WP-Safety

Flat Rate Shipping Method for WooCommerce Security & Risk Analysis

wordpress.org/plugins/woo-extra-flat-rate

Create flexible flat rate shipping methods with custom rules i.e. for specific products or countries where the products will be shipped to.

6K active installs v4.5.1 PHP 7.2+ WP 5.0+ Updated Mar 18, 2026
conditional-shippingflat-rate-shippingshippingtable-rate-shippingwoocommerce-shipping
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Flat Rate Shipping Method for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Flat Rate Shipping Method for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago
Risk Assessment

The 'woo-extra-flat-rate' plugin v4.5.0 exhibits a concerning security posture primarily due to a large attack surface with unprotected entry points. Out of 17 identified entry points, 16 are AJAX handlers that lack authentication checks. This means any authenticated user could potentially interact with these handlers, opening the door for unauthorized actions. While the plugin demonstrates good practices with 100% of SQL queries using prepared statements and a high percentage of properly escaped output, the lack of authorization on numerous AJAX endpoints is a significant weakness. The presence of the `unserialize` function, a known risk if not handled with extreme caution and proper input validation, also warrants attention, especially in conjunction with the unprotected AJAX endpoints where user-supplied data might be passed to it.

The taint analysis shows only two flows, with one having unsanitized paths, but thankfully no critical or high severity issues were identified. The absence of any recorded vulnerabilities or CVEs is a positive indicator, suggesting that the developers may be responsive to security or that past issues have been addressed. However, this historical data cannot compensate for the immediate risks presented by the unprotected AJAX handlers. The plugin also bundles Select2 and Freemius v1.0, which should be monitored for their own security advisories.

In conclusion, while the plugin performs well in areas like SQL sanitization and output escaping, and has a clean vulnerability history, the numerous unprotected AJAX entry points represent a substantial security risk. The potential for abuse of these endpoints, especially if they interact with sensitive data or functionality, is high. The use of `unserialize` further amplifies this concern. Mitigating these unprotected entry points should be a top priority for the plugin's developers to improve its overall security.

Key Concerns

  • Unprotected AJAX handlers
  • Dangerous function: unserialize
  • Bundled library: Freemius v1.0 (potentially outdated)
Vulnerabilities
None known

Flat Rate Shipping Method for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Flat Rate Shipping Method for WooCommerce Release Timeline

v4.5.1Current
v4.5.0
v4.4.3
v4.4.2
v4.4.1
v4.4.0
v4.3.0
v4.2.5
v4.2.4
v4.2.3
v4.2.2
v4.2.1
v4.2.0
v4.1.2
v4.1.1
v4.1.0
v4.0.4
v4.0.3
v4.0.2
v4.0.1
Code Analysis
Analyzed Mar 16, 2026

Flat Rate Shipping Method for WooCommerce Code Analysis

Dangerous Functions
2
Raw SQL Queries
0
16 prepared
Unescaped Output
99
760 escaped
Nonce Checks
28
Capability Checks
4
File Operations
2
External Requests
4
Bundled Libraries
2

Dangerous Functions Found

unserializeif ( is_string( $value ) && is_array( @unserialize( $value ) ) ) {admin\class-advanced-flat-rate-shipping-for-woocommerce-admin.php:5971
unserialize$row[$key] = unserialize( $value );admin\class-advanced-flat-rate-shipping-for-woocommerce-admin.php:5973

Bundled Libraries

Select2Freemius1.0

SQL Query Safety

100% prepared16 total queries

Output Escaping

88% escaped859 total outputs
Data Flows · Security
1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths
search_box (admin\list-tables\class-wc-flat-rate-rule-table.php:647)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
16 unprotected

