WP-Safety

Shiptimize for WooCommerce Security & Risk Analysis

wordpress.org/plugins/shiptimize-for-woocommerce

Shiptimize for WooCommerce is a Digital Delivery Management Solution for online stores that helps you save time and money with your shipping.

200 active installs v3.1.86 PHP 5.6+ WP 4.9+ Updated Apr 19, 2024
automatemulti-carriersaveshippingwoocommerce
50
C · Use Caution
CVEs total2
Unpatched2
Last CVEApr 1, 2025
Download
Safety Verdict

Is Shiptimize for WooCommerce Safe to Use in 2026?

Use With Caution

Score 50/100

Shiptimize for WooCommerce has 2 unpatched vulnerabilities. Evaluate alternatives or apply available mitigations.

2 known CVEs 2 unpatched Last CVE: Apr 1, 2025Updated 1yr ago
Risk Assessment

The shiptimize-for-woocommerce plugin exhibits a concerning security posture due to a significant number of unprotected entry points. With 20 AJAX handlers and 2 REST API routes lacking authentication checks, the plugin exposes a large attack surface to unauthenticated users. This is further exacerbated by the taint analysis revealing a high severity flow with unsanitized paths, indicating a potential for exploitation. The plugin's history of 2 known medium severity CVEs, both currently unpatched, with common vulnerability types including Missing Authorization and Cross-site Scripting, suggests a pattern of recurring security weaknesses that have not been fully addressed. While the use of prepared statements for a majority of SQL queries and the presence of capability checks are positive indicators, they are overshadowed by the critical lack of authentication on many entry points and the unresolved vulnerabilities. The low percentage of properly escaped output is also a significant concern, increasing the risk of Cross-site Scripting attacks.

Key Concerns

  • High number of unprotected AJAX handlers
  • High number of unprotected REST API routes
  • High severity taint flow with unsanitized paths
  • Unpatched medium CVEs (2)
  • Low percentage of properly escaped output
  • No nonce checks on AJAX handlers
  • 22 unprotected entry points total
Vulnerabilities
2

Shiptimize for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2024 · unpatched
2024
1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2025-31802medium · 4.3Missing Authorization

Shiptimize for WooCommerce <= 3.1.86 - Missing Authorization to Authenticated (Subscriber+) Settings Update

Apr 1, 2025Unpatched
CVE-2024-54235medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Shiptimize for WooCommerce <= 3.1.86 - Reflected Cross-Site Scripting

Dec 5, 2024Unpatched
Code Analysis
Analyzed Mar 16, 2026

Shiptimize for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
14
27 prepared
Unescaped Output
248
16 escaped
Nonce Checks
0
Capability Checks
15
File Operations
11
External Requests
1
Bundled Libraries
0

SQL Query Safety

66% prepared41 total queries

Output Escaping

6% escaped264 total outputs
Data Flows
10 unsanitized

Data Flow Analysis

11 flows10 with unsanitized paths
admin_init (includes\admin\class-shiptimize-order-ui.php:132)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
22 unprotected

