Does Ship Estimate for WooCommerce have any unpatched vulnerabilities?

No. All known vulnerabilities in Ship Estimate for WooCommerce have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Ship Estimate for WooCommerce compatible with WordPress 6.9.4?

According to WordPress.org data, Ship Estimate for WooCommerce 2.1.11 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Ship Estimate for WooCommerce updated?

Ship Estimate for WooCommerce was last updated on Jan 10, 2026. Frequent updates are generally a positive security signal.

What is Ship Estimate for WooCommerce's security score?

Ship Estimate for WooCommerce has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Ship Estimate for WooCommerce Security & Risk Analysis

wordpress.org/plugins/wc-ship-est

Add a Delivery Estimate or Shipping Method Description to the WooCommerce Cart with a simple, fast and lightweight plugin.

100 active installs v2.1.11 PHP + WP 6.6+ Updated Jan 10, 2026

backorderdelivery-estimategoogle-reviewsship-datewoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Ship Estimate for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Ship Estimate for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago

Risk Assessment

The "wc-ship-est" plugin v2.1.11 exhibits a generally good security posture with a low attack surface and a commendable use of prepared statements for SQL queries. The plugin also implements capability checks and nonce checks, which are vital for protecting against common WordPress vulnerabilities. However, the static analysis reveals a significant concern: the presence of the `unserialize` function, which is known to be a potential vector for remote code execution if user-controlled data is passed to it without proper sanitization. This, combined with a taint analysis flow with unsanitized paths, indicates a potential risk that requires careful investigation and mitigation.

The plugin's clean vulnerability history with no recorded CVEs is a strong positive signal, suggesting that the developers have a history of producing secure code or have been diligent in addressing any past issues. Despite this positive history, the identified `unserialize` function and the tainted flow highlight an area where the plugin's security could be further strengthened. Therefore, while the plugin appears to be relatively secure based on its history and overall implementation of security best practices, the specific findings in the static analysis warrant attention to prevent potential exploitation.

Key Concerns

Presence of unserialize function
Flows with unsanitized paths
Low percentage of properly escaped output

Vulnerabilities

None known

Ship Estimate for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Ship Estimate for WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

41 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$method_title=unserialize($m->meta)['title'];wse_functions.php:311

SQL Query Safety

100% prepared1 total queries

Output Escaping

33% escaped126 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

3 flows1 with unsanitized paths

wse_adminMenu (wse_functions.php:139)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Ship Estimate for WooCommerce Attack Surface

Entry Points2

Unprotected0

Shortcodes 2

[display_ship_est] wse_functions.php:1527

[wse_prd_estimate] wse_functions.php:1531

WordPress Hooks 13

actionactivated_pluginwse_functions.php:25

actionadmin_noticeswse_functions.php:87

actionadmin_initwse_functions.php:89

actionbefore_woocommerce_initwse_functions.php:107

actionadmin_menuwse_functions.php:1122

actionwoocommerce_initwse_functions.php:1519

actionwp_footerwse_functions.php:1519

actionwoocommerce_before_add_to_cart_formwse_functions.php:1530

actionadmin_footerwse_functions.php:1658

actionadmin_headwse_functions.php:1678

actionwoocommerce_email_before_order_tablewse_functions.php:1695

filterwoocommerce_email_format_stringwse_functions.php:1706

actionwp_footerwse_functions.php:1744

Maintenance & Trust

Ship Estimate for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 10, 2026

PHP min version

Downloads15K

Community Trust

Rating98/100

Number of ratings8

Active installs100

Alternatives

Ship Estimate for WooCommerce Alternatives

ReviewX – Multi-Criteria Reviews for WooCommerce with Google Reviews & Schema

reviewx

Drive woocommerce business growth with social proof: gather product reviews with multicriteria ratings, auto-reminder emails, discounts, and more.

9K 9 CVEs

Customer Reviews Collector for WooCommerce

customer-reviews-collector-for-woocommerce

Collect reviews on Google, Facebook, Yelp, Trustindex and other platforms automatically, with the help of our system.

5K 1 CVE

Merchant Center Reviews for Woocommerce

merchant-center-reviews-for-woocommerce

Merchant Center Reviews for WooCommerce automates the process of requesting reviews via Google Merchant Center, helping you collect valuable feedback.

300 No CVEs

Custom Backorder Messages For Woocommerce

custom-backorders-for-woocommerce

Allows the author to provide a product or variation a custom backorder message. This is useful when you've got a hot item but no stock until Jan …

200 No CVEs

List Orders with Backorders for WooCommerce

list-backorders-for-woocommerce

A Wordpress Plugin to List Orders with Backordered items on them. This helps the store manager with a list of orders that need items to complete fulfi …

90 No CVEs

Developer Profile

Ship Estimate for WooCommerce Developer Profile

RLDD

8 plugins · 5K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

8 days

View full developer profile

Detection Fingerprints

How We Detect Ship Estimate for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wc-ship-est/js/wse_checkout.js/wp-content/plugins/wc-ship-est/css/wse_checkout.css/wp-content/plugins/wc-ship-est/js/wse_admin.js/wp-content/plugins/wc-ship-est/css/wse_admin.css

Script Paths

/wp-content/plugins/wc-ship-est/js/wse_checkout.js/wp-content/plugins/wc-ship-est/js/wse_admin.js

Version Parameters

wc-ship-est/js/wse_checkout.js?ver=wc-ship-est/css/wse_checkout.css?ver=wc-ship-est/js/wse_admin.js?ver=wc-ship-est/css/wse_admin.css?ver=

HTML / DOM Fingerprints

CSS Classes

wse-admin-noticewse-admin-settings-container

HTML Comments

Data Attributes

data-wse-method-iddata-wse-option-key

JS Globals

wse_checkout_paramswse_admin_params

FAQ