Does TrackShip for WooCommerce have any unpatched vulnerabilities?

No. All known vulnerabilities in TrackShip for WooCommerce have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is TrackShip for WooCommerce compatible with WordPress 6.9.4?

According to WordPress.org data, TrackShip for WooCommerce 2.0.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is TrackShip for WooCommerce compatible with PHP 7.4+?

TrackShip for WooCommerce requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is TrackShip for WooCommerce updated?

TrackShip for WooCommerce was last updated on Mar 11, 2026. Frequent updates are generally a positive security signal.

What is TrackShip for WooCommerce's security score?

TrackShip for WooCommerce has a WP-Safety security score of 98/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

TrackShip for WooCommerce Security & Risk Analysis

wordpress.org/plugins/trackship-for-woocommerce

TrackShip auto-tracks orders, adds a branded tracking experience to your store and handles all customer touchpoints from shipping to delivery

7K active installs v2.0.1 PHP 7.4+ WP 6.2+ Updated Mar 11, 2026

order-trackingparcel-trackingtrackingwoocommercewoocommerce-shipment-tracking

A · Safe

CVEs total2

Unpatched0

Last CVEMay 7, 2025

Download

Safety Verdict

Is TrackShip for WooCommerce Safe to Use in 2026?

Generally Safe

Score 98/100

TrackShip for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: May 7, 2025Updated 24d ago

Risk Assessment

The trackship-for-woocommerce plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices in output escaping, SQL query preparation, and generally implements nonce and capability checks. The absence of dangerous functions, file operations, and critical/high severity taint flows is commendable.

However, significant concerns arise from the unprotected entry points. Eight out of 41 total entry points (33 AJAX handlers and 6 REST API routes) lack authentication or permission checks, creating a substantial attack surface for unauthorized actions. Furthermore, four taint flows with unsanitized paths, even without critical severity, indicate potential vulnerabilities that could be exploited if user input is not properly handled. The vulnerability history, despite no currently unpatched CVEs, shows a pattern of SQL injection and missing authorization issues in the past, suggesting a recurring need for vigilance in these areas.

In conclusion, while the plugin has strengths in several key security areas, the unprotected entry points and flagged unsanitized taint flows present real risks. The historical prevalence of authorization and SQL-related vulnerabilities warrants careful monitoring and proactive patching for any future findings. The plugin is generally well-developed but requires immediate attention to secure its exposed entry points.

Key Concerns

Unprotected AJAX handlers
Unprotected REST API routes
Taint flows with unsanitized paths (4)
Past medium severity SQL injection vulns
Past medium severity missing authorization vulns

Vulnerabilities

TrackShip for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2025-47460medium · 4.9Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

TrackShip for WooCommerce <= 1.9.1 - Authenticated (Shop manager+) SQL Injection

May 7, 2025 Patched in 1.9.2 (7d)

CVE-2024-32678medium · 5.3Missing Authorization

TrackShip for WooCommerce <= 1.7.5 - Missing Authorization

Apr 17, 2024 Patched in 1.7.6 (7d)

Code Analysis

Analyzed Mar 16, 2026

TrackShip for WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

97 prepared

Unescaped Output

1045 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

75% prepared129 total queries

Output Escaping

99% escaped1055 total outputs

Data Flows

4 unsanitized

Data Flow Analysis

19 flows4 with unsanitized paths

update_all_shipment_status_delivered_cb (includes\class-wc-trackship-actions.php:840)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

8 unprotected

TrackShip for WooCommerce Attack Surface

Entry Points41

Unprotected8

AJAX Handlers 33

authwp_ajax_wc_trackship_form_updateincludes\class-wc-trackship-actions.php:51

authwp_ajax_trackship_tracking_page_form_updateincludes\class-wc-trackship-actions.php:52

authwp_ajax_bulk_shipment_status_from_settingsincludes\class-wc-trackship-actions.php:70

authwp_ajax_update_shipment_status_email_statusincludes\class-wc-trackship-actions.php:97

authwp_ajax_update_all_shipment_status_deliveredincludes\class-wc-trackship-actions.php:98

