WP-Safety

Packlink PRO for WooCommerce Security & Risk Analysis

wordpress.org/plugins/packlink-pro-shipping

Elevate your store with Packlink PRO —the ultimate free shipping solution offering discounted rates from 350+ carriers instantly.

10K active installs v4.0.0 PHP 7.0+ WP 4.7+ Updated Mar 10, 2026
carrierdeliveryorderpackageshipping
99
A · Safe
CVEs total1
Unpatched0
Last CVEJul 11, 2024
Plugin page Download
Safety Verdict

Is Packlink PRO for WooCommerce Safe to Use in 2026?

Generally Safe

Score 99/100

Packlink PRO for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jul 11, 2024Updated 25d ago
Risk Assessment

The 'packlink-pro-shipping' v4.0.0 plugin exhibits a generally positive security posture, with a strong emphasis on prepared statements for SQL queries, indicating good defense against SQL injection. The absence of critical or high-severity taint flows is also a positive sign. However, a significant concern lies in the low percentage of properly escaped output (23%), suggesting a potential for cross-site scripting (XSS) vulnerabilities, especially if user-supplied data is not consistently sanitized before rendering.

The plugin's vulnerability history includes one medium-severity CVE, identified as Missing Authorization, which was reported and patched on July 11, 2024. While this specific vulnerability is no longer present in this version, the pattern of Missing Authorization issues in the past warrants caution. The limited attack surface with no unprotected entry points is a strength, but the potential for XSS due to insufficient output escaping remains the primary area of concern.

In conclusion, while the plugin demonstrates good practices in data handling for SQL and has a clean slate for taint analysis in this scan, the output escaping is a notable weakness. The historical medium vulnerability highlights the need for developers to remain vigilant about authorization checks, even if not immediately apparent in static analysis. Overall, the plugin is relatively secure but requires careful review of its output handling mechanisms.

Key Concerns

  • Low percentage of properly escaped output
  • Historical medium severity CVE (Missing Authorization)
Vulnerabilities
1

Packlink PRO for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2024-38740medium · 4.3Missing Authorization

Packlink PRO shipping module <= 3.4.6 - Missing Authorization

Jul 11, 2024 Patched in 3.4.7 (48d)
Code Analysis
Analyzed Mar 16, 2026

Packlink PRO for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
34 prepared
Unescaped Output
127
37 escaped
Nonce Checks
3
Capability Checks
5
File Operations
44
External Requests
1
Bundled Libraries
0

SQL Query Safety

94% prepared36 total queries

Output Escaping

23% escaped164 total outputs
Attack Surface

Packlink PRO for WooCommerce Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[fee] Components\ShippingMethod\class-packlink-shipping-method.php:254
WordPress Hooks 41
actionadmin_initclass-plugin.php:529
actionadmin_initclass-plugin.php:530
filterquery_varsclass-plugin.php:532
actiontemplate_redirectclass-plugin.php:533
actioninitclass-plugin.php:534
actionadmin_noticesclass-plugin.php:535
actionadmin_noticesclass-plugin.php:536
actionadmin_noticesclass-plugin.php:537
actiondelete_blogclass-plugin.php:539
filtersite_transient_update_pluginsclass-plugin.php:543
filterset_site_transient_update_pluginsclass-plugin.php:544
actionbefore_woocommerce_initclass-plugin.php:557
actionadmin_menuclass-plugin.php:683
filterwoocommerce_shipping_methodsclass-plugin.php:691
actionwoocommerce_before_shipping_zone_object_saveclass-plugin.php:692
actionwoocommerce_delete_shipping_zoneclass-plugin.php:693
actionadd_meta_boxesclass-plugin.php:702
actionadmin_headclass-plugin.php:703
filterbulk_actions-edit-shop_orderclass-plugin.php:704
filterhandle_bulk_actions-edit-shop_orderclass-plugin.php:705
actionadmin_enqueue_scriptsclass-plugin.php:706
actionwoocommerce_initclass-plugin.php:708
filtermanage_woocommerce_page_wc-orders_columnsclass-plugin.php:725
actionmanage_woocommerce_page_wc-orders_custom_columnclass-plugin.php:726
filtermanage_edit-shop_order_columnsclass-plugin.php:731
actionmanage_shop_order_posts_custom_columnclass-plugin.php:732
filterwoocommerce_package_ratesclass-plugin.php:744
filterwoocommerce_available_payment_gatewaysclass-plugin.php:745
actionwoocommerce_after_shipping_rateclass-plugin.php:746
actionwoocommerce_after_shipping_calculatorclass-plugin.php:747
actionwoocommerce_review_order_after_shippingclass-plugin.php:748
actionwoocommerce_checkout_processclass-plugin.php:749
actionwoocommerce_checkout_create_orderclass-plugin.php:750
actionwoocommerce_checkout_update_order_metaclass-plugin.php:751
actionwp_enqueue_scriptsclass-plugin.php:752
actionwoocommerce_checkout_create_orderclass-plugin.php:754
actionwoocommerce_store_api_checkout_update_order_from_requestclass-plugin.php:756
actionwoocommerce_blocks_checkout_enqueue_dataclass-plugin.php:758
actionwoocommerce_store_api_checkout_update_order_metaclass-plugin.php:759
actioninitComponents\Migrator\ActionSchedulerMigrator\class-queued-tasks-migrator.php:23
actioninitComponents\Services\class-wordpress-task-executor.php:209
Maintenance & Trust

