WP-Safety

Conditional Payments and Shipping for WooCommerce Security & Risk Analysis

wordpress.org/plugins/wc-restricted-shipping-and-payment

A simplistic plugin for excluding shipping methods based on multiple rules such as shipping class, package weight and cart totals.

900 active installs v1.0.15 PHP 5.6+ WP 4.0+ Updated Dec 8, 2025
conditional-paymentsconditional-shippingpayment-gatewaysshipping-methodwoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Conditional Payments and Shipping for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Conditional Payments and Shipping for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago
Risk Assessment

The plugin "wc-restricted-shipping-and-payment" v1.0.15 demonstrates several positive security practices, including the exclusive use of prepared statements for all SQL queries and a significant portion of outputs being properly escaped. The absence of known vulnerabilities in its history is a strong indicator of diligent development and security focus. However, a significant concern is the presence of one unprotected AJAX handler, which represents a potential entry point for attackers to exploit if not adequately secured by other means. The total attack surface is relatively small, but the unprotected handler remains a notable weakness.

The static analysis reveals that while dangerous functions, SQL injection risks, and file operations are absent, the percentage of unescaped outputs is a concern, potentially leading to cross-site scripting (XSS) vulnerabilities. The bundled Select2 v3.0.3 library is also outdated, which could contain known vulnerabilities. Despite the lack of direct taint analysis findings, the combination of an unprotected AJAX endpoint and unescaped outputs creates a discernible risk profile.

In conclusion, the plugin has a generally good security posture due to its strong SQL handling and clean vulnerability history. Nevertheless, the unprotected AJAX handler and the imperfect output escaping introduce notable security risks that should be addressed. The outdated bundled library also warrants attention. A balanced view suggests that while core data handling is secure, user-facing interactions and library management need improvement.

Key Concerns

  • Unprotected AJAX handler found
  • Output escaping is not fully implemented
  • Bundled outdated library (Select2 v3.0.3)
Vulnerabilities
None known

Conditional Payments and Shipping for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Conditional Payments and Shipping for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
48
108 escaped
Nonce Checks
4
Capability Checks
6
File Operations
0
External Requests
0
Bundled Libraries
1

Bundled Libraries

Select23.0.3

Output Escaping

69% escaped156 total outputs
Attack Surface
1 unprotected

Conditional Payments and Shipping for WooCommerce Attack Surface

Entry Points3
Unprotected1

AJAX Handlers 3

authwp_ajax_cmb2_oembed_handleradmin\vendors\cmb2\includes\CMB2_Ajax.php:51
noprivwp_ajax_cmb2_oembed_handleradmin\vendors\cmb2\includes\CMB2_Ajax.php:52
authwp_ajax_get_rule_type_operatorsincludes\class-rspw.php:165
WordPress Hooks 49
actioncmb2_admin_initadmin\class-rspw-meta-box.php:15
actionadd_meta_boxesadmin\class-rspw-meta-box.php:16
filtercmb2_render_pw_selectadmin\vendors\cmb-field-select2\cmb-field-select2.php:28
filtercmb2_render_pw_multiselectadmin\vendors\cmb-field-select2\cmb-field-select2.php:29
filtercmb2_sanitize_pw_multiselectadmin\vendors\cmb-field-select2\cmb-field-select2.php:30
filtercmb2_types_esc_pw_multiselectadmin\vendors\cmb-field-select2\cmb-field-select2.php:31
filtercmb2_repeat_table_row_typesadmin\vendors\cmb-field-select2\cmb-field-select2.php:32
filterwp_prepare_attachment_for_jsadmin\vendors\cmb2\includes\CMB2.php:1469
actionadmin_enqueue_scriptsadmin\vendors\cmb2\includes\CMB2.php:1486
actioncmb2_save_options-page_fieldsadmin\vendors\cmb2\includes\CMB2_Ajax.php:54
filterget_post_metadataadmin\vendors\cmb2\includes\CMB2_Ajax.php:147
filterupdate_post_metadataadmin\vendors\cmb2\includes\CMB2_Ajax.php:150
filtercmb2_show_onadmin\vendors\cmb2\includes\CMB2_hookup.php:79
actionedit_form_topadmin\vendors\cmb2\includes\CMB2_hookup.php:115
actionedit_form_before_permalinkadmin\vendors\cmb2\includes\CMB2_hookup.php:119
actionedit_form_after_titleadmin\vendors\cmb2\includes\CMB2_hookup.php:123
actionedit_form_after_editoradmin\vendors\cmb2\includes\CMB2_hookup.php:127
actionadd_meta_boxesadmin\vendors\cmb2\includes\CMB2_hookup.php:131
actionadd_meta_boxesadmin\vendors\cmb2\includes\CMB2_hookup.php:134
actionadd_attachmentadmin\vendors\cmb2\includes\CMB2_hookup.php:135
actionedit_attachmentadmin\vendors\cmb2\includes\CMB2_hookup.php:136
actionsave_postadmin\vendors\cmb2\includes\CMB2_hookup.php:137
actionadd_meta_boxes_commentadmin\vendors\cmb2\includes\CMB2_hookup.php:150
actionedit_commentadmin\vendors\cmb2\includes\CMB2_hookup.php:151
filtermanage_edit-comments_columnsadmin\vendors\cmb2\includes\CMB2_hookup.php:154
actionmanage_comments_custom_columnadmin\vendors\cmb2\includes\CMB2_hookup.php:155
actionshow_user_profileadmin\vendors\cmb2\includes\CMB2_hookup.php:164
actionedit_user_profileadmin\vendors\cmb2\includes\CMB2_hookup.php:165
actionuser_new_formadmin\vendors\cmb2\includes\CMB2_hookup.php:166
actionpersonal_options_updateadmin\vendors\cmb2\includes\CMB2_hookup.php:168
actionedit_user_profile_updateadmin\vendors\cmb2\includes\CMB2_hookup.php:169
actionuser_registeradmin\vendors\cmb2\includes\CMB2_hookup.php:170
filtermanage_users_columnsadmin\vendors\cmb2\includes\CMB2_hookup.php:173
filtermanage_users_custom_columnadmin\vendors\cmb2\includes\CMB2_hookup.php:174
actioncreated_termadmin\vendors\cmb2\includes\CMB2_hookup.php:222
actionedited_termsadmin\vendors\cmb2\includes\CMB2_hookup.php:223
actiondelete_termadmin\vendors\cmb2\includes\CMB2_hookup.php:224
actioncmb2_do_oembedadmin\vendors\cmb2\includes\helper-functions.php:131
filteris_protected_metaadmin\vendors\cmb2\includes\rest-api\CMB2_REST.php:144
actioninitadmin\vendors\cmb2\init.php:126
actionplugins_loadedincludes\class-rspw.php:149
actionadmin_enqueue_scriptsincludes\class-rspw.php:162
actionadmin_enqueue_scriptsincludes\class-rspw.php:163
actioninitincludes\class-rspw.php:164
actionwp_enqueue_scriptsincludes\class-rspw.php:178
actionwp_enqueue_scriptsincludes\class-rspw.php:179
filterwoocommerce_available_payment_gatewayspublic\class-rspw-payment-filter.php:28
actionwoocommerce_package_ratespublic\class-rspw-shipping-filter.php:28
actionbefore_woocommerce_initrestricted-shipping-payment-for-woocommerce.php:118
Maintenance & Trust

