Does Sherpa Delivery for WooCommerce have any unpatched vulnerabilities?

No. All known vulnerabilities in Sherpa Delivery for WooCommerce have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Sherpa Delivery for WooCommerce compatible with WordPress 6.4.8?

According to WordPress.org data, Sherpa Delivery for WooCommerce 3.1 has been tested up to WordPress 6.4.8. Check the plugin's changelog for the latest compatibility information.

How often is Sherpa Delivery for WooCommerce updated?

Sherpa Delivery for WooCommerce was last updated on Jan 15, 2024. Frequent updates are generally a positive security signal.

What is Sherpa Delivery for WooCommerce's security score?

Sherpa Delivery for WooCommerce has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Sherpa Delivery for WooCommerce Security & Risk Analysis

wordpress.org/plugins/sherpa-on-demand

Connects your WooCommerce store to your Sherpa Delivery account. Automated same day (and future day) local delivery for Australian businesses.

10 active installs v3.1 PHP + WP 6.3.1+ Updated Jan 15, 2024

australian-woocommerce-shippingsherpa-deliverysherpa-wordpresswoocommerce-deliverywoocommerce-shipping-plugin

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Sherpa Delivery for WooCommerce Safe to Use in 2026?

Generally Safe

Score 85/100

Sherpa Delivery for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago

Risk Assessment

The "sherpa-on-demand" v3.1 plugin presents a mixed security posture. The absence of any recorded historical vulnerabilities (CVEs) is a strong positive indicator of responsible development and maintenance. Furthermore, the plugin does not bundle any external libraries, which can often introduce security risks if not kept up-to-date.

However, the static analysis reveals notable concerns. A significant portion of the plugin's attack surface, specifically 4 out of 17 AJAX handlers, lack authentication checks. This is a critical oversight, as it could allow unauthenticated users to trigger sensitive actions or expose information. While there are no critical or high severity taint flows, the presence of one flow with unsanitized paths warrants attention, as it could potentially lead to vulnerabilities if combined with other exploitable conditions. The low rate of output escaping (33%) is also a concern, increasing the risk of cross-site scripting (XSS) vulnerabilities.

In conclusion, while the plugin benefits from a clean vulnerability history, the identified weaknesses in authentication for AJAX handlers and output escaping are significant and require immediate attention. The taint analysis suggests a lower immediate risk of critical vulnerabilities but highlights the need for careful code review in those identified flows.

Key Concerns

Unprotected AJAX handlers
Low output escaping rate
Flow with unsanitized paths

Vulnerabilities

None known

Sherpa Delivery for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Sherpa Delivery for WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

237

119 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

29% prepared7 total queries

Output Escaping

33% escaped356 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

3 flows1 with unsanitized paths

my_ajax_set_sherpa_post_action_callback (sherpa.php:2896)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