Shiptimize for WooCommerce Attack Surface

Entry Points22
Unprotected22

AJAX Handlers 20

authwp_ajax_shiptimize_print_labelincludes\admin\class-shiptimize-order-ui.php:60
authwp_ajax_shiptimize_label_statusincludes\admin\class-shiptimize-order-ui.php:61
authwp_ajax_shiptimize_print_labelincludes\admin\class-shiptimize-order-ui.php:67
authwp_ajax_shiptimize_label_statusincludes\admin\class-shiptimize-order-ui.php:68
noprivwp_ajax_shiptimize_pickup_locationsincludes\admin\class-shiptimize-shipping.php:41
authwp_ajax_shiptimize_pickup_locationsincludes\admin\class-shiptimize-shipping.php:42
noprivwp_ajax_shiptimize_selected_carrierincludes\admin\class-shiptimize-shipping.php:43
authwp_ajax_shiptimize_shiptimize_selected_carrierincludes\admin\class-shiptimize-shipping.php:44
noprivwp_ajax_shiptimize_selected_carrier_from_listincludes\admin\class-shiptimize-shipping.php:46
authwp_ajax_shiptimize_shiptimize_selected_carrier_from_listincludes\admin\class-shiptimize-shipping.php:47
noprivwp_ajax_shiptimize_set_pickup_pointincludes\admin\class-shiptimize-shipping.php:49
authwp_ajax_shiptimize_set_pickup_pointincludes\admin\class-shiptimize-shipping.php:50
authwp_ajax_shiptimize_wbs_settingsincludes\admin\class-shiptimize-shipping.php:54
authwp_ajax_dokan_settingsincludes\plugins\class-shiptimize-dokan.php:39
authwp_ajax_shiptimize_dokan_export_selectedincludes\plugins\class-shiptimize-dokan.php:43
authwp_ajax_shiptimizeconnectuserincludes\plugins\class-shiptimize-marketplace.php:35
authwp_ajax_shiptimize_export_selectedincludes\plugins\class-shiptimize-wcfm.php:73
authwp_ajax_shiptimize_check_keysincludes\plugins\class-shiptimize-wcfm.php:101
authwp_ajax_shiptimize_wcfm_export_orderincludes\plugins\class-shiptimize-wcfm.php:118
authwp_ajax_shiptimize_wcfm_export_ordersincludes\plugins\class-shiptimize-wcfm.php:123

