WP-Safety

OPSI Israel Domestic Shipments Security & Risk Analysis

wordpress.org/plugins/woo-ups-pickup

UPS Israel PickUP Access Points (Stores and Lockers) for WooCommerce. Displays Live Shipping Rates based on the Shipping Address and Cart Content.

300 active installs v2.8.2 PHP + WP 3.0.1+ Updated Jan 21, 2026
shipping-methodshipping-ratesupsups-apiups-shipping
78
B · Generally Safe
CVEs total2
Unpatched1
Last CVEJan 16, 2025
Plugin page Download
Safety Verdict

Is OPSI Israel Domestic Shipments Safe to Use in 2026?

Mostly Safe

Score 78/100

OPSI Israel Domestic Shipments is generally safe to use. 2 past CVEs were resolved.

2 known CVEs 1 unpatched Last CVE: Jan 16, 2025Updated 3mo ago
Risk Assessment

The "woo-ups-pickup" plugin v2.8.2 presents a significant security risk due to a large attack surface and a history of vulnerabilities. All 11 identified AJAX handlers lack proper authorization checks, making them prime targets for unauthorized actions. This, combined with the presence of dangerous functions like `create_function` and `system`, and a complete absence of prepared statements for SQL queries, indicates a poor security posture. The taint analysis, while not revealing critical or high-severity flows, shows 7 instances of unsanitized paths, which could lead to directory traversal or other file-related attacks if exploited in conjunction with other weaknesses. The plugin's vulnerability history, with two medium-severity CVEs and one currently unpatched, highlights a recurring pattern of security oversights, specifically around missing authorization and cross-site scripting. While the plugin has some strengths such as proper nonce checks on a portion of its entry points and a reasonable number of capability checks, these are heavily overshadowed by the critical lack of authorization on its entire AJAX interface and the historical security issues. Organizations using this plugin should exercise extreme caution and consider updating or replacing it.

Key Concerns

  • Unpatched CVE
  • 11 AJAX handlers without auth checks
  • SQL queries not using prepared statements
  • Dangerous functions (create_function, system)
  • 7 flows with unsanitized paths
  • 54% output escaping (below ideal)
Vulnerabilities
2 published

OPSI Israel Domestic Shipments Security Vulnerabilities

CVEs by Year

2 CVEs in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2025-23766medium · 5.3Missing Authorization

OPSI Israel Domestic Shipments <= 2.6.8 - Missing Authorization

Jan 16, 2025Unpatched
CVE-2024-13100medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

OPSI Israel Domestic Shipments <= 2.6.5 - Reflected Cross-Site Scripting

Jan 10, 2025 Patched in 2.6.6 (41d)
Version History

OPSI Israel Domestic Shipments Release Timeline

v2.8.2Current1 CVE
CVE-2025-23766
v2.8.01 CVE
CVE-2025-23766
v2.7.01 CVE
CVE-2025-23766
v2.6.81 CVE
CVE-2025-23766
v2.6.71 CVE
CVE-2025-23766
v2.6.61 CVE
CVE-2025-23766
v2.6.52 CVEs
CVE-2025-23766 CVE-2024-13100
v2.6.5_fix2 CVEs
CVE-2025-23766 CVE-2024-13100
v2.6.42 CVEs
CVE-2025-23766 CVE-2024-13100
Code Analysis
Analyzed Mar 16, 2026

OPSI Israel Domestic Shipments Code Analysis

Dangerous Functions
11
Raw SQL Queries
2
0 prepared
Unescaped Output
71
82 escaped
Nonce Checks
8
Capability Checks
10
File Operations
19
External Requests
5
Bundled Libraries
0

Dangerous Functions Found

create_function$placeholder_keys = array_map( create_function( '$x', 'return "{".$x."}";' ), array_keys( $placeholdi18n\makepot.php:341
systemsystem( "msguniq --use-first $output_shell -o $output_shell" );i18n\makepot.php:459
systemsystem( "msguniq $output_shell -o $output_shell" );i18n\makepot.php:611
systemsystem( "msgcat --more-than=1 --use-first $frontend_pot $admin_pot > $common_pot" );i18n\makepot.php:625
systemsystem( "msgcat -u --use-first $admin_pot $common_pot -o $admin_pot" );i18n\makepot.php:627
systemsystem( "msgcat --more-than=1 --use-first $frontend_pot $admin_pot $net_admin_pot > $common_pot" );i18n\makepot.php:701
systemsystem( "msgcat -u --use-first $net_admin_pot $common_pot -o $net_admin_pot" );i18n\makepot.php:703
systemsystem( "msgcat --more-than=1 --use-first $core_pot $ms_pot > $common_pot" );i18n\makepot.php:757
systemsystem( "msgcat -u --use-first $ms_pot $common_pot -o $ms_pot" );i18n\makepot.php:759
systemsystem("msguniq $output_shell -o $output_shell");i18n\makepot.php:1029
systemsystem("msguniq $output_shell -o $output_shell");i18n\makepot.php:1139

