WP-Safety

ParcelWILL (Formerly ParcelPanel) – Shipment Tracking, Tracking & Order Tracking for WooCommerce Security & Risk Analysis

wordpress.org/plugins/parcelpanel

Free Plan Available. Order Tracking, Shipment Tracking. The best WooCommerce Order Tracker for Track Order Status & Delivery Notifications

8K active installs v4.5.5 PHP 7.2+ WP 5.8+ Updated Feb 11, 2026
order-trackingshipment-trackingtrack-ordertrackingwoocommerce-shipment-tracking
96
A · Safe
CVEs total2
Unpatched0
Last CVEAug 7, 2024
Plugin page Download
Safety Verdict

Is ParcelWILL (Formerly ParcelPanel) – Shipment Tracking, Tracking & Order Tracking for WooCommerce Safe to Use in 2026?

Generally Safe

Score 96/100

ParcelWILL (Formerly ParcelPanel) – Shipment Tracking, Tracking & Order Tracking for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Aug 7, 2024Updated 1mo ago
Risk Assessment

The Parcel Panel plugin, version 4.5.5, presents a mixed security posture. On the positive side, it demonstrates good practices in several areas, including a high percentage of SQL queries using prepared statements and properly escaped output. The use of nonces and capability checks is also present. However, significant concerns arise from the substantial attack surface exposed through AJAX handlers, with more than half of them lacking authentication checks. Furthermore, the taint analysis revealed four high-severity flows with unsanitized paths, indicating potential for attackers to exploit these vulnerabilities. The plugin's vulnerability history is also a notable weakness, with two known CVEs, including a past critical SQL injection and cross-site scripting vulnerability. While these are currently unpatched, the recurrence of these vulnerability types suggests a persistent risk in how user input is handled. Overall, while the plugin employs some strong security measures, the critical issues in its attack surface management and input sanitization, coupled with its vulnerability history, necessitate a cautious approach.

Key Concerns

  • Unprotected AJAX handlers
  • High severity unsanitized taint flows
  • Past critical SQL injection CVE
  • Past XSS CVE
Vulnerabilities
2

ParcelWILL (Formerly ParcelPanel) – Shipment Tracking, Tracking & Order Tracking for WooCommerce Security Vulnerabilities

CVEs by Year

2 CVEs in 2024
2024
Patched Has unpatched

Severity Breakdown

Critical
1
Medium
1

2 total CVEs

CVE-2024-43163medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ParcelPanel <= 4.3.2 - Reflected Cross-Site Scripting

Aug 7, 2024 Patched in 4.3.3 (8d)
CVE-2024-34412critical · 9.9Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Shipment Tracking, Tracking, and Order Tracking for WooCommerce – ParcelPanel (Free to install) <= 3.8.2 - Authenticated (Subscriber+) SQL Injection

May 6, 2024 Patched in 3.9.0 (2d)
Code Analysis
Analyzed Mar 16, 2026

ParcelWILL (Formerly ParcelPanel) – Shipment Tracking, Tracking & Order Tracking for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
12
164 prepared
Unescaped Output
28
374 escaped
Nonce Checks
23
Capability Checks
8
File Operations
2
External Requests
2
Bundled Libraries
1

Bundled Libraries

Lodash

SQL Query Safety

93% prepared176 total queries

Output Escaping

93% escaped402 total outputs
Data Flows
4 unsanitized

Data Flow Analysis

10 flows4 with unsanitized paths
checkoutGetPro (includes\ParcelPanel.php:449)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
11 unprotected

ParcelWILL (Formerly ParcelPanel) – Shipment Tracking, Tracking & Order Tracking for WooCommerce Attack Surface

