WP-Safety

Shiptimize for WooCommerce Security & Risk Analysis

wordpress.org/plugins/shiptimize-for-woocommerce

Shiptimize for WooCommerce is a Digital Delivery Management Solution for online stores that helps you save time and money with your shipping.

100 active installs v3.1.86 PHP 5.6+ WP 4.9+ Updated Apr 19, 2024
automatemulti-carriersaveshippingwoocommerce
43
D · High Risk
CVEs total2
Unpatched2
Last CVEApr 1, 2025
Download
Safety Verdict

Is Shiptimize for WooCommerce Safe to Use in 2026?

High Risk

Score 43/100

Shiptimize for WooCommerce carries significant security risk with 2 known CVEs, 2 still unpatched. Consider switching to a maintained alternative.

2 known CVEs 2 unpatched Last CVE: Apr 1, 2025Updated 2yr ago
Risk Assessment

The shiptimize-for-woocommerce plugin exhibits a concerning security posture due to a significant number of unprotected entry points. With 20 AJAX handlers and 2 REST API routes lacking authentication checks, the plugin exposes a large attack surface to unauthenticated users. This is further exacerbated by the taint analysis revealing a high severity flow with unsanitized paths, indicating a potential for exploitation. The plugin's history of 2 known medium severity CVEs, both currently unpatched, with common vulnerability types including Missing Authorization and Cross-site Scripting, suggests a pattern of recurring security weaknesses that have not been fully addressed. While the use of prepared statements for a majority of SQL queries and the presence of capability checks are positive indicators, they are overshadowed by the critical lack of authentication on many entry points and the unresolved vulnerabilities. The low percentage of properly escaped output is also a significant concern, increasing the risk of Cross-site Scripting attacks.

Key Concerns

  • High number of unprotected AJAX handlers
  • High number of unprotected REST API routes
  • High severity taint flow with unsanitized paths
  • Unpatched medium CVEs (2)
  • Low percentage of properly escaped output
  • No nonce checks on AJAX handlers
  • 22 unprotected entry points total
Vulnerabilities
2 published

Shiptimize for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2024 · unpatched
2024
1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2025-31802medium · 4.3Missing Authorization

Shiptimize for WooCommerce <= 3.1.86 - Missing Authorization to Authenticated (Subscriber+) Settings Update

Apr 1, 2025Unpatched
CVE-2024-54235medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Shiptimize for WooCommerce <= 3.1.86 - Reflected Cross-Site Scripting

Dec 5, 2024Unpatched
Version History

Shiptimize for WooCommerce Release Timeline

No version history available.
Code Analysis
Analyzed Mar 16, 2026

Shiptimize for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
14
27 prepared
Unescaped Output
248
16 escaped
Nonce Checks
0
Capability Checks
15
File Operations
11
External Requests
1
Bundled Libraries
0

SQL Query Safety

66% prepared41 total queries

Output Escaping

6% escaped264 total outputs
Data Flows · Security
10 unsanitized

Data Flow Analysis

11 flows10 with unsanitized paths
admin_init (includes\admin\class-shiptimize-order-ui.php:132)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
22 unprotected

