WP-Safety

Enterprise Shipping for Pitney Bowes Security & Risk Analysis

wordpress.org/plugins/pb-shipping

A streamlined US shipping solution for WooCommerce and Pitney Bowes.

10 active installs v5.0.24 PHP + WP 4.6+ Updated Jan 9, 2026
labellive-ratespitney-bowesshippingwoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Enterprise Shipping for Pitney Bowes Safe to Use in 2026?

Generally Safe

Score 100/100

Enterprise Shipping for Pitney Bowes has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago
Risk Assessment

The "pb-shipping" plugin v5.0.24 exhibits a mixed security posture. While it demonstrates good practices like using prepared statements for all SQL queries and implementing a substantial number of capability checks (25) and nonces (5), there are significant concerns. The presence of 7 instances of the `unserialize` function is a major red flag, as this function is notoriously vulnerable to remote code execution if used with untrusted input. Furthermore, the taint analysis indicates 5 flows with unsanitized paths, although thankfully none reached a critical or high severity level in this analysis.

The plugin's vulnerability history is clean, with zero recorded CVEs. This is a positive sign and suggests the developers have a history of producing secure code or have diligently addressed any past issues. However, the absence of past vulnerabilities should not overshadow the identified risks within the current codebase. The low percentage of properly escaped output (34%) is another area of concern, increasing the risk of cross-site scripting (XSS) vulnerabilities, although no specific taint flows leading to XSS were identified as critical.

In conclusion, while the plugin benefits from strong SQL practices and a clean vulnerability record, the heavy reliance on `unserialize` and the presence of unsanitized paths in taint flows present tangible risks. The low output escaping rate also warrants attention. The plugin is not inherently insecure due to its vulnerability history, but the identified code signals require immediate attention to mitigate potential threats.

Key Concerns

  • Dangerous function 'unserialize' used
  • Taint flows with unsanitized paths found
  • Low percentage of properly escaped output
Vulnerabilities
None known

Enterprise Shipping for Pitney Bowes Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Enterprise Shipping for Pitney Bowes Code Analysis

Dangerous Functions
7
Raw SQL Queries
0
1 prepared
Unescaped Output
229
117 escaped
Nonce Checks
5
Capability Checks
25
File Operations
4
External Requests
2
Bundled Libraries
0

Dangerous Functions Found

unserialize$method_title=unserialize($m->meta)['title'];pb_functions.php:363
unserializeif(!is_array($array)) $array=unserialize($array);pb_functions.php:1459
unserialize$lm=unserialize($lm);pb_functions.php:1896
unserialize$msg=unserialize($msg);pb_functions.php:2055
unserialize$msg=unserialize($msg);pb_functions.php:2105
unserialize$lm=unserialize($lm);pb_report.php:151
unserialize$lm=unserialize($lm);pb_report.php:292

SQL Query Safety

100% prepared1 total queries

Output Escaping

34% escaped346 total outputs
Data Flows
5 unsanitized

Data Flow Analysis

11 flows5 with unsanitized paths
espb_admin (pb_admin.php:3)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Enterprise Shipping for Pitney Bowes Attack Surface

Entry Points1
Unprotected0

AJAX Handlers 1

authwp_ajax_pb_latest_orderpb_functions.php:744
WordPress Hooks 18
actionactivated_pluginpb_functions.php:20
actionadmin_headpb_functions.php:31
actionadmin_initpb_functions.php:63
actionadmin_menupb_functions.php:74
actionadmin_footerpb_functions.php:92
actionbefore_woocommerce_initpb_functions.php:139
filterwoocommerce_package_ratespb_functions.php:456
filtertransient_shipping-transient-versionpb_functions.php:457
actionwoocommerce_checkout_order_processedpb_functions.php:520
actionadmin_noticespb_functions.php:647
actionadmin_initpb_functions.php:649
actionadmin_footerpb_functions.php:711
actionwoocommerce_thankyoupb_functions.php:739
actionwp_loadedpb_functions.php:2005
actionwp_loadedpb_functions.php:2059
actionwp_loadedpb_functions.php:2111
actionwp_footerpb_functions.php:2223
actionwp_footerpb_functions.php:2225
Maintenance & Trust

Enterprise Shipping for Pitney Bowes Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 9, 2026
PHP min version
Downloads5K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Enterprise Shipping for Pitney Bowes Alternatives

WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes & Shipping Labels

WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes & Shipping Labels

print-invoices-packing-slip-labels-for-woocommerce

A
96

Auto-generate and attach WooCommerce PDF invoices and packing slips to order emails with customizable templates & bulk print options.

