WP-Safety

Route ‑ Shipping Protection Security & Risk Analysis

wordpress.org/plugins/routeapp

One-Click Shipping Protection

600 active installs v2.3.0 PHP 5.6+ WP 4.0+ Updated Mar 2, 2026
protectionrouterouteapptracking
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Route ‑ Shipping Protection Safe to Use in 2026?

Generally Safe

Score 100/100

Route ‑ Shipping Protection has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The 'routeapp' plugin v2.3.0 exhibits a concerning security posture primarily due to a significant number of unprotected entry points. Out of 17 identified entry points, 16 lack proper authentication or capability checks. This includes all 12 AJAX handlers and all 4 REST API routes. While the code analysis shows no dangerous functions, no raw SQL queries, and a low number of external HTTP requests, the sheer volume of unprotected endpoints presents a substantial attack surface. Taint analysis revealed no critical or high-severity vulnerabilities, and the plugin has no known CVEs, which are positive indicators. However, the lack of output escaping on a majority of outputs (76%) combined with the unprotected entry points creates a significant risk of cross-site scripting (XSS) or other injection attacks if user-supplied data is processed without proper sanitization and output encoding.

The plugin's vulnerability history is clean, which is commendable. This could indicate good development practices regarding security or simply a lack of prior discovery. However, the static analysis results strongly suggest that good practices are not being consistently applied, particularly concerning input validation and access control. The strengths lie in the absence of dangerous functions, prepared SQL statements, and known vulnerabilities. The major weakness is the extensive unprotected attack surface and insufficient output escaping, which are critical security oversights.

Key Concerns

  • 12 AJAX handlers without auth checks
  • 4 REST API routes without permission callbacks
  • 17 total outputs, 24% properly escaped
  • 2 Nonce checks, 16 unprotected entry points
Vulnerabilities
None known

Route ‑ Shipping Protection Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Route ‑ Shipping Protection Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
4 prepared
Unescaped Output
13
4 escaped
Nonce Checks
2
Capability Checks
0
File Operations
0
External Requests
2
Bundled Libraries
0

SQL Query Safety

100% prepared4 total queries

Output Escaping

24% escaped17 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
save (admin\class-routeapp-order-recover.php:23)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
16 unprotected

Route ‑ Shipping Protection Attack Surface

Entry Points17
Unprotected16

AJAX Handlers 12

authwp_ajax_routeapp_save_ordersadmin\class-routeapp-order-recover.php:12
authwp_ajax_routeapp_process_orders_batchadmin\class-routeapp-order-recover.php:13
authwp_ajax_woo_get_ajax_datapublic\class-routeapp-public.php:132
noprivwp_ajax_woo_get_ajax_datapublic\class-routeapp-public.php:133
authwp_ajax_woo_check_widgetpublic\class-routeapp-public.php:135
noprivwp_ajax_woo_check_widgetpublic\class-routeapp-public.php:136
authwp_ajax_get_route_checkoutpublic\class-routeapp-public.php:154
noprivwp_ajax_get_route_checkoutpublic\class-routeapp-public.php:155
authwp_ajax_routeapp_add_admin_feepublic\class-routeapp-public.php:161
noprivwp_ajax_routeapp_add_admin_feepublic\class-routeapp-public.php:162
authwp_ajax_routeapp_remove_admin_feepublic\class-routeapp-public.php:163
noprivwp_ajax_routeapp_remove_admin_feepublic\class-routeapp-public.php:164

REST API Routes 4

GET/wp-json/routestatuspublic\class-routeapp-public.php:1364
GET/wp-json/routerecreate_userpublic\class-routeapp-public.php:1437
GET/wp-json/routerecreate_merchantpublic\class-routeapp-public.php:1442
POST/wp-json/routeuser_loginpublic\class-routeapp-public.php:1447

