Does MyParcel have any unpatched vulnerabilities?

No. All known vulnerabilities in MyParcel have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is MyParcel compatible with WordPress 6.7.5?

According to WordPress.org data, MyParcel 4.24.3 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is MyParcel compatible with PHP 7.4+?

MyParcel requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is MyParcel updated?

MyParcel was last updated on Jul 21, 2025. Frequent updates are generally a positive security signal.

What is MyParcel's security score?

MyParcel has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

MyParcel Security & Risk Analysis

wordpress.org/plugins/woocommerce-myparcel

Export your WooCommerce orders to MyParcel (www.myparcel.nl) and print labels directly from the WooCommerce admin

9K active installs v4.24.3 PHP 7.4+ WP 5.2.0+ Updated Jul 21, 2025

deliverymyparcelpackagesshippingwoocommerce

A · Safe

CVEs total1

Unpatched0

Last CVEDec 12, 2024

Plugin page Download

Safety Verdict

Is MyParcel Safe to Use in 2026?

Generally Safe

Score 99/100

MyParcel has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Dec 12, 2024Updated 8mo ago

Risk Assessment

The WooCommerce MyParcel plugin v4.24.3 presents a mixed security posture. While it demonstrates good practices in using prepared statements for SQL queries and generally escapes output effectively, significant concerns arise from its attack surface. A substantial number of AJAX handlers lack proper authentication checks, creating a considerable risk for unauthorized actions. The presence of the `unserialize` function is also a point of concern, especially if it processes user-supplied input without robust sanitization.

The vulnerability history shows a past medium-severity Cross-Site Scripting (XSS) vulnerability. Although there are no currently unpatched CVEs, this history indicates that the plugin has had security weaknesses in the past, suggesting a need for ongoing vigilance. The lack of taint analysis results is noted, but the existing code signals are more immediately indicative of potential risks. The plugin's strengths lie in its SQL handling and output escaping, but the unprotected entry points and the `unserialize` function are areas that require immediate attention to mitigate potential security threats.

Key Concerns

High number of unprotected AJAX handlers
Presence of unserialize function
Medium severity CVE in history

Vulnerabilities

MyParcel Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2024-9608medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

MyParcel <= 4.24.1 - Reflected Cross-Site Scripting

Dec 12, 2024 Patched in 4.24.2 (1d)

Code Analysis

Analyzed Mar 16, 2026

MyParcel Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

169 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$value = @unserialize(trim($value));includes\compatibility\abstract-wc-data-compatibility.php:237

Output Escaping

96% escaped176 total outputs

Attack Surface

6 unprotected

MyParcel Attack Surface

Entry Points8

Unprotected6

AJAX Handlers 7

authwp_ajax_wcmp_save_shipment_optionsincludes\admin\class-wcmypa-admin.php:118

authwp_ajax_wcmp_get_shipment_summary_statusincludes\admin\class-wcmypa-admin.php:119

authwp_ajax_wcmp_get_shipment_optionsincludes\admin\class-wcmypa-admin.php:120

authwp_ajax_dismissNoticeincludes\admin\MessagesRepository.php:36

authwp_ajax_wcmp_get_delivery_options_configincludes\frontend\class-wcmp-checkout.php:49

authwp_ajax_get_highest_shipping_classincludes\frontend\class-wcmp-frontend.php:42

noprivwp_ajax_get_highest_shipping_classincludes\frontend\class-wcmp-frontend.php:43

Shortcodes 1

[fee] includes\admin\class-wcmp-export.php:1515

WordPress Hooks 83

actionbulk_actions-edit-shop_orderincludes\admin\class-wcmypa-admin.php:93

actionadmin_footerincludes\admin\class-wcmypa-admin.php:95

actionadmin_footerincludes\admin\class-wcmypa-admin.php:98

actionadmin_footerincludes\admin\class-wcmypa-admin.php:99

actionwoocommerce_admin_order_actions_endincludes\admin\class-wcmypa-admin.php:109

actionwoocommerce_admin_order_actions_endincludes\admin\class-wcmypa-admin.php:110

actionadd_meta_boxes_shop_orderincludes\admin\class-wcmypa-admin.php:115

actionwoocommerce_admin_order_data_after_shipping_addressincludes\admin\class-wcmypa-admin.php:116

actionwoocommerce_order_note_addedincludes\admin\class-wcmypa-admin.php:121

filtermanage_edit-shop_order_columnsincludes\admin\class-wcmypa-admin.php:124

actionmanage_shop_order_posts_custom_columnincludes\admin\class-wcmypa-admin.php:125

actionrestrict_manage_postsincludes\admin\class-wcmypa-admin.php:127

filterrequestincludes\admin\class-wcmypa-admin.php:128

actionwoocommerce_payment_completeincludes\admin\class-wcmypa-admin.php:130

actionwoocommerce_order_status_changedincludes\admin\class-wcmypa-admin.php:131

actionwoocommerce_product_after_variable_attributesincludes\admin\class-wcmypa-admin.php:137

