WP-Safety

Deliver via Shipos for WooCommerce Security & Risk Analysis

wordpress.org/plugins/wc-shipos-delivery

ShipOS - Auto Sync your WooCommerce store orders to all delivery companies and Automate your shipping

600 active installs v3.1.0 PHP 7.4+ WP 5.8.0+ Updated Nov 30, 2025
cargochitahfdshipmenttapuz
97
A · Safe
CVEs total3
Unpatched0
Last CVESep 22, 2025
Plugin page Download
Safety Verdict

Is Deliver via Shipos for WooCommerce Safe to Use in 2026?

Generally Safe

Score 97/100

Deliver via Shipos for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Sep 22, 2025Updated 4mo ago
Risk Assessment

The "wc-shipos-delivery" v3.1.0 plugin presents a mixed security posture. While it demonstrates strengths in areas like prepared SQL statements and a high percentage of output escaping, significant concerns arise from its attack surface. A notable 9 out of 16 entry points, primarily AJAX handlers, lack authentication checks, creating a substantial risk of unauthorized access and potential exploitation. The taint analysis shows no critical or high-severity vulnerabilities, which is positive, but the presence of "unsanitized paths" warrants attention, even if not classified as critical in this analysis. The plugin's vulnerability history reveals a pattern of medium-severity issues, specifically CSRF and XSS. Although there are no currently unpatched CVEs, the historical occurrence of these common web vulnerabilities suggests a recurring need for careful input validation and output sanitization in future development.

Key Concerns

  • Unprotected AJAX handlers
  • Unsanitized paths in taint flows
  • Medium severity vulnerabilities historically (CSRF, XSS)
Vulnerabilities
3

Deliver via Shipos for WooCommerce Security Vulnerabilities

CVEs by Year

3 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
3

3 total CVEs

CVE-2025-57914medium · 4.3Cross-Site Request Forgery (CSRF)

Deliver via Shipos for WooCommerce <= 3.0.2 - Cross-Site Request Forgery

Sep 22, 2025 Patched in 3.1.0 (81d)
CVE-2025-32533medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Deliver via Shipos for WooCommerce <= 2.1.7 - Reflected Cross-Site Scripting

Apr 10, 2025 Patched in 2.2.0 (7d)
CVE-2024-12222medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Deliver via Shipos for WooCommerce <= 2.1.7 - Reflected Cross-Site Scripting via dvsfw_bulk_label_url Parameter

Jan 8, 2025 Patched in 2.2.0 (327d)
Code Analysis
Analyzed Mar 16, 2026

Deliver via Shipos for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
2 prepared
Unescaped Output
7
182 escaped
Nonce Checks
7
Capability Checks
3
File Operations
0
External Requests
4
Bundled Libraries
0

SQL Query Safety

100% prepared2 total queries

Output Escaping

96% escaped189 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

10 flows2 with unsanitized paths
matat_meta_box_side (class\class-admin.php:125)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
9 unprotected

Deliver via Shipos for WooCommerce Attack Surface

Entry Points16
Unprotected9

AJAX Handlers 11

authwp_ajax_matat_open_new_orderclass\class-delivery.php:108
authwp_ajax_matat_sync_pickup_pointclass\class-delivery.php:109
authwp_ajax_matat_get_order_detailsclass\class-delivery.php:110
authwp_ajax_matat_change_order_statusclass\class-delivery.php:111
authwp_ajax_dvsfw_reopen_shipclass\class-delivery.php:112
authwp_ajax_dvsfw_get_pickup_locationsclass\class-delivery.php:113
noprivwp_ajax_dvsfw_get_pickup_locationsclass\class-delivery.php:117
authwp_ajax_dvsfw_get_coordinatesclass\class-delivery.php:121
noprivwp_ajax_dvsfw_get_coordinatesclass\class-delivery.php:122
authwp_ajax_save_shipos_pickup_locationincludes\Pickup.php:651
noprivwp_ajax_save_shipos_pickup_locationincludes\Pickup.php:652

