Does SMSA Shipping (official) have any unpatched vulnerabilities?

No. All known vulnerabilities in SMSA Shipping (official) have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is SMSA Shipping (official) compatible with WordPress 6.8.5?

According to WordPress.org data, SMSA Shipping (official) 2.4 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is SMSA Shipping (official) compatible with PHP 7.0+?

SMSA Shipping (official) requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is SMSA Shipping (official) updated?

SMSA Shipping (official) was last updated on Apr 16, 2025. Frequent updates are generally a positive security signal.

What is SMSA Shipping (official)'s security score?

SMSA Shipping (official) has a WP-Safety security score of 98/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

SMSA Shipping (official) Security & Risk Analysis

wordpress.org/plugins/smsa-shipping-official

This plugin integrates SMSA Express Shipping for easy shipment tracking and management.

400 active installs v2.4 PHP 7.0+ WP 5.3+ Updated Apr 16, 2025

ship-and-printshipping-solutionsmsa-express-shippingwoocommerce-shipping-addon

A · Safe

CVEs total1

Unpatched0

Last CVEDec 20, 2024

Plugin page Download

Safety Verdict

Is SMSA Shipping (official) Safe to Use in 2026?

Generally Safe

Score 98/100

SMSA Shipping (official) has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Dec 20, 2024Updated 11mo ago

Risk Assessment

The smsa-shipping-official plugin v2.4 exhibits a mixed security posture. While it demonstrates good practices in areas like using prepared statements for all SQL queries and a high percentage of properly escaped output, significant concerns arise from its attack surface and historical vulnerability. The presence of three AJAX handlers, two of which lack proper authentication checks, presents a direct avenue for potential exploitation. This, combined with two identified flows with unsanitized paths in the taint analysis, suggests a risk of unauthorized actions or data manipulation if these entry points are not secured. The plugin also has a history of a high-severity vulnerability related to External Control of File Name or Path, even though it is currently patched. This historical pattern, alongside the current lack of robust authorization on two AJAX endpoints, indicates a recurring weakness that requires vigilant monitoring and remediation.

Key Concerns

Unprotected AJAX handlers
Flows with unsanitized paths
Historical high-severity vulnerability
Bundled library: DataTables
Bundled library: TCPDF

Vulnerabilities

SMSA Shipping (official) Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

High

1 total CVE

CVE-2024-12066high · 8.8External Control of File Name or Path

SMSA Shipping(official) <= 2.3 - Authenticated (Subscriber+) Arbitrary File Deletion

Dec 20, 2024 Patched in 2.4 (41d)

Code Analysis

Analyzed Mar 16, 2026

SMSA Shipping (official) Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

235 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

DataTablesTCPDF

Output Escaping

89% escaped265 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths

smsa_generate_label (smsa-express-shipping.php:210)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

SMSA Shipping (official) Attack Surface

Entry Points3

Unprotected2

AJAX Handlers 3

authwp_ajax_print_all_labelsmsa-express-shipping.php:109

authwp_ajax_generate_labelsmsa-express-shipping.php:209

authwp_ajax_delete_labelsmsa-express-shipping.php:245

WordPress Hooks 15

actionadmin_menusmsa-express-shipping-class.php:7

actionwoocommerce_shipping_initsmsa-express-shipping-class.php:116

filterwoocommerce_shipping_methodssmsa-express-shipping-class.php:128

filterwoocommerce_checkout_fieldssmsa-express-shipping-class.php:134

actionactivated_pluginsmsa-express-shipping.php:30

actionadmin_enqueue_scriptssmsa-express-shipping.php:72

actionadmin_menusmsa-express-shipping.php:75

filterwoocommerce_my_account_my_orders_actionssmsa-express-shipping.php:296

actionwoocommerce_after_account_orderssmsa-express-shipping.php:309

actionwoocommerce_new_ordersmsa-express-shipping.php:333

actionwoocommerce_admin_order_data_after_order_detailssmsa-express-shipping.php:342

actionwoocommerce_process_shop_order_metasmsa-express-shipping.php:359

actioninitsmsa-express-shipping.php:366

filterwc_order_statusessmsa-express-shipping.php:384

actionadmin_enqueue_scriptssmsa-express-shipping.php:419

Maintenance & Trust

SMSA Shipping (official) Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedApr 16, 2025

PHP min version7.0

Downloads7K

Community Trust

Rating60/100

Number of ratings6

Active installs400

Alternatives

SMSA Shipping (official) Alternatives

EasyParcel Shipping– All-in-one Shipping Solution, Real-Time Shipping Rates

easyparcel-shipping

100

Seamless WooCommerce shipping solution, cheapeast courier options, real-time shipping rates for Malaysia and Singapore.

400 No CVEs

Developer Profile

SMSA Shipping (official) Developer Profile

SMSA Express

1 plugin · 400 total installs

trust score

Avg Security Score

98/100

Avg Patch Time

41 days

View full developer profile

Detection Fingerprints

How We Detect SMSA Shipping (official)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/smsa-shipping-official/css/smsa-style.css/wp-content/plugins/smsa-shipping-official/css/dataTables.bootstrap5.min.css/wp-content/plugins/smsa-shipping-official/js/jquery.dataTables.min.js/wp-content/plugins/smsa-shipping-official/js/dataTables.bootstrap5.min.js/wp-content/plugins/smsa-shipping-official/js/smsa-script.js

Script Paths

jquery.dataTables.min.jsdataTables.bootstrap5.min.jssmsa-script.js

Version Parameters

smsa-shipping-official/css/smsa-style.css?ver=smsa-shipping-official/css/dataTables.bootstrap5.min.css?ver=smsa-shipping-official/js/jquery.dataTables.min.js?ver=smsa-shipping-official/js/dataTables.bootstrap5.min.js?ver=smsa-shipping-official/js/smsa-script.js?ver=

HTML / DOM Fingerprints

Data Attributes

data-nonce

JS Globals

smsa_vars

REST Endpoints

/wp-json/smsa-shipping-official/v1/get_tracking_info

FAQ