WP-Safety

Pósturinn\'s Shipping with WooCommerce Security & Risk Analysis

wordpress.org/plugins/posturinn

Pósturinn Shipping with WooCommerce is a plugin that adds support to WooCommerce for Pósturinn postal service.

500 active installs v1.4.7 PHP 7.4+ WP 4.3+ Updated Nov 5, 2025
icelandic-post-shippingposturinnshippingshipping-rateswoocommerce
99
A · Safe
CVEs total1
Unpatched0
Last CVEJan 6, 2025
Download
Safety Verdict

Is Pósturinn\'s Shipping with WooCommerce Safe to Use in 2026?

Generally Safe

Score 99/100

Pósturinn\'s Shipping with WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jan 6, 2025Updated 4mo ago
Risk Assessment

The 'posturinn' plugin exhibits a mixed security posture. While it demonstrates good practices in database interaction by using prepared statements for all SQL queries and has no currently unpatched vulnerabilities, there are significant concerns regarding its attack surface and input sanitization. The plugin exposes 14 AJAX handlers, with a concerning 6 of them lacking authentication checks, creating a substantial entry point for unauthorized actions. Furthermore, the taint analysis reveals that all 14 analyzed flows involve unsanitized paths, indicating a high potential for vulnerabilities like Cross-Site Scripting (XSS) or other input manipulation attacks, despite no critical or high severity taint flows being flagged in this specific analysis. The vulnerability history, including a past medium severity XSS vulnerability, suggests a recurring pattern of input sanitization issues that need careful attention. Overall, while the plugin's database security is solid, the exposed AJAX endpoints and the prevalence of unsanitized input paths present a notable risk that requires immediate mitigation.

Key Concerns

  • Unprotected AJAX handlers
  • Taint flows with unsanitized paths
  • Medium severity vulnerability history
  • Output escaping only 70% proper
  • Missing nonce checks on AJAX
  • Capability checks only 2
Vulnerabilities
1

Pósturinn\'s Shipping with WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2024-11815medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Pósturinn\'s Shipping with WooCommerce <= 1.3.1 - Reflected Cross-Site Scripting

Jan 6, 2025 Patched in 1.3.3 (5d)
Code Analysis
Analyzed Mar 16, 2026

Pósturinn\'s Shipping with WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
116
269 escaped
Nonce Checks
6
Capability Checks
2
File Operations
8
External Requests
26
Bundled Libraries
0

Output Escaping

70% escaped385 total outputs
Data Flows
14 unsanitized

Data Flow Analysis

14 flows14 with unsanitized paths
admin_notice_bar (inc\admin.class.php:69)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
6 unprotected

