Does Shipo have any unpatched vulnerabilities?

No. All known vulnerabilities in Shipo have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Shipo compatible with WordPress 6.9.4?

According to WordPress.org data, Shipo 1.7 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Shipo compatible with PHP 7.4+?

Shipo requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Shipo updated?

Shipo was last updated on Mar 5, 2026. Frequent updates are generally a positive security signal.

What is Shipo's security score?

Shipo has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Shipo Security & Risk Analysis

wordpress.org/plugins/shipo

Shipo te conectează instant cu mai mulți curieri de top, fără contract. Expediezi la adresă sau locker și plătești doar coletele livrate.

20 active installs v1.7 PHP 7.4+ WP 4.7+ Updated Mar 5, 2026

couriersdeliveryecommerceromaniashipping

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Shipo Safe to Use in 2026?

Generally Safe

Score 100/100

Shipo has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 29d ago

Risk Assessment

The "shipo" v1.7 plugin exhibits a generally good security posture with several positive indicators. The absence of known vulnerabilities in its history is a significant strength, suggesting a history of secure development and maintenance. The use of prepared statements for all SQL queries and a high percentage of properly escaped output are excellent practices that mitigate common attack vectors like SQL injection and cross-site scripting. The plugin also demonstrates a good number of nonce checks and capability checks, indicating an awareness of access control mechanisms.

However, a notable concern arises from the static analysis: one of the four identified AJAX handlers lacks proper authentication checks. This represents a direct entry point that could be exploited by unauthenticated users, potentially leading to unintended actions or information disclosure depending on the functionality of that specific handler. While the taint analysis shows no unsanitized paths and no dangerous functions were identified, the unprotected AJAX handler is a specific, actionable risk that needs to be addressed.

In conclusion, "shipo" v1.7 is a relatively secure plugin due to its lack of historical vulnerabilities and strong adherence to secure coding practices in areas like SQL and output handling. The primary weakness lies in the single unprotected AJAX endpoint, which significantly impacts its overall security score. Addressing this specific vulnerability would greatly enhance the plugin's security posture.

Key Concerns

AJAX handler without authentication

Vulnerabilities

None known

Shipo Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Shipo Code Analysis

Dangerous Functions

Raw SQL Queries

3 prepared

Unescaped Output

180 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared3 total queries

Output Escaping

89% escaped203 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

update_field (includes\class-shipo-settings-fields.php:409)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Shipo Attack Surface

Entry Points4

Unprotected1

AJAX Handlers 4

authwp_ajax_shipo_generate_awbincludes\class-shipo-ajax.php:21

authwp_ajax_shipo_get_mapincludes\class-shipo-ajax.php:23

authwp_ajax_shipo_report_awbincludes\class-shipo-ajax.php:25

authwp_ajax_shipo_print_download_awbincludes\class-shipo-ajax.php:27

WordPress Hooks 33

filtermanage_edit-shop_order_columnsincludes\class-shipo-admin-order.php:14

filtermanage_woocommerce_page_wc-orders_columnsincludes\class-shipo-admin-order.php:16

filtermanage_edit-shop_order_columnsincludes\class-shipo-admin-order.php:19

filtermanage_woocommerce_page_wc-orders_columnsincludes\class-shipo-admin-order.php:22

actionwoocommerce_admin_order_data_after_shipping_addressincludes\class-shipo-admin-order.php:24

actionmanage_woocommerce_page_wc-orders_custom_columnincludes\class-shipo-admin-order.php:26

actionmanage_shop_order_posts_custom_columnincludes\class-shipo-admin-order.php:29

actionmanage_woocommerce_page_wc-orders_custom_columnincludes\class-shipo-admin-order.php:31

actionmanage_shop_order_posts_custom_columnincludes\class-shipo-admin-order.php:34

actionmanage_woocommerce_page_wc-orders_custom_columnincludes\class-shipo-admin-order.php:36