SQL Query Safety

0% prepared2 total queries

Output Escaping

54% escaped153 total outputs
Data Flows · Security
7 unsanitized

Data Flow Analysis

13 flows7 with unsanitized paths
printPickingLabel (includes\ups\Admin\Ajax.php:76)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
11 unprotected

OPSI Israel Domestic Shipments Attack Surface

Entry Points11
Unprotected11

AJAX Handlers 11

authwp_ajax_ups_create_and_send_xmlincludes\ups\Admin.php:57
authwp_ajax_ups_picking_send_orderincludes\ups\Admin.php:72
authwp_ajax_ups_picking_print_labelincludes\ups\Admin.php:73
authwp_ajax_ups_sync_orderincludes\ups\Admin.php:74
authwp_ajax_change_pickup_pointincludes\ups\Admin.php:75
authwp_ajax_ups_print_labelincludes\ups\Admin.php:76
authwp_ajax_ups_send_and_print_labelincludes\ups\Admin.php:77
authwp_ajax_ups_import_waybillsincludes\ups\Admin.php:78
authwp_ajax_ups_clean_json_from_old_versionincludes\ups\Admin.php:79
authwp_ajax_ups_get_wb_statusincludes\ups\Admin.php:80
authwp_ajax_ups_woocommerce_printwbincludes\woocommerce-ups-ship-print-orders.php:60
WordPress Hooks 91
filtermanage_woocommerce_page_wc-orders_columnsincludes\admin\class-wc-shipping-shipping-ups-pick-ups-shop-order-cpt.php:54
filtermanage_woocommerce_page_wc-orders_custom_columnincludes\admin\class-wc-shipping-shipping-ups-pick-ups-shop-order-cpt.php:56
filtermanage_edit-shop_order_columnsincludes\admin\class-wc-shipping-shipping-ups-pick-ups-shop-order-cpt.php:60
filtermanage_shop_order_posts_custom_columnincludes\admin\class-wc-shipping-shipping-ups-pick-ups-shop-order-cpt.php:62
actionwp_enqueue_scriptsincludes\class-wc-shipping-ups-pickup.php:162
actionwoocommerce_after_template_partincludes\class-wc-shipping-ups-pickup.php:163
actionwoocommerce_new_order_itemincludes\class-wc-shipping-ups-pickup.php:164
actionwoocommerce_checkout_create_orderincludes\class-wc-shipping-ups-pickup.php:165
filterwoocommerce_cart_shipping_packagesincludes\class-wc-shipping-ups-pickup.php:168
filterwoocommerce_customer_taxable_addressincludes\class-wc-shipping-ups-pickup.php:169
filterwoocommerce_per_product_shipping_skip_free_method_ups_pick_upsincludes\class-wc-shipping-ups-pickup.php:171
actionwoocommerce_after_checkout_validationincludes\class-wc-shipping-ups-pickup.php:173
filterwoocommerce_checkout_fieldsincludes\class-wc-shipping-ups-pickup.php:175
actionwoocommerce_admin_order_data_after_shipping_addressincludes\class-wc-shipping-ups-pickup.php:187
actionwoocommerce_update_options_shipping_ups_pick_upsincludes\class-wc-shipping-ups-pickup.php:189
filterwoocommerce_hidden_order_itemmetaincludes\class-wc-shipping-ups-pickup.php:190
filtermanage_woocommerce_page_wc-orders_columnsincludes\ups\Admin.php:43
filtermanage_woocommerce_page_wc-orders_custom_columnincludes\ups\Admin.php:44
filtermanage_edit-shop_order_columnsincludes\ups\Admin.php:46
filtermanage_shop_order_posts_custom_columnincludes\ups\Admin.php:47
actionwoocommerce_before_order_itemmetaincludes\ups\Admin.php:54
actionwoocommerce_order_actionsincludes\ups\Admin.php:58
actionwoocommerce_order_action_wc_ups_xml_pd_order_actionincludes\ups\Admin.php:59
actionwoocommerce_order_action_wc_ups_xml_fd_order_actionincludes\ups\Admin.php:60
actionwoocommerce_order_action_wc_ups_xml_auto_order_actionincludes\ups\Admin.php:61
actionadmin_enqueue_scriptsincludes\ups\Admin.php:71
actionadmin_noticesincludes\ups\Admin.php:81
actionadmin_footerincludes\ups\Admin.php:82
filtermanage_woocommerce_page_wc-orders_columnsincludes\ups\Admin.php:86
filtermanage_woocommerce_page_wc-orders_custom_columnincludes\ups\Admin.php:87
filterbulk_actions-woocommerce_page_wc-ordersincludes\ups\Admin.php:88
filterhandle_bulk_actions-woocommerce_page_wc-ordersincludes\ups\Admin.php:89
filtermanage_edit-shop_order_columnsincludes\ups\Admin.php:92
filtermanage_shop_order_posts_custom_columnincludes\ups\Admin.php:93
filterbulk_actions-edit-shop_orderincludes\ups\Admin.php:94