Pósturinn\'s Shipping with WooCommerce Attack Surface

Entry Points14
Unprotected6

AJAX Handlers 14

authwp_ajax_postis_create_shipment_actioninc\admin.class.php:31
authwp_ajax_postis_show_shipmentinc\admin.class.php:33
authwp_ajax_postis_shipment_optionsinc\admin.class.php:37
authwp_ajax_postis_get_postboxes_for_blocksinc\blocks-support.php:108
noprivwp_ajax_postis_get_postboxes_for_blocksinc\blocks-support.php:109
authwp_ajax_postis_get_parcelpoints_for_blocksinc\blocks-support.php:184
noprivwp_ajax_postis_get_parcelpoints_for_blocksinc\blocks-support.php:185
authwp_ajax_postis_create_shipment_actioninc_hpos\admin.class.php:34
authwp_ajax_postis_show_shipmentinc_hpos\admin.class.php:36
authwp_ajax_postis_shipment_optionsinc_hpos\admin.class.php:40
authwp_ajax_postis_get_postboxes_for_blocksinc_hpos\blocks-support.php:108
noprivwp_ajax_postis_get_postboxes_for_blocksinc_hpos\blocks-support.php:109
authwp_ajax_postis_get_parcelpoints_for_blocksinc_hpos\blocks-support.php:184
noprivwp_ajax_postis_get_parcelpoints_for_blocksinc_hpos\blocks-support.php:185
WordPress Hooks 75
filtermanage_edit-shop_order_columnsinc\admin.class.php:26
filtermanage_shop_order_posts_custom_columninc\admin.class.php:27
actionadmin_enqueue_scriptsinc\admin.class.php:29
actionadmin_post_postis_delete_shipmentinc\admin.class.php:35
actionadmin_post_postis_pdf_actioninc\admin.class.php:39
actionadmin_initinc\admin.class.php:41
filterbulk_actions-edit-shop_orderinc\admin.class.php:43
filterhandle_bulk_actions-edit-shop_orderinc\admin.class.php:44
actionwoocommerce_product_options_shippinginc\admin.class.php:46
actionwoocommerce_process_product_metainc\admin.class.php:48
actionrestrict_manage_postsinc\admin.class.php:52
filterrequestinc\admin.class.php:54
actionadmin_noticesinc\admin.class.php:58
actionwoocommerce_order_status_changedinc\admin.class.php:61
actionadmin_noticesinc\admin.class.php:64
actionadmin_post_postis_bulk_pdfinc\admin.class.php:65
filterwp_mail_frominc\admin.class.php:1170
filterwp_mail_from_nameinc\admin.class.php:1173
actionwoocommerce_blocks_loadedinc\blocks-support.php:7
actionwoocommerce_blocks_checkout_block_registrationinc\blocks-support.php:12
actionwp_enqueue_scriptsinc\blocks-support.php:70
actioninitinc\blocks-support.php:216
actionwoocommerce_checkout_update_order_metainc\blocks-support.php:220
actionwoocommerce_checkout_order_processedinc\blocks-support.php:221
actionwoocommerce_new_orderinc\blocks-support.php:222
actionwoocommerce_store_api_checkout_update_order_from_requestinc\blocks-support.php:225
filterwoocommerce_billing_fieldsinc\checkout-fields.class.php:24
actionwoocommerce_checkout_processinc\checkout-fields.class.php:28
actionwoocommerce_checkout_update_order_metainc\checkout-fields.class.php:33
actionwoocommerce_before_order_itemmetainc\functions.php:267
filterwoocommerce_package_ratesinc\postis.class.php:54
filterwoocommerce_cart_shipping_method_full_labelinc\postis.class.php:56
filtermanage_woocommerce_page_wc-orders_columnsinc_hpos\admin.class.php:29
filtermanage_woocommerce_page_wc-orders_custom_columninc_hpos\admin.class.php:30
actionadmin_enqueue_scriptsinc_hpos\admin.class.php:32
actionadmin_post_postis_delete_shipmentinc_hpos\admin.class.php:38
actionadmin_post_postis_pdf_actioninc_hpos\admin.class.php:42
actionadmin_initinc_hpos\admin.class.php:44
filterbulk_actions-woocommerce_page_wc-ordersinc_hpos\admin.class.php:46
filterhandle_bulk_actions-woocommerce_page_wc-ordersinc_hpos\admin.class.php:47
actionwoocommerce_product_options_shippinginc_hpos\admin.class.php:49
actionwoocommerce_process_product_metainc_hpos\admin.class.php:51
actionrestrict_manage_postsinc_hpos\admin.class.php:55
filterrequestinc_hpos\admin.class.php:57
actionadmin_noticesinc_hpos\admin.class.php:61
actionwoocommerce_order_status_changedinc_hpos\admin.class.php:64
actionadmin_noticesinc_hpos\admin.class.php:67
actionadmin_post_postis_bulk_pdfinc_hpos\admin.class.php:68
filterwp_mail_frominc_hpos\admin.class.php:1204
filterwp_mail_from_nameinc_hpos\admin.class.php:1207
actionwoocommerce_blocks_loadedinc_hpos\blocks-support.php:7
actionwoocommerce_blocks_checkout_block_registrationinc_hpos\blocks-support.php:12
actionwp_enqueue_scriptsinc_hpos\blocks-support.php:70
actioninitinc_hpos\blocks-support.php:216
actionwoocommerce_checkout_update_order_metainc_hpos\blocks-support.php:220
actionwoocommerce_checkout_order_processedinc_hpos\blocks-support.php:221
actionwoocommerce_new_orderinc_hpos\blocks-support.php:222
actionwoocommerce_store_api_checkout_update_order_from_requestinc_hpos\blocks-support.php:225
filterwoocommerce_billing_fieldsinc_hpos\checkout-fields.class.php:24
actionwoocommerce_checkout_processinc_hpos\checkout-fields.class.php:28
actionwoocommerce_checkout_update_order_metainc_hpos\checkout-fields.class.php:33
actionwoocommerce_before_order_itemmetainc_hpos\functions.php:267
filterwoocommerce_package_ratesinc_hpos\postis.class.php:54
filterwoocommerce_cart_shipping_method_full_labelinc_hpos\postis.class.php:56
actionbefore_woocommerce_initwc-posturinn-shipping-api.php:22
actionplugins_loadedwc-posturinn-shipping-api.php:55
actioninitwc-posturinn-shipping-api.php:76
actionwoocommerce_shipping_initwc-posturinn-shipping-api.php:78
filterwoocommerce_shipping_methodswc-posturinn-shipping-api.php:80
actionwoocommerce_review_order_after_shippingwc-posturinn-shipping-api.php:82
actionwp_enqueue_scriptswc-posturinn-shipping-api.php:84
actionwoocommerce_after_checkout_formwc-posturinn-shipping-api.php:88
filterhttp_request_argswc-posturinn-shipping-api.php:94
filterwoocommerce_package_rateswc-posturinn-shipping-api.php:96
actionplugins_loadedwc-posturinn-shipping-api.php:246
Maintenance & Trust