authwp_ajax_ts_reassign_order_statusincludes\class-wc-trackship-admin.php:47

authwp_ajax_add_trackship_mapping_rowincludes\class-wc-trackship-admin.php:48

authwp_ajax_remove_tracking_eventincludes\class-wc-trackship-admin.php:49

authwp_ajax_remove_trackship_logsincludes\class-wc-trackship-admin.php:50

authwp_ajax_verify_database_tableincludes\class-wc-trackship-admin.php:51

authwp_ajax_enabled_wc_fulfillmentsincludes\class-wc-trackship-admin.php:52

authwp_ajax_trackship_mapping_form_updateincludes\class-wc-trackship-admin.php:53

authwp_ajax_trackship_integration_form_updateincludes\class-wc-trackship-admin.php:54

authwp_ajax_ts_late_shipments_email_form_updateincludes\class-wc-trackship-admin.php:57

authwp_ajax_dashboard_page_count_queryincludes\class-wc-trackship-admin.php:58

authwp_ajax_metabox_get_shipment_statusincludes\class-wc-trackship-admin.php:62

authwp_ajax_get_admin_tracking_widgetincludes\class-wc-trackship-admin.php:64

noprivwp_ajax_get_tracking_infoincludes\class-wc-trackship-front.php:46

authwp_ajax_get_tracking_infoincludes\class-wc-trackship-front.php:47

authwp_ajax_save_unsunscribe_email_notifications_dataincludes\class-wc-trackship-front.php:56

noprivwp_ajax_save_unsunscribe_email_notifications_dataincludes\class-wc-trackship-front.php:57

authwp_ajax_resubscribe_emails_saveincludes\class-wc-trackship-front.php:58

noprivwp_ajax_resubscribe_emails_saveincludes\class-wc-trackship-front.php:59

authwp_ajax_update_trackship_providersincludes\class-wc-trackship-install.php:41

authwp_ajax_save_trackship_customizerincludes\customizer\trackship-customizer.php:52

authwp_ajax_ts_email_previewincludes\customizer\trackship-customizer.php:54

authwp_ajax_get_trackship_shipmentsincludes\shipments\class-wc-trackship-shipments.php:41

authwp_ajax_get_shipment_status_from_shipmentsincludes\shipments\class-wc-trackship-shipments.php:42

authwp_ajax_bulk_shipment_status_from_shipmentsincludes\shipments\class-wc-trackship-shipments.php:43

authwp_ajax_smswoo_settings_tab_saveincludes\smswoo\class-smswoo-admin.php:47

authwp_ajax_update_all_shipment_status_sms_deliveredincludes\smswoo\class-smswoo-admin.php:53

authwp_ajax_get_trackship_logsincludes\ts-logs\class-wc-trackship-logs.php:42

authwp_ajax_log_details_popupincludes\ts-logs\class-wc-trackship-logs.php:45

REST API Routes 6

GET/wp-json/wc-analytics/reports/datatrackship/statsincludes\analytics\class-trackship-analytics-rest-api-controller.php:69

GET/wp-json/wc-analytics/dataget_shipments_providersincludes\analytics\class-trackship-analytics-rest-api-controller.php:79

GET/wp-json/wc-analytics/reports/datashipments_by_providerincludes\analytics\class-trackship-analytics-rest-api-controller.php:89

GET/wp-json/wc/v1/disconnect_from_trackshipincludes\api\class-trackship-rest-api-controller.php:29

GET/wp-json/wc/v1/tracking-webhookincludes\api\class-trackship-rest-api-controller.php:44

GET/wp-json/wc/v1/check_ts4wc_installedincludes\api\class-trackship-rest-api-controller.php:54

