WP-Safety

Printful Integration for WooCommerce Security & Risk Analysis

wordpress.org/plugins/printful-shipping-for-woocommerce

Grow your store with the top print-on-demand dropshipping plugin

50K active installs v2.2.12 PHP 5.6+ WP 5.3+ Updated Jan 14, 2026
drop-shippingprintfulshippingshipping-rateswoocommerce
98
A · Safe
CVEs total2
Unpatched0
Last CVEFeb 18, 2026
Plugin page Download
Safety Verdict

Is Printful Integration for WooCommerce Safe to Use in 2026?

Generally Safe

Score 98/100

Printful Integration for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Feb 18, 2026Updated 2mo ago
Risk Assessment

The 'printful-shipping-for-woocommerce' plugin version 2.2.12 exhibits a mixed security posture. While it demonstrates good practices in terms of SQL query preparation (80% prepared) and output escaping (95% proper), there are significant concerns regarding its attack surface. A large portion of its AJAX handlers (9 out of 9) lack authentication checks, presenting a direct pathway for unauthenticated attackers to interact with the plugin's functionality. The absence of taint analysis results for critical or high severity issues is a positive sign, suggesting no immediately obvious exploitable data flows were found in this analysis.

The vulnerability history reveals a concerning pattern of past vulnerabilities, specifically Server-Side Request Forgery (SSRF) and Missing Authorization, with two medium-severity CVEs recorded. Although none are currently unpatched, the recurring nature of these vulnerability types suggests potential underlying architectural weaknesses that could resurface in future versions or be triggered by specific input combinations. The last vulnerability being in 2026 suggests the data might be from a future perspective, but the pattern remains.

In conclusion, the plugin has strengths in its handling of SQL and output, but the substantial number of unprotected AJAX endpoints is a major weakness that needs immediate attention. The historical vulnerability types also warrant caution, indicating a need for continued vigilance and robust security practices in development. While not currently presenting critical immediate threats based on the static analysis, the potential for exploitation due to exposed AJAX functionality is significant.

Key Concerns

  • 9 AJAX handlers without auth checks
  • 2 medium severity CVEs in vulnerability history
  • History of SSRF and Missing Authorization vulns
Vulnerabilities
2

Printful Integration for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2025-12375medium · 6.4Server-Side Request Forgery (SSRF)

Printful Integration for WooCommerce <= 2.2.11 - Authenticated (Contributor+) Server-Side Request Forgery

Feb 18, 2026 Patched in 2.2.12 (1d)
CVE-2022-47168medium · 4.3Missing Authorization

Printful Integration for WooCommerce <= 2.2.2 - Cross-Site Request Forgery

Aug 11, 2023 Patched in 2.2.3 (165d)
Code Analysis
Analyzed Mar 16, 2026

Printful Integration for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
8 prepared
Unescaped Output
10
182 escaped
Nonce Checks
11
Capability Checks
3
File Operations
6
External Requests
5
Bundled Libraries
0

