Does DPD Baltic Shipping have any unpatched vulnerabilities?

No. All known vulnerabilities in DPD Baltic Shipping have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is DPD Baltic Shipping compatible with WordPress 6.8.5?

According to WordPress.org data, DPD Baltic Shipping 1.2.90 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is DPD Baltic Shipping compatible with PHP 7.4+?

DPD Baltic Shipping requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is DPD Baltic Shipping updated?

DPD Baltic Shipping was last updated on Feb 18, 2026. Frequent updates are generally a positive security signal.

What is DPD Baltic Shipping's security score?

DPD Baltic Shipping has a WP-Safety security score of 98/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

DPD Baltic Shipping Security & Risk Analysis

wordpress.org/plugins/woo-shipping-dpd-baltic

Shipping extension for WooCommerce on WordPress of DPD Baltics. Manage your national and international shipments easily.

2K active installs v1.2.90 PHP 7.4+ WP 6.0+ Updated Feb 18, 2026

dpdparcelsshippingwoocommerce

A · Safe

CVEs total3

Unpatched0

Last CVEOct 17, 2024

Download

Safety Verdict

Is DPD Baltic Shipping Safe to Use in 2026?

Generally Safe

Score 98/100

DPD Baltic Shipping has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Oct 17, 2024Updated 1mo ago

Risk Assessment

The plugin 'woo-shipping-dpd-baltic' v1.2.90 exhibits a concerning security posture, primarily due to its large attack surface consisting entirely of unprotected AJAX handlers. While the plugin demonstrates good practices in SQL query preparation (64%) and output escaping (93%), the lack of authorization checks on all 24 AJAX entry points presents a significant risk. The taint analysis reveals 3 high-severity flows with unsanitized paths, indicating potential for code injection or privilege escalation if these flows are triggered by user-supplied input.

The vulnerability history shows a pattern of medium-severity issues, specifically Cross-Site Scripting and Missing Authorization vulnerabilities, with the most recent one being in late 2024. Although there are no currently unpatched CVEs, this history suggests recurring weaknesses in input validation and access control. The combination of a wide open attack surface and identified high-severity taint flows, despite good internal coding practices for SQL and output, warrants significant caution.

Key Concerns

AJAX handlers without auth checks
High severity unsanitized taint flows
Medium severity CVEs (x3) in history
Missing authorization in vulnerability history
Cross-site scripting in vulnerability history

Vulnerabilities

DPD Baltic Shipping Security Vulnerabilities

CVEs by Year

2 CVEs in 2022

2022

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

3 total CVEs

CVE-2024-9350medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DPD Baltic Shipping <= 1.2.83 - Reflected Cross-Site Scripting

Oct 17, 2024 Patched in 1.2.84 (6d)

CVE-2022-3999medium · 5.4Missing Authorization

WooCommerce Shipping – DPD baltic <= 1.2.54 - Missing Authorization to Arbitrary Options Deletion

Nov 21, 2022 Patched in 1.2.57 (428d)

CVE-2022-4000medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WooCommerce Shipping – DPD baltic <= 1.2.8 - Authenticated (Admin+) Stored Cross-Site Scripting

Nov 16, 2022 Patched in 1.2.11 (433d)

Code Analysis

Analyzed Mar 16, 2026

DPD Baltic Shipping Code Analysis

Dangerous Functions

Raw SQL Queries

50 prepared

Unescaped Output

270 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

64% prepared78 total queries

Output Escaping

93% escaped291 total outputs

Data Flows

6 unsanitized

Data Flow Analysis

13 flows6 with unsanitized paths

bulk_admin_notices_in_hpos_mode (admin\class-dpd-admin-extended-for-wc-hpos-mode.php:86)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

