Does Partial Shipment for Woocommerce have any unpatched vulnerabilities?

No. All known vulnerabilities in Partial Shipment for Woocommerce have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Partial Shipment for Woocommerce compatible with WordPress 6.8.5?

According to WordPress.org data, Partial Shipment for Woocommerce 3.4 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Partial Shipment for Woocommerce compatible with PHP 7.4+?

Partial Shipment for Woocommerce requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Partial Shipment for Woocommerce updated?

Partial Shipment for Woocommerce was last updated on Sep 20, 2025. Frequent updates are generally a positive security signal.

What is Partial Shipment for Woocommerce's security score?

Partial Shipment for Woocommerce has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Partial Shipment for Woocommerce Security & Risk Analysis

wordpress.org/plugins/wc-partial-shipment

Partially ship an order in woocommerce and display shipment details on view order page.

1K active installs v3.4 PHP 7.4+ WP 6.7+ Updated Sep 20, 2025

partial-shipmentpartial-shipment-for-woocommercewoocommerce-partial-shipmentwoocommerce-partial-shippingwoocommerce-shipment

A · Safe

CVEs total1

Unpatched0

Last CVEJun 11, 2025

Plugin page Download

Safety Verdict

Is Partial Shipment for Woocommerce Safe to Use in 2026?

Generally Safe

Score 99/100

Partial Shipment for Woocommerce has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jun 11, 2025Updated 6mo ago

Risk Assessment

The "wc-partial-shipment" plugin v3.4 exhibits a mixed security posture. On the positive side, all SQL queries are properly prepared, and there are no identified critical or high-severity taint flows, indicating good practices in database interaction and data handling.

However, significant concerns arise from the attack surface. The plugin exposes three AJAX handlers, all of which lack authentication checks. This presents a substantial risk as any unauthenticated user could potentially interact with these endpoints, leading to unintended actions or information disclosure if the underlying functions are not robustly secured. Furthermore, the absence of nonce checks on AJAX handlers is a critical oversight, leaving the plugin vulnerable to Cross-Site Request Forgery (CSRF) attacks.

The vulnerability history shows one medium-severity SQL injection vulnerability, which, while patched, highlights a past weakness in input sanitization or query construction. The fact that this was a medium severity vulnerability and occurred in the past suggests that developers have addressed some issues, but the current lack of AJAX authentication and nonce checks are pressing immediate concerns that need to be rectified.

Key Concerns

AJAX handlers without auth checks
AJAX handlers without nonce checks
Medium severity vulnerability in history
Low output escaping coverage

Vulnerabilities

Partial Shipment for Woocommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-48118medium · 6.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Woocommerce Partial Shipment <= 3.2 - Authenticated (Subscriber+) SQL Injection

Jun 11, 2025 Patched in 3.3 (15d)

Code Analysis

Analyzed Mar 16, 2026

Partial Shipment for Woocommerce Code Analysis

Dangerous Functions

Raw SQL Queries

6 prepared

Unescaped Output

70 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared6 total queries

Output Escaping

74% escaped95 total outputs

Data Flows

All sanitized

Data Flow Analysis

4 flows

wxp_order_shipment (woocommerce-partial-shipment.php:228)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

3 unprotected

Partial Shipment for Woocommerce Attack Surface

Entry Points3

Unprotected3

AJAX Handlers 3

authwp_ajax_wxp_order_shipmentwoocommerce-partial-shipment.php:60

authwp_ajax_wxp_order_item_shipmentwoocommerce-partial-shipment.php:61

authwp_ajax_wxp_order_set_shippedwoocommerce-partial-shipment.php:62

WordPress Hooks 25

filterwoocommerce_settings_tabs_arrayclasses\wxp-partial-shipment-settings.php:9

actionwoocommerce_settings_tabs_wxp_partial_shipping_settingsclasses\wxp-partial-shipment-settings.php:10

actionwoocommerce_update_options_wxp_partial_shipping_settingsclasses\wxp-partial-shipment-settings.php:11

actionbefore_woocommerce_initwoocommerce-partial-shipment.php:45

actioninitwoocommerce-partial-shipment.php:46

actioninitwoocommerce-partial-shipment.php:47

actionplugins_loadedwoocommerce-partial-shipment.php:48

actioninitwoocommerce-partial-shipment.php:49

actioninitwoocommerce-partial-shipment.php:50

actionwoocommerce_admin_order_item_headerswoocommerce-partial-shipment.php:54

actionwoocommerce_admin_order_item_valueswoocommerce-partial-shipment.php:55

actionadmin_enqueue_scriptswoocommerce-partial-shipment.php:56

actionwp_enqueue_scriptswoocommerce-partial-shipment.php:57

actionwoocommerce_order_item_add_action_buttonswoocommerce-partial-shipment.php:58

actionwoocommerce_order_item_meta_endwoocommerce-partial-shipment.php:64

filterwc_order_statuseswoocommerce-partial-shipment.php:65

filterwoocommerce_admin_order_preview_line_item_columnswoocommerce-partial-shipment.php:67

filterwoocommerce_admin_order_preview_line_item_column_wxp_statuswoocommerce-partial-shipment.php:68

actionwoocommerce_order_actionswoocommerce-partial-shipment.php:69

actionwoocommerce_order_action_wxp_partial_shipmentwoocommerce-partial-shipment.php:70

filterwoocommerce_email_classeswoocommerce-partial-shipment.php:71

actionwoocommerce_email_partially_shipped_order_detailswoocommerce-partial-shipment.php:73

actionwxp_order_statuswoocommerce-partial-shipment.php:74

actionwoocommerce_order_status_completedwoocommerce-partial-shipment.php:75

filterredirect_post_locationwoocommerce-partial-shipment.php:509

Maintenance & Trust

Partial Shipment for Woocommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedSep 20, 2025

PHP min version7.4

Downloads24K

Community Trust

Rating88/100

Number of ratings9

Active installs1K

Alternatives

Partial Shipment for Woocommerce Alternatives

Orders Tracking for WooCommerce

woo-orders-tracking

Easily import/manage your tracking numbers, add tracking numbers to PayPal and send email notifications to customers.

10K 3 CVEs

ParcelWILL (Formerly ParcelPanel) – Shipment Tracking, Tracking & Order Tracking for WooCommerce

parcelpanel

Free Plan Available. Order Tracking, Shipment Tracking. The best WooCommerce Order Tracker for Track Order Status & Delivery Notifications

8K 2 CVEs

TrackShip for WooCommerce

trackship-for-woocommerce

TrackShip auto-tracks orders, adds a branded tracking experience to your store and handles all customer touchpoints from shipping to delivery

7K 2 CVEs

Developer Profile

Partial Shipment for Woocommerce Developer Profile

WpExperts Hub

5 plugins · 7K total installs

trust score

Avg Security Score

94/100

Avg Patch Time

15 days

View full developer profile

Detection Fingerprints

How We Detect Partial Shipment for Woocommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wc-partial-shipment/assets/css/front.css/wp-content/plugins/wc-partial-shipment/assets/css/jquery.fancybox.min.css/wp-content/plugins/wc-partial-shipment/assets/css/admin-style.css/wp-content/plugins/wc-partial-shipment/assets/js/jquery.fancybox.min.js/wp-content/plugins/wc-partial-shipment/assets/js/admin-script.js

Version Parameters

/assets/js/jquery.fancybox.min.js?ver=/assets/js/admin-script.js?ver=

HTML / DOM Fingerprints

CSS Classes

wxp-partial-shipment-wrap

Data Attributes

data-wxp-nonce

JS Globals

wxp_partial_ship_params

FAQ