Does ShipEngine Shipping Quotes have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is ShipEngine Shipping Quotes compatible with WordPress 6.9.4?

According to WordPress.org data, ShipEngine Shipping Quotes 1.1.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is ShipEngine Shipping Quotes updated?

ShipEngine Shipping Quotes was last updated on Feb 12, 2026. Frequent updates are generally a positive security signal.

What is ShipEngine Shipping Quotes's security score?

ShipEngine Shipping Quotes has a WP-Safety security score of 98/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

ShipEngine Shipping Quotes Security & Risk Analysis

wordpress.org/plugins/shipengine-shipping-quotes

Real-time small package (parcel) shipping rates from ShipEngine. Fifteen day free trial.

0 active installs v1.1.1 PHP + WP 6.4+ Updated Feb 12, 2026

eniture-shipengineparcel-quotesparcel-ratesshipping-estimates

A · Safe

CVEs total1

Unpatched0

Last CVEFeb 11, 2025

Plugin page Download

Safety Verdict

Is ShipEngine Shipping Quotes Safe to Use in 2026?

Generally Safe

Score 98/100

ShipEngine Shipping Quotes has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Feb 11, 2025Updated 3mo ago

Risk Assessment

The shipengine-shipping-quotes plugin v1.1.1 exhibits a mixed security posture. While it demonstrates good practices in its use of prepared statements for SQL queries (84%) and output escaping (81%), and includes a significant number of nonce and capability checks (10 and 22 respectively), there are notable areas of concern stemming from its attack surface. Specifically, the plugin exposes 3 unprotected entry points across its AJAX handlers and REST API routes. This lack of authentication on critical functions increases the risk of unauthorized actions. Furthermore, the taint analysis reveals 3 flows with unsanitized paths, including one high-severity flow, indicating potential vulnerabilities that could be exploited. The plugin's vulnerability history, while currently showing no unpatched high-severity issues, does include a past high-severity SQL injection vulnerability. This pattern suggests that SQL injection remains a potential risk area for this plugin, and the current unsanitized flows could represent a resurgence of this issue. Overall, the plugin has a good foundation in secure coding principles but requires immediate attention to its unprotected entry points and unsanitized data flows to mitigate significant risks.

Key Concerns

Unprotected AJAX handlers
Unprotected REST API routes
Flows with unsanitized paths
High severity taint flow

Vulnerabilities

1 published

ShipEngine Shipping Quotes Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

High

1 total CVE

CVE-2024-13531high · 7.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

ShipEngine Shipping Quotes <= 1.0.7 - Unauthenticated SQL Injection

Feb 11, 2025 Patched in 1.0.8 (7d)

Version History

ShipEngine Shipping Quotes Release Timeline

v1.1.1Current

v1.1.0

v1.0.10

v1.0.9

Code Analysis

Analyzed Apr 16, 2026

ShipEngine Shipping Quotes Code Analysis

Dangerous Functions

Raw SQL Queries

21 prepared

Unescaped Output

191 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

84% prepared25 total queries

Output Escaping

81% escaped237 total outputs

Data Flows · Security

3 unsanitized

Data Flow Analysis

8 flows3 with unsanitized paths

save (admin/tab/en-tab.php:150)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

3 unprotected

ShipEngine Shipping Quotes Attack Surface

Entry Points24

Unprotected3

AJAX Handlers 23

noprivwp_ajax_en_uvs_admin_order_quotesadmin/order/en-order-rates.php:23

authwp_ajax_en_uvs_admin_order_quotesadmin/order/en-order-rates.php:24

noprivwp_ajax_en_uvs_test_connectionadmin/tab/connection-settings/en-connection-ajax.php:24

authwp_ajax_en_uvs_test_connectionadmin/tab/connection-settings/en-connection-ajax.php:25

noprivwp_ajax_en_uvs_location_save_form_dataadmin/tab/location/includes/en-location-ajax.php:15

authwp_ajax_en_uvs_location_save_form_dataadmin/tab/location/includes/en-location-ajax.php:16

noprivwp_ajax_en_uvs_get_locationadmin/tab/location/includes/en-location-ajax.php:18

authwp_ajax_en_uvs_get_locationadmin/tab/location/includes/en-location-ajax.php:19

noprivwp_ajax_en_uvs_location_delete_rowadmin/tab/location/includes/en-location-ajax.php:21

authwp_ajax_en_uvs_location_delete_rowadmin/tab/location/includes/en-location-ajax.php:22

noprivwp_ajax_en_uvs_wd_bulk_delete_locationsadmin/tab/location/includes/en-location-ajax.php:24