REST API Routes 5

POST/wp-json/wc/v3/order_shipment_created_metaclass\class-rest-routes.php:13
POST/wp-json/wc/v3/order_shipment_cancelled_metaclass\class-rest-routes.php:19
GET/wp-json/wc/v3/shipos_settingsclass\class-rest-routes.php:25
POST/wp-json/wc/v3/shipos_license_updateclass\class-rest-routes.php:31
POST/wp-json/wc/v3/dvsfw_update_custom_fieldclass\class-rest-routes.php:37
WordPress Hooks 71
actionadmin_enqueue_scriptsclass\class-delivery.php:68
actionadmin_enqueue_scriptsclass\class-delivery.php:69
actionadmin_menuclass\class-delivery.php:70
actionrest_api_initclass\class-delivery.php:71
actionadmin_bar_menuclass\class-delivery.php:72
actionadmin_noticesclass\class-delivery.php:73
actioninitclass\class-delivery.php:74
actionadmin_initclass\class-delivery.php:77
actionadd_meta_boxesclass\class-delivery.php:107
actionadmin_initclass\class-delivery.php:123
actionadmin_initclass\class-delivery.php:124
actionmanage_shop_order_posts_custom_columnclass\class-delivery.php:125
actionwoocommerce_shop_order_list_table_custom_columnclass\class-delivery.php:129
filtermanage_shop_order_posts_columnsclass\class-delivery.php:141
filterwoocommerce_shop_order_list_table_columnsclass\class-delivery.php:145
actionadmin_initclass\class-order-status.php:22
filtercron_schedulesclass\class-order-status.php:61
filterwoocommerce_settings_tabs_arrayclass\class-settings.php:22
actionwoocommerce_settings_tabs_settings_tab_shiposclass\class-settings.php:23
actionwoocommerce_update_options_settings_tab_shiposclass\class-settings.php:24
filterwoocommerce_sections_settings_tab_shiposclass\class-settings.php:25
filterwoocommerce_admin_settings_sanitize_option_dvsfw_license_keyclass\class-settings.php:30
actionwoocommerce_admin_field_shipping_method_status_mappingsclass\class-settings.php:36
actionadmin_noticesclass\class-settings.php:183
actionadmin_noticesclass\class-settings.php:196
actionadmin_noticesclass\class-settings.php:202
actionadmin_noticesclass\class-settings.php:205
filterrender_blockclass\class-shipos-shipping-cart-block.php:24
actiondvsfw_after_woocommerce/cart-order-summary-shipping-blockclass\class-shipos-shipping-cart-block.php:25
actionadmin_noticesclass\class-webservice.php:136
filterwoocommerce_shipping_free_shipping_is_availableincludes\free-shipping.php:2
actionwoocommerce_shipping_initincludes\GetPackage.php:20
filterwoocommerce_shipping_methodsincludes\GetPackage.php:142
filterwoocommerce_package_ratesincludes\GetPackage.php:150
filterbulk_actions-edit-shop_orderincludes\matat-actions.php:48
filterbulk_actions-woocommerce_page_wc-ordersincludes\matat-actions.php:49
filterhandle_bulk_actions-edit-shop_orderincludes\matat-actions.php:77
filterhandle_bulk_actions-woocommerce_page_wc-ordersincludes\matat-actions.php:78
filterhandle_bulk_actions-edit-shop_orderincludes\matat-actions.php:128
filterhandle_bulk_actions-woocommerce_page_wc-ordersincludes\matat-actions.php:129
actionadmin_noticesincludes\matat-actions.php:131
actionadmin_noticesincludes\matat-actions.php:152
actionadmin_footerincludes\matat-actions.php:182
actionadmin_noticesincludes\matat-actions.php:229
actionwoocommerce_shipping_initincludes\Pickup.php:122
filterwoocommerce_shipping_methodsincludes\Pickup.php:130
actionwp_footerincludes\Pickup.php:186
actionwp_enqueue_scriptsincludes\Pickup.php:407
actionwoocommerce_checkout_processincludes\Pickup.php:421
actionwoocommerce_checkout_update_order_metaincludes\Pickup.php:458
actionwoocommerce_admin_order_data_after_shipping_addressincludes\Pickup.php:525
filterwoocommerce_admin_shipping_fieldsincludes\Pickup.php:562
actionwoocommerce_process_shop_order_metaincludes\Pickup.php:590
actiondvsfw_get_location_dailyincludes\Pickup.php:628
filterwoocommerce_email_order_meta_fieldsincludes\Pickup.php:648
actionwoocommerce_shipping_initincludes\woltDrive.php:20
filterwoocommerce_shipping_methodsincludes\woltDrive.php:147
filterwoocommerce_package_ratesincludes\woltDrive.php:156
actionwoocommerce_shipping_initincludes\ZigZag.php:20
filterwoocommerce_shipping_methodsincludes\ZigZag.php:147
filterwoocommerce_package_ratesincludes\ZigZag.php:156
actionactivated_pluginwc-shipos-delivery.php:88
filterplugin_action_linkswc-shipos-delivery.php:100
actionadmin_noticeswc-shipos-delivery.php:129
actionadmin_noticeswc-shipos-delivery.php:133
actioninitwc-shipos-delivery.php:139
actionwoocommerce_blocks_loadedwc-shipos-delivery.php:196
actionwoocommerce_blocks_checkout_block_registrationwc-shipos-delivery.php:201
actionwoocommerce_store_api_checkout_update_order_from_requestwc-shipos-delivery.php:254
actionwoocommerce_thankyouwc-shipos-delivery.php:265
filterwoocommerce_webhook_payloadwc-shipos-delivery.php:267

