WP-Safety

Shipping Account Capture Security & Risk Analysis

wordpress.org/plugins/shipping-account-capture

The plugin allows the visitor to specify an interest in having the shipping charges billed to its account.

0 active installs v1.0.2 PHP 7.4+ WP 6.6+ Updated May 7, 2025
capture-shipping-accounteniture-my-accountshipping-rateswoocommerce-shipping
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Shipping Account Capture Safe to Use in 2026?

Generally Safe

Score 92/100

Shipping Account Capture has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The "shipping-account-capture" plugin v1.0.2 exhibits a significant security concern due to its extensive attack surface without any authentication or authorization checks. All 8 REST API routes are directly exposed, meaning any unauthenticated user could potentially interact with these endpoints. While the plugin demonstrates good practices in its handling of SQL queries (100% prepared statements) and output escaping (100% properly escaped), the complete lack of nonces and capability checks across all entry points, particularly the 8 unprotected REST API routes, creates a substantial risk. This absence of security measures is a critical oversight that leaves the plugin vulnerable to various attacks, such as unauthorized data manipulation or information disclosure, if these endpoints are not inherently secured by other layers of the WordPress application.

The plugin's vulnerability history is clean, with no known CVEs or past issues. This suggests that, to date, no significant security flaws have been publicly reported or exploited. However, this positive history should not overshadow the immediate risks identified in the static analysis. The lack of taint analysis results is not necessarily an indicator of safety, but rather might reflect limitations in the static analysis tool's capabilities or the nature of the code's operations. The plugin's strengths lie in its secure database and output handling, but these are severely undermined by the unprotected entry points. The overall security posture is concerning due to the high number of unprotected REST API routes. A robust security strategy would require immediate implementation of permission checks and nonces on these endpoints.

Key Concerns

  • 8 unprotected REST API routes
  • 0 Nonce checks on entry points
  • 0 Capability checks on entry points
Vulnerabilities
None known

Shipping Account Capture Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Shipping Account Capture Release Timeline

v1.0.2Current
Code Analysis
Analyzed Apr 16, 2026

Shipping Account Capture Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
12 prepared
Unescaped Output
0
13 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
2
Bundled Libraries
0

SQL Query Safety

100% prepared12 total queries

Output Escaping

100% escaped13 total outputs
Attack Surface
8 unprotected

Shipping Account Capture Attack Surface

Entry Points8
Unprotected8

REST API Routes 8

GET/wp-json/eniture-capture-shipping-account/v1/bill-to-optionsadmin/en-sac-register-rest-apis.php:20
POST/wp-json/eniture-capture-shipping-account/v1/bill-to-optionadmin/en-sac-register-rest-apis.php:26
POST/wp-json/eniture-capture-shipping-account/v1/serviceadmin/en-sac-register-rest-apis.php:32
POST/wp-json/eniture-capture-shipping-account/v1/test-connectionadmin/en-sac-register-rest-apis.php:38
POST/wp-json/eniture-capture-shipping-account/v1/save-licenseadmin/en-sac-register-rest-apis.php:44
GET/wp-json/eniture-capture-shipping-account/v1/get-licenseadmin/en-sac-register-rest-apis.php:50
POST/wp-json/eniture-capture-shipping-account/v1/save-other-settingsadmin/en-sac-register-rest-apis.php:56
GET/wp-json/eniture-capture-shipping-account/v1/get-other-settingsadmin/en-sac-register-rest-apis.php:62
WordPress Hooks 13
actionadmin_noticesadmin/en-guard.php:31
actionwoocommerce_loadedadmin/en-guard.php:100
actionrest_api_initadmin/en-sac-register-rest-apis.php:13
actionwoocommerce_store_api_checkout_order_processedadmin/en-sac-register-rest-apis.php:14
filterwoocommerce_package_ratesadmin/en-sac-register-rest-apis.php:15
actionadmin_enqueue_scriptseniture-shipping-account-capture.php:33
actionwp_enqueue_scriptseniture-shipping-account-capture.php:34
filterplugin_action_linkseniture-shipping-account-capture.php:37
filterwoocommerce_settings_tabs_arrayeniture-shipping-account-capture.php:38
actionwoocommerce_settings_tabs_eniture-saceniture-shipping-account-capture.php:39
actionwoocommerce_shipping_initeniture-shipping-account-capture.php:43
filterwoocommerce_shipping_methodseniture-shipping-account-capture.php:44
actionwoocommerce_initfrontend/en-sac-register-checkout-options.php:13
Maintenance & Trust

Shipping Account Capture Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedMay 7, 2025
PHP min version7.4
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Shipping Account Capture Alternatives

PiWeb Flat rate / Conditional shipping for WooCommerce

PiWeb Flat rate / Conditional shipping for WooCommerce

advanced-free-flat-shipping-woocommerce

A
100

WooCommerce conditional shipping & WooCommerce Advanced Flat rate shipping rates plugin to Create Advanced Flat rate shipping or Free shipping met …

2K 1 CVE
Plugin BlueX for WooCommerce

Plugin BlueX for WooCommerce

bluex-for-woocommerce

B
78

Once the plugin is installed, you need to go to the integration section in the woocommerce settings and add the data delivered by blue express. Also,

2K 1 unpatched
Table rate shipping for WooCommerce

Table rate shipping for WooCommerce

advanced-table-rate-shipping-for-woocommerce

A
100

Table rate shipping a addon plugin for WooCommerce shipping.

200 No CVEs
Shipi – DHL Express Integration for Woocommerce

Shipi – DHL Express Integration for Woocommerce

a2z-dhl-express-shipping

A
100

Seamless DHL Express WooCommerce integration - live rates, automated/manual labels, return labels, pickups, invoices, and tracking.

100 No CVEs
PrangoShip [Quantity Based] for WooCommerce

PrangoShip [Quantity Based] for WooCommerce

woo-quantity-based-shipping-rate

A
85

Lets you assign shipping rates based on the quantity of items in the cart for your WooCommerce Store.

100 No CVEs
Developer Profile

Shipping Account Capture Developer Profile

enituretechnology

32 plugins · 1K total installs

92
trust score
Avg Security Score
97/100
Avg Patch Time
19 days
View full developer profile
Detection Fingerprints

How We Detect Shipping Account Capture

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/shipping-account-capture/build/index.css/wp-content/plugins/shipping-account-capture/build/index.js/wp-content/plugins/shipping-account-capture/build/eniture-sac-frontend.asset.php/wp-content/plugins/shipping-account-capture/build/index.asset.php
Script Paths
wp-content/plugins/shipping-account-capture/build/index.jswp-content/plugins/shipping-account-capture/build/eniture-sac-frontend.js
Version Parameters
shipping-account-capture/build/index.css?ver=shipping-account-capture/build/index.js?ver=shipping-account-capture/build/eniture-sac-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
eniture_sac_wrapper
Data Attributes
id="eniture_sac_root"
JS Globals
eniture_saceniture_sac_nonceeniture_sac_rest_urlapiUrl
REST Endpoints
/wp-json/eniture-capture-shipping-account/v1/bill-to-options/wp-json/eniture-capture-shipping-account/v1/bill-to-option/wp-json/eniture-capture-shipping-account/v1/service/wp-json/eniture-capture-shipping-account/v1/test-connection/wp-json/eniture-capture-shipping-account/v1/save-license/wp-json/eniture-capture-shipping-account/v1/get-license/wp-json/eniture-capture-shipping-account/v1/save-other-settings
FAQ

Frequently Asked Questions about Shipping Account Capture