Does Small Package Quotes – Worldwide Express Edition have any unpatched vulnerabilities?

No. All known vulnerabilities in Small Package Quotes – Worldwide Express Edition have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Small Package Quotes – Worldwide Express Edition compatible with WordPress 6.9.4?

According to WordPress.org data, Small Package Quotes – Worldwide Express Edition 5.3.8 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

What is Small Package Quotes – Worldwide Express Edition's security score?

Small Package Quotes – Worldwide Express Edition has a WP-Safety security score of 95/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Small Package Quotes – Worldwide Express Edition Security & Risk Analysis

wordpress.org/plugins/small-package-quotes-wwe-edition

Real-time small package (parcel) shipping rates from Worldwide Express. Fifteen day free trial.

90 active installs v5.3.8 PHP + WP 6.4+ Updated Mar 11, 2026

eniture-worldwide-expressparcel-quotesparcel-ratesshipping-estimates

A · Safe

CVEs total4

Unpatched0

Last CVEApr 3, 2025

Plugin page Download

Safety Verdict

Is Small Package Quotes – Worldwide Express Edition Safe to Use in 2026?

Generally Safe

Score 95/100

Small Package Quotes – Worldwide Express Edition has a strong security track record. Known vulnerabilities have been patched promptly.

4 known CVEsLast CVE: Apr 3, 2025Updated 24d ago

Risk Assessment

The "small-package-quotes-wwe-edition" v5.3.8 plugin exhibits a mixed security posture. While it demonstrates good practices in areas like output escaping (86%) and prepared statement usage in SQL queries (70%), significant concerns arise from its attack surface. A notable portion of its AJAX handlers (7 out of 37) and a REST API route (1 out of 1) lack proper authentication or permission checks. The taint analysis revealed one high-severity flow, indicating a potential for exploitable vulnerabilities even with the presence of some security checks.

The plugin's historical vulnerability data, with 4 known CVEs including high and medium severity issues like Missing Authorization, Cross-site Scripting, and SQL Injection, is a major red flag. The commonality of these vulnerability types suggests recurring weaknesses in input validation and authorization logic. Although there are currently no unpatched CVEs, the past patterns and the identified high-severity taint flow indicate a need for heightened vigilance. The plugin has shown a history of security flaws that require attention, and the current analysis points to areas that could be exploited if not addressed.

In conclusion, while the plugin implements some solid security measures, the combination of a substantial unprotected attack surface, a high-severity taint flow, and a history of critical vulnerability types presents a notable risk. Users should be cautious, and the developers should prioritize a thorough review and remediation of the identified unprotected entry points and the high-severity taint flow.

Key Concerns

Unprotected AJAX handlers
Unprotected REST API route
High severity taint flow
Historically vulnerable to SQL Injection
Historically vulnerable to XSS
Historically vulnerable to Missing Authorization
High number of unprotected entry points

Vulnerabilities

Small Package Quotes – Worldwide Express Edition Security Vulnerabilities

CVEs by Year

4 CVEs in 2025

2025

Patched Has unpatched

Severity Breakdown

High

Medium

4 total CVEs

CVE-2025-30915medium · 5.3Missing Authorization

Small Package Quotes – Worldwide Express Edition <= 5.2.19 - Missing Authorization

Apr 3, 2025 Patched in 5.2.20 (6d)

CVE-2025-31078medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Small Package Quotes – Worldwide Express Edition <= 5.2.18 - Reflected Cross-Site Scripting

Apr 1, 2025 Patched in 5.2.19 (8d)

CVE-2024-13534high · 7.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Small Package Quotes – Worldwide Express Edition <= 5.2.18 - Unauthenticated SQL Injection

Feb 18, 2025 Patched in 5.2.19 (13d)

CVE-2025-24667high · 7.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Small Package Quotes – Worldwide Express Edition <= 5.2.17 - Unauthenticated SQL Injection

Jan 18, 2025 Patched in 5.2.18 (11d)

Code Analysis

Analyzed Mar 16, 2026

Small Package Quotes – Worldwide Express Edition Code Analysis

Dangerous Functions

Raw SQL Queries

56 prepared

Unescaped Output

319 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

70% prepared80 total queries

Output Escaping

86% escaped370 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

15 flows3 with unsanitized paths

<en-coupon-api> (fdo\en-coupon-api.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