filterhandle_bulk_actions-edit-shop_orderincludes\ups\Admin.php:95
actionwoocommerce_order_actionsincludes\ups\Admin.php:102
actionwoocommerce_order_action_sync_order_to_upsincludes\ups\Admin.php:103
actionwoocommerce_order_action_ups_print_a4includes\ups\Admin.php:104
actionwoocommerce_order_action_ups_print_thermalincludes\ups\Admin.php:105
actionwoocommerce_order_action_ups_create_picking_listincludes\ups\Admin.php:106
actionwoocommerce_order_action_ups_print_picking_a4includes\ups\Admin.php:107
actionwoocommerce_order_action_ups_print_picking_thermalincludes\ups\Admin.php:108
actionwoocommerce_order_action_ups_send_and_print_label_a4includes\ups\Admin.php:109
actionwoocommerce_order_action_ups_send_and_print_label_thermalincludes\ups\Admin.php:110
actionwoocommerce_order_action_ups_create_and_send_xmlincludes\ups\Admin.php:111
actionwoocommerce_order_action_ups_import_waybillsincludes\ups\Admin.php:112
actionwoocommerce_order_action_ups_change_pickup_pointincludes\ups\Admin.php:113
actionwoocommerce_order_action_ups_get_wb_statusincludes\ups\Admin.php:114
actionwoocommerce_thankyouincludes\ups\App.php:24
actionwoocommerce_order_status_changedincludes\ups\App.php:27
actionadmin_initincludes\ups\class-connect-platform-info.php:32
filterwoocommerce_package_ratesincludes\ups\Helper\Ups.php:50
filterwpdesk_tracker_dataincludes\ups\tracker.php:15
filterwpdesk_tracker_notice_screensincludes\ups\tracker.php:16
filterwpdesk_track_plugin_deactivationincludes\ups\tracker.php:17
filterplugin_action_links_flexible-shipping-ups/flexible-shipping-ups.phpincludes\ups\tracker.php:19
actionactivated_pluginincludes\ups\tracker.php:20
filterwc_order_statusesincludes\woocommerce-ups-ship-print-orders.php:67
actioninitincludes\woocommerce-ups-ship-print-orders.php:70
filterwc_order_statusesincludes\woocommerce-ups-ship-print-orders.php:73
filterinitincludes\woocommerce-ups-ship-print-orders.php:76
filterwoocommerce_admin_order_actions_endincludes\woocommerce-ups-ship-print-orders.php:82
actionadmin_enqueue_scriptsincludes\woocommerce-ups-ship-print-orders.php:83
actioninitincludes\woocommerce-ups-ship-print-orders.php:84
actionwoocommerce_email_order_detailsincludes\woocommerce-ups-ship-print-orders.php:85
filterwoocommerce_email_order_meta_fieldsincludes\woocommerce-ups-ship-print-orders.php:86
actionplugins_loadedincludes\woocommerce-ups-ship-print-orders.php:429
actionplugins_loadedwoocommerce-ups-pickups.php:103
actionplugins_loadedwoocommerce-ups-pickups.php:104
actionwoocommerce_shipping_initwoocommerce-ups-pickups.php:105
filterwoocommerce_shipping_methodswoocommerce-ups-pickups.php:106
filterwoocommerce_my_account_my_orders_actionswoocommerce-ups-pickups.php:108
actionwoocommerce_after_account_orderswoocommerce-ups-pickups.php:109
filterwoocommerce_package_rateswoocommerce-ups-pickups.php:116
actionwoocommerce_order_details_after_order_tablewoocommerce-ups-pickups.php:123
actionwoocommerce_before_cartwoocommerce-ups-pickups.php:131
actionwoocommerce_before_checkout_formwoocommerce-ups-pickups.php:132
actionwoocommerce_new_orderwoocommerce-ups-pickups.php:133
filterwoocommerce_locate_templatewoocommerce-ups-pickups.php:171
filterwc_get_templatewoocommerce-ups-pickups.php:179
filterwoocommerce_default_address_fieldswoocommerce-ups-pickups.php:186
actionwoocommerce_checkout_order_processedwoocommerce-ups-pickups.php:187
actionwoocommerce_admin_order_data_after_order_detailswoocommerce-ups-pickups.php:194
actionwoocommerce_process_shop_order_metawoocommerce-ups-pickups.php:195
actionwoocommerce_process_product_metawoocommerce-ups-pickups.php:276
filterwoocommerce_cart_shipping_method_full_labelwoocommerce-ups-pickups.php:318
actionadmin_menuwoocommerce-ups-pickups.php:410
actionadmin_enqueue_scriptswoocommerce-ups-pickups.php:413
filterwoocommerce_package_rateswoocommerce-ups-pickups.php:996
actionbefore_woocommerce_initwoocommerce-ups-pickups.php:998
Maintenance & Trust

