WP-Safety

DEPRECATED – Shipmondo – A complete shipping solution for WooCommerce Security & Risk Analysis

wordpress.org/plugins/pakkelabels-for-woocommerce

Shipmondo for WooCommerce – Provide pick-up points in checkout and manage shipping easily

6K active installs v5.0.8 PHP 7.4+ WP 6.2+ Updated Jan 27, 2026
bringglspostnordshipmondoshipping
99
A · Safe
CVEs total1
Unpatched0
Last CVEMar 28, 2025
Plugin page Download
Safety Verdict

Is DEPRECATED – Shipmondo – A complete shipping solution for WooCommerce Safe to Use in 2026?

Generally Safe

Score 99/100

DEPRECATED – Shipmondo – A complete shipping solution for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Mar 28, 2025Updated 2mo ago
Risk Assessment

The plugin "pakkelabels-for-woocommerce" v5.0.8 demonstrates a mixed security posture. While it boasts a small attack surface with no unprotected entry points and a decent percentage of SQL queries using prepared statements, there are notable areas for concern. The presence of two instances of the `unserialize` function is a significant risk, as unserializing untrusted data can lead to remote code execution vulnerabilities. Furthermore, only 5% of output is properly escaped, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities where attacker-controlled data could be injected into the output without proper sanitization. The vulnerability history shows one past medium severity CVE related to Missing Authorization, suggesting that the plugin has had authorization weaknesses in the past, although it is currently patched. The lack of any current unpatched vulnerabilities is a positive sign, but the ongoing risks from insecure code practices like unsanitized output and unserialize usage cannot be ignored. Overall, while the attack surface is limited and past vulnerabilities are patched, the presence of dangerous functions and widespread unescaped output poses a significant risk that requires immediate attention.

Key Concerns

  • Dangerous function: unserialize used
  • Low percentage of properly escaped output
  • Past medium severity CVE (Missing Authorization)
Vulnerabilities
1

DEPRECATED – Shipmondo – A complete shipping solution for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-27001medium · 4.3Missing Authorization

Shipmondo – A complete shipping solution for WooCommerce <= 5.0.3 - Missing Authorization to Authenticated (Customer+) Information Disclosure

Mar 28, 2025 Patched in 5.0.4 (7d)
Code Analysis
Analyzed Mar 16, 2026

DEPRECATED – Shipmondo – A complete shipping solution for WooCommerce Code Analysis

Dangerous Functions
2
Raw SQL Queries
2
7 prepared
Unescaped Output
70
4 escaped
Nonce Checks
1
Capability Checks
1
File Operations
4
External Requests
2
Bundled Libraries
0

Dangerous Functions Found

unserializeif(is_string($data) && is_serialized($data) && !is_serialized_string($data) && ($unserialized = @unsplugin\controllers\controller.migrations.php:235
unserializeif(($data = @unserialize($data)) !== false) {plugin\controllers\controller.migrations.php:252

SQL Query Safety

78% prepared9 total queries

Output Escaping

5% escaped74 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths
updatePriceRanges (plugin\controllers\controller.shipping-methods.php:103)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

DEPRECATED – Shipmondo – A complete shipping solution for WooCommerce Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[fee] plugin\shipping-methods\class.shipmondo.php:255
WordPress Hooks 10
filterwoocommerce_blocks_loadedapp\Hooks\ServicePointSelectorBlock\ExtendStoreApiWithSelectedServicePoint.php:13
actionwoocommerce_blocks_checkout_block_registrationapp\Hooks\ServicePointSelectorBlock\RegisterBlock.php:12
actionwoocommerce_store_api_checkout_update_order_from_requestapp\Hooks\ServicePointSelectorBlock\SetServicePointOnCompletion.php:16
actionwoocommerce_checkout_create_subscriptionapp\Hooks\ServicePointSelectorBlock\SetServicePointOnSubscription.php:14
actionrest_api_initapp\Tools\Boot.php:19
actionbefore_woocommerce_initpakkelabels.php:27
actionwoocommerce_after_shipping_rateplugin\controllers\controller.business.php:11
actionwoocommerce_checkout_processplugin\controllers\controller.business.php:13
actionwoocommerce_after_shipping_rateplugin\traits\trait.business.php:7
actionwoocommerce_checkout_processplugin\traits\trait.business.php:9
Maintenance & Trust

DEPRECATED – Shipmondo – A complete shipping solution for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedJan 27, 2026
PHP min version7.4
Downloads160K

Community Trust

Rating60/100
Number of ratings8
Active installs6K
Alternatives

DEPRECATED – Shipmondo – A complete shipping solution for WooCommerce Alternatives

GLS Shipping for WooCommerce

GLS Shipping for WooCommerce

gls-shipping-for-woocommerce

A
99

GLS Shipping plugin for WooCommerce

1K 1 CVE
Smart Send Logistics

Smart Send Logistics

smart-send-logistics

A
100

Complete WooCommerce shipping solution for PostNord, GLS, DAO, Burd, Budbee and Bring.

400 No CVEs
Webshipper – Automated Shipping

Webshipper – Automated Shipping

webshipper-automated-shipping

A
100

Automated shipping for WooCommerce.

400 No CVEs
Shipmondo for WooCommerce

Shipmondo for WooCommerce

shipmondo-for-woocommerce

A
100

Shipmondo for WooCommerce - Provide pick-up points in checkout and manage shipping easily

300 No CVEs
Invelity MyGLS connect

Invelity MyGLS connect

invelity-mygls-connect

B
78

Jednoduchý prenos objednávok do GLS cez API a tlač štítkov

200 1 unpatched
Developer Profile

DEPRECATED – Shipmondo – A complete shipping solution for WooCommerce Developer Profile

Shipmondo

1 plugin · 6K total installs

99
trust score
Avg Security Score
99/100
Avg Patch Time
7 days
View full developer profile
Detection Fingerprints

How We Detect DEPRECATED – Shipmondo – A complete shipping solution for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/pakkelabels-for-woocommerce/public/build/blocks/service-point-selector/view.js/wp-content/plugins/pakkelabels-for-woocommerce/public/build/blocks/service-point-selector/edit.js/wp-content/plugins/pakkelabels-for-woocommerce/public/build/blocks/service-point-selector/style-view.css/wp-content/plugins/pakkelabels-for-woocommerce/public/build/js/shipmondo-service-point.asset.php
Script Paths
/wp-content/plugins/pakkelabels-for-woocommerce/service-point-selector/view.js/wp-content/plugins/pakkelabels-for-woocommerce/service-point-selector/edit.js
Version Parameters
pakkelabels-for-woocommerce/public/build/blocks/service-point-selector/view.js?ver=pakkelabels-for-woocommerce/public/build/blocks/service-point-selector/edit.js?ver=pakkelabels-for-woocommerce/public/build/blocks/service-point-selector/style-view.css?ver=pakkelabels-for-woocommerce/public/build/js/shipmondo-service-point.asset.php?ver=

HTML / DOM Fingerprints

CSS Classes
shipmondo-service-point-selector-block-viewshipmondo-service-point-selector-block-edit
Data Attributes
data-wp-block="{
JS Globals
window.shipmondo
REST Endpoints
/wp-json/shipmondo/v1/shippingmethods
FAQ

Frequently Asked Questions about DEPRECATED – Shipmondo – A complete shipping solution for WooCommerce