WP-Safety

The Courier Guy Shipping for WooCommerce Security & Risk Analysis

wordpress.org/plugins/the-courier-guy

This is the official WooCommerce extension to ship products using The Courier Guy.

3K active installs v5.4.0 PHP 8.0+ WP 6.0+ Updated Dec 7, 2025
couriere-commerceecommerceshippingwoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is The Courier Guy Shipping for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

The Courier Guy Shipping for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5mo ago
Risk Assessment

The plugin "the-courier-guy" v5.4.0 exhibits a concerning security posture due to a significant number of unprotected entry points. Specifically, all 5 REST API routes lack permission callbacks and 1 out of 3 AJAX handlers is not protected by authentication checks. This creates a broad attack surface that could be exploited by unauthenticated users. The presence of the `unserialize` function is also a red flag, as it can be a vector for remote code execution if not handled with extreme care and input validation. While the taint analysis did not reveal critical or high-severity issues in the analyzed flows, the presence of unsanitized paths warrants caution.

Key Concerns

  • REST API routes without permission callbacks
  • AJAX handlers without authentication checks
  • Use of unserialize function
  • Flows with unsanitized paths found
  • Low percentage of properly escaped outputs
  • Limited nonce checks
  • No capability checks found
Vulnerabilities
None known

The Courier Guy Shipping for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

The Courier Guy Shipping for WooCommerce Release Timeline

v5.4.0Current
v5.3.3
v5.3.2
v5.3.1
v5.3.0
v5.2.0
v5.1.5
v5.1.4
v5.1.3
v5.1.2
v5.1.1
v5.1.0
v5.0.9
v5.0.8
v5.0.7
v5.0.6
v5.0.5
v5.0.4
v5.0.3
v5.0.2
Code Analysis
Analyzed Mar 16, 2026

The Courier Guy Shipping for WooCommerce Code Analysis

Dangerous Functions
1
Raw SQL Queries
1
2 prepared
Unescaped Output
43
104 escaped
Nonce Checks
2
Capability Checks
0
File Operations
9
External Requests
0
Bundled Libraries
1

Dangerous Functions Found

unserializereturn unserialize($raw[0]->option_value);Shipping\TCG_ShippingMethod.php:225

Bundled Libraries

Guzzle

SQL Query Safety

67% prepared3 total queries

Output Escaping

71% escaped147 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
ajax_notice_handler (Core\TCG_Plugin.php:139)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
6 unprotected

The Courier Guy Shipping for WooCommerce Attack Surface

Entry Points8
Unprotected6

AJAX Handlers 3

authwp_ajax_dismissed_notice_handlerCore\TCG_Plugin.php:68
authwp_ajax_tcg_update_shipping_optionsCore\TCG_Shipping_Integration.php:49
noprivwp_ajax_tcg_update_shipping_optionsCore\TCG_Shipping_Integration.php:50

