Does ShipDepot for WooCommerce have any unpatched vulnerabilities?

Yes — ShipDepot for WooCommerce currently has 1 published unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is ShipDepot for WooCommerce compatible with WordPress 6.7.5?

According to WordPress.org data, ShipDepot for WooCommerce 1.2.19 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is ShipDepot for WooCommerce compatible with PHP 7.4.3+?

ShipDepot for WooCommerce requires PHP 7.4.3 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is ShipDepot for WooCommerce updated?

ShipDepot for WooCommerce was last updated on Dec 17, 2024. Frequent updates are generally a positive security signal.

What is ShipDepot for WooCommerce's security score?

ShipDepot for WooCommerce has a WP-Safety security score of 71/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

ShipDepot for WooCommerce Security & Risk Analysis

wordpress.org/plugins/ship-depot

Giải pháp tích hợp giao hàng toàn diện với hàng loạt tiện ích: - Tích hợp các nhà vận chuyển hàng đầu tại Việt Nam (GHN, GHTK, Ahamove và nhiều khác) …

10 active installs v1.2.19 PHP 7.4.3+ WP 6.1.1+ Updated Dec 17, 2024

ahacouriersghnghtkshipping

B · Generally Safe

CVEs total1

Unpatched1

Last CVEApr 1, 2025

Plugin page Download

Safety Verdict

Is ShipDepot for WooCommerce Safe to Use in 2026?

Mostly Safe

Score 71/100

ShipDepot for WooCommerce is generally safe to use though it hasn't been updated recently. 1 past CVE were resolved.

1 known CVE 1 unpatched Last CVE: Apr 1, 2025Updated 1yr ago

Risk Assessment

The "ship-depot" plugin version 1.2.19 presents a significant security risk due to a large number of unprotected entry points. All 12 AJAX handlers and 10 REST API routes lack authorization checks, creating a broad attack surface where any unauthenticated user could potentially interact with sensitive plugin functionalities. While the plugin demonstrates good practices in other areas, such as using prepared statements for SQL queries and a high percentage of properly escaped output, the absence of authorization on its primary interaction points is a critical flaw. The vulnerability history, including a known medium-severity CVE related to missing authorization, reinforces this concern and suggests a recurring pattern of insecure access control implementation within the plugin.

The taint analysis shows a limited number of flows and none with critical or high severity, which is a positive indicator. However, the presence of 2 flows with unsanitized paths, even if not flagged as critical in the current analysis, warrants careful investigation as they could lead to unexpected behavior or vulnerabilities if exploited in conjunction with other weaknesses. The plugin's reliance on explicit capability checks for only 2 instances further highlights the overall deficiency in robust access control mechanisms. In conclusion, while the plugin has some strengths in data handling, the pervasive lack of authentication and authorization on its entry points makes it highly vulnerable to exploitation, necessitating immediate attention to secure these areas.

Key Concerns

Unprotected AJAX handlers
Unprotected REST API routes
Unpatched CVE (medium severity)
Flows with unsanitized paths
Limited capability checks

Vulnerabilities

1 published

ShipDepot for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-31866medium · 5.3Missing Authorization

ShipDepot for WooCommerce <= 1.2.19 - Missing Authorization

Apr 1, 2025Unpatched

Version History

ShipDepot for WooCommerce Release Timeline

No version history available.

Code Analysis

Analyzed Mar 16, 2026

ShipDepot for WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

890 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

94% escaped951 total outputs

Data Flows · Security

2 unsanitized

Data Flow Analysis

5 flows2 with unsanitized paths

save_custom_css (includes\Settings\class-ship-depot-settings-backend.php:564)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

22 unprotected

ShipDepot for WooCommerce Attack Surface

Entry Points22

Unprotected22

AJAX Handlers 12

authwp_ajax_load_customer_addressincludes\Address\address-ajax.php:26

noprivwp_ajax_load_customer_addressincludes\Address\address-ajax.php:27

authwp_ajax_sync_settingincludes\Settings\class-ship-depot-data.php:135

noprivwp_ajax_sync_settingincludes\Settings\class-ship-depot-data.php:136

authwp_ajax_calculateTotalpage\admin\orders\sd-order-detail.php:646

noprivwp_ajax_calculateTotalpage\admin\orders\sd-order-detail.php:647

authwp_ajax_calculate_shippingpage\admin\orders\sd-order-detail.php:702

noprivwp_ajax_calculate_shippingpage\admin\orders\sd-order-detail.php:703

authwp_ajax_cancel_shippingpage\admin\orders\sd-order-detail.php:792

noprivwp_ajax_cancel_shippingpage\admin\orders\sd-order-detail.php:793

authwp_ajax_save_notes_sessionpage\frontend\sd-checkout-page.php:24

noprivwp_ajax_save_notes_sessionpage\frontend\sd-checkout-page.php:25

REST API Routes 10

POST/wp-json/shipdepot/webhook/v1/UpdateStoragesrest-api\class-shipdepot-webhook.php:14