REST API Routes 2

GET/wp-json/shiptimize/v1/updateincludes\class-woo-shiptimize.php:451
GET/wp-json/shiptimize/v1/updateincludes\class-woo-shiptimize.php:458
WordPress Hooks 78
actionadmin_menuincludes\admin\class-shiptimize-options-ui.php:70
actionadmin_initincludes\admin\class-shiptimize-options-ui.php:71
filtermanage_woocommerce_page_wc-orders_columnsincludes\admin\class-shiptimize-order-ui.php:34
filterposts_joinincludes\admin\class-shiptimize-order-ui.php:35
filterposts_whereincludes\admin\class-shiptimize-order-ui.php:36
filterbulk_actions-woocommerce_page_wc-ordersincludes\admin\class-shiptimize-order-ui.php:37
filterhandle_bulk_actions-woocommerce_page_wc-ordersincludes\admin\class-shiptimize-order-ui.php:38
filtermanage_edit-shop_order_columnsincludes\admin\class-shiptimize-order-ui.php:40
filterposts_joinincludes\admin\class-shiptimize-order-ui.php:41
filterposts_whereincludes\admin\class-shiptimize-order-ui.php:42
filterbulk_actions-edit-shop_orderincludes\admin\class-shiptimize-order-ui.php:43
filterhandle_bulk_actions-edit-shop_orderincludes\admin\class-shiptimize-order-ui.php:44
actionmanage_woocommerce_page_wc-orders_custom_columnincludes\admin\class-shiptimize-order-ui.php:56
actionrestrict_manage_postsincludes\admin\class-shiptimize-order-ui.php:57
actionadmin_headincludes\admin\class-shiptimize-order-ui.php:58
actionadmin_initincludes\admin\class-shiptimize-order-ui.php:59
actionmanage_shop_order_posts_custom_columnincludes\admin\class-shiptimize-order-ui.php:63
actionrestrict_manage_postsincludes\admin\class-shiptimize-order-ui.php:64
actionadmin_headincludes\admin\class-shiptimize-order-ui.php:65
actionadmin_initincludes\admin\class-shiptimize-order-ui.php:66
actionwoocommerce_shipping_initincludes\admin\class-shiptimize-shipping.php:39
actionwp_footerincludes\admin\class-shiptimize-shipping.php:40
actionwoocommerce_checkout_update_order_metaincludes\admin\class-shiptimize-shipping.php:55
actionwoocommerce_store_api_checkout_order_processedincludes\admin\class-shiptimize-shipping.php:56
actionwoocommerce_checkout_fieldsincludes\admin\class-shiptimize-shipping.php:59
actionwoocommerce_admin_order_data_after_shipping_addressincludes\admin\class-shiptimize-shipping.php:62
actionwoocommerce_after_checkout_validationincludes\admin\class-shiptimize-shipping.php:65
filterwoocommerce_shipping_methodsincludes\admin\class-shiptimize-shipping.php:288
filterwoocommerce_update_order_review_fragmentsincludes\admin\class-shiptimize-shipping.php:289
filterwoocommerce_review_order_before_paymentincludes\admin\class-shiptimize-shipping.php:290
actionadmin_noticesincludes\class-woo-shiptimize.php:117
actionadmin_noticesincludes\class-woo-shiptimize.php:122
actionplugins_loadedincludes\class-woo-shiptimize.php:205
actionupgrader_process_completeincludes\class-woo-shiptimize.php:207
actionadmin_enqueue_scriptsincludes\class-woo-shiptimize.php:209
actionadmin_enqueue_scriptsincludes\class-woo-shiptimize.php:210
actionwp_enqueue_scriptsincludes\class-woo-shiptimize.php:212
actionadmin_initincludes\class-woo-shiptimize.php:213
actionadmin_noticesincludes\class-woo-shiptimize.php:214
actionparse_requestincludes\class-woo-shiptimize.php:216
filterquery_varsincludes\class-woo-shiptimize.php:217
actionrest_api_initincludes\class-woo-shiptimize.php:219
actioninitincludes\class-woo-shiptimize.php:220
filterwoocommerce_order_details_after_order_table_itemsincludes\class-woo-shiptimize.php:296
filterwoocommerce_statesincludes\class-woo-shiptimize.php:301
filterwoocommerce_package_ratesincludes\class-woo-shiptimize.php:303
actiondokan_settings_form_bottomincludes\plugins\class-shiptimize-dokan.php:38
actiondokan_order_content_inside_afterincludes\plugins\class-shiptimize-dokan.php:42
actionwoocommerce_admin_order_actions_endincludes\plugins\class-shiptimize-dokan.php:44
actionwp_enqueue_scriptsincludes\plugins\class-shiptimize-dokan.php:46
actionshiptimize_api_updateincludes\plugins\class-shiptimize-marketplace.php:28
actionparse_requestincludes\plugins\class-shiptimize-marketplace.php:37
actionwp_mail_failedincludes\plugins\class-shiptimize-marketplace.php:38
filterquery_varsincludes\plugins\class-shiptimize-marketplace.php:40
actionwcfm_marketplace_shippingincludes\plugins\class-shiptimize-wcfm.php:53
actionwcfm_vendor_settings_updateincludes\plugins\class-shiptimize-wcfm.php:56
actionwcfm_vendor_shipping_settings_updateincludes\plugins\class-shiptimize-wcfm.php:59
actionwcfm_after_orders_filter_wrapincludes\plugins\class-shiptimize-wcfm.php:62
filterwcfm_orders_additional_info_column_labelincludes\plugins\class-shiptimize-wcfm.php:63
filterwcfm_orders_additonal_data_hiddenincludes\plugins\class-shiptimize-wcfm.php:64
filterwcfm_orders_additonal_dataincludes\plugins\class-shiptimize-wcfm.php:65
actionwp_enqueue_scriptsincludes\plugins\class-shiptimize-wcfm.php:68
filterwcfmmp_settings_fields_shippingincludes\plugins\class-shiptimize-wcfm.php:75
filterwcfmmp_settings_fields_shipping_rates_by_countryincludes\plugins\class-shiptimize-wcfm.php:79
filterwcfmmp_settings_fields_shipping_rates_by_weightincludes\plugins\class-shiptimize-wcfm.php:80
filterwcfmmp_settings_fields_shipping_by_distanceincludes\plugins\class-shiptimize-wcfm.php:81
filterwcfmmp_settings_fields_shipping_by_countryincludes\plugins\class-shiptimize-wcfm.php:83
filterwcfmmp_settings_fields_shipping_by_weightincludes\plugins\class-shiptimize-wcfm.php:84
filterwcfmmp_settings_fields_shipping_rates_by_distanceincludes\plugins\class-shiptimize-wcfm.php:85
filterwcfmmp_vendor_get_shippingincludes\plugins\class-shiptimize-wcfm.php:91
actionwcfm_settings_updateincludes\plugins\class-shiptimize-wcfm.php:96
actionwcfm_vendors_actionsincludes\plugins\class-shiptimize-wcfm.php:107
actionwcfm_after_order_quick_actionsincludes\plugins\class-shiptimize-wcfm.php:113
filterwcfm_current_vendor_idincludes\plugins\class-shiptimize-wcfm.php:884
actioninitincludes\plugins\class-shiptimize-wcfm.php:1086
actionwcfmmp_vendor_order_status_updatedincludes\plugins\class-shiptimize-wcfm.php:1095
actionwoocommerce_after_order_object_saveincludes\plugins\class-shiptimize-wcfm.php:1096
actionbefore_woocommerce_initshiptimize.php:37
Maintenance & Trust

