WP-Safety

DPD SK for WooCommerce Security & Risk Analysis

wordpress.org/plugins/wc-dpd

Plugin spoločnosti Direct Parcel Distribution SK, s. r. o. poskytuje jednoduché a rýchle riešenie na prenos údajov o objednaných prepravných službách …

700 active installs v8.4.0 PHP 7.4+ WP 5.3+ Updated Jan 8, 2026
dpdshippingwoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is DPD SK for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

DPD SK for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago
Risk Assessment

The wc-dpd plugin v8.4.0 exhibits a generally strong security posture with several positive indicators. The absence of known CVEs and a clean vulnerability history are significant strengths, suggesting a commitment to security by the developers. The static analysis also reveals good practices, such as 100% usage of prepared statements for SQL queries and the presence of nonce checks on all AJAX handlers. Furthermore, the taint analysis found no critical or high severity vulnerabilities, and the attack surface is well-controlled with all entry points having associated authentication checks.

However, there are areas that warrant caution. The fact that there are zero capability checks for the AJAX handlers is a notable concern. While nonce checks prevent simple replay attacks, the absence of capability checks means that any authenticated user, regardless of their role or permissions, could potentially trigger these AJAX actions. This could lead to unauthorized actions if the AJAX endpoints perform sensitive operations. Additionally, while the majority of output is escaped, a significant percentage (21%) is not, which could open the door to cross-site scripting (XSS) vulnerabilities if the unescaped data is user-controlled or comes from an untrusted source.

In conclusion, wc-dpd v8.4.0 appears to be a relatively secure plugin, bolstered by its clean vulnerability history and good data handling for SQL. The lack of serious taint flows is reassuring. The primary weaknesses lie in the missing capability checks for AJAX handlers, which expand the potential attack surface for authenticated users, and the unescaped output, which presents a risk of XSS. Addressing these specific points would further enhance the plugin's security.

Key Concerns

  • Missing capability checks on AJAX handlers
  • Significant percentage of unescaped output
Vulnerabilities
None known

DPD SK for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

DPD SK for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
4 prepared
Unescaped Output
60
224 escaped
Nonce Checks
4
Capability Checks
0
File Operations
1
External Requests
2
Bundled Libraries
0

SQL Query Safety

100% prepared4 total queries

Output Escaping

79% escaped284 total outputs
Data Flows
All sanitized

Data Flow Analysis

1 flows
<OrderMetabox> (includes\OrderMetabox.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

DPD SK for WooCommerce Attack Surface

Entry Points4
Unprotected0

AJAX Handlers 4

authwp_ajax_wc_dpd_update_chosen_parcelshopincludes\Ajax.php:16
noprivwp_ajax_wc_dpd_update_chosen_parcelshopincludes\Ajax.php:17
authwp_ajax_wc_dpd_parcelshop_searchincludes\Ajax.php:23
noprivwp_ajax_wc_dpd_parcelshop_searchincludes\Ajax.php:24
WordPress Hooks 40
actionwp_enqueue_scriptsincludes\Assets.php:14
actionwp_footerincludes\Assets.php:18
actionwoocommerce_store_api_checkout_update_order_from_requestincludes\Blocks.php:20
actionwoocommerce_rest_checkout_process_payment_with_contextincludes\Blocks.php:23
actionafter_setup_themeincludes\Core.php:35
actionadmin_footerincludes\DpdExportSettings.php:61
filterwoocommerce_generate_repeater_htmlincludes\DpdExportSettings.php:62
actionadmin_footerincludes\DpdParcelShopShippingMethod.php:96
filterwoocommerce_generate_repeater_htmlincludes\DpdParcelShopShippingMethod.php:97
actionwoocommerce_email_after_order_tableincludes\Email.php:14
filterwc_dpd_client_error_messageincludes\Hooks.php:14
filteradmin_initincludes\Notice.php:16
filteradmin_noticesincludes\Notice.php:17
actionwoocommerce_checkout_update_order_metaincludes\Order.php:29
actionwoocommerce_store_api_checkout_order_processedincludes\Order.php:30
actionwoocommerce_order_details_after_order_tableincludes\Order.php:31
actionwoocommerce_admin_order_data_after_billing_addressincludes\Order.php:32
actionadmin_initincludes\OrderList.php:19
filtermanage_woocommerce_page_wc-orders_columnsincludes\OrderList.php:22
actionmanage_woocommerce_page_wc-orders_custom_columnincludes\OrderList.php:23
actionbulk_actions-woocommerce_page_wc-ordersincludes\OrderList.php:24
actionhandle_bulk_actions-woocommerce_page_wc-ordersincludes\OrderList.php:25
filtermanage_edit-shop_order_columnsincludes\OrderList.php:27
actionmanage_shop_order_posts_custom_columnincludes\OrderList.php:28
actionbulk_actions-edit-shop_orderincludes\OrderList.php:29
actionhandle_bulk_actions-edit-shop_orderincludes\OrderList.php:30
actionadd_meta_boxesincludes\OrderMetabox.php:19
actionadmin_initincludes\OrderMetabox.php:22
filterwoocommerce_shipping_methodsincludes\Shipping.php:17
filterwoocommerce_after_shipping_rateincludes\Shipping.php:18
actionwp_footerincludes\Shipping.php:19
actionwoocommerce_checkout_processincludes\Shipping.php:20
actionwoocommerce_package_ratesincludes\Shipping.php:21
actionwoocommerce_cart_updatedincludes\Shipping.php:22
filterwoocommerce_add_to_cart_fragmentsincludes\Shipping.php:28
actionwp_enqueue_scriptsincludes\Shipping.php:29
actionwc_dpd_parcelshops_searchincludes\Shipping.php:30
actionbefore_woocommerce_initwc-dpd.php:40
actionadmin_noticeswc-dpd.php:49
actionplugins_loadedwc-dpd.php:64
Maintenance & Trust