60K 6 CVEs
WooCommerce Shipping

WooCommerce Shipping

woocommerce-shipping

A
100

A free shipping plugin for US merchants to print discounted shipping labels and compare live label rates directly from your WooCommerce dashboard.

60K No CVEs
USPS Simple Shipping for Woocommerce

USPS Simple Shipping for Woocommerce

woo-usps-simple-shipping

A
100

USPS Simple provides real-time USPS domestic rates.

8K No CVEs
Shipping Live Rates and Access Points for UPS for WooCommerce

Shipping Live Rates and Access Points for UPS for WooCommerce

flexible-shipping-ups

A
99

Provide auto-calculated UPS rates and Access Point options. Easy 5-minute setup. Show real prices and nearest pickup points at WooCommerce checkout.

7K 2 CVEs
PostNL for WooCommerce

PostNL for WooCommerce

woo-postnl

A
100

The official PostNL plugin allows you to automate your e-commerce order process. Covering shipping services from PostNL Netherlands and Belgium.

3K No CVEs
Developer Profile

Enterprise Shipping for Pitney Bowes Developer Profile

RLDD

8 plugins · 5K total installs

93
trust score
Avg Security Score
99/100
Avg Patch Time
8 days
View full developer profile
Detection Fingerprints

How We Detect Enterprise Shipping for Pitney Bowes

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/pb-shipping/pb-admin.css/wp-content/plugins/pb-shipping/pb-ship.css/wp-content/plugins/pb-shipping/pb-report.css/wp-content/plugins/pb-shipping/pb-queue.css/wp-content/plugins/pb-shipping/pb-admin.js/wp-content/plugins/pb-shipping/pb-ship.js/wp-content/plugins/pb-shipping/pb-report.js/wp-content/plugins/pb-shipping/pb-queue.js
Script Paths
/wp-content/plugins/pb-shipping/pb-admin.js/wp-content/plugins/pb-shipping/pb-ship.js/wp-content/plugins/pb-shipping/pb-report.js/wp-content/plugins/pb-shipping/pb-queue.js
Version Parameters
pb-shipping/pb-admin.css?ver=pb-shipping/pb-ship.css?ver=pb-shipping/pb-report.css?ver=pb-shipping/pb-queue.css?ver=pb-shipping/pb-admin.js?ver=pb-shipping/pb-ship.js?ver=pb-shipping/pb-report.js?ver=pb-shipping/pb-queue.js?ver=

HTML / DOM Fingerprints

CSS Classes
pb_settings_wrappb-admin-fieldpb-ship-wrappb-report-wrappb-queue-wrap
HTML Comments
<!-- Enterprise Shipping for Pitney Bowes --><!-- begin pb_admin.php --><!-- begin pb_ship.php --><!-- begin pb_report.php -->+1 more
Data Attributes
data-pb-noncedata-pb-optiondata-pb-id
JS Globals
pb_shipping_ajax_urlpb_shipping_nonce
REST Endpoints
/wp-json/pb-shipping/v1/settings/wp-json/pb-shipping/v1/shipment/wp-json/pb-shipping/v1/rates/wp-json/pb-shipping/v1/manifest/wp-json/pb-shipping/v1/queue/wp-json/pb-shipping/v1/reports
Shortcode Output
[pb_shipping_calculator][pb_shipping_tracker][pb_shipping_label]
FAQ

Frequently Asked Questions about Enterprise Shipping for Pitney Bowes