Does Parcelow have any unpatched vulnerabilities?

No. All known vulnerabilities in Parcelow have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Parcelow compatible with WordPress 6.8.5?

According to WordPress.org data, Parcelow 3.3.8 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Parcelow compatible with PHP 7.2+?

Parcelow requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Parcelow updated?

Parcelow was last updated on Sep 23, 2025. Frequent updates are generally a positive security signal.

What is Parcelow's security score?

Parcelow has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Parcelow Security & Risk Analysis

wordpress.org/plugins/parcelow

Payment method that can be easily integrated

10 active installs v3.3.8 PHP 7.2+ WP 5.9+ Updated Sep 23, 2025

credit-cardparcelowpayment-gatewaypixwoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Parcelow Safe to Use in 2026?

Generally Safe

Score 100/100

Parcelow has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6mo ago

Risk Assessment

The "parcelow" v3.3.8 plugin exhibits a mixed security posture. While it avoids dangerous functions, uses prepared statements for all SQL queries, and boasts a high percentage of properly escaped output, several significant security concerns are present. The plugin exposes two AJAX handlers with no authentication or capability checks, representing direct entry points for potential attackers. Furthermore, the taint analysis indicates two flows with unsanitized paths, although these are not classified as critical or high severity. The absence of any recorded vulnerabilities in its history is a positive sign, suggesting a potentially well-maintained codebase or a lack of targeted exploitation. However, this history alone does not mitigate the risks identified in the static analysis.

Key Concerns

AJAX handlers without auth checks
Taint flows with unsanitized paths
No nonce checks on AJAX handlers
No capability checks on AJAX handlers

Vulnerabilities

None known

Parcelow Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Parcelow Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

109 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

89% escaped122 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

wcppa_carrega_ajax (woo-parcelow.php:394)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Parcelow Attack Surface

Entry Points2

Unprotected2

AJAX Handlers 2

authwp_ajax_wcppa_carrega_ajaxwoo-parcelow.php:391

noprivwp_ajax_wcppa_carrega_ajaxwoo-parcelow.php:392

WordPress Hooks 37

actionbefore_woocommerce_initwoo-parcelow.php:41

filterinitwoo-parcelow.php:59

filterwc_order_statuseswoo-parcelow.php:67

filterinitwoo-parcelow.php:82

filterwc_order_statuseswoo-parcelow.php:89

filterinitwoo-parcelow.php:104

filterwc_order_statuseswoo-parcelow.php:111

filterinitwoo-parcelow.php:126

filterwc_order_statuseswoo-parcelow.php:133

filterinitwoo-parcelow.php:148

filterwc_order_statuseswoo-parcelow.php:155

filterinitwoo-parcelow.php:170

filterwc_order_statuseswoo-parcelow.php:177

filterinitwoo-parcelow.php:192

filterwc_order_statuseswoo-parcelow.php:199

filterinitwoo-parcelow.php:214

filterwc_order_statuseswoo-parcelow.php:221

filterinitwoo-parcelow.php:237

filterwc_order_statuseswoo-parcelow.php:244

filterinitwoo-parcelow.php:262

filterwc_order_statuseswoo-parcelow.php:269

actioninitwoo-parcelow.php:293

filterwc_order_statuseswoo-parcelow.php:301

filterwoocommerce_checkout_fieldswoo-parcelow.php:307

filterwoocommerce_billing_fieldswoo-parcelow.php:324

filterwoocommerce_payment_gatewayswoo-parcelow.php:348

actionplugins_loadedwoo-parcelow.php:367

actionwp_enqueue_scriptswoo-parcelow.php:388

actionwoocommerce_api_parcelow_webhookwoo-parcelow.php:1238

actionwoocommerce_webhook_process_deliverywoo-parcelow.php:1299

actioninitwoo-parcelow.php:1939

actionwp_headwoo-parcelow.php:2006

actionwoocommerce_product_options_general_product_datawoo-parcelow.php:2103

actionwoocommerce_process_product_metawoo-parcelow.php:2120

filterwoocommerce_get_price_htmlwoo-parcelow.php:2123

filterwoocommerce_proceed_to_checkoutwoo-parcelow.php:2811

filterwoocommerce_checkout_terms_and_conditionswoo-parcelow.php:2812

Maintenance & Trust

Parcelow Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedSep 23, 2025

PHP min version7.2

Downloads4K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Parcelow Alternatives

FatoriPay Gateway for WooCommerce

fatoripay-gateway-for-woocommerce

100

FatoriPay Gateway for WooCommerce integrates seamlessly with your store to process payments through Pix (instant payments), Boleto bancário, and Credi …

0 No CVEs