms\src\Serializer\SerializeSerializer.php:15
unserializereturn unserialize($this->container->get($id));vendor_prefixed\wpdesk\wp-persistence\src\Decorator\SerializedPersistentContainer.php:24

SQL Query Safety

78% prepared9 total queries

Output Escaping

27% escaped286 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths
log (vendor_prefixed\symfony\console\Command\CompleteCommand.php:140)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Shipping Live Rates for Royal Mail for WooCommerce Attack Surface

Entry Points1
Unprotected0

AJAX Handlers 1

authwp_ajax_wpdesk_notice_dismissvendor_prefixed\wpdesk\wp-notice\src\WPDesk\Notice\AjaxHandler.php:42
WordPress Hooks 70
actioninitsrc\Plugin.php:117
actioninitsrc\Plugin.php:119
actioninitsrc\Plugin.php:150
filterwoocommerce_shipping_methodssrc\Plugin.php:230
filterpre_option_woocommerce_settings_shipping_recommendations_hiddensrc\Plugin.php:232
actionoctolize_royal_mail_shipping_settings_sidebarsrc\SettingsSidebar.php:16
actionadmin_enqueue_scriptsvendor_prefixed\octolize\wp-octolize-brand-assets\src\Brand\Assets\AdminAssets.php:54
actionadmin_noticesvendor_prefixed\octolize\wp-octolize-tracker\src\OptInNotice\OptInNotice.php:41
actionadmin_footervendor_prefixed\octolize\wp-octolize-tracker\src\OptInNotice\OptInNotice.php:55
filterwpdesk_tracker_notice_screensvendor_prefixed\octolize\wp-octolize-tracker\src\TrackerInitializer.php:82
actionplugins_loadedvendor_prefixed\octolize\wp-octolize-tracker\src\TrackerInitializer.php:83
actioncurrent_screenvendor_prefixed\octolize\wp-onboarding\src\Onboarding\Onboarding.php:64
actionadmin_enqueue_scriptsvendor_prefixed\octolize\wp-onboarding\src\Onboarding\Onboarding.php:70
actionadmin_footervendor_prefixed\octolize\wp-onboarding\src\Onboarding\Onboarding.php:71
filterwpdesk_tracker_deactivation_datavendor_prefixed\octolize\wp-onboarding\src\Onboarding\OnboardingDeactivationData.php:31
filterwpdesk_tracker_datavendor_prefixed\octolize\wp-onboarding\src\Onboarding\OnboardingTrackerData.php:38
actionupgrader_process_completevendor_prefixed\octolize\wp-onboarding\src\Onboarding\PluginUpgrade\PluginUpgradeWatcher.php:31
actionadmin_enqueue_scriptsvendor_prefixed\octolize\wp-shipping-extensions\src\ShippingExtensions\Assets.php:37
filteroctolize/shipping-extensions/header-promovendor_prefixed\octolize\wp-shipping-extensions\src\ShippingExtensions\BlackFriday2025Promo.php:15
filteroctolize/shipping-extensions/should-add-badgevendor_prefixed\octolize\wp-shipping-extensions\src\ShippingExtensions\BlackFriday2025Promo.php:16
actionoctolize/shipping-extensions/view-trackingvendor_prefixed\octolize\wp-shipping-extensions\src\ShippingExtensions\BlackFriday2025Promo.php:17
actionadmin_menuvendor_prefixed\octolize\wp-shipping-extensions\src\ShippingExtensions\Page.php:40
actionin_admin_headervendor_prefixed\octolize\wp-shipping-extensions\src\ShippingExtensions\PageViewTracker.php:29
actionwpdesk_tracker_startedvendor_prefixed\octolize\wp-shipping-extensions\src\ShippingExtensions\Tracker\Tracker.php:29
actionadmin_headvendor_prefixed\octolize\wp-shipping-extensions\src\ShippingExtensions\WooCommerceSuggestions.php:12
actionadmin_enqueue_scriptsvendor_prefixed\wpdesk\wp-builder\src\Plugin\AbstractPlugin.php:148
actionwp_enqueue_scriptsvendor_prefixed\wpdesk\wp-builder\src\Plugin\AbstractPlugin.php:149
actionadmin_footervendor_prefixed\wpdesk\wp-helpscout-beacon\src\Beacon\Beacon.php:66
actionadmin_enqueue_scriptsvendor_prefixed\wpdesk\wp-helpscout-beacon\src\Beacon\Beacon.php:67
actionadmin_enqueue_scriptsvendor_prefixed\wpdesk\wp-notice\src\WPDesk\Notice\AjaxHandler.php:41
actionadmin_noticesvendor_prefixed\wpdesk\wp-notice\src\WPDesk\Notice\Notice.php:144
actionadmin_footervendor_prefixed\wpdesk\wp-notice\src\WPDesk\Notice\Notice.php:145
filterwp_autoloader_loader_loaders_to_loadvendor_prefixed\wpdesk\wp-plugin-flow-common\src\Initialization\PluginDisablerByFileTrait.php:45
filterwp_autoloader_loader_loaders_to_createvendor_prefixed\wpdesk\wp-plugin-flow-common\src\Initialization\PluginDisablerByFileTrait.php:46
actionplugins_loadedvendor_prefixed\wpdesk\wp-plugin-flow-common\src\Initialization\Simple\SimplePaidStrategy.php:58