Shiptimize for WooCommerce Attack Surface

Entry Points22
Unprotected22

AJAX Handlers 20

authwp_ajax_shiptimize_print_labelincludes\admin\class-shiptimize-order-ui.php:60
authwp_ajax_shiptimize_label_statusincludes\admin\class-shiptimize-order-ui.php:61
authwp_ajax_shiptimize_print_labelincludes\admin\class-shiptimize-order-ui.php:67
authwp_ajax_shiptimize_label_statusincludes\admin\class-shiptimize-order-ui.php:68
noprivwp_ajax_shiptimize_pickup_locationsincludes\admin\class-shiptimize-shipping.php:41
authwp_ajax_shiptimize_pickup_locationsincludes\admin\class-shiptimize-shipping.php:42
noprivwp_ajax_shiptimize_selected_carrierincludes\admin\class-shiptimize-shipping.php:43
authwp_ajax_shiptimize_shiptimize_selected_carrierincludes\admin\class-shiptimize-shipping.php:44
noprivwp_ajax_shiptimize_selected_carrier_from_listincludes\admin\class-shiptimize-shipping.php:46
authwp_ajax_shiptimize_shiptimize_selected_carrier_from_listincludes\admin\class-shiptimize-shipping.php:47
noprivwp_ajax_shiptimize_set_pickup_pointincludes\admin\class-shiptimize-shipping.php:49
authwp_ajax_shiptimize_set_pickup_pointincludes\admin\class-shiptimize-shipping.php:50
authwp_ajax_shiptimize_wbs_settingsincludes\admin\class-shiptimize-shipping.php:54
authwp_ajax_dokan_settingsincludes\plugins\class-shiptimize-dokan.php:39
authwp_ajax_shiptimize_dokan_export_selectedincludes\plugins\class-shiptimize-dokan.php:43
authwp_ajax_shiptimizeconnectuserincludes\plugins\class-shiptimize-marketplace.php:35
authwp_ajax_shiptimize_export_selectedincludes\plugins\class-shiptimize-wcfm.php:73
authwp_ajax_shiptimize_check_keysincludes\plugins\class-shiptimize-wcfm.php:101
authwp_ajax_shiptimize_wcfm_export_orderincludes\plugins\class-shiptimize-wcfm.php:118
authwp_ajax_shiptimize_wcfm_export_ordersincludes\plugins\class-shiptimize-wcfm.php:123

