Does Shipping via Nova Poshta for WooCommerce have any unpatched vulnerabilities?

No. All known vulnerabilities in Shipping via Nova Poshta for WooCommerce have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Shipping via Nova Poshta for WooCommerce compatible with WordPress 5.2.24?

According to WordPress.org data, Shipping via Nova Poshta for WooCommerce 1.0.0 has been tested up to WordPress 5.2.24. Check the plugin's changelog for the latest compatibility information.

Is Shipping via Nova Poshta for WooCommerce compatible with PHP 7.0+?

Shipping via Nova Poshta for WooCommerce requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Shipping via Nova Poshta for WooCommerce updated?

Shipping via Nova Poshta for WooCommerce was last updated on Oct 31, 2019. Frequent updates are generally a positive security signal.

What is Shipping via Nova Poshta for WooCommerce's security score?

Shipping via Nova Poshta for WooCommerce has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Shipping via Nova Poshta for WooCommerce Security & Risk Analysis

wordpress.org/plugins/woo-nova-poshta-shipping

This plugin add ukrainian shipping method "Nova Poshta" to Woocommerce.

0 active installs v1.0.0 PHP 7.0+ WP 5.0.0+ Updated Oct 31, 2019

novanova-poshtaposhtashippingwoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Shipping via Nova Poshta for WooCommerce Safe to Use in 2026?

Generally Safe

Score 85/100

Shipping via Nova Poshta for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago

Risk Assessment

The "woo-nova-poshta-shipping" plugin v1.0.0 exhibits a concerning security posture due to a significant number of unprotected entry points. With all 19 AJAX handlers lacking authentication checks, any authenticated user on a WordPress site could potentially trigger these handlers, leading to unauthorized actions or data manipulation. The taint analysis revealing two flows with unsanitized paths, flagged as high severity, further exacerbates this risk. While the plugin has no recorded vulnerability history, this absence could be due to its novelty or simply a lack of prior in-depth security analysis. The complete absence of nonce checks on AJAX handlers is a critical oversight that, combined with the unprotected AJAX endpoints, presents a clear path for Cross-Site Request Forgery (CSRF) attacks. The limited output escaping also raises concerns about potential Cross-Site Scripting (XSS) vulnerabilities, although the severity is not explicitly stated. The use of prepared statements for SQL queries is a positive indicator, but the high percentage of improperly escaped output and the lack of authorization on AJAX endpoints significantly outweigh this strength.

Key Concerns

19 unprotected AJAX handlers
2 high severity unsanitized taint flows
0 Nonce checks on AJAX handlers
29% properly escaped output
0 Capability checks on AJAX handlers

Vulnerabilities

None known

Shipping via Nova Poshta for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Shipping via Nova Poshta for WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

5 prepared

Unescaped Output

21 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2

SQL Query Safety

45% prepared11 total queries

Output Escaping

29% escaped72 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

wnps_save_settings (app\controllers\wnps-settings.php:82)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

19 unprotected

Shipping via Nova Poshta for WooCommerce Attack Surface

Entry Points19

Unprotected19

AJAX Handlers 19

authwp_ajax_wnps_get_areasapp\controllers\wnps-get-shipping-fields.php:29

authwp_ajax_wnps_get_citiesapp\controllers\wnps-get-shipping-fields.php:30

authwp_ajax_wnps_get_warehousesapp\controllers\wnps-get-shipping-fields.php:31

noprivwp_ajax_wnps_get_areasapp\controllers\wnps-get-shipping-fields.php:32

noprivwp_ajax_wnps_get_citiesapp\controllers\wnps-get-shipping-fields.php:33

noprivwp_ajax_wnps_get_warehousesapp\controllers\wnps-get-shipping-fields.php:34

authwp_ajax_wnps_get_city_recepientapp\controllers\wnps-get-shipping-fields.php:35

noprivwp_ajax_wnps_get_city_recepientapp\controllers\wnps-get-shipping-fields.php:36

authwp_ajax_wnps_save_settingsapp\controllers\wnps-settings.php:28

authwp_ajax_wnps_load_addressesapp\controllers\wnps-settings.php:29

authwp_ajax_wnps_preload_addressesapp\controllers\wnps-settings.php:30

authwp_ajax_wnps_preload_citiesapp\controllers\wnps-settings.php:31

authwp_ajax_wnps_preload_warehousesapp\controllers\wnps-settings.php:32

authwp_ajax_wnps_change_shipping_costapp\controllers\wnps-shipping-details.php:30

noprivwp_ajax_wnps_change_shipping_costapp\controllers\wnps-shipping-details.php:31

authwp_ajax_wnps_get_city_senderapp\controllers\wnps-shipping-details.php:32

noprivwp_ajax_wnps_get_city_senderapp\controllers\wnps-shipping-details.php:33

authwp_ajax_wnps_get_total_goods_priceapp\controllers\wnps-shipping-details.php:34

noprivwp_ajax_wnps_get_total_goods_priceapp\controllers\wnps-shipping-details.php:35