Flat Rate Shipping Method for WooCommerce Attack Surface

Entry Points17
Unprotected16

AJAX Handlers 16

authwp_ajax_afrsm_pro_sm_sort_orderincludes\class-advanced-flat-rate-shipping-for-woocommerce.php:265
noprivwp_ajax_afrsm_pro_sm_sort_orderincludes\class-advanced-flat-rate-shipping-for-woocommerce.php:266
authwp_ajax_afrsm_pro_save_master_settingsincludes\class-advanced-flat-rate-shipping-for-woocommerce.php:267
authwp_ajax_afrsm_pro_product_fees_conditions_values_ajaxincludes\class-advanced-flat-rate-shipping-for-woocommerce.php:268
noprivwp_ajax_afrsm_pro_product_fees_conditions_values_ajaxincludes\class-advanced-flat-rate-shipping-for-woocommerce.php:269
authwp_ajax_afrsm_pro_product_fees_conditions_varible_values_product_ajaxincludes\class-advanced-flat-rate-shipping-for-woocommerce.php:270
authwp_ajax_afrsm_pro_product_fees_conditions_values_product_ajaxincludes\class-advanced-flat-rate-shipping-for-woocommerce.php:271
noprivwp_ajax_afrsm_pro_product_fees_conditions_values_product_ajaxincludes\class-advanced-flat-rate-shipping-for-woocommerce.php:272
authwp_ajax_afrsm_pro_wc_multiple_delete_shipping_methodincludes\class-advanced-flat-rate-shipping-for-woocommerce.php:273
noprivwp_ajax_afrsm_pro_wc_multiple_delete_shipping_methodincludes\class-advanced-flat-rate-shipping-for-woocommerce.php:274
authwp_ajax_afrsm_pro_clone_shipping_methodincludes\class-advanced-flat-rate-shipping-for-woocommerce.php:278
authwp_ajax_afrsm_pro_change_status_from_list_sectionincludes\class-advanced-flat-rate-shipping-for-woocommerce.php:279
authwp_ajax_afrsm_pro_fetch_shipping_zoneincludes\class-advanced-flat-rate-shipping-for-woocommerce.php:285
authwp_ajax_afrsm_pro_change_status_of_advance_pricing_rulesincludes\class-advanced-flat-rate-shipping-for-woocommerce.php:286
authwp_ajax_afrsm_plugin_setup_wizard_submitincludes\class-advanced-flat-rate-shipping-for-woocommerce.php:301
authwp_ajax_afrsm_sm_new_sort_orderincludes\class-advanced-flat-rate-shipping-for-woocommerce.php:326

