WP-Safety

Multi-Carrier EasyPost Shipping Methods & Address Validation for WooCommerce Security & Risk Analysis

wordpress.org/plugins/wc-easypost-shipping

EasyPost Shipping plugin for WooCommerce displays live shipping rates at cart / checkout pages.

400 active installs v1.6.18 PHP 7.3+ WP 5.6+ Updated Mar 4, 2026
address-validationeasypostshipping-methodvalidate-addresswoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Multi-Carrier EasyPost Shipping Methods & Address Validation for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Multi-Carrier EasyPost Shipping Methods & Address Validation for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The "wc-easypost-shipping" plugin v1.6.18 exhibits a generally strong security posture based on the static analysis. The plugin has a very small attack surface with no reported AJAX handlers, REST API routes, shortcodes, or cron events, and crucially, none of these entry points appear to be unprotected. The plugin also demonstrates good practices regarding SQL queries, exclusively using prepared statements. However, a significant concern arises from the presence of the `unserialize()` function without any apparent sanitization or context for its usage. This, combined with a moderate percentage of unescaped output (40%), indicates potential for cross-site scripting (XSS) or remote code execution (RCE) vulnerabilities if user-supplied data is not handled with extreme care before being passed to `unserialize()` or when outputting data that hasn't been properly escaped. The plugin's vulnerability history is clean, with zero recorded CVEs, which is a positive indicator of its development over time. Despite the lack of historical vulnerabilities, the static analysis findings, particularly the `unserialize()` usage and imperfect output escaping, necessitate caution. The plugin's strengths lie in its limited attack surface and secure database interactions, but the potential for deserialization vulnerabilities and XSS remain as weaknesses that require careful review of how serialized data is handled and how output is managed.

Key Concerns

  • Presence of unserialize() without apparent checks
  • Significant amount of unescaped output
Vulnerabilities
None known

Multi-Carrier EasyPost Shipping Methods & Address Validation for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Multi-Carrier EasyPost Shipping Methods & Address Validation for WooCommerce Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
0 prepared
Unescaped Output
10
15 escaped
Nonce Checks
0
Capability Checks
1
File Operations
2
External Requests
3
Bundled Libraries
0

Dangerous Functions Found

unserialize$data = unserialize($response['body']);includes\Admin\OneTeamSoftware.php:179

Output Escaping

60% escaped25 total outputs
Attack Surface

Multi-Carrier EasyPost Shipping Methods & Address Validation for WooCommerce Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 12
actionadmin_menuincludes\Admin\OneTeamSoftware.php:55
actionadmin_initincludes\Admin\OneTeamSoftware.php:56
actionadmin_initincludes\Shipping\AbstractShippingMethod.php:24
filterhttp_request_timeoutincludes\Shipping\Adapter\AbstractAdapter.php:82
actionadmin_menuincludes\Shipping\Plugin.php:96
filterwoocommerce_shipping_methodsincludes\Shipping\Plugin.php:100
actionplugins_loadedincludes\Shipping\Plugin.php:107
actionplugins_loadedincludes\Shipping\Plugin.php:109
actionwp_loadedincludes\Shipping\Plugin.php:110
actionwoocommerce_after_checkout_validationincludes\Shipping\Plugin.php:111
filterwoocommerce_billing_fieldsincludes\Shipping\Plugin.php:112
filterwoocommerce_shipping_fieldsincludes\Shipping\Plugin.php:113
Maintenance & Trust

Multi-Carrier EasyPost Shipping Methods & Address Validation for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 4, 2026
PHP min version7.3
Downloads19K

Community Trust

Rating100/100
Number of ratings1
Active installs400
Alternatives

Multi-Carrier EasyPost Shipping Methods & Address Validation for WooCommerce Alternatives

Multi-Carrier Shippo Shipping Rates & Address Validation for WooCommerce

Multi-Carrier Shippo Shipping Rates & Address Validation for WooCommerce

wc-shippo-shipping

A
100

Multi-Carrier Shippo shipping plugin for WooCommerce displays live shipping rates at cart / checkout pages, validates shipping address.

2K No CVEs
Advanced FedEx Shipping – Live Rates & Address Validation for WooCommerce

Advanced FedEx Shipping – Live Rates & Address Validation for WooCommerce

wc-fedex-shipping

A
100

FedEx Shipping plugin for WooCommerce displays live shipping rates at cart / checkout pages and validates shipping address before allowing to place an …

30 No CVEs
Multi-Carrier Shipmondo Shipping for WooCommerce

Multi-Carrier Shipmondo Shipping for WooCommerce

wc-shipmondo-shipping

A
100

Multi-Carrier Shipmondo shipping plugin for WooCommerce displays live shipping rates at cart / checkout pages.

10 No CVEs
WC Hide Shipping Methods

WC Hide Shipping Methods

wc-hide-shipping-methods

A
100

This plugin automatically hides all other shipping methods when "Free Shipping" is available, while allowing you to retain "Local Picku …

20K No CVEs
Hide Shipping Method For WooCommerce

Hide Shipping Method For WooCommerce

hide-shipping-method-for-woocommerce

A
99

Allows store owners to hide shipping methods based on specific conditions!

10K 1 CVE
Developer Profile

Multi-Carrier EasyPost Shipping Methods & Address Validation for WooCommerce Developer Profile

oneteamsoftware

14 plugins · 6K total installs

79
trust score
Avg Security Score
100/100
Avg Patch Time
97 days
View full developer profile
Detection Fingerprints

How We Detect Multi-Carrier EasyPost Shipping Methods & Address Validation for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wc-easypost-shipping/assets/css/easypost-admin.css/wp-content/plugins/wc-easypost-shipping/assets/css/easypost-shipping.css/wp-content/plugins/wc-easypost-shipping/assets/js/easypost-admin.js/wp-content/plugins/wc-easypost-shipping/assets/js/easypost-shipping.js
Script Paths
/wp-content/plugins/wc-easypost-shipping/assets/js/easypost-admin.js/wp-content/plugins/wc-easypost-shipping/assets/js/easypost-shipping.js
Version Parameters
wc-easypost-shipping/assets/css/easypost-admin.css?ver=wc-easypost-shipping/assets/css/easypost-shipping.css?ver=wc-easypost-shipping/assets/js/easypost-admin.js?ver=wc-easypost-shipping/assets/js/easypost-shipping.js?ver=

HTML / DOM Fingerprints

CSS Classes
easypost-shipping-admin-noticeeasypost-shipping-admin-wrap
HTML Comments
<!-- EasyPost Shipping Wrapper --><!-- EasyPost Shipping Admin Wrapper --><!-- End EasyPost Shipping Admin Wrapper --><!-- EasyPost Shipping Options -->+4 more
Data Attributes
data-easypost-keydata-easypost-address-validation-activedata-easypost-shipment-id
JS Globals
easypost_params
FAQ

Frequently Asked Questions about Multi-Carrier EasyPost Shipping Methods & Address Validation for WooCommerce