Entry Points22
Unprotected11

AJAX Handlers 21

authwp_ajax_pp_product_checkoutincludes\ParcelPanel.php:1146
authwp_ajax_pp_feedback_confirmincludes\ParcelPanel.php:1151
authwp_ajax_pp_deactivate_surveyincludes\ParcelPanel.php:1152
authwp_ajax_pp_shipment_item_saveincludes\ParcelPanel.php:1154
authwp_ajax_pp_get_tracking_itemsincludes\ParcelPanel.php:1155
authwp_ajax_pp_delete_tracking_itemincludes\ParcelPanel.php:1156
authwp_ajax_pp_check_first_syncincludes\ParcelPanel.php:1158
authwp_ajax_pp_upload_csvincludes\ParcelPanel.php:1160
authwp_ajax_pp_mapping_items_csvincludes\ParcelPanel.php:1161
authwp_ajax_pp_import_csvincludes\ParcelPanel.php:1162
authwp_ajax_pp_tracking_number_import_recordincludes\ParcelPanel.php:1163
authwp_ajax_pp_get_current_userincludes\ParcelPanel.php:1164
authwp_ajax_pp_get_categories_and_tagsincludes\ParcelPanel.php:1165
authwp_ajax_pp_get_product_listsincludes\ParcelPanel.php:1166
noprivwp_ajax_pp_tracking_infoincludes\ParcelPanel.php:1169
authwp_ajax_pp_tracking_infoincludes\ParcelPanel.php:1171
authwp_ajax_pp_connectincludes\ParcelPanel.php:1174
authwp_ajax_pp_version_upgradeincludes\ParcelPanel.php:1175
authwp_ajax_pp_popup_actionincludes\ParcelPanel.php:1176
authwp_ajax_pp_live_chat_connectincludes\ParcelPanel.php:1178
authwp_ajax_pp_live_chat_disableincludes\ParcelPanel.php:1179