Shortcodes 2

[wcast-track-order] includes\class-wc-trackship-front.php:43

[trackship-track-order] includes\class-wc-trackship-front.php:44

WordPress Hooks 107

actionadmin_enqueue_scriptsincludes\analytics\class-wc-trackship-analytics.php:44

filterwoocommerce_analytics_report_menu_itemsincludes\analytics\class-wc-trackship-analytics.php:45

actionrest_api_initincludes\analytics\class-wc-trackship-analytics.php:46

actionsettingsincludes\class-wc-admin-notices.php:56

actionsettingsincludes\class-wc-admin-notices.php:89

actionadmin_enqueue_scriptsincludes\class-wc-trackship-actions.php:45

actiondokan_enqueue_scriptsincludes\class-wc-trackship-actions.php:48

filtermanage_edit-shop_order_columnsincludes\class-wc-trackship-actions.php:56

filtermanage_woocommerce_page_wc-orders_columnsincludes\class-wc-trackship-actions.php:57

actionmanage_shop_order_posts_custom_columnincludes\class-wc-trackship-actions.php:58

actionmanage_woocommerce_page_wc-orders_custom_columnincludes\class-wc-trackship-actions.php:59

filterbulk_actions-edit-shop_orderincludes\class-wc-trackship-actions.php:62

filterbulk_actions-woocommerce_page_wc-ordersincludes\class-wc-trackship-actions.php:63

filterhandle_bulk_actions-edit-shop_orderincludes\class-wc-trackship-actions.php:66

filterwoocommerce_bulk_action_idsincludes\class-wc-trackship-actions.php:67

actionadmin_noticesincludes\class-wc-trackship-actions.php:73

actionwoocommerce_order_actionsincludes\class-wc-trackship-actions.php:76

actionwoocommerce_order_action_get_shipment_status_edit_orderincludes\class-wc-trackship-actions.php:77

actionrestrict_manage_postsincludes\class-wc-trackship-actions.php:81

filterrequestincludes\class-wc-trackship-actions.php:82

actionwoocommerce_order_list_table_restrict_manage_ordersincludes\class-wc-trackship-actions.php:84

filterwoocommerce_shop_order_list_table_prepare_items_query_argsincludes\class-wc-trackship-actions.php:85

filtertrackship_status_filterincludes\class-wc-trackship-actions.php:92

filtertrackship_status_icon_filterincludes\class-wc-trackship-actions.php:95

actionast_shipment_tracking_endincludes\class-wc-trackship-actions.php:100

actiondelete_tracking_number_from_trackshipincludes\class-wc-trackship-actions.php:102

actionadmin_initincludes\class-wc-trackship-actions.php:103

actiondelete_postincludes\class-wc-trackship-actions.php:104

actionwoocommerce_before_delete_orderincludes\class-wc-trackship-actions.php:105

filteris_order_shippedincludes\class-wc-trackship-actions.php:116

actionsend_order_to_trackshipincludes\class-wc-trackship-actions.php:119

actionwcast_retry_trackship_apicallincludes\class-wc-trackship-actions.php:122

actiontrackship_tracking_apicallincludes\class-wc-trackship-actions.php:123

actionadmin_initincludes\class-wc-trackship-actions.php:131

filterast_tracking_linkincludes\class-wc-trackship-actions.php:134

actionscheduled_cron_shipment_lengthincludes\class-wc-trackship-actions.php:137

actionupdate_shipment_lengthincludes\class-wc-trackship-actions.php:138

actionadmin_menuincludes\class-wc-trackship-admin.php:43

actionadmin_footerincludes\class-wc-trackship-admin.php:45

filterconvert_provider_name_to_slugincludes\class-wc-trackship-admin.php:56

actionadd_meta_boxesincludes\class-wc-trackship-admin.php:60

actionwoocommerce_auth_page_footerincludes\class-wc-trackship-admin.php:66

filterwoocommerce_order_is_download_permittedincludes\class-wc-trackship-admin.php:68

actioninitincludes\class-wc-trackship-admin.php:73

filterwc_order_statusesincludes\class-wc-trackship-admin.php:75

filterwoocommerce_reports_order_statusesincludes\class-wc-trackship-admin.php:77

filterwoocommerce_order_is_paid_statusesincludes\class-wc-trackship-admin.php:79

filterbulk_actions-edit-shop_orderincludes\class-wc-trackship-admin.php:81

filterwoocommerce_valid_order_statuses_for_order_againincludes\class-wc-trackship-admin.php:83

