WP-Safety

Track Orders for WooCommerce – Multi Carrier WooCommerce Shipping Security & Risk Analysis

wordpress.org/plugins/track-orders-for-woocommerce

Track Orders for WooCommerce - WooCommerce Shipping Plugin with delivery notifications, tracking templates, and live updates.

300 active installs v1.2.2 PHP 7.4+ WP 6.7.0+ Updated Mar 3, 2026
order-trackingshipment-trackershipment-trackingshippingwoocommerce-shipping
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Track Orders for WooCommerce – Multi Carrier WooCommerce Shipping Safe to Use in 2026?

Generally Safe

Score 100/100

Track Orders for WooCommerce – Multi Carrier WooCommerce Shipping has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The 'track-orders-for-woocommerce' plugin exhibits a mixed security posture. On the positive side, it has a clean vulnerability history with no recorded CVEs, indicating a history of responsible development or timely patching. The code also demonstrates good practices in SQL query preparation and output escaping, with a very high percentage of queries using prepared statements and a strong majority of outputs being properly escaped. However, significant concerns arise from the static analysis. A substantial portion of the plugin's attack surface, specifically 14 out of 22 entry points, lacks authentication checks. This presents a considerable risk, as unauthenticated users could potentially interact with these components. Furthermore, the presence of the `exec` dangerous function, even if only 3 times, warrants caution, as it can lead to serious security issues if not handled with extreme care. The taint analysis found one flow with unsanitized paths, which, although not classified as critical or high severity, is still a potential avenue for exploitation that should be addressed.

Key Concerns

  • Large attack surface without auth checks
  • Presence of dangerous function 'exec'
  • Flow with unsanitized paths (Taint Analysis)
Vulnerabilities
None known

Track Orders for WooCommerce – Multi Carrier WooCommerce Shipping Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Track Orders for WooCommerce – Multi Carrier WooCommerce Shipping Code Analysis

Dangerous Functions
3
Raw SQL Queries
1
8 prepared
Unescaped Output
59
1020 escaped
Nonce Checks
30
Capability Checks
0
File Operations
0
External Requests
8
Bundled Libraries
3

Dangerous Functions Found

exec$tofw_system_status['uptime'] = function_exists( 'exec' ) ? @exec( 'uptime -p' ) : __( 'N/A (make suincludes\class-track-orders-for-woocommerce.php:568
exec$tofw_system_status['processes'] = function_exists( 'exec' ) ? @exec( 'ps aux | wc -l' ) : __( 'N/A includes\class-track-orders-for-woocommerce.php:622
exec$tofw_system_status['windows_cpu_usage'] = function_exists( 'exec' ) ? @exec( 'wmic cpu get loadpercincludes\class-track-orders-for-woocommerce.php:631

Bundled Libraries

DataTablesTCPDFSelect2

SQL Query Safety

89% prepared9 total queries

Output Escaping

95% escaped1079 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

18 flows1 with unsanitized paths
tofw_admin_save_tab_settings (admin\class-track-orders-for-woocommerce-admin.php:1281)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
14 unprotected

Track Orders for WooCommerce – Multi Carrier WooCommerce Shipping Attack Surface

Entry Points22
Unprotected14

AJAX Handlers 18

authwp_ajax_wps_msp_send_onboarding_dataincludes\class-track-orders-for-woocommerce-onboarding-steps.php:125
noprivwp_ajax_wps_msp_send_onboarding_dataincludes\class-track-orders-for-woocommerce-onboarding-steps.php:126
authwp_ajax_msp_skip_onboarding_popupincludes\class-track-orders-for-woocommerce-onboarding-steps.php:129
noprivwp_ajax_msp_skip_onboarding_popupincludes\class-track-orders-for-woocommerce-onboarding-steps.php:130
authwp_ajax_wps_tofw_create_custom_order_statusincludes\class-track-orders-for-woocommerce.php:219
authwp_ajax_wps_tofw_delete_custom_order_statusincludes\class-track-orders-for-woocommerce.php:220
authwp_ajax_wps_tofw_edit_custom_order_statusincludes\class-track-orders-for-woocommerce.php:221
authwp_ajax_wps_tofw_save_edit_custom_order_statusincludes\class-track-orders-for-woocommerce.php:222
authwp_ajax_wps_selected_templateincludes\class-track-orders-for-woocommerce.php:223
authwp_ajax_wps_tofw_insert_address_for_trackingincludes\class-track-orders-for-woocommerce.php:225
authwp_ajax_wps_preview_wc_emailincludes\class-track-orders-for-woocommerce.php:249
authwp_ajax_wps_save_delay_email_settingsincludes\class-track-orders-for-woocommerce.php:250
authwp_ajax_tofw_wps_standard_save_settings_filterincludes\class-track-orders-for-woocommerce.php:270
noprivwp_ajax_tofw_wps_standard_save_settings_filterincludes\class-track-orders-for-woocommerce.php:271
authwp_ajax_wps_wot_export_my_ordersincludes\class-track-orders-for-woocommerce.php:280
noprivwp_ajax_wps_tofw_export_my_orders_guest_userincludes\class-track-orders-for-woocommerce.php:281
authwp_ajax_wps_mult_carrier_data_trackingtrack-orders-for-woocommerce.php:636
noprivwp_ajax_wps_mult_carrier_data_trackingtrack-orders-for-woocommerce.php:637