REST API Routes 5

GET/wp-json/the-courier-guy/v1testCore\TCG_Shipping_Integration.php:222
GET/wp-json/the-courier-guy/v1shipping-optionsCore\TCG_Shipping_Integration.php:236
POST/wp-json/the-courier-guy/v1update-shipping-optionsCore\TCG_Shipping_Integration.php:242
GET/wp-json/the-courier-guy/v1insuranceCore\TCG_Shipping_Integration.php:248
POST/wp-json/the-courier-guy/v1insuranceCore\TCG_Shipping_Integration.php:254
WordPress Hooks 52
actionwp_enqueue_scriptsCore\TCG_Plugin.php:40
actionwp_enqueue_scriptsCore\TCG_Plugin.php:41
actionwp_enqueue_scriptsCore\TCG_Plugin.php:42
actionadmin_enqueue_scriptsCore\TCG_Plugin.php:43
actionadmin_enqueue_scriptsCore\TCG_Plugin.php:44
actionlogin_enqueue_scriptsCore\TCG_Plugin.php:45
actionwoocommerce_checkout_update_order_reviewCore\TCG_Plugin.php:46
filterwoocommerce_checkout_fieldsCore\TCG_Plugin.php:47
filterwoocommerce_form_field_tcg_place_lookupCore\TCG_Plugin.php:48
filterwoocommerce_email_before_order_tableCore\TCG_Plugin.php:49
actionwoocommerce_order_actionsCore\TCG_Plugin.php:51
actionwoocommerce_order_actionsCore\TCG_Plugin.php:52
actionadmin_post_print_waybillCore\TCG_Plugin.php:53
actionwoocommerce_order_action_tcg_print_waybillCore\TCG_Plugin.php:54
filterwoocommerce_admin_shipping_fieldsCore\TCG_Plugin.php:55
actionwoocommerce_order_action_tcg_send_collectionCore\TCG_Plugin.php:57
actionwoocommerce_order_status_processingCore\TCG_Plugin.php:58
actionwoocommerce_checkout_update_order_metaCore\TCG_Plugin.php:59
actionwoocommerce_shipping_packagesCore\TCG_Plugin.php:61
actionwoocommerce_after_calculate_totalsCore\TCG_Plugin.php:62
actionwoocommerce_checkout_billingCore\TCG_Plugin.php:64
actionadmin_noticesCore\TCG_Plugin.php:67
filterthecourierguy_flyer_fits_filterCore\TCG_Plugin.php:70
actionwoocommerce_review_order_before_order_totalCore\TCG_Plugin.php:72
actionwc_ajax_update_order_reviewCore\TCG_Plugin.php:79
actionwoocommerce_checkout_processCore\TCG_Plugin.php:81
actionwoocommerce_order_item_add_action_buttonsCore\TCG_Plugin.php:83
actionwoocommerce_admin_order_items_after_feesCore\TCG_Plugin.php:85
filterwoocommerce_shipping_methodsCore\TCG_Plugin.php:1283
actionrest_api_initCore\TCG_Shipping_Integration.php:32
actionwoocommerce_store_api_checkout_update_order_metaCore\TCG_Shipping_Integration.php:39
actionwoocommerce_blocks_checkout_order_processedCore\TCG_Shipping_Integration.php:40
filterwoocommerce_shipping_packagesCore\TCG_Shipping_Integration.php:43
actionwoocommerce_store_api_checkout_update_customer_from_requestCore\TCG_Shipping_Integration.php:46
filterwoocommerce_cart_shipping_packagesCore\TCG_Shipping_Integration.php:53
actioninitIncludes\ls-framework-custom\Core\CustomPlugin.php:43
actionadmin_initIncludes\ls-framework-custom\Core\CustomPlugin.php:44
actionactivated_pluginIncludes\ls-framework-custom\Core\CustomPluginDependencies.php:31
actionadmin_noticesIncludes\ls-framework-custom\Core\CustomPluginDependencies.php:72
filterget_post_metadataIncludes\ls-framework-custom\Core\CustomPostType.php:26
filterget_post_metadataIncludes\ls-framework-custom\Core\CustomPostType.php:44
actioninitIncludes\ls-framework-custom\Core\CustomPostType.php:56
actionadmin_initIncludes\ls-framework-custom\Core\CustomPostType.php:64
actiondo_meta_boxesIncludes\ls-framework-custom\Core\CustomPostType.php:167
actionsave_postIncludes\ls-framework-custom\Core\CustomPostType.php:458
actioninitModel\Product.php:7
filterwoocommerce_billing_fieldsShipping\TCG_ShippingMethod.php:85
actionrest_api_initTheCourierGuy.php:53
actionwoocommerce_blocks_loadedTheCourierGuy.php:60
actionwoocommerce_blocks_integrationsTheCourierGuy.php:66
actionbefore_woocommerce_initTheCourierGuy.php:93
actionenqueue_block_assetsTheCourierGuy.php:96
Maintenance & Trust

The Courier Guy Shipping for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedDec 7, 2025
PHP min version8.0
Downloads96K

Community Trust

Rating62/100
Number of ratings23
Active installs3K
Alternatives

The Courier Guy Shipping for WooCommerce Alternatives

FlagShip WooCommerce Shipping

FlagShip WooCommerce Shipping

flagship-woocommerce-shipping

A
100

FlagShip WooCommerce Shipping is an e-shipping courier solution that helps you shipping anything from Canada. Beautifully.

400 No CVEs
FlagShip WooCommerce Extension

FlagShip WooCommerce Extension

flagship-shipping-extension-for-woocommerce

A
85

FlagShip WooCommerce Extension obtains FlagShip shipping rates for orders and exports order to FlagShip to dispatch shipment.

10 No CVEs
WCFM and WC Marketplace – The Courier Guy Shipping for WooCommerce

WCFM and WC Marketplace – The Courier Guy Shipping for WooCommerce

wp-multi-vendor-marketplace-the-courier-guy-shipping-for-woocommerce

A
85

This is the official WCFM and WC Marketplace extension to ship products using The Courier Guy.

10 No CVEs
Spocket ‑ US & EU Dropshipping

Spocket ‑ US & EU Dropshipping

spocket

A
85

Find fast shipping products from reliable suppliers, import them to your WooCommerce store and manage your orders automatically: all for free.

1K No CVEs
Inkedjoy-POD Dropshipping

Inkedjoy-POD Dropshipping

eprolo-pod-dropshipping

A
100

Impressive Products & Price - Print On Demand Dropshipping.

200 No CVEs
Developer Profile

The Courier Guy Shipping for WooCommerce Developer Profile

talenttcg

3 plugins · 3K total installs

87
trust score
Avg Security Score
90/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect The Courier Guy Shipping for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/the-courier-guy/dist/js/frontend/blocks.js
Script Paths
dist/js/frontend/blocks.js
Version Parameters
the-courier-guy/dist/js/frontend/blocks.js?ver=

HTML / DOM Fingerprints

Data Attributes
tcg_place_lookup
JS Globals
tcg_data
REST Endpoints
/the-courier-guy/v1/
FAQ

Frequently Asked Questions about The Courier Guy Shipping for WooCommerce