DPD SK for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 8, 2026
PHP min version7.4
Downloads14K

Community Trust

Rating100/100
Number of ratings4
Active installs700
Alternatives

DPD SK for WooCommerce Alternatives

Estonian Shipping Methods for WooCommerce

Estonian Shipping Methods for WooCommerce

estonian-shipping-methods-for-woocommerce

C
63

Extends WooCommerce with most commonly used Estonian shipping methods. All in one.

2K 1 unpatched
DPD Baltic Shipping

DPD Baltic Shipping

woo-shipping-dpd-baltic

A
98

Shipping extension for WooCommerce on WordPress of DPD Baltics. Manage your national and international shipments easily.

2K 3 CVEs
Royal Mail Shipping Calculator for WooCommerce

Royal Mail Shipping Calculator for WooCommerce

royal-mail-woocommerce-shipping-calculator

A
100

Royal Mail Shipping Calculator for WooCommerce is a WordPress Plugin that integrate the Royal Mail service.

1K No CVEs
Weight Based Shipping Table Rate for WooCommerce – Flexible Shipping

Weight Based Shipping Table Rate for WooCommerce – Flexible Shipping

flexible-shipping

A
99

Weight based shipping methods for WooCommerce. Flexible shipping with table rate rules by cart weight and order value. Accurate rates at checkout.

100K 2 CVEs
WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes & Shipping Labels

WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes & Shipping Labels

print-invoices-packing-slip-labels-for-woocommerce

A
96

Auto-generate and attach WooCommerce PDF invoices and packing slips to order emails with customizable templates & bulk print options.

60K 6 CVEs
Developer Profile

DPD SK for WooCommerce Developer Profile

Webikon s.r.o.

2 plugins · 700 total installs

89
trust score
Avg Security Score
93/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect DPD SK for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wc-dpd/public/styles/dpd-parcelshop-shipping-method-content.css/wp-content/plugins/wc-dpd/public/styles/dpd-parcelshop-map-widget.css/wp-content/plugins/wc-dpd/public/styles/dpd-parcelshop-popup.css/wp-content/plugins/wc-dpd/public/scripts/dpd-parcelshop-map-widget.js/wp-content/plugins/wc-dpd/public/scripts/dpd-parcelshop-popup.js/wp-content/plugins/wc-dpd/public/scripts/dpd-parcelshop-block-shipping-method.js/wp-content/plugins/wc-dpd/public/styles/dpd-parcelshop-block-shipping-method.css
Script Paths
https://pus-maps.dpd.sk/lib/library.js
Version Parameters
wc-dpd/public/styles/dpd-parcelshop-shipping-method-content.css?ver=wc-dpd/public/styles/dpd-parcelshop-map-widget.css?ver=wc-dpd/public/styles/dpd-parcelshop-popup.css?ver=wc-dpd/public/scripts/dpd-parcelshop-map-widget.js?ver=wc-dpd/public/scripts/dpd-parcelshop-popup.js?ver=wc-dpd/public/scripts/dpd-parcelshop-block-shipping-method.js?ver=wc-dpd/public/styles/dpd-parcelshop-block-shipping-method.css?ver=

HTML / DOM Fingerprints

CSS Classes
dpd-parcelshop-map-widget-containerdpd-parcelshop-map-widgetdpd-parcelshop-popup-containerdpd-parcelshop-popupdpd-parcelshop-block-shipping-method
Data Attributes
data-wc-dpd-parcelshop-map-widgetdata-wc-dpd-parcelshop-popupdata-wc-dpd-parcelshop-block
JS Globals
wc_dpd_parcelshop_map_widget_settingswc_dpd_parcelshop_popup_settingswc_dpd_parcelshop_block_settings
FAQ

Frequently Asked Questions about DPD SK for WooCommerce