WP-Safety

Small Package Quotes – USPS Edition Security & Risk Analysis

wordpress.org/plugins/small-package-quotes-usps-edition

Real-time small package (parcel) shipping rates from Usps. Fifteen day free trial.

10 active installs v1.3.12 PHP + WP 6.4+ Updated Jan 14, 2026
enitureparcel-quotesparcel-ratesshipping-estimatesusps
97
A · Safe
CVEs total2
Unpatched0
Last CVEAug 27, 2025
Plugin page Download
Safety Verdict

Is Small Package Quotes – USPS Edition Safe to Use in 2026?

Generally Safe

Score 97/100

Small Package Quotes – USPS Edition has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Aug 27, 2025Updated 2mo ago
Risk Assessment

The "small-package-quotes-usps-edition" v1.3.12 plugin exhibits a mixed security posture. While it generally adheres to good practices with a high percentage of prepared SQL statements and properly escaped output, there are notable concerns. The attack surface is relatively large with 19 entry points, and critically, 3 of these (18% of AJAX handlers and 1 REST API route) lack authentication or permission checks, creating potential access points for unauthorized actions. Taint analysis revealed a high-severity flow with unsanitized data, indicating a potential for exploitation. The plugin's vulnerability history, with 2 known CVEs including a high and medium severity flaw, suggests a past pattern of security weaknesses, particularly related to deserialization and SQL injection. Although there are currently no unpatched vulnerabilities, the historical context and the findings from the static analysis warrant caution. The plugin demonstrates strengths in its use of prepared statements and output escaping, but the unprotected entry points and past vulnerability trends highlight areas needing immediate attention and ongoing monitoring.

Key Concerns

  • Unprotected AJAX handlers
  • Unprotected REST API route
  • High severity taint flow
  • Past high severity CVE
  • Past medium severity CVE
Vulnerabilities
2

Small Package Quotes – USPS Edition Security Vulnerabilities

CVEs by Year

2 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

High
1
Medium
1

2 total CVEs

CVE-2025-58218medium · 6.6Deserialization of Untrusted Data

Small Package Quotes – USPS Edition <= 1.3.9 - Authenticated (Administrator+) PHP Object Injection

Aug 27, 2025 Patched in 1.3.10 (8d)
CVE-2024-13533high · 7.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Small Package Quotes – USPS Edition <= 1.3.5 - Unauthenticated SQL Injection

Feb 18, 2025 Patched in 1.3.6 (1d)
Code Analysis
Analyzed Mar 17, 2026

Small Package Quotes – USPS Edition Code Analysis

Dangerous Functions
0
Raw SQL Queries
4
32 prepared
Unescaped Output
29
211 escaped
Nonce Checks
9
Capability Checks
19
File Operations
0
External Requests
2
Bundled Libraries
0

SQL Query Safety

89% prepared36 total queries

Output Escaping

88% escaped240 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

7 flows3 with unsanitized paths
save (admin\tab\en-tab.php:165)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

Small Package Quotes – USPS Edition Attack Surface

Entry Points19
Unprotected3

AJAX Handlers 18

noprivwp_ajax_en_usps_admin_order_quotesadmin\order\en-order-rates.php:27
authwp_ajax_en_usps_admin_order_quotesadmin\order\en-order-rates.php:28
noprivwp_ajax_en_usps_test_connectionadmin\tab\connection-settings\en-connection-ajax.php:28
authwp_ajax_en_usps_test_connectionadmin\tab\connection-settings\en-connection-ajax.php:29
authwp_ajax_en_usps_location_save_form_dataadmin\tab\location\includes\en-location-ajax.php:19
authwp_ajax_en_usps_get_locationadmin\tab\location\includes\en-location-ajax.php:20
authwp_ajax_en_usps_location_delete_rowadmin\tab\location\includes\en-location-ajax.php:21
noprivwp_ajax_en_usps_save_shipping_ruleadmin\tab\shipping-rules\shipping-rules-save.php:18
authwp_ajax_en_usps_save_shipping_ruleadmin\tab\shipping-rules\shipping-rules-save.php:19
noprivwp_ajax_en_usps_edit_shipping_ruleadmin\tab\shipping-rules\shipping-rules-save.php:21
authwp_ajax_en_usps_edit_shipping_ruleadmin\tab\shipping-rules\shipping-rules-save.php:22
noprivwp_ajax_en_usps_delete_shipping_ruleadmin\tab\shipping-rules\shipping-rules-save.php:24
authwp_ajax_en_usps_delete_shipping_ruleadmin\tab\shipping-rules\shipping-rules-save.php:25
noprivwp_ajax_en_usps_update_shipping_rule_statusadmin\tab\shipping-rules\shipping-rules-save.php:27
authwp_ajax_en_usps_update_shipping_rule_statusadmin\tab\shipping-rules\shipping-rules-save.php:28
authwp_ajax_en_usps_get_current_plancommon\en-plans.php:33
noprivwp_ajax_usps_fden-install.php:636
authwp_ajax_usps_fden-install.php:637