24 unprotected

DPD Baltic Shipping Attack Surface

Entry Points24

Unprotected24

AJAX Handlers 24

authwp_ajax_delete_warehouseincludes\class-dpd.php:218

authwp_ajax_dpd_request_courierincludes\class-dpd.php:230

authwp_ajax_dpd_close_manifestincludes\class-dpd.php:231

authwp_ajax_dpd_order_collection_requestincludes\class-dpd.php:235

authwp_ajax_set_checkout_sessionincludes\class-dpd.php:279

noprivwp_ajax_set_checkout_sessionincludes\class-dpd.php:280

authwp_ajax_load_more_itemsincludes\class-dpd.php:295

noprivwp_ajax_load_more_itemsincludes\class-dpd.php:296

authwp_ajax_load_additional_blockincludes\class-dpd.php:299

noprivwp_ajax_load_additional_blockincludes\class-dpd.php:300

noprivwp_ajax_dpd_checkout_get_pickup_points_blocksincludes\class-dpd.php:302

authwp_ajax_dpd_checkout_get_pickup_points_blocksincludes\class-dpd.php:303

noprivwp_ajax_dpd_store_pickup_selectionincludes\class-dpd.php:305

authwp_ajax_dpd_store_pickup_selectionincludes\class-dpd.php:306

noprivwp_ajax_get_dataincludes\class-dpd.php:312

authwp_ajax_get_dataincludes\class-dpd.php:313

authwp_ajax_search_pudoincludes\class-dpd.php:315

noprivwp_ajax_search_pudoincludes\class-dpd.php:316

authwp_ajax_set_terminal_valueincludes\class-dpd.php:318

noprivwp_ajax_set_terminal_valueincludes\class-dpd.php:319

authwp_ajax_set_delivery_shiftsincludes\class-dpd.php:321

noprivwp_ajax_set_delivery_shiftsincludes\class-dpd.php:322

authwp_ajax_update_shipping_by_countryincludes\class-dpd.php:324

noprivwp_ajax_update_shipping_by_countryincludes\class-dpd.php:325

WordPress Hooks 70

actionwoocommerce_review_order_after_shippingadmin\class-dpd-home-delivery.php:101

actionwoocommerce_checkout_update_order_metaadmin\class-dpd-home-delivery.php:102

actionwoocommerce_admin_order_data_after_shipping_addressadmin\class-dpd-home-delivery.php:105

filterwoocommerce_admin_order_preview_get_order_detailsadmin\class-dpd-home-delivery.php:106

actionwoocommerce_review_order_after_shippingadmin\class-dpd-parcels.php:119

actionwoocommerce_checkout_update_order_metaadmin\class-dpd-parcels.php:120

actionwoocommerce_after_checkout_validationadmin\class-dpd-parcels.php:121

filterwoocommerce_get_order_item_totalsadmin\class-dpd-parcels.php:123

actionwoocommerce_admin_order_data_after_shipping_addressadmin\class-dpd-parcels.php:126

filterwoocommerce_admin_order_preview_get_order_detailsadmin\class-dpd-parcels.php:127

filterwoocommerce_cart_shipping_method_full_labeladmin\class-dpd-same-day-delivery.php:95

filterwoocommerce_cart_shipping_method_full_labeladmin\class-dpd-same-day-parcels.php:119

actionwoocommerce_review_order_after_shippingadmin\class-dpd-same-day-parcels.php:121

actionwoocommerce_checkout_update_order_metaadmin\class-dpd-same-day-parcels.php:122

actionwoocommerce_after_checkout_validationadmin\class-dpd-same-day-parcels.php:123

filterwoocommerce_get_order_item_totalsadmin\class-dpd-same-day-parcels.php:125

actionwoocommerce_admin_order_data_after_shipping_addressadmin\class-dpd-same-day-parcels.php:128

filterwoocommerce_admin_order_preview_get_order_detailsadmin\class-dpd-same-day-parcels.php:129

actionbefore_woocommerce_initdpd.php:74

actionplugins_loadedincludes\class-dpd.php:165

actionwoocommerce_get_settings_pagesincludes\class-dpd.php:181

actionadmin_enqueue_scriptsincludes\class-dpd.php:183

actionadmin_enqueue_scriptsincludes\class-dpd.php:184

actionwoocommerce_shipping_initincludes\class-dpd.php:186

filterwoocommerce_shipping_methodsincludes\class-dpd.php:187

filterwoocommerce_package_ratesincludes\class-dpd.php:189

actionwoocommerce_emailincludes\class-dpd.php:191

actiondpd_parcels_receiverincludes\class-dpd.php:193

actiondpd_parcels_updaterincludes\class-dpd.php:194

actiondpd_parcels_country_updateincludes\class-dpd.php:195

actionwoocommerce_order_actions_startincludes\class-dpd.php:198

actionwoocommerce_process_shop_order_metaincludes\class-dpd.php:199

actionwoocommerce_order_actionsincludes\class-dpd.php:200

actionwoocommerce_order_action_dpd_print_parcel_labelincludes\class-dpd.php:201

actionwoocommerce_order_action_dpd_parcel_statusincludes\class-dpd.php:202

actionwoocommerce_order_action_dpd_cancel_shipmentincludes\class-dpd.php:203

actionwoocommerce_order_action_dpd_collection_requestincludes\class-dpd.php:204

actionwoocommerce_settings_dpd_warehousesincludes\class-dpd.php:207

actionwoocommerce_settings_dpd_manifestsincludes\class-dpd.php:210

actioninitincludes\class-dpd.php:212

actionwoocommerce_settings_dpd_collectincludes\class-dpd.php:215

filterbulk_actions-woocommerce_page_wc-ordersincludes\class-dpd.php:221

filterhandle_bulk_actions-woocommerce_page_wc-ordersincludes\class-dpd.php:222

filterbulk_actions-edit-shop_orderincludes\class-dpd.php:225

filterhandle_bulk_actions-edit-shop_orderincludes\class-dpd.php:226

filteradmin_noticesincludes\class-dpd.php:227

filteradmin_noticesincludes\class-dpd.php:232

actionadmin_footerincludes\class-dpd.php:237

actionadmin_footerincludes\class-dpd.php:238

actionwoocommerce_product_options_shipping_product_dataincludes\class-dpd.php:241