Pósturinn\'s Shipping with WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedNov 5, 2025
PHP min version7.4
Downloads16K

Community Trust

Rating0/100
Number of ratings0
Active installs500
Alternatives

Pósturinn\'s Shipping with WooCommerce Alternatives

Printful Integration for WooCommerce

Printful Integration for WooCommerce

printful-shipping-for-woocommerce

A
98

Grow your store with the top print-on-demand dropshipping plugin

50K 2 CVEs
WC Hide Shipping Methods

WC Hide Shipping Methods

wc-hide-shipping-methods

A
100

This plugin automatically hides all other shipping methods when "Free Shipping" is available, while allowing you to retain "Local Picku &hellip;

20K No CVEs
Gelato Integration for WooCommerce

Gelato Integration for WooCommerce

gelato-integration-for-woocommerce

A
92

Sell globally, print locally with 100+ production hubs in 32 countries

5K No CVEs
Sendcloud Shipping

Sendcloud Shipping

sendcloud-connected-shipping

A
100

SendCloud helps to grow your online store by optimizing the shipping process. Shipping packages has never been that easy!

4K No CVEs
PiWeb Flat rate / Conditional shipping for WooCommerce

PiWeb Flat rate / Conditional shipping for WooCommerce

advanced-free-flat-shipping-woocommerce

A
100

WooCommerce conditional shipping & WooCommerce Advanced Flat rate shipping rates plugin to Create Advanced Flat rate shipping or Free shipping met &hellip;

2K 1 CVE
Developer Profile

Pósturinn\'s Shipping with WooCommerce Developer Profile

posturinn

1 plugin · 500 total installs

99
trust score
Avg Security Score
99/100
Avg Patch Time
5 days
View full developer profile
Detection Fingerprints

How We Detect Pósturinn\'s Shipping with WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/posturinn/assets/css/posturinn-checkout.css/wp-content/plugins/posturinn/assets/js/posturinn-checkout.js
Script Paths
/wp-content/plugins/posturinn/assets/js/posturinn-checkout.js
Version Parameters
posturinn/assets/css/posturinn-checkout.css?ver=posturinn/assets/js/posturinn-checkout.js?ver=

HTML / DOM Fingerprints

CSS Classes
posturinn-shipping-field
Data Attributes
data-postis-id
JS Globals
postis_checkout_params
FAQ

Frequently Asked Questions about Pósturinn\'s Shipping with WooCommerce