Shortcodes 1

[fee] admin\partials\afrsm-init-shipping-methods.php:846
WordPress Hooks 60
filterposts_whereadmin\class-advanced-flat-rate-shipping-for-woocommerce-admin.php:4436
filterposts_whereadmin\class-advanced-flat-rate-shipping-for-woocommerce-admin.php:4515
filterposts_searchadmin\list-tables\class-wc-flat-rate-rule-table.php:97
filterconnect_urladvanced-flat-rate-shipping-for-woocommerce.php:78
filterafter_skip_urladvanced-flat-rate-shipping-for-woocommerce.php:79
filterafter_connect_urladvanced-flat-rate-shipping-for-woocommerce.php:80
filterafter_pending_connect_urladvanced-flat-rate-shipping-for-woocommerce.php:81
filterhide_account_tabsadvanced-flat-rate-shipping-for-woocommerce.php:101
actionafter_account_detailsadvanced-flat-rate-shipping-for-woocommerce.php:113
actionhide_billing_and_payments_infoadvanced-flat-rate-shipping-for-woocommerce.php:125
actionhide_freemius_powered_byadvanced-flat-rate-shipping-for-woocommerce.php:137
actionadmin_initadvanced-flat-rate-shipping-for-woocommerce.php:166
actionbefore_woocommerce_initadvanced-flat-rate-shipping-for-woocommerce.php:255
actionconnect/beforeadvanced-flat-rate-shipping-for-woocommerce.php:285
actionconnect/afteradvanced-flat-rate-shipping-for-woocommerce.php:302
filterwp_plugin_check_ignore_directoriesadvanced-flat-rate-shipping-for-woocommerce.php:314
filterwp_plugin_check_ignore_filesadvanced-flat-rate-shipping-for-woocommerce.php:321
filterwp_plugin_check_checksadvanced-flat-rate-shipping-for-woocommerce.php:336
filterplugin_row_metaincludes\class-advanced-flat-rate-shipping-for-woocommerce.php:92
actionwp_loadedincludes\class-advanced-flat-rate-shipping-for-woocommerce.php:98
actioninitincludes\class-advanced-flat-rate-shipping-for-woocommerce.php:164
actionwoocommerce_shipping_initincludes\class-advanced-flat-rate-shipping-for-woocommerce.php:176
filterwoocommerce_shipping_methodsincludes\class-advanced-flat-rate-shipping-for-woocommerce.php:178
actionafrsm_location_specific_listincludes\class-advanced-flat-rate-shipping-for-woocommerce.php:227
actionafrsm_product_specific_listincludes\class-advanced-flat-rate-shipping-for-woocommerce.php:228
actionafrsm_attribute_specific_listincludes\class-advanced-flat-rate-shipping-for-woocommerce.php:229
actionafrsm_user_specific_listincludes\class-advanced-flat-rate-shipping-for-woocommerce.php:230
actionafrsm_cart_specific_listincludes\class-advanced-flat-rate-shipping-for-woocommerce.php:231
actionafrsm_checkout_specific_listincludes\class-advanced-flat-rate-shipping-for-woocommerce.php:232
actionafrsm_conditions_listincludes\class-advanced-flat-rate-shipping-for-woocommerce.php:233
actionafrsm_operator_list_prdincludes\class-advanced-flat-rate-shipping-for-woocommerce.php:234
actionafrsm_operator_crt_listincludes\class-advanced-flat-rate-shipping-for-woocommerce.php:235
actionafrsm_operator_listincludes\class-advanced-flat-rate-shipping-for-woocommerce.php:236
actionafrsm_advanced_tab_listincludes\class-advanced-flat-rate-shipping-for-woocommerce.php:237
actionadmin_enqueue_scriptsincludes\class-advanced-flat-rate-shipping-for-woocommerce.php:238
actionadmin_enqueue_scriptsincludes\class-advanced-flat-rate-shipping-for-woocommerce.php:239
actioninitincludes\class-advanced-flat-rate-shipping-for-woocommerce.php:240
actionadmin_menuincludes\class-advanced-flat-rate-shipping-for-woocommerce.php:241
actionadmin_initincludes\class-advanced-flat-rate-shipping-for-woocommerce.php:242
actionadmin_headincludes\class-advanced-flat-rate-shipping-for-woocommerce.php:243
filterset_screen_option_afrsm_rule_per_pageincludes\class-advanced-flat-rate-shipping-for-woocommerce.php:244
filterdefault_hidden_columnsincludes\class-advanced-flat-rate-shipping-for-woocommerce.php:251
filterafrsm_condition_match_rulesincludes\class-advanced-flat-rate-shipping-for-woocommerce.php:258
filteradmin_footer_textincludes\class-advanced-flat-rate-shipping-for-woocommerce.php:276
filterwoocommerce_get_sections_shippingincludes\class-advanced-flat-rate-shipping-for-woocommerce.php:280
actionadmin_initincludes\class-advanced-flat-rate-shipping-for-woocommerce.php:282
actionadmin_initincludes\class-advanced-flat-rate-shipping-for-woocommerce.php:283
filterafrsm_woomc_priceincludes\class-advanced-flat-rate-shipping-for-woocommerce.php:287
actionwoocommerce_after_shipment_object_saveincludes\class-advanced-flat-rate-shipping-for-woocommerce.php:294
actionadmin_initincludes\class-advanced-flat-rate-shipping-for-woocommerce.php:302
filterwpml_link_to_translationincludes\class-advanced-flat-rate-shipping-for-woocommerce.php:304
filterwpml_admin_language_switcher_itemsincludes\class-advanced-flat-rate-shipping-for-woocommerce.php:311
actionadmin_initincludes\class-advanced-flat-rate-shipping-for-woocommerce.php:319
actionwp_enqueue_scriptsincludes\class-advanced-flat-rate-shipping-for-woocommerce.php:339
actionwp_enqueue_scriptsincludes\class-advanced-flat-rate-shipping-for-woocommerce.php:340
filterwoocommerce_locate_templateincludes\class-advanced-flat-rate-shipping-for-woocommerce.php:341
filterwoocommerce_shipping_chosen_methodincludes\class-advanced-flat-rate-shipping-for-woocommerce.php:349
filterwoocommerce_shipping_chosen_methodincludes\class-advanced-flat-rate-shipping-for-woocommerce.php:357
filterwoocommerce_cart_shipping_method_full_labelincludes\class-advanced-flat-rate-shipping-for-woocommerce.php:365
actionwoocommerce_after_shipping_rateincludes\class-advanced-flat-rate-shipping-for-woocommerce.php:372
Maintenance & Trust