actionwoocommerce_save_product_variationincludes\admin\class-wcmypa-admin.php:138

filterwoocommerce_available_variationincludes\admin\class-wcmypa-admin.php:139

actionwoocommerce_product_options_shippingincludes\admin\class-wcmypa-admin.php:141

actionwoocommerce_process_product_metaincludes\admin\class-wcmypa-admin.php:142

actionwoocommerce_product_after_variable_attributesincludes\admin\class-wcmypa-admin.php:144

actionwoocommerce_save_product_variationincludes\admin\class-wcmypa-admin.php:145

filterwoocommerce_available_variationincludes\admin\class-wcmypa-admin.php:146

actionadmin_noticesincludes\admin\MessagesRepository.php:35

actionadmin_initincludes\admin\settings\class-wcmp-settings-data.php:61

actionadmin_menuincludes\admin\settings\class-wcmypa-settings.php:149

filterwoocommerce_screen_idsincludes\admin\settings\class-wcmypa-settings.php:161

actionwoocommerce_myparcel_before_settings_pageincludes\admin\settings\class-wcmypa-settings.php:174

actionadmin_enqueue_scriptsincludes\admin\views\MyParcelWidget.php:46

actionadmin_enqueue_scriptsincludes\class-wcmp-assets.php:19

actionwp_enqueue_scriptsincludes\class-wcmp-postcode-fields.php:40

actionadmin_enqueue_scriptsincludes\class-wcmp-postcode-fields.php:43

actionwp_loadedincludes\class-wcmp-postcode-fields.php:45

filterwoocommerce_billing_fieldsincludes\class-wcmp-postcode-fields.php:97

filterwoocommerce_shipping_fieldsincludes\class-wcmp-postcode-fields.php:103

filterwoocommerce_billing_fieldsincludes\class-wcmp-postcode-fields.php:111

filterwoocommerce_shipping_fieldsincludes\class-wcmp-postcode-fields.php:112

filterwoocommerce_country_locale_field_selectorsincludes\class-wcmp-postcode-fields.php:116

filterwoocommerce_default_address_fieldsincludes\class-wcmp-postcode-fields.php:117

filterwoocommerce_get_country_localeincludes\class-wcmp-postcode-fields.php:118

filterwoocommerce_load_order_dataincludes\class-wcmp-postcode-fields.php:121

filterwoocommerce_admin_billing_fieldsincludes\class-wcmp-postcode-fields.php:123

filterwoocommerce_admin_shipping_fieldsincludes\class-wcmp-postcode-fields.php:124

filterwoocommerce_found_customer_detailsincludes\class-wcmp-postcode-fields.php:125

actionsave_postincludes\class-wcmp-postcode-fields.php:126

filterwoocommerce_customer_meta_fieldsincludes\class-wcmp-postcode-fields.php:129

actionwoocommerce_checkout_update_order_metaincludes\class-wcmp-postcode-fields.php:131

filterwoocommerce_process_checkout_field_billing_postcodeincludes\class-wcmp-postcode-fields.php:137

filterwoocommerce_process_checkout_field_shipping_postcodeincludes\class-wcmp-postcode-fields.php:141

actionwoocommerce_checkout_update_order_metaincludes\class-wcmp-postcode-fields.php:148

actionwoocommerce_after_checkout_validationincludes\class-wcmp-postcode-fields.php:153

filterwoocommerce_validate_postcodeincludes\class-wcmp-postcode-fields.php:157

filterbe_checkout_fields_priorityincludes\class-wcmp-postcode-fields.php:165

filterwoocommerce_countries_allowed_country_statesincludes\class-wcmp-postcode-fields.php:170

filterwoocommerce_localisation_address_formatsincludes\class-wcmp-postcode-fields.php:178

filterwoocommerce_formatted_address_replacementsincludes\class-wcmp-postcode-fields.php:179

filterwoocommerce_order_formatted_billing_addressincludes\class-wcmp-postcode-fields.php:185

filterwoocommerce_order_formatted_shipping_addressincludes\class-wcmp-postcode-fields.php:191

filterwoocommerce_user_column_billing_addressincludes\class-wcmp-postcode-fields.php:197

filterwoocommerce_user_column_shipping_addressincludes\class-wcmp-postcode-fields.php:203

filterwoocommerce_my_account_my_address_formatted_addressincludes\class-wcmp-postcode-fields.php:209

filterwpo_wcpdf_templates_replace_myparcel_tracktraceincludes\compatibility\class-wcpdf-compatibility.php:19

filterwpo_wcpdf_templates_replace_myparcel_track_traceincludes\compatibility\class-wcpdf-compatibility.php:20

filterwpo_wcpdf_templates_replace_myparcel_tracktrace_linkincludes\compatibility\class-wcpdf-compatibility.php:22

