WC Ukraine Shipping – Integration of Nova Poshta and Ukrposhta for WooCommerce Security & Risk Analysis

Connect Nova Poshta, Ukrposhta, Meest or international delivery services with your store. Create labels, track orders and calculate rates in one place …

7K active installs v1.21.6 PHP 7.4+ WP + Updated Feb 25, 2026

%d0%bd%d0%be%d0%b2%d0%b0-%d0%bf%d0%be%d1%88%d1%82%d0%b0nova-post%d1%83%d0%ba%d1%80%d0%bf%d0%be%d1%88%d1%82%d0%b0rozetka-deliveryshipping

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WC Ukraine Shipping – Integration of Nova Poshta and Ukrposhta for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

WC Ukraine Shipping – Integration of Nova Poshta and Ukrposhta for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The 'wc-ukr-shipping' plugin, version 1.21.6, exhibits a generally good security posture based on the provided static analysis. The total number of entry points is low and importantly, all identified entry points (AJAX, REST API, cron events) appear to have appropriate authentication or permission checks. The absence of known vulnerabilities in its history further strengthens this assessment, suggesting a track record of secure development and maintenance. However, there are areas for improvement that warrant attention. The plugin has a moderate percentage of SQL queries not using prepared statements and a significant portion of output not being properly escaped. While the taint analysis did not reveal critical or high severity flows, the presence of flows with unsanitized paths is a concern and could potentially lead to issues if not handled with extreme care or if further vulnerabilities are introduced. The limited number of file operations and external HTTP requests, along with nonce and capability checks, are positive indicators. Overall, the plugin is in a relatively secure state, but the identified code quality issues, particularly around SQL and output sanitization, represent potential weaknesses that could be exploited in conjunction with other factors or future code changes.

Key Concerns

SQL queries not using prepared statements
Output not properly escaped
Flows with unsanitized paths

Vulnerabilities

None known

WC Ukraine Shipping – Integration of Nova Poshta and Ukrposhta for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

WC Ukraine Shipping – Integration of Nova Poshta and Ukrposhta for WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

10 prepared

Unescaped Output

158 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

43% prepared23 total queries

Output Escaping

74% escaped213 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths

handleBatchDownloadPage (src\Modules\Backend\Orders.php:113)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

WC Ukraine Shipping – Integration of Nova Poshta and Ukrposhta for WooCommerce Attack Surface

Entry Points1

Unprotected0

REST API Routes 1

POST/wp-json/wc-ukr-shipping/v1trackingsrc\Modules\WcusLegacyCompatibility.php:31

WordPress Hooks 40

actionadmin_enqueue_scriptssrc\Modules\Backend\AssetsLoader.php:37

actionadmin_headsrc\Modules\Backend\AssetsLoader.php:38

actionwoocommerce_order_status_changedsrc\Modules\Backend\Automation.php:34

actionwcus_smartyparcel_auto_create_labelsrc\Modules\Backend\Automation.php:35

actionadmin_menusrc\Modules\Backend\OptionsPage.php:59

filterwcus_load_admin_i18nsrc\Modules\Backend\OptionsPage.php:60

filtermanage_edit-shop_order_columnssrc\Modules\Backend\Orders.php:34

actionmanage_shop_order_posts_custom_columnsrc\Modules\Backend\Orders.php:35

filtermanage_woocommerce_page_wc-orders_columnssrc\Modules\Backend\Orders.php:38

actionmanage_woocommerce_page_wc-orders_custom_columnsrc\Modules\Backend\Orders.php:39

actioninitsrc\Modules\Backend\Orders.php:41

actioninitsrc\Modules\Backend\Orders.php:42

actionadd_meta_boxessrc\Modules\Backend\Orders.php:44

actionwoocommerce_after_order_itemmetasrc\Modules\Backend\Orders.php:45

filterwoocommerce_hidden_order_itemmetasrc\Modules\Backend\ShippingItemDrawer.php:18

actionplugins_loadedsrc\Modules\Core\Activator.php:26

actionplugins_loadedsrc\Modules\Core\Localization.php:20

filterwoocommerce_account_orders_columnssrc\Modules\Frontend\Account.php:21

actionwoocommerce_my_account_my_orders_column_wcus_shipmentsrc\Modules\Frontend\Account.php:22

actionwp_headsrc\Modules\Frontend\AssetsLoader.php:27

actionwp_headsrc\Modules\Frontend\AssetsLoader.php:28

actionwp_enqueue_scriptssrc\Modules\Frontend\AssetsLoader.php:29

filterwoocommerce_shipping_rate_costsrc\Modules\Frontend\Cart.php:20

actionwoocommerce_after_checkout_shipping_formsrc\Modules\Frontend\Checkout.php:31

filterwoocommerce_cart_shipping_method_full_labelsrc\Modules\Frontend\Checkout.php:32

filterwoocommerce_cart_totals_order_total_htmlsrc\Modules\Frontend\Checkout.php:33

