WP-Safety

Shesha by The Courier Guy Security & Risk Analysis

wordpress.org/plugins/the-courier-guy-shipping-for-sovtech

This is the official WooCommerce extension to ship products using Shesha by The Courier Guy.

0 active installs v1.0.0 PHP + WP 5.5+ Updated Jul 12, 2022
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Shesha by The Courier Guy Safe to Use in 2026?

Generally Safe

Score 85/100

Shesha by The Courier Guy has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago
Risk Assessment

The plugin "the-courier-guy-shipping-for-sovtech" v1.0.0 exhibits a mixed security posture. While it demonstrates good practices in database query handling with 100% prepared statements and a high rate of proper output escaping (97%), it presents significant security concerns due to its unprotected entry points and reliance on potentially dangerous functions.

The primary risks stem from the presence of two AJAX handlers that lack authentication checks. This directly translates to an exposed attack surface where unauthenticated users could potentially trigger sensitive actions. Furthermore, the use of `ini_set` and `unserialize` are flagged as dangerous functions, which, if not handled with extreme care and robust input validation, can lead to serious vulnerabilities like arbitrary code execution or denial-of-service attacks. The taint analysis, while reporting no critical or high-severity flows, analyzed a limited number of flows (5) and found all of them to have unsanitized paths, which is concerning despite the absence of critical issues.

The plugin's vulnerability history is clean, with no recorded CVEs. This absence of known exploits could indicate either a lack of widespread targeting or a history of responsible development. However, it does not negate the immediate risks identified in the static and taint analysis. In conclusion, while the plugin has strengths in its database interaction and output handling, the unprotected AJAX endpoints and the use of dangerous functions introduce significant risks that require immediate attention and mitigation.

Key Concerns

  • Unprotected AJAX handlers
  • Use of dangerous function: unserialize
  • Use of dangerous function: ini_set
  • Flows with unsanitized paths
  • Lack of capability checks
Vulnerabilities
None known

Shesha by The Courier Guy Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Shesha by The Courier Guy Release Timeline

No version history available.
Code Analysis
Analyzed Apr 16, 2026

Shesha by The Courier Guy Code Analysis

Dangerous Functions
2
Raw SQL Queries
0
1 prepared
Unescaped Output
6
175 escaped
Nonce Checks
1
Capability Checks
0
File Operations
1
External Requests
8
Bundled Libraries
1

Dangerous Functions Found

ini_setini_set('allow_url_fopen', 'On');helper/class-customhelper.php:2
unserializereturn unserialize($raw[0]->option_value);module-admin/init-zones.php:592

Bundled Libraries

Guzzle

SQL Query Safety

100% prepared1 total queries

Output Escaping

97% escaped181 total outputs
Data Flows · Security
5 unsanitized

Data Flow Analysis

5 flows5 with unsanitized paths
printWaybillFromOrder (Core/TCGS_Plugin.php:1267)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Shesha by The Courier Guy Attack Surface