REST API Routes 1

GET/wp-json/tofw-route/v1/tofw-dummy-data/package\rest-api\class-track-orders-for-woocommerce-rest-api.php:76

Shortcodes 3

[WPS_MUTIPLE_CARRIER_TRACKING_FORM] public\class-track-orders-for-woocommerce-public.php:415
[wps_dhl_track] template\wps-dhl-tracking-template.php:241
[wps_tracking_info] track-orders-for-woocommerce.php:505
WordPress Hooks 78
actionadmin_enqueue_scriptsincludes\class-track-orders-for-woocommerce-onboarding-steps.php:115
actionadmin_enqueue_scriptsincludes\class-track-orders-for-woocommerce-onboarding-steps.php:116
actionadmin_footerincludes\class-track-orders-for-woocommerce-onboarding-steps.php:118
actionadmin_footerincludes\class-track-orders-for-woocommerce-onboarding-steps.php:119
filterwps_msp_on_boarding_form_fieldsincludes\class-track-orders-for-woocommerce-onboarding-steps.php:121
filterwps_msp_deactivation_form_fieldsincludes\class-track-orders-for-woocommerce-onboarding-steps.php:122
actionplugins_loadedincludes\class-track-orders-for-woocommerce.php:172
actionadmin_enqueue_scriptsincludes\class-track-orders-for-woocommerce.php:196
actionadmin_enqueue_scriptsincludes\class-track-orders-for-woocommerce.php:197
actionadmin_menuincludes\class-track-orders-for-woocommerce.php:200
actionadmin_menuincludes\class-track-orders-for-woocommerce.php:201
filterwps_add_plugins_menus_arrayincludes\class-track-orders-for-woocommerce.php:204
filtertofw_track_order_arrayincludes\class-track-orders-for-woocommerce.php:205
filtertofw_general_settings_arrayincludes\class-track-orders-for-woocommerce.php:206
filtertofw_custom_order_status_arrayincludes\class-track-orders-for-woocommerce.php:207
actiontofw_track_order_gmap_settings_arrayincludes\class-track-orders-for-woocommerce.php:208
actiontofw_shipping_services_settings_arrayincludes\class-track-orders-for-woocommerce.php:209
filtertofw_track_order_partial_shipement_arrayincludes\class-track-orders-for-woocommerce.php:210
actionwps_tofw_settings_saved_noticeincludes\class-track-orders-for-woocommerce.php:213
actiontofw_developer_admin_hooks_arrayincludes\class-track-orders-for-woocommerce.php:216
actiontofw_developer_public_hooks_arrayincludes\class-track-orders-for-woocommerce.php:217
actionadmin_menuincludes\class-track-orders-for-woocommerce.php:226
actionwoocommerce_process_shop_order_metaincludes\class-track-orders-for-woocommerce.php:228
actionwoocommerce_process_shop_order_metaincludes\class-track-orders-for-woocommerce.php:229
actionwoocommerce_process_shop_order_metaincludes\class-track-orders-for-woocommerce.php:230
actionmanage_woocommerce_page_wc-orders_columnsincludes\class-track-orders-for-woocommerce.php:232
actionmanage_woocommerce_page_wc-orders_custom_columnincludes\class-track-orders-for-woocommerce.php:233
actionwoocommerce_admin_order_item_headersincludes\class-track-orders-for-woocommerce.php:235
actionwoocommerce_admin_order_item_valuesincludes\class-track-orders-for-woocommerce.php:236
actionwoocommerce_saved_order_itemsincludes\class-track-orders-for-woocommerce.php:237
actionadmin_headincludes\class-track-orders-for-woocommerce.php:238
actionwoocommerce_admin_order_items_after_line_itemsincludes\class-track-orders-for-woocommerce.php:239
filterwoocommerce_shop_order_list_table_columnsincludes\class-track-orders-for-woocommerce.php:240
actionwoocommerce_shop_order_list_table_custom_columnincludes\class-track-orders-for-woocommerce.php:242