actionwoocommerce_order_status_changedincludes\class-shipo-admin-order.php:38

filterdetermine_current_userincludes\class-shipo-ajax.php:17

actionrest_api_initincludes\class-shipo-ajax.php:19

actionwp_enqueue_scriptsincludes\class-shipo-assets.php:14

actionadmin_enqueue_scriptsincludes\class-shipo-assets.php:15

filterwoocommerce_checkout_fieldsincludes\class-shipo-checkout.php:14

filterwoocommerce_checkout_fieldsincludes\class-shipo-checkout.php:15

actionwoocommerce_checkout_update_order_reviewincludes\class-shipo-checkout.php:18

filterwoocommerce_cart_shipping_method_full_labelincludes\class-shipo-checkout.php:21

actionwoocommerce_checkout_create_orderincludes\class-shipo-checkout.php:24

actionwoocommerce_product_options_shippingincludes\class-shipo-checkout.php:27

actionwoocommerce_process_product_metaincludes\class-shipo-checkout.php:30

actionwoocommerce_checkout_order_processedincludes\class-shipo-checkout.php:32

actionwoocommerce_checkout_processincludes\class-shipo-checkout.php:34

actionwoocommerce_thankyouincludes\class-shipo-checkout.php:36

actionwoocommerce_review_order_after_order_totalincludes\class-shipo-checkout.php:39

actionafter_setup_themeincludes\class-shipo-core.php:31

actionplugins_loadedincludes\class-shipo-core.php:32

filterwoocommerce_shipping_methodsincludes\class-shipo-core.php:35

actionwoocommerce_shipping_initincludes\class-shipo-core.php:36

actionadmin_noticesincludes\class-shipo-core.php:39

actionadmin_noticesshipo.php:44

actionplugins_loadedshipo.php:53

Maintenance & Trust

Shipo Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 5, 2026

PHP min version7.4

Downloads573

Community Trust

Rating0/100

Number of ratings0

Active installs20

Alternatives

Shipo Alternatives

Woot

woot-ro

100

Unified shipping solution for WooCommerce. Integrates all popular couriers in Romania with real-time pricing and pickup point selection.

100 No CVEs

CDEKDelivery

cdekdelivery

100

Integration with CDEK delivery for your WooCommerce store.

2K No CVEs

Flat Rate per State/Country/Region for WooCommerce

flat-rate-per-countryregion-for-woocommerce

100

This plugin allows you to set a flat delivery rate per States, Countries or World Regions on WooCommerce.

1K No CVEs

Amadast Shipping افزونه حمل و نقل |ماشین حساب ارسال پست و تیپاکس و چاپار | پس کرایه |تنظیمات ارسال رایگان

amadast-shipping-wp

100

A plugin that calculates shipping prices online with various sending methods.

500 No CVEs

Shipping Additional Days for WooCommerce

woo-shipping-additional-days

Allows you to set additional days to your delivery date into Products and Shipping Classes.

200 No CVEs

Developer Profile

Shipo Developer Profile

Shipon Karmakar

5 plugins · 370 total installs

trust score

Avg Security Score

98/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Shipo

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/shipo/assets/css/style.css/wp-content/plugins/shipo/assets/css/map.css/wp-content/plugins/shipo/assets/css/checkout.css/wp-content/plugins/shipo/assets/js/map.js/wp-content/plugins/shipo/assets/js/checkout.js/wp-content/plugins/shipo/assets/css/admin.css/wp-content/plugins/shipo/assets/js/admin.js

Script Paths

/wp-content/plugins/shipo/assets/js/map.js/wp-content/plugins/shipo/assets/js/checkout.js/wp-content/plugins/shipo/assets/js/admin.js

Version Parameters

shipo-styleshipo-mapshipo-checkoutshipo-map-scriptshipo-checkout-scriptshipo-map-styleshipo-admin-styleshipo-admin-script

HTML / DOM Fingerprints

CSS Classes

shipo-help-tip

Data Attributes

data-tip

JS Globals

shipoAjax

REST Endpoints

/shipo/v1

FAQ