Flat Rate Shipping Method for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 18, 2026
PHP min version7.2
Downloads373K

Community Trust

Rating84/100
Number of ratings76
Active installs6K
Alternatives

Flat Rate Shipping Method for WooCommerce Alternatives

Weight Based Shipping Table Rate for WooCommerce – Flexible Shipping

Weight Based Shipping Table Rate for WooCommerce – Flexible Shipping

flexible-shipping

A
99

Weight based shipping methods for WooCommerce. Flexible shipping with table rate rules by cart weight and order value. Accurate rates at checkout.

100K 2 CVEs
Shipped – Table Rate Shipping Method | for WooCommerce

Shipped – Table Rate Shipping Method | for WooCommerce

table-rate-shipping-rates

A
100

Shipped - Table Rate Shipping Method a powerful, flexible and easy-to-use shipping plugin for WooCommerce.

300 No CVEs
Easy Table Rate Shipping for WooCommmerce

Easy Table Rate Shipping for WooCommmerce

easy-table-rate-shipping-for-woocommerce

A
85

Table rate shipping extends WooCommerce’s default shipping options letting you calculate shipping costs based on total price, item count, weight, etc

200 No CVEs
Weight Based Shipping For WooCommerce

Weight Based Shipping For WooCommerce

livemesh-weight-based-shipping

A
85

Discover the most intuitive yet flexible way to set conditional weight based shipping rates for WooCommerce.

40 No CVEs
Table Rate Shipping for WooCommerce

Table Rate Shipping for WooCommerce

livemesh-table-rate-shipping

A
85

Discover the most intuitive yet flexible way to set conditional table rate shipping rates for WooCommerce.

20 No CVEs
Developer Profile

Flat Rate Shipping Method for WooCommerce Developer Profile

dotsquares

39 plugins · 95K total installs

77
trust score
Avg Security Score
97/100
Avg Patch Time
431 days
View full developer profile
Detection Fingerprints

How We Detect Flat Rate Shipping Method for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/woo-extra-flat-rate/css/afrsm-admin.css/wp-content/plugins/woo-extra-flat-rate/css/afrsm-frontend.css/wp-content/plugins/woo-extra-flat-rate/js/afrsm-admin.js/wp-content/plugins/woo-extra-flat-rate/js/afrsm-frontend.js/wp-content/plugins/woo-extra-flat-rate/js/frontend/flat_rate_shipping_method.js/wp-content/plugins/woo-extra-flat-rate/js/frontend/flat_rate_shipping_method_ajax.js
Version Parameters
woo-extra-flat-rate/css/afrsm-admin.css?ver=woo-extra-flat-rate/css/afrsm-frontend.css?ver=woo-extra-flat-rate/js/afrsm-admin.js?ver=woo-extra-flat-rate/js/afrsm-frontend.js?ver=woo-extra-flat-rate/js/frontend/flat_rate_shipping_method.js?ver=woo-extra-flat-rate/js/frontend/flat_rate_shipping_method_ajax.js?ver=

HTML / DOM Fingerprints

CSS Classes
afrsm-admin-notice
HTML Comments
If this file is called directly, abort. Freemius SDK Init Freemius. Signal that SDK was initiated.+3 more
JS Globals
afrsfw_fs
FAQ

Frequently Asked Questions about Flat Rate Shipping Method for WooCommerce