POST/wp-json/shipdepot/webhook/v1/UpdateShopInforest-api\class-shipdepot-webhook.php:20

POST/wp-json/shipdepot/webhook/v1/UpdateCourierSettingsrest-api\class-shipdepot-webhook.php:26

POST/wp-json/shipdepot/webhook/v1/UpdateCouriersrest-api\class-shipdepot-webhook.php:32

POST/wp-json/shipdepot/webhook/v1/UpdateProvincesrest-api\class-shipdepot-webhook.php:38

POST/wp-json/shipdepot/webhook/v1/SyncDataFromAdminrest-api\class-shipdepot-webhook.php:44

POST/wp-json/shipdepot/webhook/v1/UpdateShippingStatusrest-api\class-shipdepot-webhook.php:50

POST/wp-json/shipdepot/webhook/v1/UpdateCancelShippingrest-api\class-shipdepot-webhook.php:56

POST/wp-json/shipdepot/webhook/v1/PostHellorest-api\class-shipdepot-webhook.php:62

GET/wp-json/shipdepot/webhook/v1/GetHellorest-api\class-shipdepot-webhook.php:68

WordPress Hooks 69

actionsave_posthelper\class-function-helper.php:475

actioninitincludes\Address\address-ajax.php:2

actioninitincludes\Address\address-ajax.php:11

filterwoocommerce_admin_billing_fieldsincludes\Address\admin\class-custom-admin-order-fields.php:11

filterwoocommerce_admin_shipping_fieldsincludes\Address\admin\class-custom-admin-order-fields.php:12

filterwoocommerce_customer_meta_fieldsincludes\Address\admin\class-custom-profile-fields.php:9

filterwoocommerce_order_formatted_billing_addressincludes\Address\class-custom-order-fields.php:10

filterwoocommerce_order_formatted_shipping_addressincludes\Address\class-custom-order-fields.php:11

filterwoocommerce_formatted_address_replacementsincludes\Address\class-custom-order-fields.php:13

filterwoocommerce_localisation_address_formatsincludes\Address\class-custom-order-fields.php:15

filterwoocommerce_default_address_fieldsincludes\Address\frontend\class-custom-checkout-fields.php:10

filterwoocommerce_checkout_fieldsincludes\Address\frontend\class-custom-checkout-fields.php:11

actionadmin_initincludes\class-admin-notices.php:21

actionadmin_noticesincludes\class-admin-notices.php:22

actionadmin_enqueue_scriptsincludes\class-admin-notices.php:23

actionadmin_noticesincludes\class-ship-depot-general.php:127

actionadmin_noticesincludes\class-ship-depot-general.php:128

actionadmin_noticesincludes\class-ship-depot-general.php:130

actionadmin_initincludes\class-ship-depot-general.php:131

actionwp_enqueue_scriptsincludes\class-ship-depot-general.php:135

actionadmin_enqueue_scriptsincludes\class-ship-depot-general.php:136

filterhttp_request_timeoutincludes\class-ship-depot-general.php:147

actionwoocommerce_order_status_changedincludes\Order\class-order-shipping.php:438

actionsave_postincludes\Order\class-order-shipping.php:631

actionsd_about_sectionincludes\Settings\class-ship-depot-about.php:17

actionsd_classic_checkout_direction_sectionincludes\Settings\class-ship-depot-classic-checkout-direction.php:19

actionsd_couriers_sectionincludes\Settings\class-ship-depot-couriers.php:17

actionsd_custom_css_sectionincludes\Settings\class-ship-depot-custom-css.php:19

actionadmin_enqueue_scriptsincludes\Settings\class-ship-depot-custom-css.php:20

actionsd_fee_modify_sectionincludes\Settings\class-ship-depot-fee-modify.php:17

actionsd_general_settings_sectionincludes\Settings\class-ship-depot-general-settings.php:18

filterwoocommerce_settings_tabs_arrayincludes\Settings\class-ship-depot-settings-backend.php:33

filterwoocommerce_save_settings_sd_settings_fee_modifyincludes\Settings\class-ship-depot-settings-backend.php:45

filterwoocommerce_save_settings_sd_settings_couriersincludes\Settings\class-ship-depot-settings-backend.php:46

filterwoocommerce_get_settings_pagesincludes\Settings\class-ship-depot-settings-init.php:18

