Does Sendle Shipping Plugin have any unpatched vulnerabilities?

No. All known vulnerabilities in Sendle Shipping Plugin have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Sendle Shipping Plugin compatible with WordPress 6.9.4?

According to WordPress.org data, Sendle Shipping Plugin 6.03 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Sendle Shipping Plugin updated?

Sendle Shipping Plugin was last updated on Dec 17, 2025. Frequent updates are generally a positive security signal.

What is Sendle Shipping Plugin's security score?

Sendle Shipping Plugin has a WP-Safety security score of 96/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Sendle Shipping Plugin Security Review

Safety Verdict

Is Sendle Shipping Plugin Safe to Use in 2026?

Generally Safe

Score 96/100

Sendle Shipping Plugin has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Oct 19, 2025Updated 3mo ago

Risk Assessment

The official-sendle-shipping-method plugin version 6.03 exhibits a mixed security posture. While it demonstrates good practices in areas like SQL query preparation and output escaping, significant concerns arise from its attack surface and historical vulnerability patterns.

The static analysis reveals that 2 out of 5 entry points, specifically AJAX handlers, lack authentication checks. This presents a direct pathway for unauthenticated users to potentially interact with sensitive plugin functionality. Although taint analysis did not identify critical or high severity flows, 11 flows with unsanitized paths warrant attention, suggesting potential for unexpected behavior or vulnerabilities if exploited in conjunction with other weaknesses.

The plugin's vulnerability history is a notable concern. It has had 3 medium-severity CVEs, including Missing Authorization, CSRF, and XSS. The fact that these vulnerabilities have occurred historically, even if currently patched, indicates a recurring pattern of security flaws. This suggests the development team may not have robust security testing or secure coding practices embedded in their development lifecycle. While the current version has no unpatched CVEs, the historical trend combined with the identified unauthenticated AJAX endpoints creates a moderate risk profile.

Key Concerns

AJAX handlers without auth checks
Unsanitized paths in taint analysis
History of medium severity CVEs

Vulnerabilities

3

Sendle Shipping Plugin Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

2 CVEs in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

3

3 total CVEs

CVE-2025-62976medium · 5.3Missing Authorization

Sendle Shipping <= 6.02 - Missing Authorization

Oct 19, 2025 Patched in 6.03 (62d)

CVE-2025-60139medium · 4.3Cross-Site Request Forgery (CSRF)

Sendle Shipping <= 6.02 - Cross-Site Request Forgery

Sep 26, 2025 Patched in 6.03 (85d)

CVE-2023-45761medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Sendle Shipping <= 5.17 - Reflected Cross-Site Scripting

Oct 12, 2023 Patched in 5.18 (155d)

Code Analysis

Analyzed Mar 16, 2026

Sendle Shipping Plugin Code Analysis

Dangerous Functions

0

Raw SQL Queries

2

4 prepared

Unescaped Output

67

257 escaped

Nonce Checks

9

Capability Checks

11

File Operations

0

External Requests

17

Bundled Libraries

0

SQL Query Safety

67% prepared6 total queries

Output Escaping

79% escaped324 total outputs

Data Flows

11 unsanitized

Data Flow Analysis

21 flows11 with unsanitized paths

ossm_sendle_order_cancelled (cancel-shipment.php:8)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Sendle Shipping Plugin Attack Surface