8 unprotected

Small Package Quotes – Worldwide Express Edition Attack Surface

Entry Points38

Unprotected8

AJAX Handlers 37

authwp_ajax_en_wwe_small_fdo_connection_status_refreshfdo\en-coupon-api.php:9

noprivwp_ajax_en_wwe_small_fdo_connection_status_refreshfdo\en-coupon-api.php:10

authwp_ajax_en_wwe_small_va_connection_status_refreshfdo\en-coupon-api.php:12

noprivwp_ajax_en_wwe_small_va_connection_status_refreshfdo\en-coupon-api.php:13

noprivwp_ajax_wwe_s_fdfdo\en-coupon-api.php:15

authwp_ajax_wwe_s_fdfdo\en-coupon-api.php:16

noprivwp_ajax_en_wwe_small_admin_order_quotesorders\en_wwe_create_order_from_admin.php:13

authwp_ajax_en_wwe_small_admin_order_quotesorders\en_wwe_create_order_from_admin.php:14

authwp_ajax_eniture_calculate_shipping_rates_adminorders\rates\order-rates.php:13

noprivwp_ajax_speedship_actionquoteSpeedShipShipment.php:13

authwp_ajax_speedship_actionquoteSpeedShipShipment.php:14

noprivwp_ajax_en_wwe_small_save_shipping_ruleshipping-rules\shipping-rules-save.php:23

authwp_ajax_en_wwe_small_save_shipping_ruleshipping-rules\shipping-rules-save.php:24

noprivwp_ajax_en_wwe_small_edit_shipping_ruleshipping-rules\shipping-rules-save.php:26

authwp_ajax_en_wwe_small_edit_shipping_ruleshipping-rules\shipping-rules-save.php:27

noprivwp_ajax_en_wwe_small_delete_shipping_ruleshipping-rules\shipping-rules-save.php:29

authwp_ajax_en_wwe_small_delete_shipping_ruleshipping-rules\shipping-rules-save.php:30

noprivwp_ajax_en_wwe_small_update_shipping_rule_statusshipping-rules\shipping-rules-save.php:32

authwp_ajax_en_wwe_small_update_shipping_rule_statusshipping-rules\shipping-rules-save.php:33

authwp_ajax_en_wwe_small_activate_hit_to_update_planupdate-plan.php:10

noprivwp_ajax_en_wwe_small_activate_hit_to_update_planupdate-plan.php:11

noprivwp_ajax_en_wd_get_addresswarehouse-dropship\wild\includes\wwe-small-wild-delivery-save.php:24

authwp_ajax_en_wd_get_addresswarehouse-dropship\wild\includes\wwe-small-wild-delivery-save.php:25

noprivwp_ajax_en_wd_delete_dropshipwarehouse-dropship\wild\includes\wwe-small-wild-delivery-save.php:27

authwp_ajax_en_wd_delete_dropshipwarehouse-dropship\wild\includes\wwe-small-wild-delivery-save.php:28

noprivwp_ajax_en_wwe_small_wd_save_warehousewarehouse-dropship\wild\includes\wwe-small-wild-delivery-save.php:30

authwp_ajax_en_wwe_small_wd_save_warehousewarehouse-dropship\wild\includes\wwe-small-wild-delivery-save.php:31

noprivwp_ajax_en_wwe_small_wd_save_dropshipwarehouse-dropship\wild\includes\wwe-small-wild-delivery-save.php:33

authwp_ajax_en_wwe_small_wd_save_dropshipwarehouse-dropship\wild\includes\wwe-small-wild-delivery-save.php:34

noprivwp_ajax_en_wwe_small_wd_edit_dropshipwarehouse-dropship\wild\includes\wwe-small-wild-delivery-save.php:37

authwp_ajax_en_wwe_small_wd_edit_dropshipwarehouse-dropship\wild\includes\wwe-small-wild-delivery-save.php:38

noprivwp_ajax_en_wwe_small_wd_delete_warehousewarehouse-dropship\wild\includes\wwe-small-wild-delivery-save.php:40

authwp_ajax_en_wwe_small_wd_delete_warehousewarehouse-dropship\wild\includes\wwe-small-wild-delivery-save.php:41

noprivwp_ajax_en_wwe_small_wd_edit_warehousewarehouse-dropship\wild\includes\wwe-small-wild-delivery-save.php:43

authwp_ajax_en_wwe_small_wd_edit_warehousewarehouse-dropship\wild\includes\wwe-small-wild-delivery-save.php:44

noprivwp_ajax_en_wwe_small_wd_bulk_delete_locationswarehouse-dropship\wild\includes\wwe-small-wild-delivery-save.php:46

authwp_ajax_en_wwe_small_wd_bulk_delete_locationswarehouse-dropship\wild\includes\wwe-small-wild-delivery-save.php:47

