WP-Safety

Torod – The smart shipping and delivery portal for e-shops and retailers Security & Risk Analysis

wordpress.org/plugins/torod

A platform that enables you to compare KSA shipping prices, print shipping labels, track orders, and manage returns from a single place.

70 active installs v2.1 PHP + WP 1.0+ Updated Dec 23, 2025
aramexsaudi-postal-logisticsshipping-managementsmsaspl
71
B · Generally Safe
CVEs total3
Unpatched1
Last CVEDec 4, 2025
Plugin page Download
Safety Verdict

Is Torod – The smart shipping and delivery portal for e-shops and retailers Safe to Use in 2026?

Mostly Safe

Score 71/100

Torod – The smart shipping and delivery portal for e-shops and retailers is generally safe to use. 3 past CVEs were resolved. Keep it updated.

3 known CVEs 1 unpatched Last CVE: Dec 4, 2025Updated 3mo ago
Risk Assessment

The "torod" v2.1 plugin presents a mixed security posture. While it demonstrates some positive security practices, such as a high percentage of SQL queries using prepared statements and proper output escaping for a majority of outputs, significant concerns arise from its attack surface and historical vulnerability profile. The plugin exposes a considerable number of AJAX handlers without proper authentication checks, creating a broad entry point for potential unauthorized actions. This is further exacerbated by the presence of three high-severity taint flows with unsanitized paths, suggesting potential for vulnerabilities like path traversal or insecure file operations. The plugin's history of three known CVEs, including one currently unpatched high-severity vulnerability, and a recent discovery date, indicates a recurring pattern of security weaknesses. The common vulnerability types (CSRF, SQL Injection, Missing Authorization) align with the observed lack of authentication on AJAX handlers and the taint analysis findings. Overall, the plugin has potential strengths but is significantly weakened by its unprotected entry points and a history of exploitable vulnerabilities, demanding careful consideration and remediation.

Key Concerns

  • Unprotected AJAX handlers
  • High severity taint flows
  • Unpatched high severity CVE
  • Common SQL Injection vulnerability history
  • Common Missing Authorization vulnerability history
  • Bundled Select2 library
  • Bundled Guzzle library
  • Unsanitized paths in taint flows
Vulnerabilities
3

Torod – The smart shipping and delivery portal for e-shops and retailers Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
2 CVEs in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

High
1
Medium
2

3 total CVEs

CVE-2025-12373medium · 4.3Cross-Site Request Forgery (CSRF)

Torod – The smart shipping and delivery portal for e-shops and retailers <= 1.9 - Cross-Site Request Forgery To Plugin's Settings Modification

Dec 4, 2025 Patched in 2.0 (5d)
CVE-2025-30936high · 7.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Torod <= 1.9 - Unauthenticated SQL Injection

Jul 7, 2025Unpatched
CVE-2024-55995medium · 6.5Missing Authorization

Torod – The smart shipping and delivery portal for e-shops and retailers <= 1.7 - Missing Authorization to Unauthenticated Plugin Settings Update

Dec 14, 2024 Patched in 1.8 (52d)
Code Analysis
Analyzed Mar 16, 2026

Torod – The smart shipping and delivery portal for e-shops and retailers Code Analysis

Dangerous Functions
0
Raw SQL Queries
19
38 prepared
Unescaped Output
28
72 escaped
Nonce Checks
5
Capability Checks
27
File Operations
4
External Requests
11
Bundled Libraries
2

Bundled Libraries

Select2Guzzle

SQL Query Safety

67% prepared57 total queries

Output Escaping

72% escaped100 total outputs
Data Flows
5 unsanitized

Data Flow Analysis

11 flows5 with unsanitized paths
loginform (inc\screen.php:13)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
14 unprotected

Torod – The smart shipping and delivery portal for e-shops and retailers Attack Surface

Entry Points25
Unprotected14

AJAX Handlers 24

authwp_ajax_torod_disconnectinc\ajaxyk.php:12
noprivwp_ajax_torod_disconnectinc\ajaxyk.php:13
authwp_ajax_torod_connectinc\ajaxyk.php:14
noprivwp_ajax_torod_connectinc\ajaxyk.php:15
authwp_ajax_torod_status_reginc\ajaxyk.php:16
noprivwp_ajax_torod_status_reginc\ajaxyk.php:17
authwp_ajax_get_torod_status_reginc\ajaxyk.php:18
noprivwp_ajax_get_torod_status_reginc\ajaxyk.php:19
authwp_ajax_getPaymentMethodinc\ajaxyk.php:20
noprivwp_ajax_getPaymentMethodinc\ajaxyk.php:21
authwp_ajax_getAllCityinc\ajaxyk.php:22
noprivwp_ajax_getAllCityinc\ajaxyk.php:23
authwp_ajax_send_order_to_apiinc\ajaxyk.php:24
noprivwp_ajax_send_order_to_apiinc\ajaxyk.php:25
authwp_ajax_send_multiple_order_to_apiinc\ajaxyk.php:26
noprivwp_ajax_send_multiple_order_to_apiinc\ajaxyk.php:27
authwp_ajax_updateDbFromsettinginc\ajaxyk.php:28
noprivwp_ajax_updateDbFromsettinginc\ajaxyk.php:29
authwp_ajax_torod_OrderMappingStatusinc\ajaxyk.php:30
noprivwp_ajax_torod_OrderMappingStatusinc\ajaxyk.php:31
authwp_ajax_get_regions_and_citiesinc\ajaxyk.php:32
noprivwp_ajax_get_regions_and_citiesinc\ajaxyk.php:33
authwp_ajax_get_cityinc\ajaxyk.php:34
noprivwp_ajax_get_cityinc\ajaxyk.php:35

