WP-Safety

WC China Checkout 物流通知插件 Security & Risk Analysis

wordpress.org/plugins/wc-china-checkout

WooCommerce中国本地结算,三级联动收货地址,物流查询,订单信息推送到海关。

20 active installs v1.0.0 PHP + WP 4.0+ Updated Jun 21, 2018
chinese-checkout%e7%89%a9%e6%b5%81%e6%9f%a5%e8%af%a2woocommerce%e6%94%b6%e8%b4%a7%e5%9c%b0%e5%9d%80%e7%bc%96%e8%be%91%e6%94%b6%e8%b4%a7%e5%9c%b0%e5%9d%80%e4%b8%89%e7%ba%a7%e8%81%94%e5%8a%a8
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is WC China Checkout 物流通知插件 Safe to Use in 2026?

Generally Safe

Score 85/100

WC China Checkout 物流通知插件 has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago
Risk Assessment

The "wc-china-checkout" plugin v1.0.0 exhibits a mixed security posture. On one hand, it demonstrates good practices in areas like SQL query preparedness and output escaping, with a low number of external HTTP requests and a single nonce check. The absence of recorded CVEs and a clean vulnerability history are positive indicators of past security diligence. However, significant concerns arise from the static analysis. The presence of two "shell_exec" calls is a critical red flag, as this function can be exploited for arbitrary code execution if not handled with extreme caution and strict input validation. Furthermore, the taint analysis reveals two high-severity flows with unsanitized paths, indicating potential vulnerabilities that could allow attackers to manipulate file system operations or command execution. The lack of any capability checks for the identified entry points, though currently zero, is a potential weakness should new entry points be introduced in the future. Overall, while the plugin has a clean history and some good coding practices, the identified dangerous functions and taint flows represent a substantial security risk that requires immediate attention.

Key Concerns

  • Dangerous function: shell_exec found
  • High severity taint flow with unsanitized path (x2)
  • No capability checks on entry points
  • Bundled library: Select2 (potential for outdated version)
Vulnerabilities
None known

WC China Checkout 物流通知插件 Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

WC China Checkout 物流通知插件 Code Analysis

Dangerous Functions
2
Raw SQL Queries
2
8 prepared
Unescaped Output
82
362 escaped
Nonce Checks
1
Capability Checks
0
File Operations
8
External Requests
1
Bundled Libraries
1

Dangerous Functions Found

shell_execshell_exec("convert $tempj $tempp");includes\captcha\CaptchaBuilder.php:366
shell_exec$value = trim(strtolower(shell_exec("ocrad $tempp")));includes\captcha\CaptchaBuilder.php:367

Bundled Libraries

Select2

SQL Query Safety

80% prepared10 total queries

Output Escaping

82% escaped444 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths
<abstract-xh-settings> (includes\abstracts\abstract-xh-settings.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