authwp_ajax_en_uvs_wd_bulk_delete_locationsadmin/tab/location/includes/en-location-ajax.php:25

noprivwp_ajax_en_uvs_save_shipping_ruleadmin/tab/shipping-rules/shipping-rules-save.php:14

authwp_ajax_en_uvs_save_shipping_ruleadmin/tab/shipping-rules/shipping-rules-save.php:15

noprivwp_ajax_en_uvs_edit_shipping_ruleadmin/tab/shipping-rules/shipping-rules-save.php:17

authwp_ajax_en_uvs_edit_shipping_ruleadmin/tab/shipping-rules/shipping-rules-save.php:18

noprivwp_ajax_en_uvs_delete_shipping_ruleadmin/tab/shipping-rules/shipping-rules-save.php:20

authwp_ajax_en_uvs_delete_shipping_ruleadmin/tab/shipping-rules/shipping-rules-save.php:21

noprivwp_ajax_en_uvs_update_shipping_rule_statusadmin/tab/shipping-rules/shipping-rules-save.php:23

authwp_ajax_en_uvs_update_shipping_rule_statusadmin/tab/shipping-rules/shipping-rules-save.php:24

authwp_ajax_en_uvs_get_current_plancommon/en-plans.php:27

noprivwp_ajax_uvs_s_fden-install.php:631

authwp_ajax_uvs_s_fden-install.php:632

REST API Routes 1

POST/wp-json/fdo-company-id/update-statusen-install.php:679

WordPress Hooks 61

actionadmin_print_scriptsadmin/order/en-order-script.php:24

actionwoocommerce_order_actionsadmin/order/en-order-widget.php:25

filterEn_Plugins_dropship_filteradmin/product/en-product-detail.php:47

filterEn_Plugins_variable_freight_classification_filteradmin/product/en-product-detail.php:48

filteren_small_package_quotes_fieldsadmin/product/en-product-detail.php:53

filteren_insurance_filteradmin/product/en-product-detail.php:58

actionwoocommerce_product_options_shippingadmin/product/en-product-detail.php:63

actionwoocommerce_process_product_metaadmin/product/en-product-detail.php:64

actionwoocommerce_product_after_variable_attributesadmin/product/en-product-detail.php:67

actionwoocommerce_save_product_variationadmin/product/en-product-detail.php:68

filteren_uvs_reason_quotes_not_returnedadmin/tab/connection-settings/en-connection-settings.php:75

filterwoocommerce_settings_tabs_arrayadmin/tab/en-tab.php:19

filterwoocommerce_product_export_product_column_en_nicknamecommon/en-csv.php:11

filterwoocommerce_product_export_product_column_en_citycommon/en-csv.php:12

filterwoocommerce_product_export_product_column_en_statecommon/en-csv.php:13

filterwoocommerce_product_export_product_column_en_zipcommon/en-csv.php:14

filterwoocommerce_product_export_product_column_en_countrycommon/en-csv.php:15

filterwoocommerce_product_export_product_column_en_product_freight_classcommon/en-csv.php:18

filterwoocommerce_product_export_product_column_en_product_freight_class_variationcommon/en-csv.php:19