Packlink PRO for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 10, 2026
PHP min version7.0
Downloads447K

Community Trust

Rating90/100
Number of ratings262
Active installs10K
Alternatives

Packlink PRO for WooCommerce Alternatives

MyParcel

MyParcel

woocommerce-myparcel

A
99

Export your WooCommerce orders to MyParcel (www.myparcel.nl) and print labels directly from the WooCommerce admin

9K 1 CVE
YITH WooCommerce Order & Shipment Tracking

YITH WooCommerce Order & Shipment Tracking

yith-woocommerce-order-tracking

A
99

Add an easy tool to manage order shipping information of your shop and to notified your customers about the shipping.

7K 1 CVE
SnappBox

SnappBox

snappbox

A
100

The SnappBox WordPress plugin offers a fast and simple way to register and manage order deliveries. By installing this plugin, you can send your store &hellip;

300 No CVEs
Print Label and Tracking Code for GLS

Print Label and Tracking Code for GLS

woo-gls-print-label-and-tracking-code

A
85

GLS Delivery is a user-friendly WooCommerce plugin that produces customized GLS labels.

90 No CVEs
Print Label and Tracking Code for DPD

Print Label and Tracking Code for DPD

print-label-and-tracking-code-for-dpd

A
100

DPD Delivery is a user-friendly WooCommerce plugin that produces customized DPD labels.

30 No CVEs
Developer Profile

Packlink PRO for WooCommerce Developer Profile

packlink

1 plugin · 10K total installs

87
trust score
Avg Security Score
99/100
Avg Patch Time
48 days
View full developer profile
Detection Fingerprints

How We Detect Packlink PRO for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/packlink-pro-shipping/assets/css/backend.css/wp-content/plugins/packlink-pro-shipping/assets/css/frontend.css/wp-content/plugins/packlink-pro-shipping/assets/js/backend.js/wp-content/plugins/packlink-pro-shipping/assets/js/frontend.js/wp-content/plugins/packlink-pro-shipping/assets/js/packlink-wizard.js/wp-content/plugins/packlink-pro-shipping/assets/js/packlink-order-overview.js/wp-content/plugins/packlink-pro-shipping/assets/js/packlink-order-details.js/wp-content/plugins/packlink-pro-shipping/assets/js/packlink-checkout.js
Script Paths
/wp-content/plugins/packlink-pro-shipping/assets/js/backend.js/wp-content/plugins/packlink-pro-shipping/assets/js/frontend.js/wp-content/plugins/packlink-pro-shipping/assets/js/packlink-wizard.js/wp-content/plugins/packlink-pro-shipping/assets/js/packlink-order-overview.js/wp-content/plugins/packlink-pro-shipping/assets/js/packlink-order-details.js/wp-content/plugins/packlink-pro-shipping/assets/js/packlink-checkout.js
Version Parameters
/wp-content/plugins/packlink-pro-shipping/assets/css/backend.css?ver=/wp-content/plugins/packlink-pro-shipping/assets/css/frontend.css?ver=/wp-content/plugins/packlink-pro-shipping/assets/js/backend.js?ver=/wp-content/plugins/packlink-pro-shipping/assets/js/frontend.js?ver=/wp-content/plugins/packlink-pro-shipping/assets/js/packlink-wizard.js?ver=/wp-content/plugins/packlink-pro-shipping/assets/js/packlink-order-overview.js?ver=/wp-content/plugins/packlink-pro-shipping/assets/js/packlink-order-details.js?ver=/wp-content/plugins/packlink-pro-shipping/assets/js/packlink-checkout.js?ver=

HTML / DOM Fingerprints

CSS Classes
packlink-pro-shipping-wizardpacklink-order-overviewpacklink-order-detailspacklink-checkout-step
HTML Comments
Packlink PRO Shipping IntegrationCopyright (c) 2020 Packlink Shipping S.L.
Data Attributes
data-packlink-skudata-packlink-shipment-iddata-packlink-order-iddata-packlink-method-code
JS Globals
PacklinkFrontendPacklinkBackendPacklinkWizardPacklinkOrderOverviewPacklinkOrderDetailsPacklinkCheckout
REST Endpoints
/wp-json/packlink/v1/shipping-methods/wp-json/packlink/v1/orders/wp-json/packlink/v1/shipments/wp-json/packlink/v1/settings
FAQ

Frequently Asked Questions about Packlink PRO for WooCommerce