Shortcodes 1

[route] public\class-routeapp-public.php:356
WordPress Hooks 64
filterwoocommerce_get_settings_pagesadmin\class-routeapp-admin.php:55
filterwoocommerce_get_settings_pagesadmin\class-routeapp-admin.php:56
filterplugin_action_linksadmin\class-routeapp-admin.php:57
filteradmin_enqueue_scriptsadmin\class-routeapp-admin.php:58
actionadmin_initadmin\class-routeapp-admin.php:61
actionadmin_noticesadmin\class-routeapp-notice.php:19
actionnetwork_admin_noticesadmin\class-routeapp-notice.php:20
filterwoocommerce_settings_tabs_arrayadmin\class-wc-settings-routeapp-order-recover.php:19
filterwoocommerce_settings_tabs_arrayadmin\class-wc-settings-routeapp.php:33
actionwoocommerce_order_item_add_action_buttonsincludes\class-routeapp-admin-route-fee.php:20
actionwoocommerce_new_order_itemincludes\class-routeapp-admin-route-fee.php:21
actionwoocommerce_add_order_taxincludes\class-routeapp-admin-route-fee.php:22
actionwoocommerce_saved_order_itemsincludes\class-routeapp-admin-route-fee.php:23
actionwoocommerce_delete_order_itemincludes\class-routeapp-admin-route-fee.php:24
filtercron_schedulesincludes\class-routeapp-cron-schedules.php:27
actionrouteapp_check_for_missing_ordersincludes\class-routeapp-cron-schedules.php:28
actionrouteapp_check_for_missing_shipmentsincludes\class-routeapp-cron-schedules.php:29
actionrouteapp_check_for_invalid_webhooksincludes\class-routeapp-cron-schedules.php:30
filtermanage_edit-shop_order_columnsincludes\class-routeapp-woocommerce.php:25
actionmanage_shop_order_posts_custom_columnincludes\class-routeapp-woocommerce.php:26
actionrestrict_manage_postsincludes\class-routeapp-woocommerce.php:27
actionpre_get_postsincludes\class-routeapp-woocommerce.php:28
actionmanage_woocommerce_page_wc-orders_custom_columnincludes\class-routeapp-woocommerce.php:30
actionmanage_shop_order_custom_columnincludes\class-routeapp-woocommerce.php:31
filtermanage_woocommerce_page_wc-orders_columnsincludes\class-routeapp-woocommerce.php:33
actionadmin_noticesincludes\class-routeapp.php:98
actionplugins_loadedincludes\class-routeapp.php:331
actionadmin_enqueue_scriptsincludes\class-routeapp.php:346
actionadmin_enqueue_scriptsincludes\class-routeapp.php:347
actionadmin_noticesincludes\class-routeapp.php:348
actionwoocommerce_initintegrations\checkout\class-checkout-for-woocommerce.php:9
filterwfacp_advanced_fieldsintegrations\checkout\class-checkout-for-woocommerce.php:14
filterwoocommerce_form_field_argsintegrations\checkout\class-checkout-for-woocommerce.php:28
actionwoocommerce_initintegrations\checkout\class-woofunnels-aero-checkout.php:9
filterwfacp_advanced_fieldsintegrations\checkout\class-woofunnels-aero-checkout.php:14
filterwoocommerce_form_field_argsintegrations\checkout\class-woofunnels-aero-checkout.php:28
actionwoocommerce_checkout_before_order_reviewpublic\class-routeapp-public.php:129
actionwoocommerce_cart_calculate_feespublic\class-routeapp-public.php:131
actionwoocommerce_checkout_create_order_line_itempublic\class-routeapp-public.php:138
actionwoocommerce_ajax_add_order_item_metapublic\class-routeapp-public.php:139
filterwoocommerce_hidden_order_itemmetapublic\class-routeapp-public.php:140
actionadded_post_metapublic\class-routeapp-public.php:142
actionupdated_post_metapublic\class-routeapp-public.php:143
actionwoocommerce_after_order_object_savepublic\class-routeapp-public.php:145
actionadded_order_item_metapublic\class-routeapp-public.php:147
actionupdated_order_item_metapublic\class-routeapp-public.php:148
actionwoocommerce_order_status_processingpublic\class-routeapp-public.php:149
actionwoocommerce_order_status_completedpublic\class-routeapp-public.php:150
actionwoocommerce_new_orderpublic\class-routeapp-public.php:151
actionrest_api_initpublic\class-routeapp-public.php:152
actionrest_api_initpublic\class-routeapp-public.php:153
actionwp_headpublic\class-routeapp-public.php:156
actionwoocommerce_initpublic\class-routeapp-public.php:157
actionwoocommerce_rest_prepare_order_notepublic\class-routeapp-public.php:158
actionwp_insert_commentpublic\class-routeapp-public.php:159
actionwc_avatax_api_fee_line_datapublic\class-routeapp-public.php:165
actionwoocommerce_shipstation_export_order_xmlpublic\class-routeapp-public.php:166
actionwoocommerce_order_details_after_order_tablepublic\class-routeapp-public.php:168
actionwoocommerce_blocks_checkout_update_order_metapublic\class-routeapp-public.php:170
actionwoocommerce_store_api_checkout_update_order_metapublic\class-routeapp-public.php:171
actionwoocommerce_blocks_loadedpublic\class-routeapp-public.php:174
filterrender_block_woocommerce/checkout-order-summary-blockpublic\class-routeapp-public.php:177
actioninitpublic\class-routeapp-public.php:180
actionwoocommerce_blocks_checkout_block_registrationpublic\class-routeapp-public.php:183
Maintenance & Trust

