WP-Safety

Parcel2Go Shipping Security & Risk Analysis

wordpress.org/plugins/parcel2go-shipping

Create shipments from WooCommerce admin via the Parcel2Go API: get quotes, book services, and pay.

100 active installs v2.0.1 PHP 8.1+ WP 6.4+ Updated Mar 9, 2026
courierlabelsparcel2goshippingwoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Parcel2Go Shipping Safe to Use in 2026?

Generally Safe

Score 100/100

Parcel2Go Shipping has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 27d ago
Risk Assessment

The "parcel2go-shipping" v2.0.1 plugin exhibits a generally strong security posture based on static analysis, with good practices observed in SQL query handling and output escaping. The absence of known vulnerabilities (CVEs) and a clean vulnerability history further contribute to this positive assessment, suggesting a well-maintained and secure codebase.

However, the plugin presents a notable area of concern regarding its REST API. A significant portion of its REST API routes (12 out of 25) lack permission callbacks, creating an exposed attack surface that could potentially be exploited by unauthenticated users. While taint analysis shows no critical or high-severity flows, this lack of authentication on several entry points represents a tangible risk that should not be overlooked.

In conclusion, while the plugin demonstrates commendable security hygiene in many areas, the unprotected REST API routes are a significant weakness. This could allow for unauthorized data access or manipulation if these routes perform sensitive actions. Prioritizing the implementation of proper permission checks for all REST API endpoints is crucial to mitigate this identified risk.

Key Concerns

  • Unprotected REST API endpoints
Vulnerabilities
None known

Parcel2Go Shipping Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Parcel2Go Shipping Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
1
46 escaped
Nonce Checks
1
Capability Checks
15
File Operations
0
External Requests
8
Bundled Libraries
0

Output Escaping

98% escaped47 total outputs
Attack Surface
12 unprotected

Parcel2Go Shipping Attack Surface

Entry Points25
Unprotected12

REST API Routes 25

POST/wp-json/parcel2go-shipping/v1/checkoutincludes\Api\CheckoutController.php:20
POST/wp-json/parcel2go-shipping/v1/checkout/validateincludes\Api\CheckoutController.php:31
GET/wp-json/parcel2go-shipping/v1/countries/originsincludes\Api\CountriesController.php:23
GET/wp-json/parcel2go-shipping/v1/dropshopsincludes\Api\DropshopController.php:19
GET/wp-json/parcel2go-shipping/v1/ordersincludes\Api\OrdersController.php:23
GET/wp-json/parcel2go-shipping/v1/orders/(?P<id>[\d]+)includes\Api\OrdersController.php:47
GET/wp-json/parcel2go-shipping/v1/orders/(?P<id>[\d]+)/shipincludes\Api\OrdersController.php:66
POST/wp-json/parcel2go-shipping/v1/orders/(?P<id>[\d]+)/shipping-statusincludes\Api\OrdersController.php:85
GET/wp-json/parcel2go-shipping/v1/order/p2g-statusincludes\Api\OrdersController.php:105
POST/wp-json/parcel2go-shipping/v1/payment/providersincludes\Api\PaymentController.php:21
POST/wp-json/parcel2go-shipping/v1/payment/braintree/tokenincludes\Api\PaymentController.php:27
POST/wp-json/parcel2go-shipping/v1/payment/braintreeincludes\Api\PaymentController.php:33
GET/wp-json/parcel2go-shipping/v1/payment/prepay/balanceincludes\Api\PaymentController.php:39
POST/wp-json/parcel2go-shipping/v1/payment/prepayincludes\Api\PaymentController.php:45
POST/wp-json/parcel2go-shipping/v1/quotesincludes\Api\QuotesController.php:18
GET/wp-json/parcel2go-shipping/v1/settingsincludes\Api\SettingsController.php:65
GET/wp-json/parcel2go-shipping/v1/settings/debugincludes\Api\SettingsController.php:78
GET/wp-json/parcel2go-shipping/v1/settings/storeincludes\Api\SettingsController.php:84
GET/wp-json/parcel2go-shipping/v1/settings/default-servicesincludes\Api\SettingsController.php:90
PATCH/wp-json/parcel2go-shipping/v1/settings/default-service-couriersincludes\Api\SettingsController.php:96
PATCH/wp-json/parcel2go-shipping/v1/settingsincludes\Api\SettingsController.php:113
POST/wp-json/parcel2go-shipping/v1/settingsincludes\Api\SettingsController.php:141
GET/wp-json/parcel2go-shipping/v1/shipmentsincludes\Api\ShipmentsController.php:16
GET/wp-json/parcel2go-shipping/v1/shipments/(?P<id>[\d]+)/labelincludes\Api\ShipmentsController.php:41
GET/wp-json/parcel2go-shipping/v1/shipments/(?P<id>[\d]+)/trackingincludes\Api\ShipmentsController.php:65
WordPress Hooks 23
filterwoocommerce_general_settingsincludes\Admin\GeneralSettings.php:32
filterwoocommerce_general_settingsincludes\Admin\GeneralSettings.php:33
filterwoocommerce_general_settingsincludes\Admin\GeneralSettings.php:34
actionadd_meta_boxesincludes\Admin\OrderCardMetaBox.php:27
actionadmin_enqueue_scriptsincludes\Admin\OrderCardMetaBox.php:28
actionwoocommerce_admin_order_items_after_line_itemsincludes\Admin\OrderCardMetaBox.php:30
actionwoocommerce_product_options_shippingincludes\Admin\ProductCustomsFields.php:17
actionwoocommerce_process_product_metaincludes\Admin\ProductCustomsFields.php:18
actionadmin_enqueue_scriptsincludes\Admin\Setup.php:17
actionadmin_menuincludes\Admin\Setup.php:18
actionrest_api_initincludes\Api\CheckoutController.php:19
actionrest_api_initincludes\Api\CountriesController.php:22
actionrest_api_initincludes\Api\DropshopController.php:18
actionrest_api_initincludes\Api\OrdersController.php:22
actionrest_api_initincludes\Api\PaymentController.php:16
actionrest_api_initincludes\Api\QuotesController.php:17
actionrest_api_initincludes\Api\SettingsController.php:60
actionrest_api_initincludes\Api\ShipmentsController.php:15
actionbefore_woocommerce_initparcel2go-shipping.php:61
actionadmin_noticesparcel2go-shipping.php:76
actionplugins_loadedparcel2go-shipping.php:134
actionadmin_noticesparcel2go-shipping.php:156
filterplugin_action_links_parcel2go-shipping/parcel2go-shipping.phpparcel2go-shipping.php:163
Maintenance & Trust