filterwoocommerce_product_export_column_namescommon/en-csv.php:22

filterwoocommerce_product_export_product_default_columnscommon/en-csv.php:23

actionadmin_noticescommon/en-guard.php:42

actionwoocommerce_loadedcommon/en-guard.php:111

filteren_register_activation_hookcommon/en-plans.php:24

filteruvs_plans_notification_linkcommon/en-plans.php:25

filteruvs_plans_suscription_and_featurescommon/en-plans.php:26

filteren_register_activation_hookdb/en-warehouse.php:25

filteren_register_activation_hookdb/en-warehouse.php:26

actionadmin_enqueue_scriptsen-install.php:65

actionwp_enqueue_scriptsen-install.php:80

actionadmin_initen-install.php:98

filterwoocommerce_get_settings_pagesen-install.php:117

filterplugin_action_linksen-install.php:144

actionadmin_print_scriptsen-install.php:161

filterwoocommerce_shipping_methodsen-install.php:201

filterwoocommerce_cart_no_shipping_available_htmlen-install.php:216

filteren_app_common_plan_statusen-install.php:247

filteren_check_ground_transit_restrict_statusen-install.php:266

filterwoocommerce_package_ratesen-install.php:333

filteren_shipping_applicationsen-install.php:347

filteradmin_noticesen-install.php:366

actionwoocommerce_proceed_to_checkouten-install.php:390

filterwoocommerce_cart_no_shipping_available_htmlen-install.php:403

filterwoocommerce_no_shipping_available_htmlen-install.php:404

filterwoocommerce_product_importer_parsed_dataen-install.php:519

filteren_pluginsen-install.php:585

actionupgrader_process_completeen-install.php:624

actionadmin_initen-install.php:628

actionrest_api_initen-install.php:676

actionwoocommerce_thankyouserver/common/en-order-export.php:22

actioninitserver/common/en-order-export.php:23

actionen_async_orders_exporting_processserver/common/en-order-export.php:24

filtercron_schedulesserver/common/en-order-export.php:25

actionwoocommerce_shipping_initserver/en-shipping-rates.php:21

filterwoocommerce_package_ratesserver/en-shipping-rates.php:86

filteren_shipengine_package_converterserver/en-shipping-rates.php:128

filteren_eniture_shipmentserver/en-shipping-rates.php:148

filteren_uvs_reason_quotes_not_returnedserver/package/en-package.php:258

filteren_fdo_image_urls_mergeserver/package/en-package.php:353

actionbefore_woocommerce_initshipengine-eniture.php:23

actioninitshipengine-eniture.php:29

Scheduled Events 1

en_async_orders_exporting_process

Maintenance & Trust

ShipEngine Shipping Quotes Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 12, 2026

PHP min version

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

ShipEngine Shipping Quotes Alternatives

Small Package Quotes – Worldwide Express Edition

small-package-quotes-wwe-edition

Real-time small package (parcel) shipping rates from Worldwide Express. Fifteen day free trial.

90 5 CVEs

Small Package Quotes – Unishippers Edition

small-package-quotes-unishippers-edition

Real-time small package (parcel) shipping rates from Unishippers. Fifteen day free trial.

70 3 CVEs

Small Package Quotes – UPS Edition

small-package-quotes-ups-edition

Real-time UPS quotes from UPS. Fifteen day free trial.

50 1 CVE

Small Package Quotes – For Customers of FedEx

small-package-quotes-fedex-edition

Real-time small package (parcel) shipping rates from Fedex. Fifteen day free trial.

20 1 CVE

Small Package Quotes – Purolator Edition

small-package-quotes-purolator-edition

Real-time small package (parcel) shipping rates from Purolator. Fifteen day free trial.

10 1 CVE

Developer Profile

ShipEngine Shipping Quotes Developer Profile

enituretechnology

32 plugins · 1K total installs

trust score

Avg Security Score

97/100

Avg Patch Time

19 days

View full developer profile

Detection Fingerprints

How We Detect ShipEngine Shipping Quotes

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/shipengine-shipping-quotes/admin/assets/en-wicked-picker.js/wp-content/plugins/shipengine-shipping-quotes/admin/tab/location/assets/js/en-uvs-tagging.js/wp-content/plugins/shipengine-shipping-quotes/admin/assets/en-uvs-admin.js/wp-content/plugins/shipengine-shipping-quotes/admin/tab/location/assets/js/en-uvs-location.js/wp-content/plugins/shipengine-shipping-quotes/admin/assets/en-wicked-picker.css/wp-content/plugins/shipengine-shipping-quotes/admin/tab/location/assets/css/en-uvs-location.css/wp-content/plugins/shipengine-shipping-quotes/admin/assets/en-uvs-admin.css/wp-content/plugins/shipengine-shipping-quotes/admin/tab/shipping-rules/assets/js/shipping_rules.js+4 more

Script Paths

admin/assets/en-wicked-picker.jsadmin/tab/location/assets/js/en-uvs-tagging.jsadmin/assets/en-uvs-admin.jsadmin/tab/location/assets/js/en-uvs-location.jsadmin/tab/shipping-rules/assets/js/shipping_rules.jsadmin/assets/en-uvs-frontend.js+1 more

Version Parameters

en-wicked-picker.js?ver=1.0.1en-uvs-tagging.js?ver=1.0.1en-uvs-admin.js?ver=1.0.6en-uvs-location.js?ver=1.0.3en-wicked-picker.css?ver=1.0.1en-uvs-location.css?ver=1.0.3en-uvs-admin.css?ver=1.0.6shipping_rules.js?ver=1.0.2shipping_rules.css?ver=1.0.0en-uvs-frontend.js?ver=1.0.0en-jtv-script.js?ver=1.0.0

HTML / DOM Fingerprints

CSS Classes

en-uvs-admin-cssen-wicked-picker-css

Data Attributes

en_uvs_admin_scripten_uvs_location_scripten_uvs_sr_script

JS Globals

EN_UVS_DIR_FILEen_uvs_admin_scripten_uvs_location_scripten_uvs_sr_script

FAQ