REST API Routes 1

POST/wp-json/fdo-company-id/update-statusen-install.php:684
WordPress Hooks 58
actionadmin_print_scriptsadmin\order\en-order-script.php:28
actionwoocommerce_order_actionsadmin\order\en-order-widget.php:28
filterEn_Plugins_dropship_filteradmin\product\en-product-detail.php:46
filterEn_Plugins_variable_freight_classification_filteradmin\product\en-product-detail.php:47
filteren_insurance_filteradmin\product\en-product-detail.php:48
filteren_insurance_filteradmin\product\en-product-detail.php:53
actionwoocommerce_product_options_shippingadmin\product\en-product-detail.php:58
actionwoocommerce_process_product_metaadmin\product\en-product-detail.php:59
actionwoocommerce_product_after_variable_attributesadmin\product\en-product-detail.php:62
actionwoocommerce_save_product_variationadmin\product\en-product-detail.php:63
filteren_usps_reason_quotes_not_returnedadmin\tab\connection-settings\en-connection-settings.php:71
filterwoocommerce_settings_tabs_arrayadmin\tab\en-tab.php:26
filteren_woo_addons_box_sizing_flat_rate_text_fields_arradmin\tab\sbs\en-sbs.php:14
filterwoocommerce_product_export_product_column_en_nicknamecommon\en-csv.php:15
filterwoocommerce_product_export_product_column_en_citycommon\en-csv.php:16
filterwoocommerce_product_export_product_column_en_statecommon\en-csv.php:17
filterwoocommerce_product_export_product_column_en_zipcommon\en-csv.php:18
filterwoocommerce_product_export_product_column_en_countrycommon\en-csv.php:19
filterwoocommerce_product_export_product_column_en_product_freight_classcommon\en-csv.php:22
filterwoocommerce_product_export_product_column_en_product_freight_class_variationcommon\en-csv.php:23
filterwoocommerce_product_export_column_namescommon\en-csv.php:26
filterwoocommerce_product_export_product_default_columnscommon\en-csv.php:27
actionadmin_noticescommon\en-guard.php:46
actionwoocommerce_loadedcommon\en-guard.php:115
filteren_register_activation_hookcommon\en-plans.php:28
filterusps_plans_notification_linkcommon\en-plans.php:30
filterusps_plans_suscription_and_featurescommon\en-plans.php:31
filteren_register_activation_hookdb\en-warehouse.php:31
filteren_register_activation_hookdb\en-warehouse.php:32
actionadmin_enqueue_scriptsen-install.php:96
actionwp_enqueue_scriptsen-install.php:111
filterwoocommerce_get_settings_pagesen-install.php:130
filterplugin_action_linksen-install.php:157
actionadmin_print_scriptsen-install.php:174
filterwoocommerce_shipping_methodsen-install.php:214
filterwoocommerce_cart_no_shipping_available_htmlen-install.php:229
filteren_app_common_plan_statusen-install.php:260
filterwoocommerce_package_ratesen-install.php:328
filteren_shipping_applicationsen-install.php:342
filteradmin_noticesen-install.php:362
actionwoocommerce_proceed_to_checkouten-install.php:386
filterwoocommerce_cart_no_shipping_available_htmlen-install.php:399
filterwoocommerce_no_shipping_available_htmlen-install.php:400
filterwoocommerce_product_importer_parsed_dataen-install.php:532
filteren_pluginsen-install.php:596
actionupgrader_process_completeen-install.php:633
actionrest_api_initen-install.php:681
actionwoocommerce_thankyouserver\common\en-order-export.php:26
actioninitserver\common\en-order-export.php:27
actionen_async_orders_exporting_processserver\common\en-order-export.php:28
filtercron_schedulesserver\common\en-order-export.php:29
actionwoocommerce_shipping_initserver\en-shipping-rates.php:25
filterwoocommerce_package_ratesserver\en-shipping-rates.php:90
filteren_usps_package_converterserver\en-shipping-rates.php:144
filteren_eniture_shipmentserver\en-shipping-rates.php:181
filteren_usps_reason_quotes_not_returnedserver\package\en-package.php:262
filteren_fdo_image_urls_mergeserver\package\en-package.php:340
actionbefore_woocommerce_initsmall-package-quotes-usps-edition.php:21

