Does SuperFrete have any unpatched vulnerabilities?

No. All known vulnerabilities in SuperFrete have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is SuperFrete compatible with WordPress 6.8.5?

According to WordPress.org data, SuperFrete 3.3.3 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is SuperFrete compatible with PHP 7.4+?

SuperFrete requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is SuperFrete updated?

SuperFrete was last updated on Dec 26, 2025. Frequent updates are generally a positive security signal.

What is SuperFrete's security score?

SuperFrete has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

SuperFrete Security & Risk Analysis

wordpress.org/plugins/superfrete

Integração com a plataforma SuperFrete para WooCommerce.

1K active installs v3.3.3 PHP 7.4+ WP 5.0+ Updated Dec 26, 2025

fretelogisticashippingwoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is SuperFrete Safe to Use in 2026?

Generally Safe

Score 100/100

SuperFrete has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago

Risk Assessment

The Superfrete plugin v3.3.3 exhibits a generally good security posture, with strong adherence to secure coding practices such as extensive use of prepared statements for SQL queries and proper output escaping. The absence of known CVEs and recorded vulnerabilities is a positive indicator of the plugin's maturity and the development team's attention to security. However, there are specific areas that introduce potential risks. The presence of unprotected AJAX handlers and REST API routes significantly expands the attack surface without proper authorization checks, which could lead to unauthorized actions if exploited. The single flow with unsanitized paths, while not classified as critical or high severity in the taint analysis, warrants attention as it represents a potential vector for unexpected behavior or data manipulation. Overall, while the plugin demonstrates a commitment to security, the unprotected entry points and the identified unsanitized path require mitigation to achieve a robust security profile.

Key Concerns

Unprotected AJAX handlers
Unprotected REST API routes
Flow with unsanitized paths

Vulnerabilities

None known

SuperFrete Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

SuperFrete Code Analysis

Dangerous Functions

Raw SQL Queries

32 prepared

Unescaped Output

217 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

94% prepared34 total queries

Output Escaping

83% escaped260 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

9 flows1 with unsanitized paths

check_superfrete_status (app\Controllers\Admin\SuperFrete_OrderActions.php:134)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

4 unprotected

SuperFrete Attack Surface

Entry Points19

Unprotected4

AJAX Handlers 15

authwp_ajax_superfrete_update_addressapp\App.php:454

noprivwp_ajax_superfrete_update_addressapp\App.php:455

authwp_ajax_check_superfrete_statusapp\Controllers\Admin\SuperFrete_OrderActions.php:22

authwp_ajax_superfrete_register_webhookapp\Controllers\Admin\SuperFrete_Settings.php:1614

authwp_ajax_superfrete_oauth_callbackapp\Controllers\Admin\SuperFrete_Settings.php:1615

authwp_ajax_superfrete_save_customizationapp\Controllers\Admin\SuperFrete_Settings.php:1618

authwp_ajax_superfrete_reset_customizationapp\Controllers\Admin\SuperFrete_Settings.php:1619

authwp_ajax_superfrete_manual_retryapp\Controllers\Admin\WebhookAdmin.php:18

authwp_ajax_superfrete_clear_webhook_logsapp\Controllers\Admin\WebhookAdmin.php:19

authwp_ajax_superfrete_oauth_proxyapp\Controllers\OAuthController.php:23

noprivwp_ajax_superfrete_oauth_proxyapp\Controllers\OAuthController.php:24

authwp_ajax_superfrete_calculateapp\Controllers\ProductShipping.php:21

noprivwp_ajax_superfrete_calculateapp\Controllers\ProductShipping.php:22

authwp_ajax_superfrete_cal_shippingapp\Controllers\ProductShipping.php:24

noprivwp_ajax_superfrete_cal_shippingapp\Controllers\ProductShipping.php:25

REST API Routes 3

GET/wp-json/superfrete/v1/oauth/tokenapp\Controllers\OAuthController.php:33

GET/wp-json/superfrete/v1/webhookapp\Controllers\WebhookController.php:30

GET/wp-json/superfrete/v1/webhook/testapp\Controllers\WebhookController.php:38

Shortcodes 1

[pi_shipping_calculator] app\Controllers\ProductShipping.php:17

WordPress Hooks 61

filterhttp_request_timeoutapi\Http\Request.php:109

filterhttp_request_argsapi\Http\Request.php:110

actionplugins_loadedapp\App.php:20

actionwoocommerce_shipping_initapp\App.php:22

filterwoocommerce_shipping_methodsapp\App.php:33

actionwp_enqueue_scriptsapp\App.php:112

actionwpapp\App.php:113

filterwoocommerce_package_ratesapp\App.php:118

filterwoocommerce_shipping_package_ratesapp\App.php:121

filterwoocommerce_general_settingsapp\App.php:124

filtercron_schedulesapp\App.php:126

actionadmin_noticesapp\App.php:137

actionsuperfrete_clear_log_eventapp\App.php:139

actioninitapp\App.php:152

actionwp_loadedapp\App.php:155

filterwc_order_statusesapp\App.php:348

actionwp_footerapp\App.php:423

actionwp_headapp\App.php:439

actionadmin_menuapp\Controllers\Admin\Admin_Menu.php:12

actionadd_meta_boxesapp\Controllers\Admin\SuperFrete_OrderActions.php:17

actionadmin_post_superfrete_resend_orderapp\Controllers\Admin\SuperFrete_OrderActions.php:18

actionadmin_post_superfrete_pay_ticketapp\Controllers\Admin\SuperFrete_OrderActions.php:19

actionwoocommerce_admin_field_superfrete_webhook_statusapp\Controllers\Admin\SuperFrete_Settings.php:104