filterwoocommerce_admin_order_preview_actionsincludes\class-wc-trackship-admin.php:85

filterwoocommerce_admin_order_actionsincludes\class-wc-trackship-admin.php:87

filterwp_kses_allowed_htmlincludes\class-wc-trackship-exception-shipments.php:182

filtersafe_style_cssincludes\class-wc-trackship-exception-shipments.php:183

actionwp_enqueue_scriptsincludes\class-wc-trackship-front.php:45

actionplugins_loadedincludes\class-wc-trackship-front.php:49

actionwoocommerce_view_orderincludes\class-wc-trackship-front.php:51

filtertracking_widget_product_arrayincludes\class-wc-trackship-front.php:53

actionwoocommerce_email_before_order_tableincludes\class-wc-trackship-front.php:94

actionadmin_initincludes\class-wc-trackship-install.php:40

filterwp_kses_allowed_htmlincludes\class-wc-trackship-late-shipments.php:191

filtersafe_style_cssincludes\class-wc-trackship-late-shipments.php:192

actionadmin_initincludes\class-wc-trackship-notice.php:42

actionadmin_noticesincludes\class-wc-trackship-notice.php:45

actionadmin_noticesincludes\class-wc-trackship-notice.php:48

actionadmin_noticesincludes\class-wc-trackship-notice.php:51

actionadmin_noticesincludes\class-wc-trackship-notice.php:54

filterwp_kses_allowed_htmlincludes\class-wc-trackship-on-hold-shipments.php:182

filtersafe_style_cssincludes\class-wc-trackship-on-hold-shipments.php:183

filterwp_kses_allowed_htmlincludes\customizer\class-trackship-email-preview.php:146

filtersafe_style_cssincludes\customizer\class-trackship-email-preview.php:147

filterwoocommerce_email_stylesincludes\customizer\class-trackship-email-preview.php:148

filterwoocommerce_email_footer_textincludes\customizer\class-trackship-email-preview.php:150

actionadmin_menuincludes\customizer\trackship-customizer.php:49

actionadmin_enqueue_scriptsincludes\customizer\trackship-customizer.php:57

actionwoocommerce_fulfillment_after_fulfillincludes\fulfillment\class-ts-wc-fulfillment-admin.php:44

filterwoocommerce_fulfillment_before_fulfillincludes\fulfillment\class-ts-wc-fulfillment-admin.php:47

actionwoocommerce_fulfillment_after_updateincludes\fulfillment\class-ts-wc-fulfillment-admin.php:50

actionwoocommerce_fulfillment_after_deleteincludes\fulfillment\class-ts-wc-fulfillment-admin.php:53

actiontrackship_shipment_status_triggerincludes\integration\class-klaviyo-integration.php:40

actionts_status_change_triggerincludes\integration\class-omnisend-integration.php:40

filterautomatewoo/triggersincludes\integration\class-wc-automatewoo-integration.php:2

actionadmin_enqueue_scriptsincludes\shipments\class-wc-trackship-shipments.php:46

actionafter_trackship_settingsincludes\smswoo\class-smswoo-admin.php:42

actionshipment_status_sms_sectionincludes\smswoo\class-smswoo-admin.php:50

actionts_status_change_triggerincludes\smswoo\class-smswoo-sms-notification.php:57

filtersmswoo_sms_message_replacementsincludes\smswoo\class-smswoo-sms-notification.php:60

filtersmswoo_sms_customer_phoneincludes\smswoo\class-smswoo-sms-notification.php:63

actionts_status_change_triggerincludes\trackship-email-manager.php:17

actiontrigger_pickup_reminder_emailincludes\trackship-email-manager.php:18

filterwp_kses_allowed_htmlincludes\trackship-email-manager.php:141

filtersafe_style_cssincludes\trackship-email-manager.php:142

filterwoocommerce_email_footer_textincludes\trackship-email-manager.php:144

filterwp_kses_allowed_htmlincludes\trackship-email-manager.php:258

filtersafe_style_cssincludes\trackship-email-manager.php:259

actionadmin_enqueue_scriptsincludes\ts-logs\class-wc-trackship-logs.php:48

actionadmin_noticestrackship-for-woocommerce.php:58

actionadmin_noticestrackship-for-woocommerce.php:63

actioninittrackship-for-woocommerce.php:143

filteryith_wcbm_add_badge_tags_in_wp_kses_allowed_htmltrackship-for-woocommerce.php:147

