Recurring Shipping Classes Security & Risk Analysis
wordpress.org/plugins/recurring-shipping-classesThis plugin works with WooCommerce. It allows you to change shipping classes dynamically.
Is Recurring Shipping Classes Safe to Use in 2026?
Generally Safe
Score 85/100Recurring Shipping Classes has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "recurring-shipping-classes" v1.0.0 plugin presents a generally positive security posture, adhering to several good practices such as the absence of dangerous functions, file operations, and external HTTP requests. All SQL queries are prepared statements, and there's no recorded vulnerability history, suggesting a history of secure development. However, there are notable areas of concern. The limited output escaping (only 33% properly escaped) is a significant weakness, potentially leading to Cross-Site Scripting (XSS) vulnerabilities if user-controlled data is output without proper sanitization. The lack of nonce checks and capability checks, while not directly leading to immediate exploitable vulnerabilities given the current attack surface, represent a missed opportunity to further harden the plugin against potential future attacks or changes to the attack surface. The presence of a cron event, although not explicitly analyzed for its security, is an entry point that could become a concern if not handled securely. In conclusion, while the plugin has a clean slate and good core practices, the insufficient output escaping is the primary immediate risk. Strengthening authentication and authorization mechanisms for existing and future entry points would further enhance its security.
Key Concerns
- Low percentage of properly escaped output
- Missing nonce checks
- Missing capability checks
Recurring Shipping Classes Security Vulnerabilities
Recurring Shipping Classes Release Timeline
Recurring Shipping Classes Code Analysis
Output Escaping
Recurring Shipping Classes Attack Surface
WordPress Hooks 8
Scheduled Events 1
Maintenance & Trust
Recurring Shipping Classes Maintenance & Trust
Maintenance Signals
Community Trust
Recurring Shipping Classes Alternatives
Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories
post-expirator
PublishPress Future can make scheduled changes to your content. You can unpublish posts, move posts to a new status, update the categories, and more.
elegro Crypto Payment
elegro-payment
Increase your customers base by accepting cryptocurrencies.
Search & Replace Everything – Quick and Easy Way to Find and Replace Text, Links
update-urls
Quick and Easy way to search all URLS, Content and replace them with new links and content in WordPress website.
Easy Username Updater
username-updater
A plugin to change registered username and display name.
Disable Updates – Updates Manager, Disable Automatic Updates, Disable All Updates
webcraftic-updates-manager
Disable updates and automatic updates for WordPress core, plugins, and themes, with the option to disable plugin or theme updates individually.
Recurring Shipping Classes Developer Profile
5 plugins · 7K total installs
How We Detect Recurring Shipping Classes
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/recurring-shipping-classes/admin/css/shipping-dates-admin.css/wp-content/plugins/recurring-shipping-classes/admin/js/shipping-dates-admin.jsrecurring-shipping-classes/admin/css/shipping-dates-admin.css?ver=recurring-shipping-classes/admin/js/shipping-dates-admin.js?ver=HTML / DOM Fingerprints
shipping_dates_datashipping_formshipping_groupremove-shipping-blockid="shipping_dates_data"id="shipping_form"class="datepicker_shipping_class"name="_select_shipping_class[]"name="_datepicker_shipping_class[]"