Does TOURMIX have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is TOURMIX compatible with WordPress 6.7.5?

According to WordPress.org data, TOURMIX 1.1.18 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is TOURMIX compatible with PHP 7.2+?

TOURMIX requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is TOURMIX updated?

TOURMIX was last updated on Jul 7, 2025. Frequent updates are generally a positive security signal.

What is TOURMIX's security score?

TOURMIX has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

TOURMIX Security & Risk Analysis

wordpress.org/plugins/tourmix

TOURMIX a környezettudatos csomagszállítási alternatíva

10 active installs v1.1.18 PHP 7.2+ WP 5.3+ Updated Jul 7, 2025

deliverydispatchorder-trackingshippingwoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is TOURMIX Safe to Use in 2026?

Generally Safe

Score 100/100

TOURMIX has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10mo ago

Risk Assessment

The tourmix plugin v1.1.18 exhibits a concerning security posture due to a significant number of unprotected entry points. With 5 total entry points, all 5 (4 AJAX handlers and 1 REST API route) lack authentication and authorization checks. This creates a broad attack surface where unauthenticated users could potentially interact with sensitive plugin functionalities.

While the plugin shows good practices in its use of prepared statements for SQL queries (92%) and proper output escaping (87%), the absence of nonce and capability checks is a major oversight. The static analysis did not reveal any critical or high severity taint flows, and the plugin has no recorded vulnerability history, which are positive indicators. However, the lack of fundamental security checks on its exposed interfaces is a critical weakness that could be exploited if functionalities accessible through these points are sensitive or prone to manipulation.

In conclusion, the plugin has strengths in its data handling (SQL and output escaping) and a clean vulnerability history. Nevertheless, the identified lack of authentication and authorization on all its entry points presents a substantial risk. Addressing these unprotected interfaces should be the highest priority to improve the plugin's overall security.

Key Concerns

AJAX handlers without auth checks
REST API routes without permission callbacks
0 nonce checks
0 capability checks

Vulnerabilities

None known

TOURMIX Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

TOURMIX Release Timeline

v1.1.18Current

v1.1.17

v1.1.16

v1.1.15

v1.1.14

v1.1.13

v1.1.12

v1.1.11

v1.1.10

v1.1.9

v1.1.8

v1.1.7

v1.1.6

v1.1.5

v1.1.4

v1.1.3

v1.1.2

v1.1.1

v1.1.0

v1.0.1

Code Analysis

Analyzed Mar 17, 2026

TOURMIX Code Analysis

Dangerous Functions

Raw SQL Queries

22 prepared

Unescaped Output

47 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

92% prepared24 total queries

Output Escaping

87% escaped54 total outputs

Attack Surface

5 unprotected

TOURMIX Attack Surface

Entry Points5

Unprotected5

AJAX Handlers 4

authwp_ajax_tourmixSendOrdersToApiinc\TourmixAjaxHandler.php:27

authwp_ajax_tourmixCancelOrdersToApiinc\TourmixAjaxHandler.php:28

authwp_ajax_tourmixChangeLastLinkToDownloadedinc\TourmixAjaxHandler.php:29

authwp_ajax_tourmixGetCourierRequestForTodayinc\TourmixAjaxHandler.php:30

REST API Routes 1

GET/wp-json/tourmix-deliverystatus-changed/(?P<id>\d+)tourmix-delivery.php:146

WordPress Hooks 8

actionwoocommerce_thankyouinc\TourmixOrdersTableHandler.php:47

actionwoocommerce_shipping_initinc\TourmixShippingMethod.php:52

filterwoocommerce_shipping_methodsinc\TourmixShippingMethod.php:188

actionadmin_menuinc\TourmixSubmenuHandler.php:14

actionadmin_enqueue_scriptstourmix-delivery.php:83

actioninittourmix-delivery.php:112

filterwc_order_statusestourmix-delivery.php:132

actionrest_api_inittourmix-delivery.php:145

Maintenance & Trust

TOURMIX Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedJul 7, 2025

PHP min version7.2

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

TOURMIX Alternatives

Custom Shipment Tracker for WooCommerce

custom-shipment-tracker-for-woocommerce

100

Track WooCommerce order shipment status with a timeline view. Admin can update status and choose whether to show dates.

20 No CVEs

GIG Logistics Delivery

gig-logistics-delivery

100

Integrate GIG Logistics shipping with WooCommerce for real-time rates, shipment scheduling, tracking, and cash on delivery.

10 No CVEs

CityCourier – Local Courier Booking & Tracking System

citycourier-local-courier-booking-tracking-system

100

Courier booking form with Google Maps integration, distance-based pricing, delivery zones, map picker, and order tracking. Built for WooCommerce.

0 No CVEs

Štíteknabalík.cz

foxdeli

Looking for a reliable label printing solution? Štíteknabalík.cz will help you!

0 No CVEs

Advanced Shipment Tracking for WooCommerce

woo-advanced-shipment-tracking

Add shipment tracking info to WooCommerce orders, send tracking numbers to customers via email, and let them track deliveries from My Account.

60K 2 CVEs

Developer Profile

TOURMIX Developer Profile

tourmixhungaryltd

1 plugin · 10 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect TOURMIX

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/tourmix/css/style.css/wp-content/plugins/tourmix/css/PopupDialog.css/wp-content/plugins/tourmix/css/InvoiceNumbersDialog.css/wp-content/plugins/tourmix/css/Visibility.css/wp-content/plugins/tourmix/js/TourmixServices.js/wp-content/plugins/tourmix/js/InvoiceNumbersDialog.js/wp-content/plugins/tourmix/js/CancelParcelDialog.js/wp-content/plugins/tourmix/js/InformationDialog.js+5 more

Script Paths

js/TourmixServices.jsjs/InvoiceNumbersDialog.jsjs/CancelParcelDialog.jsjs/InformationDialog.jsjs/ParcelLabelDialog.jsjs/DownloadDialog.js+2 more

Version Parameters

tourmix/style.css?ver=tourmix/PopupDialog.css?ver=tourmix/InvoiceNumbersDialog.css?ver=tourmix/Visibility.css?ver=tourmix/TourmixServices.js?ver=tourmix/InvoiceNumbersDialog.js?ver=tourmix/CancelParcelDialog.js?ver=tourmix/InformationDialog.js?ver=tourmix/ParcelLabelDialog.js?ver=tourmix/DownloadDialog.js?ver=tourmix/TourmixSettingsToggler.js?ver=tourmix/SearchableSelect.js?ver=tourmix/wcStyleOverwrite.css

HTML / DOM Fingerprints

CSS Classes

tourmix-order-status

Data Attributes

data-tourmix-settings

JS Globals

TourmixServicesInvoiceNumbersDialogCancelParcelDialogInformationDialogParcelLabelDialogDownloadDialog+2 more

REST Endpoints

/wp-json/tourmix-delivery/status-changed/

FAQ