Shortcodes 1

[pp-track-page] includes\ParcelPanel.php:1340
WordPress Hooks 100
filterparcelpanel_csv_tracking_number_import_mapped_columnsincludes\Action\TrackingNumber.php:44
actionwp_footerincludes\Action\UserTrackPage.php:1219
actionparcelpanel_shipment_status_delivered_notificationincludes\Emails\WC_Email_Customer_PP_Delivered.php:14
actionparcelpanel_shipment_status_exception_notificationincludes\Emails\WC_Email_Customer_PP_Exception.php:14
actionparcelpanel_shipment_status_failed_attempt_notificationincludes\Emails\WC_Email_Customer_PP_Failed_Attempt.php:14
actionparcelpanel_shipment_status_undelivered_notificationincludes\Emails\WC_Email_Customer_PP_Failed_Attempt.php:15
actionparcelpanel_shipment_status_in_transit_notificationincludes\Emails\WC_Email_Customer_PP_In_Transit.php:14
actionparcelpanel_shipment_status_transit_notificationincludes\Emails\WC_Email_Customer_PP_In_Transit.php:15
actionparcelpanel_shipment_status_out_for_delivery_notificationincludes\Emails\WC_Email_Customer_PP_Out_For_Delivery.php:14
actionparcelpanel_shipment_status_pickup_notificationincludes\Emails\WC_Email_Customer_PP_Out_For_Delivery.php:15
actionwoocommerce_order_status_partial-shipped_notificationincludes\Emails\WC_Email_Customer_PP_Partial_Shipped_Order.php:14
actionwoocommerce_order_status_shipped_notificationincludes\Emails\WC_Email_Customer_PP_Shipped_Order.php:14
actionallincludes\Libs\HooksTracker.php:11
actionshutdownincludes\Libs\HooksTracker.php:13
actionactivated_pluginincludes\ParcelPanel.php:214
actiondeactivated_pluginincludes\ParcelPanel.php:217
actionupgrader_process_completeincludes\ParcelPanel.php:220
actioninitincludes\ParcelPanel.php:226
actionadmin_noticesincludes\ParcelPanel.php:228
actionadmin_menuincludes\ParcelPanel.php:231
actionadmin_initincludes\ParcelPanel.php:233
actionadmin_initincludes\ParcelPanel.php:236
actionadmin_initincludes\ParcelPanel.php:238
actionadmin_initincludes\ParcelPanel.php:241
filterset_screen_option_parcelpanel_page_pp_shipments_per_pageincludes\ParcelPanel.php:243
actionrest_api_initincludes\ParcelPanel.php:245
filterrest_authentication_errorsincludes\ParcelPanel.php:247
filterrest_authentication_errorsincludes\ParcelPanel.php:248
actionwoocommerce_email_before_order_tableincludes\ParcelPanel.php:251
actionparcelpanel_email_order_detailsincludes\ParcelPanel.php:252
actionadmin_footerincludes\ParcelPanel.php:255
actionadmin_footerincludes\ParcelPanel.php:256
actionpost_updatedincludes\ParcelPanel.php:258
actionadd_meta_boxesincludes\ParcelPanel.php:261
actionwoocommerce_process_shop_order_metaincludes\ParcelPanel.php:263
actionwoocommerce_new_orderincludes\ParcelPanel.php:266
actionwoocommerce_update_orderincludes\ParcelPanel.php:267
actiondeleted_postincludes\ParcelPanel.php:269
actionwoocommerce_delete_orderincludes\ParcelPanel.php:271
actionwoocommerce_trash_orderincludes\ParcelPanel.php:273
filterwoocommerce_email_classesincludes\ParcelPanel.php:276
filterwoocommerce_email_actionsincludes\ParcelPanel.php:277
actionrestrict_manage_postsincludes\ParcelPanel.php:280
filterrequestincludes\ParcelPanel.php:281
filtermanage_edit-shop_order_columnsincludes\ParcelPanel.php:284
actionmanage_shop_order_posts_custom_columnincludes\ParcelPanel.php:285
actionwoocommerce_order_list_table_restrict_manage_ordersincludes\ParcelPanel.php:288
filterwoocommerce_order_list_table_prepare_items_query_argsincludes\ParcelPanel.php:289
filtermanage_woocommerce_page_wc-orders_columnsincludes\ParcelPanel.php:291
actionmanage_woocommerce_page_wc-orders_custom_columnincludes\ParcelPanel.php:292
filterwoocommerce_register_woocommerce_page_wc-orders_post_statusesincludes\ParcelPanel.php:293
filterbulk_actions-woocommerce_page_wc-ordersincludes\ParcelPanel.php:294
filterbulk_actions-woocommerce_page_wc-ordersincludes\ParcelPanel.php:295
filterwoocommerce_admin_order_actionsincludes\ParcelPanel.php:298
filterwc_order_statusesincludes\ParcelPanel.php:301
filterwoocommerce_register_shop_order_post_statusesincludes\ParcelPanel.php:302
filterbulk_actions-edit-shop_orderincludes\ParcelPanel.php:303
actioninitincludes\ParcelPanel.php:306
filterwc_order_statusesincludes\ParcelPanel.php:308
filterwoocommerce_reports_order_statusesincludes\ParcelPanel.php:310
filterwoocommerce_order_is_paid_statusesincludes\ParcelPanel.php:312
filterwoocommerce_order_is_download_permittedincludes\ParcelPanel.php:313
filterbulk_actions-edit-shop_orderincludes\ParcelPanel.php:315
filterwoocommerce_valid_order_statuses_for_order_againincludes\ParcelPanel.php:317
filterwoocommerce_my_account_my_orders_actionsincludes\ParcelPanel.php:321
actionparcelpanel_tracking_syncincludes\ParcelPanel.php:327
actionparcelpanel_tracking_courier_syncincludes\ParcelPanel.php:330
actionparcelpanel_update_courier_listincludes\ParcelPanel.php:333
actionparcelpanel_order_syncincludes\ParcelPanel.php:336
filterwoocommerce_admin_settings_sanitize_optionincludes\ParcelPanel.php:352
filterwcml_emails_options_to_translateincludes\ParcelPanel.php:357
actionwoocommerce_before_thankyouincludes\ParcelPanel.php:360
filterweglot_get_regex_checkersincludes\ParcelPanel.php:365
filterparcelpanel_order_get_itemsincludes\ParcelPanel.php:370
actionupdated_optionincludes\ParcelPanel.php:374
actionupdate_option_timezone_stringincludes\ParcelPanel.php:377
actionupdate_option_gmt_offsetincludes\ParcelPanel.php:379
actionupdate_option_woocommerce_currencyincludes\ParcelPanel.php:382
filterplugin_localeincludes\ParcelPanel.php:1481
actionplugins_loadedincludes\ParcelPanel.php:1510
actionadmin_enqueue_scriptsincludes\ParcelPanel.php:1675
filterscript_loader_tagincludes\ParcelPanel.php:1766
filteradmin_body_classincludes\ParcelPanel.php:1830
actionadmin_noticesincludes\ParcelPanel.php:2412
actionwoocommerce_before_order_item_object_saveincludes\ParcelPanel.php:3155
actionwoocommerce_after_order_item_object_saveincludes\ParcelPanel.php:3174
actionadded_order_item_metaincludes\ParcelPanel.php:3200
actionupdate_order_item_metaincludes\ParcelPanel.php:3224
actionupdated_order_item_metaincludes\ParcelPanel.php:3259
actionwp_insert_commentincludes\ParcelPanel.php:3287
actionwp_insert_commentincludes\ParcelPanel.php:3352
actionwp_insert_commentincludes\ParcelPanel.php:3370
actionwp_insert_commentincludes\ParcelPanel.php:3390
actionwp_insert_commentincludes\ParcelPanel.php:3408
actionwp_insert_commentincludes\ParcelPanel.php:3426
actionwp_insert_commentincludes\ParcelPanel.php:3444
filterposts_joinincludes\ParcelPanelFunction.php:1013
filterposts_whereincludes\ParcelPanelFunction.php:1014
filterposts_groupbyincludes\ParcelPanelFunction.php:1015
actionbefore_woocommerce_initparcelpanel.php:50