filtermanage_edit-shop_order_sortable_columnsincludes\class-track-orders-for-woocommerce.php:243
actionpre_get_postsincludes\class-track-orders-for-woocommerce.php:244
actionwoocommerce_order_status_completedincludes\class-track-orders-for-woocommerce.php:245
actionwoocommerce_order_status_changedincludes\class-track-orders-for-woocommerce.php:246
actionadmin_footerincludes\class-track-orders-for-woocommerce.php:248
actionwps_check_delivery_delays_cronincludes\class-track-orders-for-woocommerce.php:251
actionwp_enqueue_scriptsincludes\class-track-orders-for-woocommerce.php:265
actionwp_enqueue_scriptsincludes\class-track-orders-for-woocommerce.php:267
actionwpswings_tracker_send_eventincludes\class-track-orders-for-woocommerce.php:273
filtertemplate_includeincludes\class-track-orders-for-woocommerce.php:277
actionwoocommerce_order_status_changedincludes\class-track-orders-for-woocommerce.php:278
actionadmin_initincludes\class-track-orders-for-woocommerce.php:282
actionwc_order_statusesincludes\class-track-orders-for-woocommerce.php:283
actionwp_enqueue_scriptsincludes\class-track-orders-for-woocommerce.php:297
actionwp_enqueue_scriptsincludes\class-track-orders-for-woocommerce.php:298
actionwp_enqueue_scriptsincludes\class-track-orders-for-woocommerce.php:299
actionwoocommerce_order_details_after_order_tableincludes\class-track-orders-for-woocommerce.php:302
actionwoocommerce_order_details_before_order_table_itemsincludes\class-track-orders-for-woocommerce.php:303
actionwoocommerce_my_account_my_orders_actionsincludes\class-track-orders-for-woocommerce.php:305
actionwoocommerce_before_account_ordersincludes\class-track-orders-for-woocommerce.php:308
actiontemplate_includeincludes\class-track-orders-for-woocommerce.php:309
actiontemplate_includeincludes\class-track-orders-for-woocommerce.php:310
actiontemplate_includeincludes\class-track-orders-for-woocommerce.php:311
actioninitincludes\class-track-orders-for-woocommerce.php:313
actionwoocommerce_order_details_before_order_tableincludes\class-track-orders-for-woocommerce.php:315
actionwoocommerce_order_details_after_order_tableincludes\class-track-orders-for-woocommerce.php:316
actionwoocommerce_thankyouincludes\class-track-orders-for-woocommerce.php:317
filterbody_classincludes\class-track-orders-for-woocommerce.php:319
actionrest_api_initincludes\class-track-orders-for-woocommerce.php:332
actionwoocommerce_admin_order_data_after_order_detailstemplate\wps-dhl-tracking-template.php:9
actionwoocommerce_process_shop_order_metatemplate\wps-dhl-tracking-template.php:24
filterwoocommerce_my_account_my_orders_actionstemplate\wps-dhl-tracking-template.php:37
actioninittemplate\wps-dhl-tracking-template.php:55
filterquery_varstemplate\wps-dhl-tracking-template.php:62
actionwoocommerce_account_dhl-tracking_endpointtemplate\wps-dhl-tracking-template.php:70
actionbefore_woocommerce_inittrack-orders-for-woocommerce.php:43
actioninittrack-orders-for-woocommerce.php:72
filterplugin_row_metatrack-orders-for-woocommerce.php:297
actioninittrack-orders-for-woocommerce.php:365
actionadmin_inittrack-orders-for-woocommerce.php:377
actionadmin_noticestrack-orders-for-woocommerce.php:378
filterdoing_it_wrong_trigger_errortrack-orders-for-woocommerce.php:409
filterwps_fetch_tracking_datatrack-orders-for-woocommerce.php:411
actionadmin_inittrack-orders-for-woocommerce.php:774