Route ‑ Shipping Protection Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedMar 2, 2026
PHP min version5.6
Downloads51K

Community Trust

Rating84/100
Number of ratings25
Active installs600
Alternatives

Route ‑ Shipping Protection Alternatives

Seel Worry-Free Purchase

Seel Worry-Free Purchase

seel-worry-free-purchase

A
100

Automate returns/exchanges and protect orders with real-time tracking and comprehensive coverage.

10 No CVEs
Extend Protection For WooCommerce

Extend Protection For WooCommerce

helloextend-protection

A
100

Extend helps merchants generate revenue and protect customers from damage and loss through modern product and shipping protection solutions.

0 No CVEs
WPSQR Media Protector – Prevent Used Image Deletion

WPSQR Media Protector – Prevent Used Image Deletion

wpsqr-media-protector

A
100

Protect your WordPress media library by preventing the deletion of images that are actively used across your website.

0 No CVEs
Disable Comments – Remove Comments & Stop Spam [Multi-Site Support]

Disable Comments – Remove Comments & Stop Spam [Multi-Site Support]

disable-comments

A
99

Allows administrators to globally disable comments on their site. Comments can be disabled according to post type. Multisite friendly.

1.0M 1 CVE
Antispam Bee

Antispam Bee

antispam-bee

A
100

Sophisticated antispam plugin for effective daily comment and trackback spam-fighting. Built with data protection and privacy in mind.

700K 1 CVE
Developer Profile

Route ‑ Shipping Protection Developer Profile

Route

1 plugin · 600 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Route ‑ Shipping Protection

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/routeapp/admin/css/routeapp-admin.css/wp-content/plugins/routeapp/admin/js/routeapp-admin.js/wp-content/plugins/routeapp/includes/js/routeapp-public.js
Script Paths
/wp-content/plugins/routeapp/admin/js/routeapp-admin.js/wp-content/plugins/routeapp/includes/js/routeapp-public.js
Version Parameters
routeapp-admin.css?ver=routeapp-admin.js?ver=routeapp-public.js?ver=

HTML / DOM Fingerprints

CSS Classes
routeapp-protected-banner
Data Attributes
data-route-widget-container
JS Globals
routeapp_public_paramsRouteApp
Shortcode Output
[routeapp_protected_banner]
FAQ

Frequently Asked Questions about Route ‑ Shipping Protection