Shiptimize for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.3.8
Last updatedApr 19, 2024
PHP min version5.6
Downloads15K

Community Trust

Rating0/100
Number of ratings0
Active installs200
Alternatives

Shiptimize for WooCommerce Alternatives

bpost-shipping-platform

bpost-shipping-platform

bpost-shipping-platform

A
100

Bpost for WooCommerce is a Digital Delivery Management Solution for online stores that helps you save time and money with your shipping.

300 No CVEs
Automated FedEx live/manual rates with shipping labels – HPOS supported

Automated FedEx live/manual rates with shipping labels – HPOS supported

a2z-fedex-shipping

A
100

Integrate the FedEx for Domestic and international Shipping. Shipping rates, label, tracking.

200 No CVEs
Shiplemon Shipping for WooComerce

Shiplemon Shipping for WooComerce

shiplemon-shipping

A
85

A platform that connects all courier companies in one system giving the possibility to compare shipping costs, create voucher, tracking numbers etc.

10 No CVEs
Weight Based Shipping Table Rate for WooCommerce – Flexible Shipping

Weight Based Shipping Table Rate for WooCommerce – Flexible Shipping

flexible-shipping

A
99

Weight based shipping methods for WooCommerce. Flexible shipping with table rate rules by cart weight and order value. Accurate rates at checkout.

100K 2 CVEs
WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes & Shipping Labels

WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes & Shipping Labels

print-invoices-packing-slip-labels-for-woocommerce

A
96

Auto-generate and attach WooCommerce PDF invoices and packing slips to order emails with customizable templates & bulk print options.

60K 6 CVEs
Developer Profile

Shiptimize for WooCommerce Developer Profile

Shiptimize

1 plugin · 200 total installs

59
trust score
Avg Security Score
50/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Shiptimize for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/shiptimize-for-woocommerce/assets/css/style.css/wp-content/plugins/shiptimize-for-woocommerce/assets/js/shiptimize.js/wp-content/plugins/shiptimize-for-woocommerce/assets/images/logo.svg
Script Paths
/wp-content/plugins/shiptimize-for-woocommerce/assets/js/shiptimize.js
Version Parameters
shiptimize-for-woocommerce/assets/css/style.css?ver=shiptimize-for-woocommerce/assets/js/shiptimize.js?ver=

HTML / DOM Fingerprints

CSS Classes
shiptimize-logo
Data Attributes
data-shiptimize-public-keydata-shiptimize-private-keydata-shiptimize-callbackurl
JS Globals
shiptimize_public_keyshiptimize_private_keyshiptimize_callbackurlshiptimize_tokenshiptimize_usewpapishipitimize_api_v3_data
REST Endpoints
/wp-json/shiptimize/v1/shipping_methods/wp-json/shiptimize/v1/tracking/wp-json/shiptimize/v1/order_info
FAQ

Frequently Asked Questions about Shiptimize for WooCommerce