OPSI Israel Domestic Shipments Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedJan 21, 2026
PHP min version
Downloads10K

Community Trust

Rating100/100
Number of ratings1
Active installs300
Alternatives

OPSI Israel Domestic Shipments Alternatives

Automated UPS Shipping for WooCommerce – HPOS supported

Automated UPS Shipping for WooCommerce – HPOS supported

a2z-ups-shipping

A
100

UPS plugin: Real-time rates, label printing, auto tracking emails, previews on product pages, and more. Seamless integration.

100 No CVEs
UPS Shipping

UPS Shipping

woo-ups-shipping

A
85

UPS Shipping method for WooCommerce site. Easy installation and very light for WooCommerce sites.

40 No CVEs
Shipping Method for UPS and WooCommerce

Shipping Method for UPS and WooCommerce

shipping-method-for-ups-and-wc

A
85

The Shipping Method for WooCommerce UPS is a Wordpress Plugin that integrate the UPS service, it will calculate the shipping cost and the delivery tim &hellip;

0 No CVEs
Shipping Methods for UPS on WooCommerce

Shipping Methods for UPS on WooCommerce

woo-ups-shipping-method

A
85

UPS shipping methods for WooCommerce. Provide live shipping rates by UPS.

0 No CVEs
WC Hide Shipping Methods

WC Hide Shipping Methods

wc-hide-shipping-methods

A
100

This plugin automatically hides all other shipping methods when "Free Shipping" is available, while allowing you to retain "Local Picku &hellip;

20K No CVEs
Developer Profile

OPSI Israel Domestic Shipments Developer Profile

ashamil

1 plugin · 300 total installs

73
trust score
Avg Security Score
78/100
Avg Patch Time
41 days
View full developer profile
Detection Fingerprints

How We Detect OPSI Israel Domestic Shipments

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/woo-ups-pickup/includes/ups-pickups.css/wp-content/plugins/woo-ups-pickup/js/admin-ups-pickups.js/wp-content/plugins/woo-ups-pickup/js/ups-pickups.js
Script Paths
/wp-content/plugins/woo-ups-pickup/js/admin-ups-pickups.js/wp-content/plugins/woo-ups-pickup/js/ups-pickups.js
Version Parameters
woo-ups-pickup/includes/ups-pickups.css?ver=woo-ups-pickup/js/admin-ups-pickups.js?ver=woo-ups-pickup/js/ups-pickups.js?ver=

HTML / DOM Fingerprints

CSS Classes
woocommerce_ups_pickups
Data Attributes
data-method_id="woo-ups-pickups"data-method_title="UPS PickUP"data-ups-shipping-method-id="woo-ups-pickups"
JS Globals
window.ups_pickups_params
FAQ

Frequently Asked Questions about OPSI Israel Domestic Shipments