Scheduled Events 1

en_async_orders_exporting_process
Maintenance & Trust

Small Package Quotes – USPS Edition Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 14, 2026
PHP min version
Downloads3K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Small Package Quotes – USPS Edition Alternatives

Small Package Quotes – Worldwide Express Edition

Small Package Quotes – Worldwide Express Edition

small-package-quotes-wwe-edition

A
95

Real-time small package (parcel) shipping rates from Worldwide Express. Fifteen day free trial.

90 4 CVEs
Small Package Quotes – Unishippers Edition

Small Package Quotes – Unishippers Edition

small-package-quotes-unishippers-edition

A
97

Real-time small package (parcel) shipping rates from Unishippers. Fifteen day free trial.

60 3 CVEs
Small Package Quotes – For Customers of FedEx

Small Package Quotes – For Customers of FedEx

small-package-quotes-fedex-edition

A
98

Real-time small package (parcel) shipping rates from Fedex. Fifteen day free trial.

10 1 CVE
Small Package Quotes – Purolator Edition

Small Package Quotes – Purolator Edition

small-package-quotes-purolator-edition

A
98

Real-time small package (parcel) shipping rates from Purolator. Fifteen day free trial.

10 1 CVE
Real Time Shipping Quotes for WooCommerce

Real Time Shipping Quotes for WooCommerce

real-time-shipping-quotes-for-woocommerce

A
100

The Real Time Shipping Quotes for WooCommerce retrieves your negotiated shipping rates

0 No CVEs
Developer Profile

Small Package Quotes – USPS Edition Developer Profile

enituretechnology

29 plugins · 1K total installs

93
trust score
Avg Security Score
98/100
Avg Patch Time
11 days
View full developer profile
Detection Fingerprints

How We Detect Small Package Quotes – USPS Edition

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/small-package-quotes-usps-edition/admin/tab/location/assets/js/en-usps-tagging.js/wp-content/plugins/small-package-quotes-usps-edition/admin/assets/en-usps-admin.js/wp-content/plugins/small-package-quotes-usps-edition/admin/assets/en-wicked-picker.js/wp-content/plugins/small-package-quotes-usps-edition/admin/assets/en-wicked-picker.css/wp-content/plugins/small-package-quotes-usps-edition/admin/tab/location/assets/js/en-usps-location.js/wp-content/plugins/small-package-quotes-usps-edition/admin/tab/location/assets/css/en-usps-location.css/wp-content/plugins/small-package-quotes-usps-edition/admin/assets/en-usps-admin.css/wp-content/plugins/small-package-quotes-usps-edition/admin/tab/logs/en-json-tree-view/en-jtv-script.js+4 more
Version Parameters
en-usps-tagging.js?ver=en-usps-admin.js?ver=en-wicked-picker.js?ver=en-wicked-picker.css?ver=en-usps-location.js?ver=en-usps-location.css?ver=en-usps-admin.css?ver=en-jtv-script.js?ver=en-jtv-style.css?ver=shipping_rules.js?ver=shipping_rules.css?ver=en-usps-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
en-usps-shipping-rules
Data Attributes
data-en-usps-sr-nonce
JS Globals
en_usps_admin_scripten_usps_location_scripten_usps_sr_scriptEN_USPS_DIR_FILE
FAQ

Frequently Asked Questions about Small Package Quotes – USPS Edition