WordPress Hooks 19

actionwoocommerce_checkout_update_order_metaapp\controllers\wnps-order-processing.php:14

actionadmin_menuapp\controllers\wnps-settings.php:27

actionwoocommerce_admin_order_data_after_shipping_addressapp\controllers\wnps-shipping-details.php:28

actionwoocommerce_order_details_after_customer_detailsapp\controllers\wnps-shipping-details.php:29

actionwoocommerce_thankyouapp\controllers\wnps-shipping-details.php:36

actionwoocommerce_checkout_update_order_reviewapp\controllers\wnps-shipping-details.php:37

filterwoocommerce_checkout_update_order_reviewapp\controllers\wnps-shipping-details.php:38

actionwoocommerce_checkout_processapp\controllers\wnps-validation.php:13

actionwoocommerce_checkout_update_order_metaapp\controllers\wnps-validation.php:14

actionadmin_enqueue_scriptsapp\Loader.php:19

actionwp_enqueue_scriptsapp\Loader.php:20

actionwoocommerce_after_checkout_billing_formapp\woocommerce-extensions\wnps-wc-shipping-details.php:20

actionwoocommerce_checkout_after_customer_detailsapp\woocommerce-extensions\wnps-wc-shipping-details.php:21

actionwoocommerce_shipping_initapp\woocommerce-extensions\wnps-wc-shipping.php:6

filterwoocommerce_shipping_methodsapp\woocommerce-extensions\wnps-wc-shipping.php:7

actionwoocommerce_product_options_shippingapp\woocommerce-extensions\wnps_wc_cargotype.php:8

actionwoocommerce_process_product_metaapp\woocommerce-extensions\wnps_wc_cargotype.php:9

actionplugins_loadednova-poshta-shipping.php:43

actionadmin_noticesnova-poshta-shipping.php:47

Maintenance & Trust

Shipping via Nova Poshta for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested5.2.24

Last updatedOct 31, 2019

PHP min version7.0

Downloads2K

Community Trust

Rating100/100

Number of ratings2

Active installs0

Alternatives

Shipping via Nova Poshta for WooCommerce Alternatives

Woo NovaPoshta Shipping Method

woo-novaposhta-shipping-method

Woo Shipping Method "NovaPoshta". Автоматический подсчет стоимости доставки.

10 No CVEs

Morkva UA Shipping

morkva-ua-shipping

Нова Пошта по Україні та закордон, Укрпошта по Україні та закордон. Rozetka Delivery. Зручне створення ТТН. Друк ТТН. Сумісний з іншими плагінами.

800 2 CVEs

Shipping for Nova Poshta

nova-poshta-ttn

Доставка на відділення, поштомат та адресу (з автопошуком вулиць). Створення ТТН. Найзручніший плагін.

500 1 CVE

Nova Post for WooCommerce

nova-post-for-woocommerce

100

Official Nova Post shipping plugin for WooCommerce. Create shipments, calculate rates, print labels and track deliveries across Europe and Ukraine.

0 No CVEs

Weight Based Shipping Table Rate for WooCommerce – Flexible Shipping

flexible-shipping

Weight based shipping methods for WooCommerce. Flexible shipping with table rate rules by cart weight and order value. Accurate rates at checkout.

100K 2 CVEs

Developer Profile

Shipping via Nova Poshta for WooCommerce Developer Profile

extrawest

1 plugin · 0 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Shipping via Nova Poshta for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/woo-nova-poshta-shipping/assets/js/select2/select2.min.css/wp-content/plugins/woo-nova-poshta-shipping/assets/js/select2/select2.min.js/wp-content/plugins/woo-nova-poshta-shipping/assets/js/frontend.js/wp-content/plugins/woo-nova-poshta-shipping/assets/js/gmap.js/wp-content/plugins/woo-nova-poshta-shipping/assets/css/style-frontend.css/wp-content/plugins/woo-nova-poshta-shipping/assets/css/style.css/wp-content/plugins/woo-nova-poshta-shipping/assets/js/main.js

Script Paths

/wp-content/plugins/woo-nova-poshta-shipping/assets/js/select2/select2.min.js/wp-content/plugins/woo-nova-poshta-shipping/assets/js/frontend.js/wp-content/plugins/woo-nova-poshta-shipping/assets/js/gmap.js/wp-content/plugins/woo-nova-poshta-shipping/assets/js/main.js

Version Parameters

woo-nova-poshta-shipping/assets/js/select2/select2.min.css?ver=woo-nova-poshta-shipping/assets/js/select2/select2.min.js?ver=woo-nova-poshta-shipping/assets/js/frontend.js?ver=woo-nova-poshta-shipping/assets/js/gmap.js?ver=woo-nova-poshta-shipping/assets/css/style-frontend.css?ver=woo-nova-poshta-shipping/assets/css/style.css?ver=woo-nova-poshta-shipping/assets/js/main.js?ver=

HTML / DOM Fingerprints

Data Attributes

wnps_areawnps_citywnps_warehousewnps_shippingtype

JS Globals

ajaxurl

FAQ