Scheduled Events 1

importer_scheduled_cleanup
Maintenance & Trust

ParcelWILL (Formerly ParcelPanel) – Shipment Tracking, Tracking & Order Tracking for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 11, 2026
PHP min version7.2
Downloads220K

Community Trust

Rating98/100
Number of ratings523
Active installs8K
Alternatives

ParcelWILL (Formerly ParcelPanel) – Shipment Tracking, Tracking & Order Tracking for WooCommerce Alternatives

Orders Tracking for WooCommerce

Orders Tracking for WooCommerce

woo-orders-tracking

A
98

Easily import/manage your tracking numbers, add tracking numbers to PayPal and send email notifications to customers.

10K 3 CVEs
TrackShip for WooCommerce

TrackShip for WooCommerce

trackship-for-woocommerce

A
98

TrackShip auto-tracks orders, adds a branded tracking experience to your store and handles all customer touchpoints from shipping to delivery

7K 2 CVEs
Advanced Shipment Tracking for WooCommerce

Advanced Shipment Tracking for WooCommerce

woo-advanced-shipment-tracking

A
98

Add shipment tracking info to WooCommerce orders, send tracking numbers to customers via email, and let them track deliveries from My Account.

60K 2 CVEs
WPCargo Track & Trace

WPCargo Track & Trace

wpcargo

D
37

WPCargo is a track & trace system for courier, courier script, parcel, balikbayan system, shipment and transportation management system, ideal sol &hellip;

10K 3 unpatched
AfterShip Tracking – All-In-One WooCommerce Order Tracking (Free plan available)

AfterShip Tracking – All-In-One WooCommerce Order Tracking (Free plan available)

aftership-woocommerce-tracking

A
99

Track orders in one place. shipment tracking, automated notifications, order lookup, branded tracking page, delivery day prediction

8K 1 CVE
Developer Profile

ParcelWILL (Formerly ParcelPanel) – Shipment Tracking, Tracking & Order Tracking for WooCommerce Developer Profile

ParcelWILL Development Team

1 plugin · 8K total installs

97
trust score
Avg Security Score
96/100
Avg Patch Time
5 days
View full developer profile
Detection Fingerprints

How We Detect ParcelWILL (Formerly ParcelPanel) – Shipment Tracking, Tracking & Order Tracking for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/parcelpanel/assets/css/parcelpanel-tracking-public.css/wp-content/plugins/parcelpanel/assets/js/parcelpanel-tracking-public.js
Script Paths
/wp-content/plugins/parcelpanel/assets/js/parcelpanel-tracking-public.js
Version Parameters
parcelpanel/style.css?ver=parcelpanel/script.js?ver=

HTML / DOM Fingerprints

CSS Classes
pp-track-page-warppp-main-contentpp-track-statuspp-tracking-history-wrappp-detail-contentpp-detail-content-item
HTML Comments
<!-- Begin Parcel Panel --><!-- End Parcel Panel -->
Data Attributes
data-parcelpanel-iddata-tracking-number
JS Globals
parcelPanel
REST Endpoints
/wp-json/parcelpanel/v1/trackings/wp-json/parcelpanel/v1/product/message/wp-json/parcelpanel/v1/product/add/wp-json/parcelpanel/v1/product/del/wp-json/parcelpanel/v1/product/get
Shortcode Output
[parcelpanel-tracking-form][parcelpanel-tracking-details]
FAQ

Frequently Asked Questions about ParcelWILL (Formerly ParcelPanel) – Shipment Tracking, Tracking & Order Tracking for WooCommerce