Does nShift have any unpatched vulnerabilities?

No. All known vulnerabilities in nShift have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is nShift compatible with WordPress 6.9.4?

According to WordPress.org data, nShift 2.99.5 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is nShift updated?

nShift was last updated on Feb 3, 2026. Frequent updates are generally a positive security signal.

What is nShift's security score?

nShift has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

nShift Security & Risk Analysis

wordpress.org/plugins/woo-pacsoft-unifaun

Choose from over 150 transport services to ship your WooCommerce orders with, powered by nShift.

90 active installs v2.99.5 PHP + WP 3.3+ Updated Feb 3, 2026

ecommerceshippingwoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is nShift Safe to Use in 2026?

Generally Safe

Score 100/100

nShift has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago

Risk Assessment

The "woo-pacsoft-unifaun" plugin v2.99.5 presents a mixed security posture. On the positive side, the plugin demonstrates good practices by utilizing prepared statements for all SQL queries and has no recorded vulnerability history (CVEs). This suggests a generally well-developed codebase with a lack of known exploitable flaws.

However, significant concerns arise from the static analysis. The plugin exposes two AJAX handlers without any authentication or capability checks, creating a substantial attack surface. This lack of authorization for critical entry points is a major security risk, as it could allow unauthorized users to trigger these functionalities. Additionally, while taint analysis shows no flows, the plugin's output escaping is only 53% proper, which can lead to cross-site scripting (XSS) vulnerabilities if user-controlled data is not correctly sanitized before display.

The absence of nonce checks and capability checks on AJAX handlers, combined with the less-than-ideal output escaping, indicates areas where secure coding practices have not been fully implemented. The bundled libraries, including an older version of TCPDF, could also potentially introduce vulnerabilities if they are not kept up-to-date and have known flaws. Despite the lack of history, the current code analysis flags critical areas for improvement.

Key Concerns

AJAX handlers without authentication
AJAX handlers without capability checks
Insufficient output escaping
Bundled outdated TCPDF v1.0 library

Vulnerabilities

None known

nShift Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

nShift Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

18 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

jQueryGuzzleTCPDF1.0

Output Escaping

53% escaped34 total outputs

Attack Surface

2 unprotected

nShift Attack Surface

Entry Points2

Unprotected2

AJAX Handlers 2

authwp_ajax_pacsoft_sync_orderplugin.php:123

authwp_ajax_pacsoft_print_orderplugin.php:130

WordPress Hooks 31

actionbefore_woocommerce_initplugin.php:27

actionadmin_initplugin.php:36

actionload-post.phpplugin.php:42

actionload-post-new.phpplugin.php:43

actionsave_postplugin.php:44

actionwoocommerce_shop_order_list_table_custom_columnplugin.php:45

filterwoocommerce_shop_order_list_table_columnsplugin.php:46

actionadmin_headplugin.php:47

actionadmin_menuplugin.php:69

filterpacsoft_check_licenseplugin.php:76

actionload-edit.phpplugin.php:83

actionplugins_loadedplugin.php:88

actionwoocommerce_email_order_metaplugin.php:112

actionupgrader_process_completeplugin.php:145

filterpre_update_option_pacsoft_servicesplugin.php:156

actionupgrader_process_completeplugin.php:172

actioninitplugin.php:182

actionwoocommerce_checkout_update_order_metaplugin.php:184

actionwoocommerce_process_shop_order_metaplugin.php:185

actionwoocommerce_api_create_orderplugin.php:186

actionwoocommerce_deposits_create_orderplugin.php:187

filterwoocommerce_order_numberplugin.php:190

filterbulk_actions-edit-shop_ordersrc\admin\orders\class-wup-admin-order-processing.php:21

filterhandle_bulk_actions-edit-shop_ordersrc\admin\orders\class-wup-admin-order-processing.php:27

actionadmin_noticessrc\admin\orders\class-wup-admin-order-processing.php:212

filtermanage_shop_order_posts_columnssrc\admin\orders\class-wup-admin-template-table.php:23

