Does Postex Advanced Shipping Method have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Postex Advanced Shipping Method compatible with WordPress 6.8.5?

According to WordPress.org data, Postex Advanced Shipping Method 1.0.7 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Postex Advanced Shipping Method compatible with PHP 7.4+?

Postex Advanced Shipping Method requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Postex Advanced Shipping Method updated?

Postex Advanced Shipping Method was last updated on Nov 26, 2025. Frequent updates are generally a positive security signal.

What is Postex Advanced Shipping Method's security score?

Postex Advanced Shipping Method has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Postex Advanced Shipping Method Security & Risk Analysis

wordpress.org/plugins/postex-advanced-shipping-method

.پستکس اولین افزونه حمل‌ونقل ووکامرسی است که به شما امکان می‌دهد تمام فرآیند حمل و نقل، محاسبه هزینه، صدور فاکتور و رهگیری مرسولات را مدیریت کنید.

100 active installs v1.0.7 PHP 7.4+ WP 6.0+ Updated Nov 26, 2025

mahexpostpostexshipping-methodwoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Postex Advanced Shipping Method Safe to Use in 2026?

Generally Safe

Score 100/100

Postex Advanced Shipping Method has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5mo ago

Risk Assessment

The postex-advanced-shipping-method v1.0.7 plugin exhibits a generally good security posture with several strengths. The code analysis shows a strong adherence to secure coding practices, with 100% of SQL queries using prepared statements and 95% of outputs being properly escaped. The presence of nonce checks for all AJAX handlers and a capability check further reinforces this. The lack of any recorded vulnerabilities (CVEs) or critical taint flows is also a positive indicator.

However, a significant concern arises from the presence of one AJAX handler that lacks authentication checks. This creates an exploitable attack vector that could be leveraged by unauthenticated users to trigger unintended functionality. While taint analysis did reveal flows with unsanitized paths, the absence of critical or high severity issues suggests these might be less critical in practice, though still warrant attention.

Overall, the plugin is built with a solid foundation of security best practices, but the single unprotected AJAX endpoint represents a notable weakness. The absence of historical vulnerabilities is reassuring, but the static analysis findings, particularly the unprotected entry point, necessitate a cautious approach. Addressing this specific vulnerability is crucial to significantly improve the plugin's security.

Key Concerns

Unprotected AJAX handler
Flows with unsanitized paths

Vulnerabilities

None known

Postex Advanced Shipping Method Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Postex Advanced Shipping Method Release Timeline

v1.0.7Current

v1.0.6

v1.0.5

v1.0.4

v1.0.3

v1.0.2

v1.0.1

v1.0.0

Code Analysis

Analyzed Mar 17, 2026

Postex Advanced Shipping Method Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

605 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

95% escaped635 total outputs

Data Flows · Security

5 unsanitized

Data Flow Analysis

9 flows5 with unsanitized paths

postex_handle_tracking_api (core\tracking.php:5)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Postex Advanced Shipping Method Attack Surface

Entry Points13

Unprotected1

AJAX Handlers 12

authwp_ajax_postex_get_cities_by_statecore\core.php:307

authwp_ajax_postex_get_shipping_pricescore\core.php:520

authwp_ajax_postex_submit_formcore\core.php:676

authwp_ajax_postex_get_labelcore\core.php:888

authwp_ajax_postex_order_details_modalcore\core.php:900

authwp_ajax_postex_bulk_quote_pricecore\core.php:1146

authwp_ajax_postex_bulk_sendcore\core.php:1193

authwp_ajax_postex_get_excel_exportcore\core.php:1301

authwp_ajax_postex_tracking_apicore\tracking.php:46

noprivwp_ajax_postex_tracking_apicore\tracking.php:47

authwp_ajax_postex_get_parcel_detailscore\woocommerce.php:384

authwp_ajax_postex_deactivation_reasonpostex-advanced-shipping-method.php:131

Shortcodes 1

[postex_tracking_form] core\tracking.php:82

WordPress Hooks 25

actionadmin_noticescore\core.php:119

actionadmin_initcore\general-setting.php:112

actionadmin_noticescore\general-setting.php:115

actionadmin_menucore\menu-pages.php:4

actionelementor/widgets/registercore\tracking.php:85

actionvc_before_initcore\tracking.php:196

actionadmin_post_postex_recharge_walletcore\wallet.php:45

filterwoocommerce_shipping_methodscore\woocommerce.php:22

actionplugins_loadedcore\woocommerce.php:134

actionadmin_initcore\woocommerce.php:144

actiontemplate_redirectcore\woocommerce.php:162

actionwoocommerce_add_to_cartcore\woocommerce.php:191

actionwoocommerce_cart_item_removedcore\woocommerce.php:192

actionwoocommerce_after_cart_item_quantity_updatecore\woocommerce.php:193

actionwoocommerce_cart_emptiedcore\woocommerce.php:194

actionadd_meta_boxescore\woocommerce.php:232

actionadd_meta_boxescore\woocommerce.php:252

actionwoocommerce_update_optionscore\woocommerce.php:448

actionwoocommerce_order_list_table_restrict_manage_orderscore\woocommerce.php:573

