WP-Safety

Shipping Rate By Cities Security & Risk Analysis

wordpress.org/plugins/shipping-rate-by-cities

Set Custom Shipping Rates For Different Cities On Woocommerce.

700 active installs v2.0.1 PHP 7.2+ WP 5.1+ Updated Jan 31, 2026
cities-shippingcustom-shippingshipping-citiesshipping-ratewoocommerce-shipping
97
A · Safe
CVEs total1
Unpatched0
Last CVEJan 13, 2026
Plugin page Download
Safety Verdict

Is Shipping Rate By Cities Safe to Use in 2026?

Generally Safe

Score 97/100

Shipping Rate By Cities has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jan 13, 2026Updated 2mo ago
Risk Assessment

The 'shipping-rate-by-cities' plugin v2.0.1 exhibits a generally positive security posture based on the static analysis. The absence of AJAX handlers, REST API routes, shortcodes, and cron events with unprotected entry points is a strong indicator of good security practices. The code also demonstrates commendable attention to detail with 100% of output being properly escaped and a high percentage of SQL queries utilizing prepared statements, along with the presence of nonce and capability checks. Taint analysis revealed no critical or high severity vulnerabilities, further bolstering confidence in its current safety.

However, the plugin's vulnerability history presents a significant concern. A past high-severity SQL injection vulnerability, though currently patched, suggests a historical weakness in how user-supplied data was handled. The fact that a high-severity issue existed indicates that while the current version may be clean, there's a precedent for critical flaws. This historical pattern warrants a cautious approach, as similar vulnerabilities could potentially resurface if coding practices are not meticulously maintained. The strength lies in the current code's auditability, but the past vulnerability necessitates ongoing vigilance.

Key Concerns

  • Past high severity SQL injection vulnerability
Vulnerabilities
1

Shipping Rate By Cities Security Vulnerabilities

CVEs by Year

1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

High
1

1 total CVE

CVE-2025-14770high · 7.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Shipping Rate By Cities <= 2.0.0 - Unauthenticated SQL Injection via 'city' Parameter

Jan 13, 2026 Patched in 2.0.1 (6d)
Code Analysis
Analyzed Mar 16, 2026

Shipping Rate By Cities Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
18 prepared
Unescaped Output
0
53 escaped
Nonce Checks
3
Capability Checks
4
File Operations
2
External Requests
0
Bundled Libraries
0

SQL Query Safety

90% prepared20 total queries

Output Escaping

100% escaped53 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
handle_import (shipping_rate_by_cities.php:216)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Shipping Rate By Cities Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 12
actionadmin_noticesshipping_rate_by_cities.php:71
actionadmin_enqueue_scriptsshipping_rate_by_cities.php:78
actionwp_enqueue_scriptsshipping_rate_by_cities.php:81
actionwoocommerce_shipping_initshipping_rate_by_cities.php:87
filterwoocommerce_shipping_methodsshipping_rate_by_cities.php:88
filterwoocommerce_checkout_fieldsshipping_rate_by_cities.php:91
actionadmin_menushipping_rate_by_cities.php:98
actionwoocommerce_checkout_processshipping_rate_by_cities.php:102
actionwp_enqueue_scriptsshipping_rate_by_cities.php:104
actionadmin_post_shiprate_export_citiesshipping_rate_by_cities.php:106
actionadmin_post_shiprate_import_citiesshipping_rate_by_cities.php:107
actionwoocommerce_update_options_shipping_methodsshiprate-cities-method-class.php:28
Maintenance & Trust

Shipping Rate By Cities Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 31, 2026
PHP min version7.2
Downloads7K

Community Trust

Rating100/100
Number of ratings4
Active installs700
Alternatives

Shipping Rate By Cities Alternatives

PiWeb Flat rate / Conditional shipping for WooCommerce

PiWeb Flat rate / Conditional shipping for WooCommerce

advanced-free-flat-shipping-woocommerce

A
100

WooCommerce conditional shipping & WooCommerce Advanced Flat rate shipping rates plugin to Create Advanced Flat rate shipping or Free shipping met &hellip;

2K 1 CVE
Plugin BlueX for WooCommerce

Plugin BlueX for WooCommerce

bluex-for-woocommerce

B
78

Once the plugin is installed, you need to go to the integration section in the woocommerce settings and add the data delivered by blue express. Also,

2K 1 unpatched
Shipping by City for Woocommerce

Shipping by City for Woocommerce

shipping-by-city-for-woocommerce

A
92

Shipping by city WooCommerce Add-on plug-in.

400 No CVEs
Ade Custom Shipping

Ade Custom Shipping

ade-custom-shipping

A
100

Integrate Ade Custom Shipping to your WooCommerce website and take control of your shipping options.

200 No CVEs
Table rate shipping for WooCommerce

Table rate shipping for WooCommerce

advanced-table-rate-shipping-for-woocommerce

A
100

Table rate shipping a addon plugin for WooCommerce shipping.

200 No CVEs
Developer Profile

Shipping Rate By Cities Developer Profile

Trident Technolabs

5 plugins · 3K total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
226 days
View full developer profile
Detection Fingerprints

How We Detect Shipping Rate By Cities

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/shipping-rate-by-cities/assets/js/shiprate-frontend.js
Script Paths
assets/js/shiprate-frontend.js
Version Parameters
shipping-rate-by-citiesSHIPRATE_VERSION

HTML / DOM Fingerprints

JS Globals
WShippingRateByCity
FAQ

Frequently Asked Questions about Shipping Rate By Cities