filteryith_wcbm_is_allowed_adding_badge_tags_in_wp_ksestrackship-for-woocommerce.php:148

actionrest_api_inittrackship-for-woocommerce.php:156

actiontemplate_redirecttrackship-for-woocommerce.php:181

actiontemplate_redirecttrackship-for-woocommerce.php:182

actionbefore_woocommerce_inittrackship-for-woocommerce.php:537

actionadmin_enqueue_scriptszorem-tracking\zorem-tracking.php:40

actioninitzorem-tracking\zorem-tracking.php:78

actionadmin_initzorem-tracking\zorem-tracking.php:80

Scheduled Events 1

scheduled_cron_shipment_length

Maintenance & Trust

TrackShip for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 11, 2026

PHP min version7.4

Downloads224K

Community Trust

Rating94/100

Number of ratings51

Active installs7K

Alternatives

TrackShip for WooCommerce Alternatives

Orders Tracking for WooCommerce

woo-orders-tracking

Easily import/manage your tracking numbers, add tracking numbers to PayPal and send email notifications to customers.

10K 3 CVEs

ParcelWILL (Formerly ParcelPanel) – Shipment Tracking, Tracking & Order Tracking for WooCommerce

parcelpanel

Free Plan Available. Order Tracking, Shipment Tracking. The best WooCommerce Order Tracker for Track Order Status & Delivery Notifications

8K 2 CVEs

Advanced Shipment Tracking for WooCommerce

woo-advanced-shipment-tracking

Add shipment tracking info to WooCommerce orders, send tracking numbers to customers via email, and let them track deliveries from My Account.

60K 2 CVEs

AfterShip Tracking – All-In-One WooCommerce Order Tracking (Free plan available)

aftership-woocommerce-tracking

Track orders in one place. shipment tracking, automated notifications, order lookup, branded tracking page, delivery day prediction

8K 1 CVE

Sendcloud Shipping

sendcloud-connected-shipping

100

SendCloud helps to grow your online store by optimizing the shipping process. Shipping packages has never been that easy!

4K No CVEs

Developer Profile

TrackShip for WooCommerce Developer Profile

TrackShip

1 plugin · 7K total installs

trust score

Avg Security Score

98/100

Avg Patch Time

7 days

View full developer profile

Detection Fingerprints

How We Detect TrackShip for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/trackship-for-woocommerce/assets/css/trackship-frontend.css/wp-content/plugins/trackship-for-woocommerce/assets/css/trackship-common.css/wp-content/plugins/trackship-for-woocommerce/assets/js/trackship-frontend.js/wp-content/plugins/trackship-for-woocommerce/assets/js/trackship-common.js

Script Paths

/wp-content/plugins/trackship-for-woocommerce/assets/js/trackship-frontend.js/wp-content/plugins/trackship-for-woocommerce/assets/js/trackship-common.js

Version Parameters

trackship-for-woocommerce/assets/css/trackship-frontend.css?ver=trackship-for-woocommerce/assets/css/trackship-common.css?ver=trackship-for-woocommerce/assets/js/trackship-frontend.js?ver=trackship-for-woocommerce/assets/js/trackship-common.js?ver=

HTML / DOM Fingerprints

CSS Classes

trackship-tracking-page-wrappertrackship-tracking-form-containertrackship-tracking-results-containertrackship-tracking-infotrackship-tracking-historytrackship-tracking-map-wrapper

HTML Comments

Data Attributes

data-ts-tracking-endpointdata-ts-tracking-key

JS Globals

trackship_frontend_paramsTrackShip

REST Endpoints

/wp-json/trackship/v1/trackings

FAQ