Conditional Payments and Shipping for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 8, 2025
PHP min version5.6
Downloads15K

Community Trust

Rating100/100
Number of ratings3
Active installs900
Alternatives

Conditional Payments and Shipping for WooCommerce Alternatives

Codiepress WooCommerce Conditional Shipping and Payments – Hide Shipping & Payment Methods

Codiepress WooCommerce Conditional Shipping and Payments – Hide Shipping & Payment Methods

conditional-shipping-and-payments-for-woocommerce

A
100

Easily manage WooCommerce shipping & payment methods by cart, user roles, address & more. Enhance checkout with conditional shipping & payments.

200 No CVEs
Conditional Shipping for WooCommerce: Restrict Shipping Options by Anything

Conditional Shipping for WooCommerce: Restrict Shipping Options by Anything

wpfactory-conditional-shipping-for-woocommerce

A
100

Set conditions for WooCommerce shipping methods to show up.

400 No CVEs
Beep Conditional Payments for WooCommerce

Beep Conditional Payments for WooCommerce

beep-conditional-payments

A
100

Control WooCommerce payment methods with flexible rules. Enable, disable, or add fees based on order, products, or customers.

10 No CVEs
Easy Shipping for Woocommerce

Easy Shipping for Woocommerce

easy-shipping-rate

A
85

Easy Shipping for Woocommerce allows you to easily create new shipping methods. It is a very flexible plugin with which you can condition the pricing …

0 No CVEs
Weight Based Shipping Table Rate for WooCommerce – Flexible Shipping

Weight Based Shipping Table Rate for WooCommerce – Flexible Shipping

flexible-shipping

A
99

Weight based shipping methods for WooCommerce. Flexible shipping with table rate rules by cart weight and order value. Accurate rates at checkout.

100K 2 CVEs
Developer Profile

Conditional Payments and Shipping for WooCommerce Developer Profile

Waseem Senjer

10 plugins · 27K total installs

77
trust score
Avg Security Score
97/100
Avg Patch Time
784 days
View full developer profile
Detection Fingerprints

How We Detect Conditional Payments and Shipping for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wc-restricted-shipping-and-payment/admin/vendors/cmb-field-select2/css/select2.min.css/wp-content/plugins/wc-restricted-shipping-and-payment/admin/vendors/cmb-field-select2/css/style.css/wp-content/plugins/wc-restricted-shipping-and-payment/admin/vendors/cmb-field-select2/js/select2.min.js/wp-content/plugins/wc-restricted-shipping-and-payment/admin/vendors/cmb-field-select2/js/script.js
Script Paths
/wp-content/plugins/wc-restricted-shipping-and-payment/admin/vendors/cmb-field-select2/js/select2.min.js/wp-content/plugins/wc-restricted-shipping-and-payment/admin/vendors/cmb-field-select2/js/script.js
Version Parameters
wc-restricted-shipping-and-payment/admin/vendors/cmb-field-select2/js/select2.min.js?ver=wc-restricted-shipping-and-payment/admin/vendors/cmb-field-select2/js/script.js?ver=

HTML / DOM Fingerprints

CSS Classes
pw_select2pw_selectpw_multiselect
Data Attributes
data-placeholder
JS Globals
PW_CMB2_Field_Select2
FAQ

Frequently Asked Questions about Conditional Payments and Shipping for WooCommerce