Scheduled Events 2

wpswings_tracker_send_event
wps_check_delivery_delays_cron
Maintenance & Trust

Track Orders for WooCommerce – Multi Carrier WooCommerce Shipping Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 3, 2026
PHP min version7.4
Downloads14K

Community Trust

Rating74/100
Number of ratings3
Active installs300
Alternatives

Track Orders for WooCommerce – Multi Carrier WooCommerce Shipping Alternatives

AfterShip Tracking – All-In-One WooCommerce Order Tracking (Free plan available)

AfterShip Tracking – All-In-One WooCommerce Order Tracking (Free plan available)

aftership-woocommerce-tracking

A
99

Track orders in one place. shipment tracking, automated notifications, order lookup, branded tracking page, delivery day prediction

8K 1 CVE
Štíteknabalík.cz

Štíteknabalík.cz

foxdeli

A
85

Looking for a reliable label printing solution? Štíteknabalík.cz will help you!

0 No CVEs
Advanced Shipment Tracking for WooCommerce

Advanced Shipment Tracking for WooCommerce

woo-advanced-shipment-tracking

A
98

Add shipment tracking info to WooCommerce orders, send tracking numbers to customers via email, and let them track deliveries from My Account.

60K 2 CVEs
Shiprocket

Shiprocket

shiprocket

B
78

Auto Sync your Woocommerce store orders & ship them at lowest shipping rates. Automate your shipping, save time & money.

10K 1 unpatched
ZeroV99 Shipment Tracking

ZeroV99 Shipment Tracking

zerov99-shipment-tracking

A
100

Add a 'Shipped' status to WooCommerce orders, track shipments, and provide real-time updates to customers effortlessly.

0 No CVEs
Developer Profile

Track Orders for WooCommerce – Multi Carrier WooCommerce Shipping Developer Profile

WP Swings

13 plugins · 43K total installs

77
trust score
Avg Security Score
97/100
Avg Patch Time
101 days
View full developer profile
Detection Fingerprints

How We Detect Track Orders for WooCommerce – Multi Carrier WooCommerce Shipping

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/track-orders-for-woocommerce/assets/css/wps-order-tracking-front.css/wp-content/plugins/track-orders-for-woocommerce/assets/css/wps-order-tracking-common.css/wp-content/plugins/track-orders-for-woocommerce/assets/js/wps-order-tracking-front.js/wp-content/plugins/track-orders-for-woocommerce/assets/js/wps-order-tracking-common.js/wp-content/plugins/track-orders-for-woocommerce/assets/js/wps-order-tracking-public.js/wp-content/plugins/track-orders-for-woocommerce/assets/css/tracking-info-display.css/wp-content/plugins/track-orders-for-woocommerce/assets/js/tracking-info-display.js
Script Paths
/wp-content/plugins/track-orders-for-woocommerce/assets/js/wps-order-tracking-common.js/wp-content/plugins/track-orders-for-woocommerce/assets/js/wps-order-tracking-public.js/wp-content/plugins/track-orders-for-woocommerce/assets/js/tracking-info-display.js
Version Parameters
track-orders-for-woocommerce/assets/css/wps-order-tracking-front.css?ver=track-orders-for-woocommerce/assets/css/wps-order-tracking-common.css?ver=track-orders-for-woocommerce/assets/js/wps-order-tracking-front.js?ver=track-orders-for-woocommerce/assets/js/wps-order-tracking-common.js?ver=track-orders-for-woocommerce/assets/js/wps-order-tracking-public.js?ver=track-orders-for-woocommerce/assets/css/tracking-info-display.css?ver=track-orders-for-woocommerce/assets/js/tracking-info-display.js?ver=

HTML / DOM Fingerprints

CSS Classes
wps-order-tracking-wrapperwps-tracking-order-sectionwps-order-tracking-detailswps-tracking-stepswps-tracking-stepwps-tracking-activewps-tracking-completedwps-tracking-pending+11 more
HTML Comments
<!-- track-orders-for-woocommerce --><!-- WPSwings Order Tracking --><!-- WPS DHL Tracking Template --><!-- Track Orders for WooCommerce -->
Data Attributes
data-tracking-iddata-tracking-providerdata-order-iddata-tracking-url
JS Globals
wps_order_tracking_params
Shortcode Output
[wps_order_tracking][wps_track_order]
FAQ

Frequently Asked Questions about Track Orders for WooCommerce – Multi Carrier WooCommerce Shipping