Entry Points5

Unprotected2

AJAX Handlers 4

noprivwp_ajax_sendlejooviicityziplookupsendle-shipping-zone.php:306

authwp_ajax_sendlejooviicityziplookupsendle-shipping-zone.php:307

authwp_ajax_sendletracksendle-widget.php:98

noprivwp_ajax_sendletracksendle-widget.php:99

Shortcodes 1

[sendle_tracking] sendle-widget.php:186

WordPress Hooks 37

actionwoocommerce_cancelled_ordercancel-shipment.php:6

actioninitfrontend-tracking.php:9

actionwoocommerce_account_tracking_endpointfrontend-tracking.php:140

filterwoocommerce_my_account_my_orders_actionsfrontend-tracking.php:167

filterwoocommerce_custom_orders_table_enabledjoovii-sendle-shipping.php:39

filterwoocommerce_custom_orders_table_sync_enabledjoovii-sendle-shipping.php:40

actionbefore_woocommerce_initjoovii-sendle-shipping.php:44

actionadmin_menujoovii-sendle-shipping.php:78

actionadmin_menujoovii-sendle-shipping.php:82

actionadmin_menujoovii-sendle-shipping.php:86

actionadmin_menujoovii-sendle-shipping.php:91

actionwoocommerce_shipping_initjoovii-sendle-shipping.php:538

filterwoocommerce_shipping_methodsjoovii-sendle-shipping.php:547

filterwoocommerce_shipping_calculator_enable_cityjoovii-sendle-shipping.php:548

actionin_admin_footerjoovii-sendle-shipping.php:591

actionload-post.phpsendle-admin-feature.php:6

actionload-post-new.phpsendle-admin-feature.php:7

actionadd_meta_boxessendle-admin-feature.php:12

actionadd_meta_boxessendle-admin-feature.php:16

actionadmin_initsendle-logs.php:11

actionadmin_menusendle-logs.php:77

actionwoocommerce_thankyousendle-shipment-booking.php:704

actionwoocommerce_checkout_processsendle-shipment-booking.php:732

actionwp_enqueue_scriptssendle-shipping-function.php:626

actionwp_enqueue_scriptssendle-shipping-function.php:651

actionadmin_noticessendle-shipping-global.php:11

actionadmin_menusendle-shipping-global.php:35

actionadmin_initsendle-shipping-global.php:38

actionwoocommerce_shipping_initsendle-shipping-zone.php:274

filterwoocommerce_shipping_methodssendle-shipping-zone.php:293

filterwoocommerce_shipping_calculator_enable_citysendle-shipping-zone.php:294

actionadmin_initsendle-shipping-zone.php:295

actionin_admin_footersendle-shipping-zone.php:299

actionwp_enqueue_scriptssendle-shipping-zone.php:304

actionwp_footersendle-shipping-zone.php:305

actionwidgets_initsendle-widget.php:68

actionwp_enqueue_scriptssendle-widget.php:97

Maintenance & Trust

Sendle Shipping Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 17, 2025

PHP min version

Downloads55K

Community Trust

Rating64/100

Number of ratings9

Active installs1K

Alternatives

Sendle Shipping Plugin Alternatives

Advanced Shipment Tracking for WooCommerce

woo-advanced-shipment-tracking

A

98

Add shipment tracking info to WooCommerce orders, send tracking numbers to customers via email, and let them track deliveries from My Account.

60K 2 CVEs

Pixel Manager for WooCommerce – Conversion Tracking, Google Ads, GA4, TikTok, Dynamic Remarketing

woocommerce-google-adwords-conversion-tracking-tag

A

95

Conversion tracking for WooCommerce. Google Ads, GA4, Meta/Facebook Pixel, TikTok & more. Recover 30% more conversions with server-side tracking!

50K 4 CVEs

Conversion Tracking for WooCommerce

woocommerce-conversion-tracking

A

98

Adds various conversion tracking codes to cart, checkout, registration success and product page on WooCommerce

20K 4 CVEs

Conversios: Google Analytics (GA4), Google Ads, Conversion and Analytics Tracking for Multi-Channels

enhanced-e-commerce-for-woocommerce-store

A

90

Track GA4 Analytics, Google Ads, Microsoft Ads, & Conversion with server-side tracking (CAPI) & product feed to improve ROAS, reports for WooCommerce.

10K 10 CVEs

Shiprocket

shiprocket

B

78

Auto Sync your Woocommerce store orders & ship them at lowest shipping rates. Automate your shipping, save time & money.

10K 1 unpatched

Developer Profile

Sendle Shipping Plugin Developer Profile

Joovii

1 plugin · 1K total installs

76

trust score

Avg Security Score

96/100

Avg Patch Time

101 days

View full developer profile

Detection Fingerprints

How We Detect Sendle Shipping Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/official-sendle-shipping-method/css/sendle_admin.css/wp-content/plugins/official-sendle-shipping-method/css/sendle_frontend.css/wp-content/plugins/official-sendle-shipping-method/js/sendle_admin.js/wp-content/plugins/official-sendle-shipping-method/js/sendle_frontend.js

Script Paths

/wp-content/plugins/official-sendle-shipping-method/js/sendle_admin.js/wp-content/plugins/official-sendle-shipping-method/js/sendle_frontend.js

Version Parameters

official-sendle-shipping-method/css/sendle_admin.css?ver=official-sendle-shipping-method/css/sendle_frontend.css?ver=official-sendle-shipping-method/js/sendle_admin.js?ver=official-sendle-shipping-method/js/sendle_frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

sendle-shipping-method-wrappersendle-shipping-method-logo

HTML Comments

+3 more

Data Attributes

data-sendle-api-urldata-sendle-title

JS Globals

sendle_ajax_object

REST Endpoints

/wp-json/ossm-sendle/v1/order-status/wp-json/ossm-sendle/v1/tracking

Shortcode Output

[sendle_tracking_form]

FAQ

Sendle Shipping Plugin Security & Risk Analysis