Scheduled Events 1

dvsfw_get_location_daily
Maintenance & Trust

Deliver via Shipos for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedNov 30, 2025
PHP min version7.4
Downloads11K

Community Trust

Rating100/100
Number of ratings3
Active installs600
Alternatives

Deliver via Shipos for WooCommerce Alternatives

ShippinGo Ecommerce Delivery – ShippinGo

ShippinGo Ecommerce Delivery – ShippinGo

shippingo

A
92

ShippinGo Ecommerce Delivery enables seamless syncing of your WooCommerce orders with a variety of delivery companies, automating the entire shipping &hellip;

0 No CVEs
Cargo Shipping Location for WooCommerce

Cargo Shipping Location for WooCommerce

cargo-shipping-location-for-woocommerce

A
100

The new plugin for Cargo express & pickups delivery orders from WooCommerce.

200 No CVEs
Advanced Shipment Tracking for WooCommerce

Advanced Shipment Tracking for WooCommerce

woo-advanced-shipment-tracking

A
98

Add shipment tracking info to WooCommerce orders, send tracking numbers to customers via email, and let them track deliveries from My Account.

60K 2 CVEs
Shiprocket

Shiprocket

shiprocket

B
78

Auto Sync your Woocommerce store orders & ship them at lowest shipping rates. Automate your shipping, save time & money.

10K 1 unpatched
Shiptastic for WooCommerce

Shiptastic for WooCommerce

shiptastic-for-woocommerce

A
100

Shiptastic for WooCommerce is your all-in-one shipping and fulfillment solution for WooCommerce.

10K No CVEs
Developer Profile

Deliver via Shipos for WooCommerce Developer Profile

Matat Technologies

3 plugins · 1K total installs

78
trust score
Avg Security Score
98/100
Avg Patch Time
233 days
View full developer profile
Detection Fingerprints

How We Detect Deliver via Shipos for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wc-shipos-delivery/assets/css/shipos-shipping-cart-block.css/wp-content/plugins/wc-shipos-delivery/assets/js/shipos-shipping-cart-block.js
Script Paths
/wp-content/plugins/wc-shipos-delivery/assets/js/shipos-shipping-cart-block.js
Version Parameters
wc-shipos-delivery/assets/css/shipos-shipping-cart-block.css?ver=wc-shipos-delivery/assets/js/shipos-shipping-cart-block.js?ver=

HTML / DOM Fingerprints

CSS Classes
shipos-shipping-cartshipos_opener_wrapshipos_popup_openshipos-btn-titleshipos-delivery-form-row-wide
Data Attributes
readonly
JS Globals
shipos_delivery_locationshipos_delivery_location_iddvsfw_plugin_slugdvsfw_plugin_versiondvsfw_get_by_iddvsfw_get_ship_status+15 more
REST Endpoints
/wp-json/wc-shipos-delivery/v1/get_order_details/wp-json/wc-shipos-delivery/v1/get_shipping_status/wp-json/wc-shipos-delivery/v1/open_new_order/wp-json/wc-shipos-delivery/v1/change_order_status/wp-json/wc-shipos-delivery/v1/label/wp-json/wc-shipos-delivery/v1/bulk-label/wp-json/wc-shipos-delivery/v1/pickup_locations/wp-json/wc-shipos-delivery/v1/same_day_delivery_quote/wp-json/wc-shipos-delivery/v1/create_shipping_promise/wp-json/wc-shipos-delivery/v1/get_express_delivery_status/wp-json/wc-shipos-delivery/v1/get_express_delivery_enabled/wp-json/wc-shipos-delivery/v1/order
FAQ

Frequently Asked Questions about Deliver via Shipos for WooCommerce