filtermanage_posts_custom_columnsrc\admin\orders\class-wup-admin-template-table.php:26

actionkco_wc_process_paymentsrc\class-wup-kss-processor.php:16

actionkco_wc_process_paymentsrc\class-wup-order-controller.php:29

filterbulk_actions-edit-shop_ordersrc\class-wup-order-controller.php:32

filterhandle_bulk_actions-edit-shop_ordersrc\class-wup-order-controller.php:38

Maintenance & Trust

nShift Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 3, 2026

PHP min version

Downloads15K

Community Trust

Rating0/100

Number of ratings0

Active installs90

Alternatives

nShift Alternatives

The Courier Guy Shipping for WooCommerce

the-courier-guy

100

This is the official WooCommerce extension to ship products using The Courier Guy.

3K No CVEs

AppScenic – Smart AI Dropshipping

appscenic

Expand your store catalogue with no upfront inventory cost. Source high-quality products from verified domestic suppliers and use AI in the process.

2K No CVEs

CDEKDelivery

cdekdelivery

100

Integration with CDEK delivery for your WooCommerce store.

2K No CVEs

DHL eCommerce (Benelux) for WooCommerce

dhlpwc

100

DHL eCommerce (Benelux) presents: The official DHL eCommerce for WooCommerce plugin to automate your e-commerce shipping process.

2K No CVEs

Flat Rate per State/Country/Region for WooCommerce

flat-rate-per-countryregion-for-woocommerce

100

This plugin allows you to set a flat delivery rate per States, Countries or World Regions on WooCommerce.

1K No CVEs

Developer Profile

nShift Developer Profile

Wetail

6 plugins · 540 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

8 days

View full developer profile

Detection Fingerprints

How We Detect nShift

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/woo-pacsoft-unifaun/assets/css/wup-admin-order-processing.css/wp-content/plugins/woo-pacsoft-unifaun/assets/css/wup-settings.css/wp-content/plugins/woo-pacsoft-unifaun/assets/js/wup-admin-order-processing.js/wp-content/plugins/woo-pacsoft-unifaun/assets/js/wup-admin-settings.js

Script Paths

/wp-content/plugins/woo-pacsoft-unifaun/assets/js/wup-admin-order-processing.js/wp-content/plugins/woo-pacsoft-unifaun/assets/js/wup-admin-settings.js

Version Parameters

/wp-content/plugins/woo-pacsoft-unifaun/assets/css/wup-admin-order-processing.css?ver=/wp-content/plugins/woo-pacsoft-unifaun/assets/css/wup-settings.css?ver=/wp-content/plugins/woo-pacsoft-unifaun/assets/js/wup-admin-order-processing.js?ver=/wp-content/plugins/woo-pacsoft-unifaun/assets/js/wup-admin-settings.js?ver=

HTML / DOM Fingerprints

CSS Classes

wup-order-processingwup-settings-page

HTML Comments

+9 more

Data Attributes

data-wc-order-iddata-order-id

JS Globals

WUP_ORDER_PROCESSING_SETTINGSWUP_SETTINGS_PAGE_CONFIG

REST Endpoints

/wp-json/woo-pacsoft-unifaun/v1/sync_order/wp-json/woo-pacsoft-unifaun/v1/print_order

FAQ

nShift Security & Risk Analysis

Is nShift Safe to Use in 2026?

Generally Safe

Key Concerns

nShift Security Vulnerabilities

nShift Code Analysis

Bundled Libraries

Output Escaping

nShift Attack Surface

AJAX Handlers 2

nShift Maintenance & Trust

Maintenance Signals

Community Trust

nShift Alternatives

The Courier Guy Shipping for WooCommerce

AppScenic – Smart AI Dropshipping

CDEKDelivery

DHL eCommerce (Benelux) for WooCommerce

Flat Rate per State/Country/Region for WooCommerce

nShift Developer Profile

How We Detect nShift

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about nShift