Parcel2Go Shipping Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 9, 2026
PHP min version8.1
Downloads4K

Community Trust

Rating50/100
Number of ratings12
Active installs100
Alternatives

Parcel2Go Shipping Alternatives

WooCommerce Shipping

WooCommerce Shipping

woocommerce-shipping

A
100

A free shipping plugin for US merchants to print discounted shipping labels and compare live label rates directly from your WooCommerce dashboard.

60K No CVEs
The Courier Guy Shipping for WooCommerce

The Courier Guy Shipping for WooCommerce

the-courier-guy

A
100

This is the official WooCommerce extension to ship products using The Courier Guy.

3K No CVEs
PostNL for WooCommerce

PostNL for WooCommerce

woo-postnl

A
100

The official PostNL plugin allows you to automate your e-commerce order process. Covering shipping services from PostNL Netherlands and Belgium.

3K No CVEs
Easyship WooCommerce Shipping Rates

Easyship WooCommerce Shipping Rates

easyship-woocommerce-shipping-rates

A
100

Easyship for WooCommerce saves you time and money with live courier rates, seamless checkout, automated taxes & duties, and shipping label creation.

2K 1 CVE
Local Delivery Drivers for WooCommerce

Local Delivery Drivers for WooCommerce

local-delivery-drivers-for-woocommerce

A
99

Improve the way you deliver, manage drivers, assign drivers to orders, send WhatsApp, SMS, and email notifications, route planning, navigation & more!

1K 1 CVE
Developer Profile

Parcel2Go Shipping Developer Profile

parcel2go

1 plugin · 100 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Parcel2Go Shipping

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/parcel2go-shipping/public/couriers/wp-content/plugins/parcel2go-shipping/build/index.css/wp-content/plugins/parcel2go-shipping/build/index.js
Script Paths
/wp-content/plugins/parcel2go-shipping/build/index.js
Version Parameters
parcel2go-shipping/build/index.css?ver=parcel2go-shipping/build/index.js?ver=

HTML / DOM Fingerprints

CSS Classes
p2g-order-cardparcel2go-shipping-settings
HTML Comments
<!-- Parcel2Go Shipping Meta Box --><!-- Order card for Parcel2Go Shipping -->
Data Attributes
data-order-iddata-p2g-tracking-urldata-p2g-booking-url
JS Globals
parcel2go_shipping_optionsparcel2go_shipping_config
REST Endpoints
/wp-json/parcel2go-shipping/v1/orders/wp-json/parcel2go-shipping/v1/quotes/wp-json/parcel2go-shipping/v1/countries/wp-json/parcel2go-shipping/v1/dropshops/wp-json/parcel2go-shipping/v1/checkout/wp-json/parcel2go-shipping/v1/payment/wp-json/parcel2go-shipping/v1/settings
FAQ

Frequently Asked Questions about Parcel2Go Shipping