WC China Checkout 物流通知插件 Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 36
actionadmin_initincludes\abstracts\abstract-xh-fields.php:12
actionadmin_menuincludes\admin\class-wc-sinic-admin.php:61
actionadmin_headincludes\admin\class-wc-sinic-admin.php:62
actionwpincludes\class-xh-session-handler.php:182
actionshutdownincludes\class-xh-session-handler.php:183
actionshutdownincludes\class-xh-session-handler.php:184
actionwp_logoutincludes\class-xh-session-handler.php:185
actionwp_loginincludes\class-xh-session-handler.php:186
filternonce_user_logged_outincludes\class-xh-session-handler.php:188
filterhttp_headers_useragentincludes\shop\class-wc-sinic-hooks.php:16
filterwoocommerce_default_address_fieldsincludes\shop\class-wc-sinic-hooks.php:20
actionwp_enqueue_scriptsincludes\shop\class-wc-sinic-hooks.php:21
filterwoocommerce_shipping_fieldsincludes\shop\class-wc-sinic-hooks.php:23
filterwoocommerce_billing_fieldsincludes\shop\class-wc-sinic-hooks.php:24
actionwoocommerce_after_checkout_validationincludes\shop\class-wc-sinic-hooks.php:25
filterwoocommerce_get_order_addressincludes\shop\class-wc-sinic-hooks.php:27
filterwoocommerce_localisation_address_formatsincludes\shop\class-wc-sinic-hooks.php:28
filterwoocommerce_formatted_address_replacementsincludes\shop\class-wc-sinic-hooks.php:29
filterwoocommerce_checkout_posted_dataincludes\shop\class-wc-sinic-hooks.php:31
filterwoocommerce_admin_billing_fieldsincludes\shop\class-wc-sinic-hooks.php:32
filterwoocommerce_admin_shipping_fieldsincludes\shop\class-wc-sinic-hooks.php:33
filterwoocommerce_form_field_countryincludes\shop\class-wc-sinic-hooks.php:37
actioninitinit.php:147
actioninitinit.php:148
actioninitinit.php:150
actioninitinit.php:151
actionafter_setup_themeinit.php:152
actionadmin_enqueue_scriptsinit.php:154
actionwp_enqueue_scriptsinit.php:155
actioninitinit.php:286
actionwoo_ch_after_initinit.php:287
filterwoo_ch_shortcodesinit.php:288
actioninitinit.php:289
actionwoo_ch_flush_rewrite_rulesinit.php:290
actionwoo_ch_croninit.php:291
actionwoo_ch_after_initinit.php:292
Maintenance & Trust

WC China Checkout 物流通知插件 Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29
Last updatedJun 21, 2018
PHP min version
Downloads2K

Community Trust

Rating100/100
Number of ratings1
Active installs20
Alternatives

WC China Checkout 物流通知插件 Alternatives

Essential Addons for Elementor – Popular Elementor Templates & Widgets

Essential Addons for Elementor – Popular Elementor Templates & Widgets

essential-addons-for-elementor-lite

B
76

Elementor addon offering 110+ widgets and templates — Elementor Gallery, Slider, Form, Post Grid, Menu, Accordion, WooCommerce & more.

2.0M 56 CVEs
Google for WooCommerce

Google for WooCommerce

google-listings-and-ads

A
99

Native integration with Google that allows merchants to easily display their products across Google’s network.

900K 1 CVE
WooPayments: Integrated WooCommerce Payments

WooPayments: Integrated WooCommerce Payments

woocommerce-payments

A
89

Securely accept credit and debit cards on your WooCommerce store. Manage payments without leaving your WordPress dashboard. Only with WooPayments.

900K 7 CVEs
WooCommerce PayPal Payments

WooCommerce PayPal Payments

woocommerce-paypal-payments

A
100

PayPal's latest payment processing solution. Accept PayPal, Pay Later, credit/debit cards, alternative digital wallets and bank accounts.

800K 1 CVE
Click to Chat – HoliThemes

Click to Chat – HoliThemes

click-to-chat-for-whatsapp

A
96

WhatsApp Chat🔥. Let's make your Web page visitors contact you through 'WhatsApp', 'WhatsApp Business'. Add matching Widget✅

700K 3 CVEs
Developer Profile

WC China Checkout 物流通知插件 Developer Profile

xunhuweb

3 plugins · 40 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect WC China Checkout 物流通知插件

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wc-china-checkout/assets/css/admin.css/wp-content/plugins/wc-china-checkout/assets/css/style.css/wp-content/plugins/wc-china-checkout/assets/js/admin.js/wp-content/plugins/wc-china-checkout/assets/js/frontend.js
Script Paths
/wp-content/plugins/wc-china-checkout/assets/js/admin.js/wp-content/plugins/wc-china-checkout/assets/js/frontend.js
Version Parameters
wc-china-checkout/assets/css/admin.css?ver=wc-china-checkout/assets/css/style.css?ver=wc-china-checkout/assets/js/admin.js?ver=wc-china-checkout/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
wc-sinicwc-sinic-checkout
HTML Comments
<!-- WC China Checkout -->
Data Attributes
data-wc-sinic
JS Globals
WC_Sinic
Shortcode Output
[wc_sinic_checkout_button]
FAQ

Frequently Asked Questions about WC China Checkout 物流通知插件