actionwoocommerce_after_shipping_ratesrc\Modules\Frontend\Checkout.php:34

actionwcus_state_initsrc\Modules\Frontend\Checkout.php:35

filterwoocommerce_checkout_fieldssrc\Modules\Frontend\Checkout.php:36

filterwoocommerce_package_ratessrc\Modules\Frontend\Checkout.php:37

actionwoocommerce_checkout_processsrc\Modules\Frontend\CheckoutValidator.php:22

filterwoocommerce_checkout_fieldssrc\Modules\Frontend\CheckoutValidator.php:23

actionwoocommerce_checkout_create_ordersrc\Modules\Frontend\OrderCreator.php:30

actionwoocommerce_checkout_create_order_shipping_itemsrc\Modules\Frontend\OrderCreator.php:31

filterwoocommerce_shipping_methodssrc\Modules\Frontend\ShippingMethod.php:28

filterwoocommerce_cart_shipping_packagessrc\Modules\Frontend\ShippingMethod.php:29

filterwoocommerce_calculated_totalsrc\Modules\Frontend\ShippingMethod.php:30

actioninitsrc\Modules\SmartyParcel.php:21

actionrest_api_initsrc\Modules\WcusLegacyCompatibility.php:25

actionbefore_woocommerce_initwc-ukr-shipping.php:37

Scheduled Events 1

wcus_smartyparcel_auto_create_label

Maintenance & Trust

WC Ukraine Shipping – Integration of Nova Poshta and Ukrposhta for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 25, 2026

PHP min version7.4

Downloads147K

Community Trust

Rating94/100

Number of ratings54

Active installs7K

Alternatives

WC Ukraine Shipping – Integration of Nova Poshta and Ukrposhta for WooCommerce Alternatives

Morkva UA Shipping

morkva-ua-shipping

Нова Пошта по Україні та закордон, Укрпошта по Україні та закордон. Rozetka Delivery. Зручне створення ТТН. Друк ТТН. Сумісний з іншими плагінами.

800 2 CVEs

Nova Post for WooCommerce

nova-post-for-woocommerce

100

Official Nova Post shipping plugin for WooCommerce. Create shipments, calculate rates, print labels and track deliveries across Europe and Ukraine.

0 No CVEs

Weight Based Shipping Table Rate for WooCommerce – Flexible Shipping

flexible-shipping

Weight based shipping methods for WooCommerce. Flexible shipping with table rate rules by cart weight and order value. Accurate rates at checkout.

100K 2 CVEs

WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes & Shipping Labels

print-invoices-packing-slip-labels-for-woocommerce

Auto-generate and attach WooCommerce PDF invoices and packing slips to order emails with customizable templates & bulk print options.

60K 6 CVEs

Weight Based Shipping for WooCommerce

weight-based-shipping-for-woocommerce

100

Weight Based Shipping is a flexible and widely-used solution to calculate shipping costs based on the total cart weight and value.

60K 1 CVE

Developer Profile

WC Ukraine Shipping – Integration of Nova Poshta and Ukrposhta for WooCommerce Developer Profile

kirillbdev

5 plugins · 7K total installs

trust score

Avg Security Score

92/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WC Ukraine Shipping – Integration of Nova Poshta and Ukrposhta for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wc-ukr-shipping/assets/css/admin.min.css/wp-content/plugins/wc-ukr-shipping/assets/js/tabs.js/wp-content/plugins/wc-ukr-shipping/assets/js/settings.min.js/wp-content/plugins/wc-ukr-shipping/assets/js/ttn-widget.min.js/wp-content/plugins/wc-ukr-shipping/assets/css/sp-admin.min.css/wp-content/plugins/wc-ukr-shipping/assets/js/sp-admin.min.js/wp-content/plugins/wc-ukr-shipping/assets/js/plugin.min.js/wp-content/plugins/wc-ukr-shipping/assets/js/orders.min.js+2 more

Script Paths

/wp-content/plugins/wc-ukr-shipping/assets/js/tabs.js/wp-content/plugins/wc-ukr-shipping/assets/js/settings.min.js/wp-content/plugins/wc-ukr-shipping/assets/js/ttn-widget.min.js/wp-content/plugins/wc-ukr-shipping/assets/js/sp-admin.min.js/wp-content/plugins/wc-ukr-shipping/assets/js/plugin.min.js/wp-content/plugins/wc-ukr-shipping/assets/js/orders.min.js+2 more

Version Parameters

wc-ukr-shipping/assets/css/admin.min.css?ver=wc-ukr-shipping/assets/js/tabs.js?ver=wc-ukr-shipping/assets/js/settings.min.js?ver=wc-ukr-shipping/assets/js/ttn-widget.min.js?ver=wc-ukr-shipping/assets/css/sp-admin.min.css?ver=wc-ukr-shipping/assets/js/sp-admin.min.js?ver=wc-ukr-shipping/assets/js/plugin.min.js?ver=wc-ukr-shipping/assets/js/orders.min.js?ver=wc-ukr-shipping/assets/js/automation.min.js?ver=wc-ukr-shipping/assets/js/tools.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

wc-ukr-shipping-optionswcus-settings-tabswcus-tab-contentwcus-sectionwcus-section-titlewcus-section-contentwcus-labelwcus-input-wrapper+11 more

HTML Comments

+8 more

Data Attributes

data-wcus-noncedata-wcus-ajax-urldata-wcus-home-urldata-wcus-admin-urldata-wcus-langdata-wcus-disable-default-billing-fields+4 more

JS Globals

wc_ukr_shipping_globalssmarty_parcel_globals

FAQ