REST API Routes 2

GET/wp-json/shiptimize/v1/updateincludes\class-woo-shiptimize.php:451
GET/wp-json/shiptimize/v1/updateincludes\class-woo-shiptimize.php:458
WordPress Hooks 78
actionadmin_menuincludes\admin\class-shiptimize-options-ui.php:70
actionadmin_initincludes\admin\class-shiptimize-options-ui.php:71
filtermanage_woocommerce_page_wc-orders_columnsincludes\admin\class-shiptimize-order-ui.php:34
filterposts_joinincludes\admin\class-shiptimize-order-ui.php:35
filterposts_whereincludes\admin\class-shiptimize-order-ui.php:36
filterbulk_actions-woocommerce_page_wc-ordersincludes\admin\class-shiptimize-order-ui.php:37
filterhandle_bulk_actions-woocommerce_page_wc-ordersincludes\admin\class-shiptimize-order-ui.php:38
filtermanage_edit-shop_order_columnsincludes\admin\class-shiptimize-order-ui.php:40
filterposts_joinincludes\admin\class-shiptimize-order-ui.php:41
filterposts_whereincludes\admin\class-shiptimize-order-ui.php:42
filterbulk_actions-edit-shop_orderincludes\admin\class-shiptimize-order-ui.php:43
filterhandle_bulk_actions-edit-shop_orderincludes\admin\class-shiptimize-order-ui.php:44
actionmanage_woocommerce_page_wc-orders_custom_columnincludes\admin\class-shiptimize-order-ui.php:56
actionrestrict_manage_postsincludes\admin\class-shiptimize-order-ui.php:57
actionadmin_headincludes\admin\class-shiptimize-order-ui.php:58
actionadmin_initincludes\admin\class-shiptimize-order-ui.php:59
actionmanage_shop_order_posts_custom_columnincludes\admin\class-shiptimize-order-ui.php:63
actionrestrict_manage_postsincludes\admin\class-shiptimize-order-ui.php:64
actionadmin_headincludes\admin\class-shiptimize-order-ui.php:65
actionadmin_initincludes\admin\class-shiptimize-order-ui.php:66
actionwoocommerce_shipping_initincludes\admin\class-shiptimize-shipping.php:39
actionwp_footerincludes\admin\class-shiptimize-shipping.php:40
actionwoocommerce_checkout_update_order_metaincludes\admin\class-shiptimize-shipping.php:55
actionwoocommerce_store_api_checkout_order_processedincludes\admin\class-shiptimize-shipping.php:56
actionwoocommerce_checkout_fieldsincludes\admin\class-shiptimize-shipping.php:59
actionwoocommerce_admin_order_data_after_shipping_addressincludes\admin\class-shiptimize-shipping.php:62
actionwoocommerce_after_checkout_validationincludes\admin\class-shiptimize-shipping.php:65
filterwoocommerce_shipping_methodsincludes\admin\class-shiptimize-shipping.php:288
filterwoocommerce_update_order_review_fragmentsincludes\admin\class-shiptimize-shipping.php:289
filterwoocommerce_review_order_before_paymentincludes\admin\class-shiptimize-shipping.php:290
actionadmin_noticesincludes\class-woo-shiptimize.php:117
actionadmin_noticesincludes\class-woo-shiptimize.php:122
actionplugins_loadedincludes\class-woo-shiptimize.php:205
actionupgrader_process_completeincludes\class-woo-shiptimize.php:207
actionadmin_enqueue_scriptsincludes\class-woo-shiptimize.php:209
actionadmin_enqueue_scriptsincludes\class-woo-shiptimize.php:210
actionwp_enqueue_scriptsincludes\class-woo-shiptimize.php:212
actionadmin_initincludes\class-woo-shiptimize.php:213
actionadmin_noticesincludes\class-woo-shiptimize.php:214
actionparse_requestincludes\class-woo-shiptimize.php:216
filterquery_varsincludes\class-woo-shiptimize.php:217
actionrest_api_initincludes\class-woo-shiptimize.php:219
actioninitincludes\class-woo-shiptimize.php:220
filterwoocommerce_order_details_after_order_table_itemsincludes\class-woo-shiptimize.php:296
filterwoocommerce_statesincludes\class-woo-shiptimize.php:301
filterwoocommerce_package_ratesincludes\class-woo-shiptimize.php:303
actiondokan_settings_form_bottomincludes\plugins\class-shiptimize-dokan.php:38
actiondokan_order_content_inside_afterincludes\plugins\class-shiptimize-dokan.php:42
actionwoocommerce_admin_order_actions_endincludes\plugins\class-shiptimize-dokan.php:44
actionwp_enqueue_scriptsincludes\plugins\class-shiptimize-dokan.php:46
actionshiptimize_api_updateincludes\plugins\class-shiptimize-marketplace.php:28
actionparse_requestincludes\plugins\class-shiptimize-marketplace.php:37
actionwp_mail_failedincludes\plugins\class-shiptimize-marketplace.php:38
filterquery_varsincludes\plugins\class-shiptimize-marketplace.php:40
actionwcfm_marketplace_shippingincludes\plugins\class-shiptimize-wcfm.php:53
actionwcfm_vendor_settings_updateincludes\plugins\class-shiptimize-wcfm.php:56
actionwcfm_vendor_shipping_settings_updateincludes\plugins\class-shiptimize-wcfm.php:59
actionwcfm_after_orders_filter_wrapincludes\plugins\class-shiptimize-wcfm.php:62
filterwcfm_orders_additional_info_column_labelincludes\plugins\class-shiptimize-wcfm.php:63
filterwcfm_orders_additonal_data_hiddenincludes\plugins\class-shiptimize-wcfm.php:64
filterwcfm_orders_additonal_dataincludes\plugins\class-shiptimize-wcfm.php:65
actionwp_enqueue_scriptsincludes\plugins\class-shiptimize-wcfm.php:68
filterwcfmmp_settings_fields_shippingincludes\plugins\class-shiptimize-wcfm.php:75
filterwcfmmp_settings_fields_shipping_rates_by_countryincludes\plugins\class-shiptimize-wcfm.php:79
filterwcfmmp_settings_fields_shipping_rates_by_weightincludes\plugins\class-shiptimize-wcfm.php:80
filterwcfmmp_settings_fields_shipping_by_distanceincludes\plugins\class-shiptimize-wcfm.php:81
filterwcfmmp_settings_fields_shipping_by_countryincludes\plugins\class-shiptimize-wcfm.php:83
filterwcfmmp_settings_fields_shipping_by_weightincludes\plugins\class-shiptimize-wcfm.php:84
filterwcfmmp_settings_fields_shipping_rates_by_distanceincludes\plugins\class-shiptimize-wcfm.php:85
filterwcfmmp_vendor_get_shippingincludes\plugins\class-shiptimize-wcfm.php:91
actionwcfm_settings_updateincludes\plugins\class-shiptimize-wcfm.php:96
actionwcfm_vendors_actionsincludes\plugins\class-shiptimize-wcfm.php:107
actionwcfm_after_order_quick_actionsincludes\plugins\class-shiptimize-wcfm.php:113
filterwcfm_current_vendor_idincludes\plugins\class-shiptimize-wcfm.php:884
actioninitincludes\plugins\class-shiptimize-wcfm.php:1086
actionwcfmmp_vendor_order_status_updatedincludes\plugins\class-shiptimize-wcfm.php:1095
actionwoocommerce_after_order_object_saveincludes\plugins\class-shiptimize-wcfm.php:1096
actionbefore_woocommerce_initshiptimize.php:37
Maintenance & Trust