actionwoocommerce_admin_field_superfrete_previewapp\Controllers\Admin\SuperFrete_Settings.php:107

actionadmin_footerapp\Controllers\Admin\SuperFrete_Settings.php:392

actionadmin_initapp\Controllers\Admin\SuperFrete_Settings.php:1607

filterwoocommerce_shipping_settingsapp\Controllers\Admin\SuperFrete_Settings.php:1610

actionadmin_initapp\Controllers\Admin\SuperFrete_Settings.php:1611

actionadmin_menuapp\Controllers\Admin\WebhookAdmin.php:17

filterwoocommerce_checkout_fieldsapp\Controllers\CheckoutFields.php:14

filterwoocommerce_billing_fieldsapp\Controllers\CheckoutFields.php:15

filterwoocommerce_shipping_fieldsapp\Controllers\CheckoutFields.php:16

actionwoocommerce_blocks_loadedapp\Controllers\CheckoutFields.php:19

actionwoocommerce_before_checkout_formapp\Controllers\CheckoutFields.php:22

filterwoocommerce_billing_fieldsapp\Controllers\DocumentFields.php:16

filterwoocommerce_checkout_fieldsapp\Controllers\DocumentFields.php:17

filterwoocommerce_checkout_posted_dataapp\Controllers\DocumentFields.php:18

actionwoocommerce_checkout_processapp\Controllers\DocumentFields.php:19

actionwoocommerce_checkout_update_order_metaapp\Controllers\DocumentFields.php:20

actionwoocommerce_blocks_loadedapp\Controllers\DocumentFields.php:23

actionwoocommerce_store_api_checkout_update_customer_from_requestapp\Controllers\DocumentFields.php:24

actionwoocommerce_rest_checkout_process_paymentapp\Controllers\DocumentFields.php:25

actionwoocommerce_checkout_order_processedapp\Controllers\DocumentFields.php:26

actionwoocommerce_store_api_checkout_order_dataapp\Controllers\DocumentFields.php:27

actionwoocommerce_admin_order_data_after_billing_addressapp\Controllers\DocumentFields.php:30

actionwoocommerce_order_details_after_customer_detailsapp\Controllers\DocumentFields.php:31

actionrest_api_initapp\Controllers\OAuthController.php:20

actionwoocommerce_after_add_to_cart_formapp\Controllers\ProductShipping.php:16

actionwc_ajax_pi_load_location_by_ajaxapp\Controllers\ProductShipping.php:19

actionwoocommerce_after_add_to_cart_formapp\Controllers\ProductShipping.php:20

actionwc_ajax_superfrete_cal_shippingapp\Controllers\ProductShipping.php:26

filtersuperfrete_hide_calculator_on_single_product_pageapp\Controllers\ProductShipping.php:29

actionwoocommerce_thankyouapp\Controllers\SuperFrete_Order.php:19

actionrest_api_initapp\Controllers\WebhookController.php:22

actionsuperfrete_process_webhook_retriesapp\Controllers\WebhookRetryManager.php:23

actionadmin_initapp\Helpers\ShippingMigration.php:328

actionadmin_noticesapp\Helpers\ShippingMigration.php:329

actionadmin_noticesapp\Helpers\ShippingMigration.php:330

actioninitapp\Helpers\ShippingMigration.php:333

actionwp_footerapp\Helpers\SuperFrete_Notice.php:87

actionbefore_woocommerce_initsuperfrete.php:33

Scheduled Events 2

superfrete_clear_log_event

superfrete_process_webhook_retries

Maintenance & Trust

SuperFrete Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedDec 26, 2025

PHP min version7.4

Downloads11K

Community Trust

Rating86/100

Number of ratings3

Active installs1K

Alternatives

SuperFrete Alternatives

Shipping Simulator for WooCommerce

shipping-simulator-for-woocommerce

100

Allows customers to calculate the shipping rates on the product page in your WooCommerce store.

6K No CVEs

SEUR Oficial

seur

Add SEUR shipping method to WooCommerce. The SEUR plugin for WooCommerce allows you to manage your order dispatches in a fast and easy way

1K 5 CVEs

Virtuaria Correios – Frete, Etiqueta, Rastreio e Declaração

virtuaria-correios

100

Etiqueta, declaração, rastreio, calculadora, devolução, campos de checkout, descontos, tudo isso na versão grátis, com ou sem contrato. Tem MUITO+

600 No CVEs

Andreani WooCommerce

andreani-shipping

100

Plugin oficial de Andreani para envíos en WooCommerce.

300 No CVEs

Webgoias – Float Freeshipping Button for Woocommerce

webgoias-float-freeshipping-button-for-woocommerce

Tenha um botão flutuante para avisar o valor que falta para ganhar frete grátis

10 No CVEs

Developer Profile

SuperFrete Developer Profile

SuperFrete

1 plugin · 1K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect SuperFrete

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/superfrete/dist/css/frontend.css/wp-content/plugins/superfrete/dist/js/frontend.js

Script Paths

/wp-content/plugins/superfrete/dist/js/frontend.js

Version Parameters

superfrete/dist/css/frontend.css?ver=superfrete/dist/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

superfrete-frontend-wrapper

Data Attributes

data-superfrete-keydata-superfrete-calc-shipping-url

JS Globals

SuperFreteFrontend

REST Endpoints

/wp-json/superfrete/v1/shipping/calculate/wp-json/superfrete/v1/webhook/wp-json/superfrete/v1/products/shipping/wp-json/superfrete/v1/oauth/connect/wp-json/superfrete/v1/oauth/callback

FAQ