REST API Routes 1

POST/wp-json/fdo-company-id/update-statusfdo\en-coupon-api.php:85

WordPress Hooks 79

actionrest_api_initfdo\en-coupon-api.php:17

filteren_fdo_packagefdo\en-sbs.php:8

filteren_fdo_image_urls_mergegroup_small_shipment.php:466

actionwoocommerce_thankyouorders\en-order-export.php:14

actioninitorders\en-order-export.php:15

actionen_async_orders_exporting_processorders\en-order-export.php:16

filtercron_schedulesorders\en-order-export.php:17

actionwoocommerce_order_actionsorders\en-order-widget.php:17

filteren_order_accessoriesorders\rates\order-rates.php:14

filteren_app_common_plan_statusproduct\en-common-product-detail.php:26

filteren_compatible_optimized_product_optionsproduct\en-common-product-detail.php:29

actionwoocommerce_product_options_shippingproduct\en-common-product-detail.php:33

actionwoocommerce_process_product_metaproduct\en-common-product-detail.php:34

actionwoocommerce_product_after_variable_attributesproduct\en-common-product-detail.php:37

actionwoocommerce_save_product_variationproduct\en-common-product-detail.php:38

filteren_insurance_filterproduct\en-common-product-detail.php:41

filteren_app_common_plan_statusproduct\en-product-detail.php:26

actionwoocommerce_product_options_shippingproduct\en-product-detail.php:32

actionwoocommerce_process_product_metaproduct\en-product-detail.php:33

actionwoocommerce_product_after_variable_attributesproduct\en-product-detail.php:36

actionwoocommerce_save_product_variationproduct\en-product-detail.php:37

filterEn_Plugins_dropship_filterproduct\en-product-detail.php:40

filterEn_Plugins_variable_freight_classification_filterproduct\en-product-detail.php:41

actionwoocommerce_product_options_shippingproduct\en-product-detail.php:347

actionwoocommerce_process_product_metaproduct\en-product-detail.php:348

actionwoocommerce_product_after_variable_attributesproduct\en-product-detail.php:351

actionwoocommerce_save_product_variationproduct\en-product-detail.php:352

filteren_small_package_quotes_fieldsproduct\en-product-detail.php:355

filterwoocommerce_package_ratessmall_packages_shipping_class.php:543

filterdecide_rm_third_party_quotessmall_packages_shipping_class.php:631

filterwoocommerce_package_ratessmall_packages_shipping_class.php:713

filterwoocommerce_package_ratessmall_packages_shipping_class.php:736

filteren_fitler_order_datasmall_packages_shipping_class.php:803

filterwoocommerce_settings_tabs_arraysmall_packages_tab_class_woocommrece.php:25

filteren_wd_update_query_stringstandard-package-addon\instore-pickup-local-delivery\instore-local-delivery.php:17

filteren_wwe_small_wd_origin_array_setstandard-package-addon\instore-pickup-local-delivery\instore-local-delivery.php:18

filteren_wwe_small_wd_standard_plansstandard-package-addon\instore-pickup-local-delivery\instore-local-delivery.php:19

filtersuppress_local_deliverystandard-package-addon\instore-pickup-local-delivery\instore-local-delivery.php:20

filterwoocommerce_product_export_product_column_en_nicknametemplate\csv-export.php:9

filterwoocommerce_product_export_product_column_en_citytemplate\csv-export.php:10

filterwoocommerce_product_export_product_column_en_statetemplate\csv-export.php:11

filterwoocommerce_product_export_product_column_en_ziptemplate\csv-export.php:12

filterwoocommerce_product_export_product_column_en_countrytemplate\csv-export.php:13

filterwoocommerce_product_export_product_column_en_product_freight_classtemplate\csv-export.php:16

filterwoocommerce_product_export_product_column_en_product_freight_class_variationtemplate\csv-export.php:17

filterwoocommerce_product_export_column_namestemplate\csv-export.php:20

filterwoocommerce_product_export_product_default_columnstemplate\csv-export.php:21

actionwoocommerce_product_options_shippingtemplate\products-nested-options.php:32

actionwoocommerce_process_product_metatemplate\products-nested-options.php:35

actionwoocommerce_product_after_variable_attributestemplate\products-nested-options.php:46