actionwoocommerce_shipping_initincludes\ShippingMethod\class-SHIPDEPOT-shipping-method.php:108

filterwoocommerce_shipping_methodsincludes\ShippingMethod\class-SHIPDEPOT-shipping-method.php:116

actioninitincludes\ShippingStatus\class-extra-shipping-status.php:11

filterwc_order_statusesincludes\ShippingStatus\class-extra-shipping-status.php:12

actionwoocommerce_new_orderpage\admin\orders\sd-order-detail.php:3

actionwoocommerce_update_orderpage\admin\orders\sd-order-detail.php:13

actionwoocommerce_update_orderpage\admin\orders\sd-order-detail.php:176

actionwoocommerce_update_orderpage\admin\orders\sd-order-detail.php:322

actionwoocommerce_update_orderpage\admin\orders\sd-order-detail.php:419

filterget_user_option_meta-box-order_woocommerce_page_wc-orderspage\admin\orders\sd-order-detail.php:433

filterget_user_option_meta-box-order_shop_orderpage\admin\orders\sd-order-detail.php:435

actionwoocommerce_admin_order_totals_after_discountpage\admin\orders\sd-order-detail.php:480

actionwoocommerce_admin_order_totals_after_totalpage\admin\orders\sd-order-detail.php:635

filteris_protected_metapage\admin\orders\sd-order-detail.php:817

actionadd_meta_boxespage\admin\orders\sd-order-detail.php:853

filtermanage_woocommerce_page_wc-orders_columnspage\admin\orders\sd-order-list.php:4

filtermanage_edit-shop_order_columnspage\admin\orders\sd-order-list.php:6

actionmanage_woocommerce_page_wc-orders_custom_columnpage\admin\orders\sd-order-list.php:28

actionmanage_shop_order_posts_custom_columnpage\admin\orders\sd-order-list.php:30

actionadmin_enqueue_scriptspage\admin\orders\sd-order-list.php:93

filterwoocommerce_cart_needs_shippingpage\frontend\sd-cart-page.php:3

filtercfw_show_shipping_tabpage\frontend\sd-checkout-page.php:4

filterwoocommerce_shipping_packagespage\frontend\sd-checkout-page.php:11

filterwoocommerce_cart_needs_shipping_addresspage\frontend\sd-checkout-page.php:17

filterwoocommerce_cart_ready_to_calc_shippingpage\frontend\sd-checkout-page.php:34

actionwoocommerce_checkout_before_terms_and_conditionspage\frontend\sd-checkout-page.php:47

actionwoocommerce_checkout_update_order_reviewpage\frontend\sd-checkout-page.php:381

filterwoocommerce_calculated_totalpage\frontend\sd-checkout-page.php:403

actionwoocommerce_checkout_order_processedpage\frontend\sd-checkout-page.php:452

actionsave_postpage\frontend\sd-checkout-page.php:655

actionwoocommerce_after_checkout_validationpage\frontend\sd-checkout-page.php:662

actionwoocommerce_thankyoupage\frontend\sd-checkout-page.php:691

actionrest_api_initrest-api\class-shipdepot-webhook.php:9

actionplugins_loadedShip_Depot_init.php:136

Maintenance & Trust

ShipDepot for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedDec 17, 2024

PHP min version7.4.3

Downloads6K

Community Trust

Rating100/100

Number of ratings2

Active installs10

Alternatives

ShipDepot for WooCommerce Alternatives

VNShipping for WooCommerce

vnshipping-for-woocommerce

Tích hợp các nhà vận chuyển tại Việt Nam cho WooCommerce.

20 No CVEs

Plugin Ongkos Kirim JNE Tiki Sicepat Wahana J&T POS for Woocommerce

ongkoskirim-id

OngkosKirim.id merupakan plugin ongkos kirim woocommerce dengan fitur terkomplit dan ekspedisi terlengkap, meliputi JNE, TIKI, POS, J&T, Sicepat, …

2K 1 unpatched

Shippit for WooCommerce

shippit-simplified-australia-shipping

100

Multi-carrier shipping technology.

1K No CVEs

Shipit

shipit

100

Shipit Calculator Mensajeros de envío

400 No CVEs

Woot

woot-ro

100

Unified shipping solution for WooCommerce. Integrates all popular couriers in Romania with real-time pricing and pickup point selection.

100 No CVEs

Developer Profile

ShipDepot for WooCommerce Developer Profile

Ship Depot

1 plugin · 10 total installs

trust score

Avg Security Score

71/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect ShipDepot for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/ship-depot/assets/js/admin-notices.js

Script Paths