filterwoocommerce_order_query_argscore\woocommerce.php:586

actionplugins_loadedpostex-advanced-shipping-method.php:35

actionadmin_initpostex-advanced-shipping-method.php:79

actionadmin_enqueue_scriptspostex-advanced-shipping-method.php:172

actionwp_enqueue_scriptspostex-advanced-shipping-method.php:186

actionupdated_optionpostex-advanced-shipping-method.php:189

Maintenance & Trust

Postex Advanced Shipping Method Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedNov 26, 2025

PHP min version7.4

Downloads2K

Community Trust

Rating100/100

Number of ratings1

Active installs100

Alternatives

Postex Advanced Shipping Method Alternatives

Australia Post WooCommerce Extension

australian-post-woocommerce-extension

100

Australia Post WooCommerce Extension integrates Australia Post with WooCommerce, calculating shipping costs and delivery times for customers.

3K No CVEs

Estonian Shipping Methods for WooCommerce

estonian-shipping-methods-for-woocommerce

Extends WooCommerce with most commonly used Estonian shipping methods. All in one.

2K 1 unpatched

bpost shipping

bpost-shipping

This plugin allows customers to choose their preferred Belgian bpost delivery method when ordering in your Woocommerce webshop.

800 No CVEs

Multi-Carrier EasyPost Shipping Methods & Address Validation for WooCommerce

wc-easypost-shipping

100

EasyPost Shipping plugin for WooCommerce displays live shipping rates at cart / checkout pages.

400 No CVEs

Automated Canada Post – HPOS Supported

a2z-canada-post-automated-shipping

100

Canada Post shipping plugin, integrate seamlessly with Canada Post for real-time shipping rates, label printing, automatic tracking number e-mail gene …

30 No CVEs

Developer Profile

Postex Advanced Shipping Method Developer Profile

postexdevelopers

1 plugin · 100 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Postex Advanced Shipping Method

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/postex-advanced-shipping-method/assets/css/dashboard-style.css/wp-content/plugins/postex-advanced-shipping-method/assets/css/bulk-order.css/wp-content/plugins/postex-advanced-shipping-method/assets/css/jalalidatepicker.min.css/wp-content/plugins/postex-advanced-shipping-method/assets/css/leaflet.css/wp-content/plugins/postex-advanced-shipping-method/assets/js/main.js/wp-content/plugins/postex-advanced-shipping-method/assets/js/jalalidatepicker.min.js/wp-content/plugins/postex-advanced-shipping-method/assets/js/leaflet.js/wp-content/plugins/postex-advanced-shipping-method/assets/js/postex-panel.js+4 more

Script Paths

https://fonts.googleapis.com/css2?family=Vazirmatn:wght@400;700&display=swap

Version Parameters

postex-advanced-shipping-method/assets/css/dashboard-style.css?ver=postex-advanced-shipping-method/assets/css/bulk-order.css?ver=postex-advanced-shipping-method/assets/css/jalalidatepicker.min.css?ver=postex-advanced-shipping-method/assets/css/leaflet.css?ver=postex-advanced-shipping-method/assets/js/main.js?ver=postex-advanced-shipping-method/assets/js/jalalidatepicker.min.js?ver=postex-advanced-shipping-method/assets/js/leaflet.js?ver=postex-advanced-shipping-method/assets/js/postex-panel.js?ver=postex-advanced-shipping-method/assets/css/metabox-style.css?ver=postex-advanced-shipping-method/assets/js/woocommerce-metabox.js?ver=postex-advanced-shipping-method/assets/css/front.css?ver=postex-advanced-shipping-method/assets/js/front.js?ver=

HTML / DOM Fingerprints

CSS Classes

postex-shipping-method-settingspostex-bulk-orderpostex-bulk-order-tablepostex-datepickerpostex-map-containerpostex-order-metaboxpostex-shipping-tracking

Data Attributes

data-postex-api-urldata-postex-nonce

JS Globals

postex_ajax_objectpostex_map

REST Endpoints

/wp-json/postex/v1/settings/wp-json/postex/v1/orders

FAQ