actionplugins_loadedvendor_prefixed\wpdesk\wp-plugin-flow-common\src\PluginBootstrap.php:81
actionbefore_woocommerce_initvendor_prefixed\wpdesk\wp-plugin-flow-common\src\PluginBootstrap.php:88
actionactivated_pluginvendor_prefixed\wpdesk\wp-plugin-flow-common\src\PluginBootstrap.php:102
filterdoing_it_wrong_trigger_errorvendor_prefixed\wpdesk\wp-plugin-flow-common\src\PluginBootstrap.php:123
actionwoocommerce_active_payments_checkout_shipping_methodvendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\ActivePayments\Integration.php:39
actionadmin_noticesvendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\AddMethodReminder\AddMethodReminder.php:44
actionadmin_initvendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\AddMethodReminder\ClickNoticeTracker.php:23
filterwpdesk_tracker_deactivation_datavendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\AddMethodReminder\DeactivationTrackerData.php:26
filterwpdesk_tracker_datavendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\AddMethodReminder\TrackerData.php:25
actionadmin_enqueue_scriptsvendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\Assets.php:59
actionadmin_enqueue_scriptsvendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\Assets.php:60
actionwp_enqueue_scriptsvendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\Assets.php:61
actionwoocommerce_review_order_after_shippingvendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\CollectionPoints\CheckoutHandler.php:89
actionwoocommerce_checkout_update_order_reviewvendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\CollectionPoints\CheckoutHandler.php:90
actionwoocommerce_after_shipping_ratevendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\EstimatedDelivery\EstimatedDeliveryDatesDisplay.php:56
filterwoocommerce_package_ratesvendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\EstimatedDelivery\EstimatedDeliveryDatesDisplay.php:57
actionwoocommerce_hidden_order_itemmetavendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\EstimatedDelivery\EstimatedDeliveryDatesDisplay.php:58
filterwoocommerce_order_item_display_meta_keyvendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\OrderMetaData\AdminOrderMetaDataDisplay.php:70
filterwoocommerce_order_item_display_meta_valuevendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\OrderMetaData\AdminOrderMetaDataDisplay.php:71
filterwoocommerce_hidden_order_itemmetavendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\OrderMetaData\AdminOrderMetaDataDisplay.php:72
actionwoocommerce_order_details_after_order_tablevendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\OrderMetaData\FrontOrderMetaDataDisplay.php:44
actionwoocommerce_email_order_metavendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\OrderMetaData\FrontOrderMetaDataDisplay.php:45
actionadmin_noticesvendor_prefixed\wpdesk\wp-woocommerce-shipping\src\WooCommerceShipping\ThirdParty\Germanized\TaxSettingsNotice.php:18
actionadmin_noticesvendor_prefixed\wpdesk\wp-wpdesk-rating-petition\src\RatingPetitionNotice.php:82
actionadmin_noticesvendor_prefixed\wpdesk\wp-wpdesk-rating-petition\src\RatingPetitionNotice.php:83
actionwpdesk_notice_dismissed_noticevendor_prefixed\wpdesk\wp-wpdesk-rating-petition\src\RatingPetitionNotice.php:84
actionadmin_enqueue_scriptsvendor_prefixed\wpdesk\wp-wpdesk-rating-petition\src\TextPetitionDisplayer.php:39
filteradmin_footer_textvendor_prefixed\wpdesk\wp-wpdesk-rating-petition\src\TextPetitionDisplayer.php:62
actionadmin_initvendor_prefixed\wpdesk\wp-wpdesk-rating-petition\src\TimeWatcher\ShippingMethodInstanceWatcher.php:75
actionwoocommerce_shipping_zone_method_addedvendor_prefixed\wpdesk\wp-wpdesk-rating-petition\src\TimeWatcher\ShippingMethodInstanceWatcher.php:76
actionadmin_enqueue_scriptsvendor_prefixed\wpdesk\wp-wpdesk-tracker\src\PSR\WPDesk\Tracker\Assets.php:28
actionadmin_menuvendor_prefixed\wpdesk\wp-wpdesk-tracker\src\PSR\WPDesk\Tracker\OptInPage.php:35
actionadmin_initvendor_prefixed\wpdesk\wp-wpdesk-tracker\src\PSR\WPDesk\Tracker\OptInPage.php:36
actionadmin_noticesvendor_prefixed\wpdesk\wp-wpdesk-tracker\src\PSR\WPDesk\Tracker\OptOut.php:28
filterplugin_row_metavendor_prefixed\wpdesk\wp-wpdesk-tracker\src\PSR\WPDesk\Tracker\PluginActionLinks.php:36
Maintenance & Trust

