WP-Safety

Qiriman Security & Risk Analysis

wordpress.org/plugins/qiriman

Qiriman is a WooCommerce plugin that provide shipping method from various expedition in Indonesia.

10 active installs v1.0.4 PHP 7.1.0+ WP 4.9.0+ Updated Feb 12, 2019
delivery-costindonesiaongkirongkos-kirimwoocommerce
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Qiriman Safe to Use in 2026?

Generally Safe

Score 85/100

Qiriman has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago
Risk Assessment

The "qiriman" v1.0.4 plugin exhibits a significant security concern due to its unprotected AJAX handlers. While the plugin demonstrates good practices in terms of SQL query sanitization and output escaping, the presence of four AJAX entry points without any authentication or capability checks creates a substantial attack surface. This means any unauthenticated user could potentially interact with these handlers, leading to unintended consequences or exploitation. The absence of any recorded vulnerabilities in its history is a positive indicator, suggesting a history of secure development or at least a lack of publicly discovered flaws. However, this cannot compensate for the immediate and evident risk posed by the unprotected AJAX endpoints. The plugin's strengths lie in its internal code hygiene for SQL and output, but the external-facing unprotected AJAX handlers represent a critical weakness that needs immediate attention.

Key Concerns

  • Unprotected AJAX handlers
  • Large attack surface without auth
  • Missing nonce checks on AJAX
  • Missing capability checks on AJAX
Vulnerabilities
None known

Qiriman Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Qiriman Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
4
Bundled Libraries
0
Attack Surface
4 unprotected

Qiriman Attack Surface

Entry Points4
Unprotected4

AJAX Handlers 4

authwp_ajax_qiriman_get_subdistrictincludes\class-qiriman.php:251
noprivwp_ajax_qiriman_get_subdistrictincludes\class-qiriman.php:252
authwp_ajax_qiriman_check_activationincludes\class-qiriman.php:254
noprivwp_ajax_qiriman_check_activationincludes\class-qiriman.php:255
WordPress Hooks 13
actionplugins_loadedincludes\class-qiriman.php:144
actionadmin_enqueue_scriptsincludes\class-qiriman.php:158
actionadmin_enqueue_scriptsincludes\class-qiriman.php:159
actionwp_enqueue_scriptsincludes\class-qiriman.php:175
actionwp_enqueue_scriptsincludes\class-qiriman.php:176
filterwoocommerce_cart_needs_shipping_addressincludes\class-qiriman.php:182
filterwoocommerce_enable_order_notes_fieldincludes\class-qiriman.php:189
filterwoocommerce_checkout_fieldsincludes\class-qiriman.php:193
filterwoocommerce_billing_fieldsincludes\class-qiriman.php:194
filterwoocommerce_shipping_fieldsincludes\class-qiriman.php:195
actionwoocommerce_customer_save_addressincludes\class-qiriman.php:197
filterwoocommerce_shipping_methodsincludes\class-qiriman.php:248
actionwoocommerce_shipping_initincludes\class-qiriman.php:249
Maintenance & Trust

Qiriman Maintenance & Trust

Maintenance Signals

WordPress version tested5.0.25
Last updatedFeb 12, 2019
PHP min version7.1.0
Downloads3K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Qiriman Alternatives

Epeken All Kurir for Woocommerce

Epeken All Kurir for Woocommerce

epeken-all-kurir

C
55

Epeken All Kurir is a wordpress plugin for woocommerce to enable shipping method featuring many shipping companies for Indonesia e-commerce.

500 2 unpatched
Shipping Discount for WooCommerce: Easy Make a Coupon for Shipping

Shipping Discount for WooCommerce: Easy Make a Coupon for Shipping

shipping-discount

A
92

Want to make a strikeout price for shipping? It's easy to use the shipping discount plugin, all you have to do is set the shipping discount you w …

300 No CVEs
WooWIB – Payment Gateways Bank Indonesia

WooWIB – Payment Gateways Bank Indonesia

woo-payment-gateways-bank-indo-kode-payment

A
100

WooWIB - Payment Gateways Bank Indonesia plugin with 3 digits code payment

50 No CVEs
JNE Shipping – Plugin Ongkos Kirim Resmi Untuk WooCommerce

JNE Shipping – Plugin Ongkos Kirim Resmi Untuk WooCommerce

jne-shipping-official

A
100

Plugin pengiriman JNE resmi untuk WooCommerce di Indonesia. Menyediakan tarif real-time, pembuatan AWB, dan pelacakan pengiriman.

10 No CVEs
Brankas Payment for WooCommerce

Brankas Payment for WooCommerce

brankas-payment-for-woocommerce

A
100

Brankas Direct plugin enables instant Account-to-Account fund transfers as a payment

0 No CVEs
Developer Profile

Qiriman Developer Profile

idwebmobile

1 plugin · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Qiriman

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/qiriman/admin/css/qiriman-admin.css/wp-content/plugins/qiriman/admin/js/qiriman-admin.js
Script Paths
/wp-content/plugins/qiriman/admin/js/qiriman-admin.js
Version Parameters
qiriman-admin?ver=qiriman_admin?ver=

HTML / DOM Fingerprints

Data Attributes
data-qiriman-nonce
JS Globals
qiriman_ajax
FAQ

Frequently Asked Questions about Qiriman