Shiptimize for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.3.8
Last updatedApr 19, 2024
PHP min version5.6
Downloads15K

Community Trust

Rating0/100
Number of ratings0
Active installs100
Alternatives

Shiptimize for WooCommerce Alternatives

bpost-shipping-platform

bpost-shipping-platform

bpost-shipping-platform

A
100

Bpost for WooCommerce is a Digital Delivery Management Solution for online stores that helps you save time and money with your shipping.

300 No CVEs
Automated FedEx live/manual rates with shipping labels – HPOS supported

Automated FedEx live/manual rates with shipping labels – HPOS supported

a2z-fedex-shipping

B
78

Integrate the FedEx for Domestic and international Shipping. Shipping rates, label, tracking.

200 1 unpatched
Automated DB Schenker Shipping – HPOS supported

Automated DB Schenker Shipping – HPOS supported

automated-db-schenker-shipping

A
85

(Fully automated) Manual shipping rates, shipping label, return label, pickup, invoice, multi vendor,etc. supports all countries.

10 No CVEs
Shiplemon Shipping for WooComerce

Shiplemon Shipping for WooComerce

shiplemon-shipping

A
85

A platform that connects all courier companies in one system giving the possibility to compare shipping costs, create voucher, tracking numbers etc.

10 No CVEs
DP Multiple Addresses for WooCommerce

DP Multiple Addresses for WooCommerce

dp-multiple-addresses-for-woocommerce

A
100

Save multiple addresses in My Account; select one at checkout. Fields adjust by country (WooCommerce locale).

0 No CVEs
Developer Profile

Shiptimize for WooCommerce Developer Profile

Shiptimize

1 plugin · 100 total installs

54
trust score
Avg Security Score
43/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Shiptimize for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/shiptimize-for-woocommerce/assets/css/style.css/wp-content/plugins/shiptimize-for-woocommerce/assets/js/shiptimize.js/wp-content/plugins/shiptimize-for-woocommerce/assets/images/logo.svg
Script Paths
/wp-content/plugins/shiptimize-for-woocommerce/assets/js/shiptimize.js
Version Parameters
shiptimize-for-woocommerce/assets/css/style.css?ver=shiptimize-for-woocommerce/assets/js/shiptimize.js?ver=

HTML / DOM Fingerprints

CSS Classes
shiptimize-logo
Data Attributes
data-shiptimize-public-keydata-shiptimize-private-keydata-shiptimize-callbackurl
JS Globals
shiptimize_public_keyshiptimize_private_keyshiptimize_callbackurlshiptimize_tokenshiptimize_usewpapishipitimize_api_v3_data
REST Endpoints
/wp-json/shiptimize/v1/shipping_methods/wp-json/shiptimize/v1/tracking/wp-json/shiptimize/v1/order_info
FAQ

Frequently Asked Questions about Shiptimize for WooCommerce