SQL Query Safety

80% prepared10 total queries

Output Escaping

95% escaped192 total outputs
Attack Surface
9 unprotected

Printful Integration for WooCommerce Attack Surface

Entry Points9
Unprotected9

AJAX Handlers 9

authwp_ajax_printful_customized_thumbincludes\class-printful-customizer.php:26
noprivwp_ajax_printful_customized_thumbincludes\class-printful-customizer.php:27
authwp_ajax_save_printful_settingsprintful-shipping.php:88
authwp_ajax_ajax_force_check_connect_statusprintful-shipping.php:89
authwp_ajax_get_printful_statsprintful-shipping.php:90
authwp_ajax_get_printful_ordersprintful-shipping.php:91
authwp_ajax_get_printful_status_checklistprintful-shipping.php:92
authwp_ajax_get_printful_status_reportprintful-shipping.php:93
authwp_ajax_get_printful_carriersprintful-shipping.php:94
WordPress Hooks 29
actionadmin_menuincludes\class-printful-admin.php:24
actionadmin_enqueue_scriptsincludes\class-printful-admin.php:25
actionadmin_enqueue_scriptsincludes\class-printful-admin.php:26
actionwp_enqueue_scriptsincludes\class-printful-admin.php:27
actionadmin_bar_menuincludes\class-printful-admin.php:28
filterwoocommerce_add_cart_item_dataincludes\class-printful-customizer.php:19
filterwoocommerce_cart_item_thumbnailincludes\class-printful-customizer.php:20
actionwoocommerce_new_order_itemincludes\class-printful-customizer.php:22
filterwoocommerce_order_item_get_formatted_meta_dataincludes\class-printful-customizer.php:25
actionwp_enqueue_scriptsincludes\class-printful-customizer.php:29
filterwoocommerce_api_serve_requestincludes\class-printful-request-log.php:17
filterprintful_api_resultincludes\class-printful-request-log.php:18
filterwoocommerce_load_shipping_methodsincludes\class-printful-shipping.php:38
filterwoocommerce_shipping_methodsincludes\class-printful-shipping.php:41
filterwoocommerce_cart_shipping_packagesincludes\class-printful-shipping.php:43
filterwoocommerce_cart_no_shipping_available_htmlincludes\class-printful-shipping.php:325
filterwoocommerce_no_shipping_available_htmlincludes\class-printful-shipping.php:326
filterwoocommerce_product_tabsincludes\class-printful-size-chart-tab.php:20
actionadd_meta_boxesincludes\class-printful-size-chart-tab.php:21
actionsave_postincludes\class-printful-size-chart-tab.php:22
actionwp_enqueue_scriptsincludes\class-printful-size-guide.php:22
filterwoocommerce_matched_tax_ratesincludes\class-printful-taxes.php:23
actionwoocommerce_after_add_to_cart_buttonincludes\class-printful-template.php:22
actionwoocommerce_before_add_to_cart_buttonincludes\class-printful-template.php:24
actionwoocommerce_before_single_variationincludes\class-printful-template.php:26
actionbefore_woocommerce_initprintful-shipping.php:23
actionplugins_loadedprintful-shipping.php:39
actionplugins_loadedprintful-shipping.php:40
actionrest_api_initprintful-shipping.php:148
Maintenance & Trust

Printful Integration for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 14, 2026
PHP min version5.6
Downloads1.7M

Community Trust

Rating52/100
Number of ratings94
Active installs50K
Alternatives

Printful Integration for WooCommerce Alternatives

Gelato Integration for WooCommerce

Gelato Integration for WooCommerce

gelato-integration-for-woocommerce

A
92

Sell globally, print locally with 100+ production hubs in 32 countries

5K No CVEs
Yoycol Integration for WooCommerce

Yoycol Integration for WooCommerce

yoycol-print-on-demand

A
85

Grow your store with the top print-on-demand dropshipping plugin

400 No CVEs
Printdoors Integration for WooCommerce

Printdoors Integration for WooCommerce

printdoors-for-woocommerce

A
100

Grow your store with the top print-on-demand dropshipping plugin

80 No CVEs
Printy6 – Print on demand

Printy6 – Print on demand

printy6-print-on-demand

A
85

Design & sell print-on-demand products

30 No CVEs
WC Hide Shipping Methods

WC Hide Shipping Methods

wc-hide-shipping-methods

A
100

This plugin automatically hides all other shipping methods when "Free Shipping" is available, while allowing you to retain "Local Picku &hellip;

20K No CVEs
Developer Profile

Printful Integration for WooCommerce Developer Profile

printful

1 plugin · 50K total installs

87
trust score
Avg Security Score
98/100
Avg Patch Time
83 days
View full developer profile
Detection Fingerprints

How We Detect Printful Integration for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/printful-shipping-for-woocommerce/assets/css/global.css/wp-content/plugins/printful-shipping-for-woocommerce/assets/css/dashboard.css/wp-content/plugins/printful-shipping-for-woocommerce/assets/css/status.css/wp-content/plugins/printful-shipping-for-woocommerce/assets/css/support.css/wp-content/plugins/printful-shipping-for-woocommerce/assets/css/settings.css/wp-content/plugins/printful-shipping-for-woocommerce/assets/js/settings.js/wp-content/plugins/printful-shipping-for-woocommerce/assets/js/connect.js/wp-content/plugins/printful-shipping-for-woocommerce/assets/js/block-loader.js+1 more
Version Parameters
printful-shipping-for-woocommerce/assets/css/global.css?ver=printful-shipping-for-woocommerce/assets/css/dashboard.css?ver=printful-shipping-for-woocommerce/assets/css/status.css?ver=printful-shipping-for-woocommerce/assets/css/support.css?ver=printful-shipping-for-woocommerce/assets/css/settings.css?ver=printful-shipping-for-woocommerce/assets/js/settings.js?ver=printful-shipping-for-woocommerce/assets/js/connect.js?ver=printful-shipping-for-woocommerce/assets/js/block-loader.js?ver=printful-shipping-for-woocommerce/assets/js/intercom.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
printful-dashboard-wrap
Data Attributes
data-printful-connect-url
JS Globals
Printful
REST Endpoints
/wp-json/printful/v1/settings
FAQ

Frequently Asked Questions about Printful Integration for WooCommerce