filterwpo_wcpdf_templates_replace_myparcel_track_trace_linkincludes\compatibility\class-wcpdf-compatibility.php:23

actionwoocommerce_cart_calculate_feesincludes\frontend\class-wcmp-cart-fees.php:48

actionwpincludes\frontend\class-wcmp-checkout.php:44

actionwoocommerce_checkout_update_order_metaincludes\frontend\class-wcmp-checkout.php:47

actionwoocommerce_email_before_order_tableincludes\frontend\class-wcmp-frontend-track-trace.php:24

filterwoocommerce_my_account_my_orders_actionsincludes\frontend\class-wcmp-frontend-track-trace.php:27

actionwoocommerce_email_customer_detailsincludes\frontend\class-wcmp-frontend.php:25

actionwoocommerce_view_orderincludes\frontend\class-wcmp-frontend.php:28

actionwoocommerce_thankyouincludes\frontend\class-wcmp-frontend.php:31

filterwpo_wcpdf_templates_replace_myparcel_delivery_optionsincludes\frontend\class-wcmp-frontend.php:32

actionwoocommerce_checkout_before_order_reviewincludes\frontend\class-wcmp-frontend.php:38

actionwoocommerce_update_order_review_fragmentsincludes\frontend\class-wcmp-frontend.php:39

actionupdated_optionincludes\Listener\AbstractSettingsListener.php:46

actionrest_api_initincludes\Webhook\Service\WebhookSubscriptionService.php:262

actionbefore_woocommerce_initwoocommerce-myparcel.php:95

actionplugins_loadedwoocommerce-myparcel.php:102

actioninitwoocommerce-myparcel.php:103

actioninitwoocommerce-myparcel.php:107

actionwp_dashboard_setupwoocommerce-myparcel.php:233

Maintenance & Trust

MyParcel Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedJul 21, 2025

PHP min version7.4

Downloads370K

Community Trust

Rating78/100

Number of ratings48

Active installs9K

Alternatives

MyParcel Alternatives

Claudio Sanches – Correios for WooCommerce

woocommerce-correios

Integration between the Correios and WooCommerce

30K No CVEs

Shiprocket

shiprocket

Auto Sync your Woocommerce store orders & ship them at lowest shipping rates. Automate your shipping, save time & money.

10K 1 unpatched

YITH WooCommerce Order & Shipment Tracking

yith-woocommerce-order-tracking

Add an easy tool to manage order shipping information of your shop and to notified your customers about the shipping.

7K 1 CVE

Frenet Shipping Gateway for WooCommerce – Correios, Etiquetas e Rastreio

woo-shipping-gateway

100

Frete inteligente, simples e acessível para negócios que querem crescer

5K No CVEs

CDEKDelivery

cdekdelivery

100

Integration with CDEK delivery for your WooCommerce store.

2K No CVEs

Developer Profile

MyParcel Developer Profile

Richard Perdaan

2 plugins · 10K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

5 days

View full developer profile

Detection Fingerprints

How We Detect MyParcel

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/woocommerce-myparcel/assets/css/admin/checkout.css/wp-content/plugins/woocommerce-myparcel/assets/css/admin/settings.css/wp-content/plugins/woocommerce-myparcel/assets/css/admin/style.css/wp-content/plugins/woocommerce-myparcel/assets/css/frontend/checkout.css/wp-content/plugins/woocommerce-myparcel/assets/css/frontend/style.css/wp-content/plugins/woocommerce-myparcel/assets/js/admin/order-edit.js/wp-content/plugins/woocommerce-myparcel/assets/js/admin/settings.js/wp-content/plugins/woocommerce-myparcel/assets/js/frontend/checkout.js+2 more

Version Parameters

woocommerce-myparcel/assets/css/admin/checkout.css?ver=woocommerce-myparcel/assets/css/admin/settings.css?ver=woocommerce-myparcel/assets/css/admin/style.css?ver=woocommerce-myparcel/assets/css/frontend/checkout.css?ver=woocommerce-myparcel/assets/css/frontend/style.css?ver=woocommerce-myparcel/assets/js/admin/order-edit.js?ver=woocommerce-myparcel/assets/js/admin/settings.js?ver=woocommerce-myparcel/assets/js/frontend/checkout.js?ver=woocommerce-myparcel/assets/js/frontend/track-trace.js?ver=woocommerce-myparcel/assets/js/admin/main.js?ver=

HTML / DOM Fingerprints

CSS Classes

myparcel-admin-settingsmyparcel-checkout-delivery-optionsmyparcel-track-trace-container

HTML Comments

Data Attributes

data-myparcel-country-codedata-myparcel-api-keydata-myparcel-order-id

JS Globals

wc_myparcel_checkout_paramsMyParcel

REST Endpoints

/wp-json/myparcelnl/v1/delivery-options/wp-json/myparcelnl/v1/shipments

FAQ