actionwoocommerce_admin_process_product_objectincludes\class-dpd.php:242

actionadmin_noticesincludes\class-dpd.php:247

actionwp_enqueue_scriptsincludes\class-dpd.php:264

actionwp_enqueue_scriptsincludes\class-dpd.php:265

filterwoocommerce_locate_templateincludes\class-dpd.php:267

filterwoocommerce_locate_core_templateincludes\class-dpd.php:268

actionwoocommerce_shipping_initincludes\class-dpd.php:270

filterwoocommerce_shipping_methodsincludes\class-dpd.php:271

filterwoocommerce_package_ratesincludes\class-dpd.php:273

actionwoocommerce_emailincludes\class-dpd.php:275

actionwoocommerce_checkout_update_order_reviewincludes\class-dpd.php:277

actionwc_ajax_get_dpd_parcelsincludes\class-dpd.php:283

actionwc_ajax_nopriv_get_dpd_parcelsincludes\class-dpd.php:284

actionwc_ajax_choose_dpd_terminalincludes\class-dpd.php:286

actionwc_ajax_nopriv_choose_dpd_terminalincludes\class-dpd.php:287

filterwoocommerce_available_payment_gatewaysincludes\class-dpd.php:290

actionwoocommerce_cart_calculate_feesincludes\class-dpd.php:293

actionwoocommerce_store_api_checkout_order_processedincludes\class-dpd.php:309

filterwoocommerce_cart_shipping_method_full_labelincludes\class-dpd.php:327

actionwp_headpublic\class-dpd-baltic-public.php:12

Scheduled Events 7

dpd_parcels_country_update

dpd_parcels_receiver

dpd_parcels_updater

dpd_parcels_receiver

dpd_parcels_updater

Maintenance & Trust

DPD Baltic Shipping Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedFeb 18, 2026

PHP min version7.4

Downloads55K

Community Trust

Rating54/100

Number of ratings13

Active installs2K

Alternatives

DPD Baltic Shipping Alternatives

Estonian Shipping Methods for WooCommerce

estonian-shipping-methods-for-woocommerce

Extends WooCommerce with most commonly used Estonian shipping methods. All in one.

2K 1 unpatched

Royal Mail Shipping Calculator for WooCommerce

royal-mail-woocommerce-shipping-calculator

100

Royal Mail Shipping Calculator for WooCommerce is a WordPress Plugin that integrate the Royal Mail service.

1K No CVEs

DPD SK for WooCommerce

wc-dpd

100

Plugin spoločnosti Direct Parcel Distribution SK, s. r. o. poskytuje jednoduché a rýchle riešenie na prenos údajov o objednaných prepravných službách …

700 No CVEs

Ship Quik shipping

ship-quik

Ship-Quik: Simplifying Shipping, Saving Time

0 No CVEs

Weight Based Shipping Table Rate for WooCommerce – Flexible Shipping

flexible-shipping

Weight based shipping methods for WooCommerce. Flexible shipping with table rate rules by cart weight and order value. Accurate rates at checkout.

100K 2 CVEs

Developer Profile

DPD Baltic Shipping Developer Profile

dpdbaltics

1 plugin · 2K total installs

trust score

Avg Security Score

98/100

Avg Patch Time

289 days

View full developer profile

Detection Fingerprints

How We Detect DPD Baltic Shipping

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/woo-shipping-dpd-baltic/admin/css/dpd-admin.css/wp-content/plugins/woo-shipping-dpd-baltic/admin/js/jquery.repeater.min.js/wp-content/plugins/woo-shipping-dpd-baltic/admin/js/dpd-admin-dist.js

Script Paths

/wp-content/plugins/woo-shipping-dpd-baltic/admin/js/dpd-admin-dist.js

Version Parameters

woo-shipping-dpd-baltic/admin/css/dpd-admin.css?ver=woo-shipping-dpd-baltic/admin/js/jquery.repeater.min.js?ver=woo-shipping-dpd-baltic/admin/js/dpd-admin-dist.js?ver=

HTML / DOM Fingerprints

CSS Classes

dpd_does_not_fit_in_terminal

Data Attributes

data-dpd_baltic_parcel_iddata-dpd_baltic_shipment_id

JS Globals

wc_dpd_baltic

FAQ