actionwoocommerce_save_product_variationtemplate\products-nested-options.php:50

actionadmin_noticesupdate-plan.php:264

filteren_wd_get_addresswarehouse-dropship\get-distance-request.php:21

actionadmin_enqueue_scriptswarehouse-dropship\wwe-small-wild-delivery.php:30

actionbefore_woocommerce_initwoocommerceShip.php:41

filteren_pluginswoocommerceShip.php:54

filteren_woo_plans_notification_actionwoocommerceShip.php:80

actionadmin_initwoocommerceShip.php:98

filteren_woo_plans_notification_message_actionwoocommerceShip.php:110

filteren_woo_plans_nested_notification_message_actionwoocommerceShip.php:123

actionadmin_enqueue_scriptswoocommerceShip.php:150

actionadmin_initwoocommerceShip.php:153

actionadmin_initwoocommerceShip.php:154

actionadmin_enqueue_scriptswoocommerceShip.php:248

filterplugin_action_linkswoocommerceShip.php:255

actionadmin_noticeswoocommerceShip.php:279

filterwoocommerce_get_settings_pageswoocommerceShip.php:281

actionwoocommerce_shipping_initwoocommerceShip.php:303

filterwoocommerce_shipping_methodswoocommerceShip.php:304

filterwoocommerce_cart_no_shipping_available_htmlwoocommerceShip.php:305

actionwoocommerce_proceed_to_checkoutwoocommerceShip.php:320

filterwoocommerce_package_rateswoocommerceShip.php:338

filterwoocommerce_cart_shipping_method_full_labelwoocommerceShip.php:396

actionupgrader_process_completewoocommerceShip.php:450

actionwp_enqueue_scriptswoocommerceShip.php:456

filtereniture_wwe_small_packages_quotes_quotes_plans_suscription_and_featureswoocommerceShip.php:470

filtereniture_wwe_small_packages_quotes_plans_notification_linkwoocommerceShip.php:500

filterwoocommerce_product_importer_parsed_datawoocommerceShip.php:659

filtereniture_check_ground_transit_restrict_statuswoocommerceShip.php:734

Scheduled Events 1

en_async_orders_exporting_process

Maintenance & Trust

Small Package Quotes – Worldwide Express Edition Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 11, 2026

PHP min version

Downloads13K

Community Trust

Rating100/100

Number of ratings1

Active installs90

Alternatives

Small Package Quotes – Worldwide Express Edition Alternatives

Small Package Quotes – Unishippers Edition

small-package-quotes-unishippers-edition

Real-time small package (parcel) shipping rates from Unishippers. Fifteen day free trial.

60 3 CVEs

Small Package Quotes – For Customers of FedEx

small-package-quotes-fedex-edition

Real-time small package (parcel) shipping rates from Fedex. Fifteen day free trial.

10 1 CVE

Small Package Quotes – Purolator Edition

small-package-quotes-purolator-edition

Real-time small package (parcel) shipping rates from Purolator. Fifteen day free trial.

10 1 CVE

Small Package Quotes – USPS Edition

small-package-quotes-usps-edition

Real-time small package (parcel) shipping rates from Usps. Fifteen day free trial.

10 2 CVEs

Real Time Shipping Quotes for WooCommerce

real-time-shipping-quotes-for-woocommerce

100

The Real Time Shipping Quotes for WooCommerce retrieves your negotiated shipping rates

0 No CVEs

Developer Profile

Small Package Quotes – Worldwide Express Edition Developer Profile

enituretechnology

29 plugins · 1K total installs

trust score

Avg Security Score

98/100

Avg Patch Time

11 days

View full developer profile

Detection Fingerprints

How We Detect Small Package Quotes – Worldwide Express Edition

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/small-package-quotes-wwe-edition/js/en-speedship.js/wp-content/plugins/small-package-quotes-wwe-edition/logs/en-json-tree-view/en-jtv-style.css/wp-content/plugins/small-package-quotes-wwe-edition/logs/en-json-tree-view/en-jtv-script.js

Script Paths

/wp-content/plugins/small-package-quotes-wwe-edition/js/en-speedship.js

Version Parameters

small-package-quotes-wwe-edition/js/en-speedship.js?ver=small-package-quotes-wwe-edition/logs/en-json-tree-view/en-jtv-style.css?ver=small-package-quotes-wwe-edition/logs/en-json-tree-view/en-jtv-script.js?ver=

HTML / DOM Fingerprints

CSS Classes

eniture-admin-settings

HTML Comments

+9 more

Data Attributes

en_tree_view_url

JS Globals

en_speedship_admin_script

FAQ