Shipping Live Rates for Royal Mail for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 31, 2026
PHP min version7.4
Downloads15K

Community Trust

Rating100/100
Number of ratings2
Active installs300
Alternatives

Shipping Live Rates for Royal Mail for WooCommerce Alternatives

Royal Mail Shipping Calculator for WooCommerce

Royal Mail Shipping Calculator for WooCommerce

royal-mail-woocommerce-shipping-calculator

A
100

Royal Mail Shipping Calculator for WooCommerce is a WordPress Plugin that integrate the Royal Mail service.

1K No CVEs
WP E-Commerce UK Royal Mail Shipping Module

WP E-Commerce UK Royal Mail Shipping Module

wp-e-commerce-uk-royal-mail-shipping-module

A
85

WP E-commerce postage/shipping module allows you to offer Royal Mail 1st class and 2nd class Services to your customers amongst others.

10 No CVEs
Developer Profile

Shipping Live Rates for Royal Mail for WooCommerce Developer Profile

Octolize Shipping Plugins

11 plugins · 114K total installs

79
trust score
Avg Security Score
100/100
Avg Patch Time
91 days
View full developer profile
Detection Fingerprints

How We Detect Shipping Live Rates for Royal Mail for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/octolize-royal-mail-shipping/vendor_prefixed/octolize/wp-octolize-brand-assets/dist/css/admin.css/wp-content/plugins/octolize-royal-mail-shipping/vendor_prefixed/octolize/wp-onboarding/assets/css/onboarding.css/wp-content/plugins/octolize-royal-mail-shipping/vendor_prefixed/octolize/wp-onboarding/assets/js/onboarding.js
Version Parameters
octolize-royal-mail-shipping/vendor_prefixed/octolize/wp-octolize-brand-assets/dist/css/admin.css?ver=octolize-royal-mail-shipping/vendor_prefixed/octolize/wp-onboarding/assets/css/onboarding.css?ver=octolize-royal-mail-shipping/vendor_prefixed/octolize/wp-onboarding/assets/js/onboarding.js?ver=

HTML / DOM Fingerprints

CSS Classes
octolize-onboarding-container
Data Attributes
data-logo_imgdata-open_autodata-pagedata-ajax-urldata-ajax-noncedata-ajax-action-event+5 more
JS Globals
OctolizeShippingRoyalMailVendor\Octolize\Onboarding\Onboarding.VERSIONwindow.OctolizeShippingRoyalMailVendor\Octolize\Onboarding\Onboarding
FAQ

Frequently Asked Questions about Shipping Live Rates for Royal Mail for WooCommerce