4 unprotected

Sherpa Delivery for WooCommerce Attack Surface

Entry Points17

Unprotected4

AJAX Handlers 17

authwp_ajax_sherpa_credentials_actionsherpa.php:65

authwp_ajax_sherpa_settings_actionsherpa.php:70

authwp_ajax_delivery_options_action_latersherpa.php:75

authwp_ajax_delivery_options_actionsherpa.php:80

authwp_ajax_my_ajax_sherpa_post_actionsherpa.php:244

authwp_ajax_my_ajax_set_sherpa_post_actionsherpa.php:245

authwp_ajax_my_ajax_send_sherpa_actionsherpa.php:246

authwp_ajax_my_ajax_view_pop_up_shepa_actionsherpa.php:247

authwp_ajax_my_ajax_view_update_sherpa_actionsherpa.php:249

authwp_ajax_my_ajax_select_shepa_update_actionsherpa.php:250

authwp_ajax_my_ajax_edit_sherpa_postsherpa.php:251

authwp_ajax_my_ajax_select_shepa_date_actionsherpa.php:252

authwp_ajax_my_ajax_time_sherpa_postsherpa.php:253

authwp_ajax_my_ajax_edit_sherpa_packagessherpa.php:254

authwp_ajax_my_ajax_edit_sherpa_optionssherpa.php:255

authwp_ajax_my_ajax_edit_sherpa_date_timesherpa.php:256

authwp_ajax_my_ajax_send_to_sherpa_delete_actionsherpa.php:257

WordPress Hooks 42

actionadmin_noticessherpa.php:38

filterwoocommerce_shipping_chosen_methodsherpa.php:58

actionwoocommerce_email_after_order_tablesherpa.php:60

actionadmin_menusherpa.php:85

actionwoocommerce_shipping_initsherpa.php:90

filterwoocommerce_shipping_methodssherpa.php:95

actioninitsherpa.php:101

actionadmin_enqueue_scriptssherpa.php:107

actionwp_enqueue_scriptssherpa.php:113

filterwoocommerce_locate_templatesherpa.php:118

actionwc_ajax_update_shipping_methodsherpa.php:124

filterwoocommerce_cart_shipping_packagessherpa.php:129

actionwoocommerce_checkout_update_order_reviewsherpa.php:139

actionwoocommerce_pre_payment_completesherpa.php:147

actionwoocommerce_product_options_general_product_datasherpa.php:153

actionwoocommerce_process_product_metasherpa.php:156

filterwoocommerce_order_get_itemssherpa.php:159

filterwoocommerce_shipping_method_add_ratesherpa.php:169

actionadmin_initsherpa.php:174

actionwoocommerce_checkout_processsherpa.php:179

filterwoocommerce_cart_shipping_method_full_labelsherpa.php:184

actionwoocommerce_checkout_update_order_metasherpa.php:190

filterwoocommerce_package_ratessherpa.php:196

actionwoocommerce_before_order_itemmetasherpa.php:202

actionwoocommerce_order_status_completedsherpa.php:224

actionwoocommerce_order_action_sherpa_actionsherpa.php:228

actionwoocommerce_order_actionssherpa.php:229

actioninitsherpa.php:230

filtermanage_send_to_sherpa_posts_columnssherpa.php:231

actionmanage_send_to_sherpa_posts_custom_columnsherpa.php:232

filterbulk_actions-edit-send_to_sherpasherpa.php:233

filterbulk_actions-edit-shop_ordersherpa.php:234

filterhandle_bulk_actions-edit-shop_ordersherpa.php:235

actionwoocommerce_before_checkout_processsherpa.php:236

actionadmin_footersherpa.php:237

actionadmin_footersherpa.php:238

actionadmin_noticessherpa.php:239

actionadmin_noticessherpa.php:240

actionadmin_noticessherpa.php:241

actionadmin_noticessherpa.php:243

actionadmin_noticessherpa.php:1263

actionplugins_loadedsherpa.php:3857

Maintenance & Trust

Sherpa Delivery for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.4.8

Last updatedJan 15, 2024

PHP min version

Downloads3K

Community Trust

Rating90/100

Number of ratings2

Active installs10

Alternatives

Sherpa Delivery for WooCommerce Alternatives

Delivery & Pickup Date Time for WooCommerce

woo-delivery

100

Gives the facility of selecting delivery/pickup/both date/time/both at order checkout page.

5K No CVEs

PiWeb Flat rate / Conditional shipping for WooCommerce

advanced-free-flat-shipping-woocommerce

100

WooCommerce conditional shipping & WooCommerce Advanced Flat rate shipping rates plugin to Create Advanced Flat rate shipping or Free shipping met …

2K 1 CVE

Order Delivery Date And Time

order-delivery-date-and-time

100

Order Delivery Date And Time plugin lets customers select delivery/pickup dates and times at checkout page.

1K No CVEs

Chwazi – Delivery & Pickup Scheduling for WooCommerce

delivery-and-pickup-scheduling-for-woocommerce

100

Empower customers to select their preferred delivery or pickup time using a convenient datetime picker integrated into the WooCommerce checkout page.

600 No CVEs

WooODT Lite – Delivery & pickup date time location for WooCommerce

byconsole-woo-order-delivery-time

WooODT Lite is a WooCommerce Delivery & Pickup Date Time extension that gives the facility of selecting delivery/pickup date and time/time slot o …

500 1 unpatched

Developer Profile

Sherpa Delivery for WooCommerce Developer Profile

Sherpa Delivery

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Sherpa Delivery for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/sherpa-on-demand/css/sherpa_checkout.css/wp-content/plugins/sherpa-on-demand/css/sherpa_frontend.css/wp-content/plugins/sherpa-on-demand/js/sherpa_frontend.js/wp-content/plugins/sherpa-on-demand/js/sherpa_admin.js

Script Paths

/wp-content/plugins/sherpa-on-demand/js/sherpa_frontend.js/wp-content/plugins/sherpa-on-demand/js/sherpa_admin.js

Version Parameters

sherpa-on-demand/css/sherpa_checkout.css?ver=sherpa-on-demand/css/sherpa_frontend.css?ver=sherpa-on-demand/js/sherpa_frontend.js?ver=sherpa-on-demand/js/sherpa_admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

sherpa_delivery_optionssherpa-delivery-options-select

Data Attributes

data-sherpa-settingdata-sherpa-delivery-options-url

JS Globals

sherpa_paramssherpa_frontend_params

FAQ