Does WC Tiered Shipping have any unpatched vulnerabilities?

No. All known vulnerabilities in WC Tiered Shipping have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WC Tiered Shipping compatible with WordPress 6.7.5?

According to WordPress.org data, WC Tiered Shipping 3.2.1 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is WC Tiered Shipping compatible with PHP 7.0+?

WC Tiered Shipping requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WC Tiered Shipping updated?

WC Tiered Shipping was last updated on Apr 17, 2025. Frequent updates are generally a positive security signal.

What is WC Tiered Shipping's security score?

WC Tiered Shipping has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WC Tiered Shipping Security & Risk Analysis

wordpress.org/plugins/wc-tiered-shipping

[Deprecated!] This WordPress plugin adds a tiered flat rate shipping option for the WooCommerce plugin.

40 active installs v3.2.1 PHP 7.0+ WP 3.0+ Updated Apr 17, 2025

flat-rateshippingwoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is WC Tiered Shipping Safe to Use in 2026?

Generally Safe

Score 100/100

WC Tiered Shipping has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11mo ago

Risk Assessment

The "wc-tiered-shipping" plugin version 3.2.1 exhibits a generally strong security posture based on the provided static analysis. The absence of any known CVEs and the clean taint analysis results are positive indicators. The code adheres to good practices by not utilizing dangerous functions, performing file operations, or making external HTTP requests. Notably, all SQL queries are prepared, and there are no recorded vulnerabilities in its history, suggesting a mature and well-maintained codebase.

However, there are areas for improvement. The lack of any capability checks or nonce checks, coupled with the presence of unescaped output, introduces potential security concerns. While the current attack surface appears to be zero, the absence of these security mechanisms means that if any entry points were to be introduced in future versions, they might be vulnerable. The limited output escaping is a specific weakness that could be exploited if user-controlled data is ever processed and displayed without proper sanitization.

In conclusion, the plugin demonstrates a good foundation with a clean history and no overt vulnerabilities. The primary areas of concern revolve around the absence of robust authentication and authorization checks (nonces and capabilities) and the less-than-ideal output escaping. Addressing these points would significantly enhance the plugin's security, even in the absence of immediate exploitable flaws.

Key Concerns

Unescaped output detected
Missing nonce checks on entry points
Missing capability checks on entry points

Vulnerabilities

None known

WC Tiered Shipping Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

WC Tiered Shipping Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

1 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

33% escaped3 total outputs

Attack Surface

WC Tiered Shipping Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 7

actionadmin_noticesinc\activate.php:11

actionadmin_initinc\activate.php:12

actionadmin_noticesinc\activate.php:32

filterwoocommerce_shipping_methodsinc\add.php:12

actionwoocommerce_shipping_initinc\init.php:226

filterplugin_row_metainc\plugins-page.php:16

actionadmin_enqueue_scriptsinc\set-assets.php:11

Maintenance & Trust

WC Tiered Shipping Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedApr 17, 2025

PHP min version7.0

Downloads6K

Community Trust

Rating100/100

Number of ratings4

Active installs40

Alternatives

WC Tiered Shipping Alternatives

Flat Rate Shipping Method for WooCommerce

woo-extra-flat-rate

100

Create flexible flat rate shipping methods with custom rules i.e. for specific products or countries where the products will be shipped to.

6K No CVEs

PiWeb Flat rate / Conditional shipping for WooCommerce

advanced-free-flat-shipping-woocommerce

100

WooCommerce conditional shipping & WooCommerce Advanced Flat rate shipping rates plugin to Create Advanced Flat rate shipping or Free shipping met …

2K 1 CVE

Free shipping + Flat rate and hide other methods for WooCommerce

free-shipping-hide-other-methods-woo

100

Alternative WooCommerce “Free Shipping” and “Flat Rate” methods that allows the shop owner to select and make unavailable any other shipping methods o …

200 No CVEs

Per Product Flat Rate Shipping for WooCommerce

per-product-flat-rate-shipping-for-wc

Set seperate flat-rate shipping costs for both Domestic and International shipping on a per product basis in WooCommerce.

60 No CVEs

AS Product Shipping

as-product-shipping

100

A WooCommerce shipping plugin with flat rate and weight-based shipping options for individual products.

0 No CVEs

Developer Profile

WC Tiered Shipping Developer Profile

Joni Halabi

3 plugins · 50 total installs

trust score

Avg Security Score

93/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WC Tiered Shipping

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wc-tiered-shipping/build/wc-tiered-shipping-scripts.min.js

Script Paths