Does User role based shipping methods have any unpatched vulnerabilities?

No. All known vulnerabilities in User role based shipping methods have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is User role based shipping methods compatible with WordPress 6.4.8?

According to WordPress.org data, User role based shipping methods 3.1.0 has been tested up to WordPress 6.4.8. Check the plugin's changelog for the latest compatibility information.

Is User role based shipping methods compatible with PHP 7.0+?

User role based shipping methods requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is User role based shipping methods updated?

User role based shipping methods was last updated on Mar 31, 2024. Frequent updates are generally a positive security signal.

What is User role based shipping methods's security score?

User role based shipping methods has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

User role based shipping methods Security & Risk Analysis

wordpress.org/plugins/user-role-based-shipping-method

Display WooCommerce shipping methods based on User Role and Country. Globally compatible.

500 active installs v3.1.0 PHP 7.0+ WP 5.0+ Updated Mar 31, 2024

hide-woocommerce-shipping-methodhide-woocommerce-shipping-method-based-on-user-rolerole-based-shipping-methodshipping-method-based-on-countrywoocommerce-shipping-method

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is User role based shipping methods Safe to Use in 2026?

Generally Safe

Score 85/100

User role based shipping methods has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago

Risk Assessment

The static analysis of "user-role-based-shipping-method" v3.1.0 reveals a generally good security posture in terms of attack surface and SQL query handling. The absence of AJAX handlers, REST API routes, shortcodes, and cron events with unprotected entry points is a significant strength, minimizing potential external exploitation vectors. Furthermore, all SQL queries are properly prepared, mitigating risks of SQL injection vulnerabilities.

However, the analysis does raise concerns regarding output escaping. A substantial portion of output (83%) is not properly escaped, creating a high risk of Cross-Site Scripting (XSS) vulnerabilities. Although no direct vulnerabilities were flagged by the taint analysis, the presence of unsanitized paths in two flows indicates potential for unexpected behavior or exploitation if these paths are leveraged in specific ways. The plugin's clean vulnerability history is positive, suggesting past good development practices, but it doesn't negate the current findings.

In conclusion, while the plugin exhibits strengths in its limited attack surface and secure database interactions, the significant unescaped output poses a critical risk that requires immediate attention. The unsanitized paths warrant further investigation to understand their potential impact. Addressing the output escaping issues is paramount to improving the plugin's overall security.

Key Concerns

Significant unescaped output (83%)
Unsanitized paths in taint analysis (2 flows)

Vulnerabilities

None known

User role based shipping methods Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

User role based shipping methods Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

4 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

17% escaped23 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

save (includes\class-pvalley-user-role-based-shipping-settings.php:136)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

User role based shipping methods Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 6

filterwoocommerce_package_ratesincludes\class-pvalley-user-role-based-shipping-manage-shipping.php:27

filterwoocommerce_package_ratesincludes\class-pvalley-user-role-based-shipping-manage-shipping.php:28

filterwoocommerce_settings_tabs_arrayincludes\class-pvalley-user-role-based-shipping-settings.php:15

actionwoocommerce_admin_field_ph_role_based_rule_matrixincludes\class-pvalley-user-role-based-shipping-settings.php:21

actioninitincludes\class-pvalley-user-role-based-shipping.php:19

actionbefore_woocommerce_initincludes\class-pvalley-user-role-based-shipping.php:23

Maintenance & Trust

User role based shipping methods Maintenance & Trust

Maintenance Signals

WordPress version tested6.4.8

Last updatedMar 31, 2024

PHP min version7.0

Downloads11K

Community Trust

Rating88/100

Number of ratings9

Active installs500

Alternatives

User role based shipping methods Alternatives

Advanced Shipping Methods for WooCommerce

asm-wc

Offer shipping methods to customers based on quantities, classes, or categories!

0 No CVEs

Developer Profile

User role based shipping methods Developer Profile

techsarai

1 plugin · 500 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect User role based shipping methods

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/user-role-based-shipping-method/includes/common/PvalleyDropdownOptions.php/wp-content/plugins/user-role-based-shipping-method/includes/PvalleyURBSActionOnShippingMethodType.php/wp-content/plugins/user-role-based-shipping-method/includes/class-pvalley-user-role-based-shipping-common.php/wp-content/plugins/user-role-based-shipping-method/includes/class-pvalley-user-role-based-shipping.php

HTML / DOM Fingerprints

FAQ