Entry Points2
Unprotected2

AJAX Handlers 2

authwp_ajax_submit_collection_from_listing_pageCore/TCGS_Plugin.php:49
authwp_ajax_dismissed_notice_handlerCore/TCGS_Plugin.php:92
WordPress Hooks 58
actionwoocommerce_shipping_initCore/TCGS_Plugin.php:32
filterwoocommerce_shipping_methodsCore/TCGS_Plugin.php:33
actionadmin_enqueue_scriptsCore/TCGS_Plugin.php:35
actionwp_enqueue_scriptsCore/TCGS_Plugin.php:36
actionwp_enqueue_scriptsCore/TCGS_Plugin.php:37
actionadmin_enqueue_scriptsCore/TCGS_Plugin.php:38
actionlogin_enqueue_scriptsCore/TCGS_Plugin.php:39
actionwoocommerce_checkout_update_order_reviewCore/TCGS_Plugin.php:41
filterwoocommerce_checkout_fieldsCore/TCGS_Plugin.php:44
filterwoocommerce_checkout_fieldsCore/TCGS_Plugin.php:45
filterwoocommerce_form_field_tcg_place_lookupCore/TCGS_Plugin.php:48
actionadmin_post_print_waybillCore/TCGS_Plugin.php:50
actionwoocommerce_order_actionsCore/TCGS_Plugin.php:53
actionmanage_shop_order_posts_custom_columnCore/TCGS_Plugin.php:56
actionwoocommerce_order_actionsCore/TCGS_Plugin.php:65
filtermanage_edit-shop_order_columnsCore/TCGS_Plugin.php:66
actionwoocommerce_order_action_tcg_print_waybillCore/TCGS_Plugin.php:67
actionadmin_headCore/TCGS_Plugin.php:70
actionadmin_headCore/TCGS_Plugin.php:71
filterwoocommerce_admin_shipping_fieldsCore/TCGS_Plugin.php:72
actionwoocommerce_order_action_tcg_send_collectionCore/TCGS_Plugin.php:76
actionwoocommerce_thankyouCore/TCGS_Plugin.php:77
actionwoocommerce_order_status_processingCore/TCGS_Plugin.php:78
actionwoocommerce_order_action_tcg_send_collectionCore/TCGS_Plugin.php:79
actionwoocommerce_checkout_update_order_metaCore/TCGS_Plugin.php:80
actionwoocommerce_shipping_packagesCore/TCGS_Plugin.php:83
actionwoocommerce_after_calculate_totalsCore/TCGS_Plugin.php:84
actionwoocommerce_checkout_billingCore/TCGS_Plugin.php:86
actionadmin_noticesCore/TCGS_Plugin.php:89
filterthecourierguyshippingsovtech_flyer_fits_filterCore/TCGS_Plugin.php:93
actionwc_ajax_update_order_reviewCore/TCGS_Plugin.php:96
actionwoocommerce_review_order_before_order_totalCore/TCGS_Plugin.php:98
actionwoocommerce_review_order_before_order_totalCore/TCGS_Plugin.php:105
actioninitIncludes/ls-framework-custom/Core/CustomPlugin.php:44
actionadmin_initIncludes/ls-framework-custom/Core/CustomPlugin.php:45
actionactivated_pluginIncludes/ls-framework-custom/Core/CustomPluginDependencies.php:32
actionadmin_noticesIncludes/ls-framework-custom/Core/CustomPluginDependencies.php:73
filterget_post_metadataIncludes/ls-framework-custom/Core/CustomPostType.php:27
filterget_post_metadataIncludes/ls-framework-custom/Core/CustomPostType.php:45
actioninitIncludes/ls-framework-custom/Core/CustomPostType.php:57
actionadmin_initIncludes/ls-framework-custom/Core/CustomPostType.php:65
actiondo_meta_boxesIncludes/ls-framework-custom/Core/CustomPostType.php:176
actionsave_postIncludes/ls-framework-custom/Core/CustomPostType.php:467
actiontemplate_redirectclass-the-courier-guy-shipping-for-sovtech.php:48
filterwoocommerce_shipping_calculator_enable_cityclass-the-courier-guy-shipping-for-sovtech.php:75
filterwoocommerce_shipping_calculator_enable_postcodeclass-the-courier-guy-shipping-for-sovtech.php:76
filterwoocommerce_general_settingsclass-the-courier-guy-shipping-for-sovtech.php:146
filterwoocommerce_general_settingsclass-the-courier-guy-shipping-for-sovtech.php:178
filterwoocommerce_general_settingsclass-the-courier-guy-shipping-for-sovtech.php:211
filterwoocommerce_default_address_fieldsclass-the-courier-guy-shipping-for-sovtech.php:243
actionwoocommerce_initclass-the-courier-guy-shipping-for-sovtech.php:766
actionwoocommerce_checkout_update_user_metamodule-admin/csm-checkout.php:7
actionwoocommerce_checkout_update_order_metamodule-admin/csm-checkout.php:8
filterwoocommerce_cart_shipping_packagesmodule-admin/csm-checkout.php:10
actionadmin_noticesmodule-admin/init-main.php:72
actionadmin_noticesmodule-admin/init-main.php:79
actionadmin_noticesmodule-admin/init-main.php:87
actionadmin_noticesmodule-admin/init-main.php:90
Maintenance & Trust

Shesha by The Courier Guy Maintenance & Trust

Maintenance Signals

WordPress version tested6.0.11
Last updatedJul 12, 2022
PHP min version
Downloads772

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Shesha by The Courier Guy Alternatives

No alternatives data available yet.

Developer Profile

Shesha by The Courier Guy Developer Profile

talenttcg

3 plugins · 3K total installs

87
trust score
Avg Security Score
90/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Shesha by The Courier Guy

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/the-courier-guy-shipping-for-sovtech/Assets/css/style.css/wp-content/plugins/the-courier-guy-shipping-for-sovtech/Assets/js/script.js/wp-content/plugins/the-courier-guy-shipping-for-sovtech/Includes/ls-framework-custom/Assets/css/customplugin.css/wp-content/plugins/the-courier-guy-shipping-for-sovtech/Includes/ls-framework-custom/Assets/js/customplugin.js
Script Paths
/wp-content/plugins/the-courier-guy-shipping-for-sovtech/Assets/js/script.js/wp-content/plugins/the-courier-guy-shipping-for-sovtech/Includes/ls-framework-custom/Assets/js/customplugin.js
Version Parameters
the-courier-guy-shipping-for-sovtech/Assets/css/style.css?ver=the-courier-guy-shipping-for-sovtech/Assets/js/script.js?ver=

HTML / DOM Fingerprints

CSS Classes
dimative-shipping-instance-form-fields-filters
HTML Comments
exit if accessed directly Abort if WooCommerce not installed change default TODO: due to template_redirect action, Postcode might show up after refresh +14 more
Data Attributes
data-field-iddata-field-typedata-required
JS Globals
CSM_CheckoutCSM_Init
FAQ

Frequently Asked Questions about Shesha by The Courier Guy