REST API Routes 1

GET/wp-json/torod/v1/synced-orders-counttorod-mmar.php:298
WordPress Hooks 30
actionplugins_loadedinc\adress.php:16
filterwoocommerce_default_address_fieldsinc\adress.php:45
filterwoocommerce_statesinc\adress.php:53
filterwoocommerce_billing_fieldsinc\adress.php:61
filterwoocommerce_shipping_fieldsinc\adress.php:62
filterwoocommerce_form_field_cityinc\adress.php:63
actionwp_enqueue_scriptsinc\adress.php:64
actionwoocommerce_thankyouinc\init.php:18
actionwoocommerce_update_orderinc\init.php:19
filterwoocommerce_checkout_fieldsinc\torod_short_address.php:9
actionwoocommerce_checkout_processinc\torod_short_address.php:12
actionwoocommerce_checkout_create_orderinc\torod_short_address.php:15
actionwoocommerce_admin_order_data_after_billing_addressinc\torod_short_address.php:18
filterwoocommerce_email_order_meta_fieldsinc\torod_short_address.php:21
actionwoocommerce_order_details_after_customer_detailsinc\torod_short_address.php:24
actionwp_footerinc\torod_short_address.php:27
actionwoocommerce_checkout_update_order_metainc\wc_torod.php:11
actionwoocommerce_admin_order_data_after_billing_addressinc\wc_torod.php:12
actionadmin_footerinc\wc_torod.php:13
filterquery_varsinc\wc_torod.php:14
actiontemplate_redirectinc\wc_torod.php:15
actionadd_meta_boxesinc\wc_torod.php:16
actionadmin_enqueue_scriptstorod-mmar.php:31
actionadmin_menutorod-mmar.php:125
actioninittorod-mmar.php:152
actioninittorod-mmar.php:161
actionadmin_headtorod-mmar.php:270
filterplugin_action_linkstorod-mmar.php:272
actiontorod_daily_eventtorod-mmar.php:287
actionrest_api_inittorod-mmar.php:296

Scheduled Events 1

torod_daily_event
Maintenance & Trust

Torod – The smart shipping and delivery portal for e-shops and retailers Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 23, 2025
PHP min version
Downloads4K

Community Trust

Rating74/100
Number of ratings3
Active installs70
Alternatives

Torod – The smart shipping and delivery portal for e-shops and retailers Alternatives

SmartShip – The ideal entrepreneur destination for shipping solutions

SmartShip – The ideal entrepreneur destination for shipping solutions

smartship

A
92

A platform that enables you to compare KSA shipping prices, print shipping labels, track orders, and manage returns from a single place.

40 No CVEs
Instant Images – One-click Image Uploads from Unsplash, Openverse, Pixabay, Pexels, and Giphy

Instant Images – One-click Image Uploads from Unsplash, Openverse, Pixabay, Pexels, and Giphy

instant-images

A
98

One-click uploads from Unsplash, Openverse, Pixabay, Pexels, and Giphy directly to your WordPress media library.

200K 3 CVEs
The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid

The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid

the-post-grid

A
96

Display WordPress posts in beautiful grid, list, slider, and filter layouts. Works with Gutenberg, Elementor, Divi, and Shortcodes.

100K 11 CVEs
WP Show Posts

WP Show Posts

wp-show-posts

A
90

Add posts to your website from any post type using a simple shortcode.

70K 3 CVEs
Username Changer

Username Changer

username-changer

A
100

Unlock the power to change WordPress usernames with complete security and data integrity.

40K No CVEs
Developer Profile

Torod – The smart shipping and delivery portal for e-shops and retailers Developer Profile

Torod Company for Information Technology

1 plugin · 70 total installs

74
trust score
Avg Security Score
71/100
Avg Patch Time
29 days
View full developer profile
Detection Fingerprints

How We Detect Torod – The smart shipping and delivery portal for e-shops and retailers

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/torod/assets/css/select2.min.css/wp-content/plugins/torod/assets/js/select2.min.js/wp-content/plugins/torod/assets/js/torod_script.js/wp-content/plugins/torod/assets/js/torod_script_new.js/wp-content/plugins/torod/assets/css/bootstrap.min.css/wp-content/plugins/torod/assets/css/torod_style.css/wp-content/plugins/torod/assets/js/bootstrap.min.js
Version Parameters
torod_script.js?ver=torod_script_new.js?ver=

HTML / DOM Fingerprints

CSS Classes
torod-settings-style
Data Attributes
data-plugin-name="torod"data-plugin-version="2.1"
JS Globals
torodtorod_new
FAQ

Frequently Asked Questions about Torod – The smart shipping and delivery portal for e-shops and retailers