WP-Safety

WP E-Commerce Extra Shipping Options Security & Risk Analysis

wordpress.org/plugins/wp-e-commerce-extra-shipping-option

"WP E-Commerce Extra Shipping Options" module gives the clients the ability to set the various new postage options.

10 active installs v0.1.5 PHP + WP 2.0.2+ Updated Unknown
dijitulecommercepostageshippingwp-ecommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is WP E-Commerce Extra Shipping Options Safe to Use in 2026?

Generally Safe

Score 100/100

WP E-Commerce Extra Shipping Options has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs
Risk Assessment

The "wp-e-commerce-extra-shipping-option" plugin v0.1.5 presents a mixed security posture. While the static analysis shows a lack of identified entry points like AJAX handlers, REST API routes, shortcodes, and cron events, and also no dangerous functions or file operations, this could be misleading. The absence of capability checks and nonce checks is a significant concern, indicating that any potential, even if currently undiscovered, entry points would likely be unprotected. The fact that all identified SQL queries are not using prepared statements is a direct indicator of potential SQL injection vulnerabilities.

The taint analysis revealing two flows with unsanitized paths, even without critical or high severity, suggests that data might be flowing into potentially insecure functions without proper sanitization. Coupled with the lack of output escaping and the complete absence of security checks, this plugin has a high potential for exploitation if any attack vector is found. The vulnerability history being completely clear is positive but does not outweigh the immediate concerns identified in the code analysis. Overall, the plugin exhibits a concerning lack of fundamental security implementations, particularly around data validation and input sanitization, despite a seemingly small attack surface.

Key Concerns

  • SQL queries not using prepared statements
  • No capability checks found
  • No nonce checks found
  • Flows with unsanitized paths
Vulnerabilities
None known

WP E-Commerce Extra Shipping Options Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

WP E-Commerce Extra Shipping Options Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
0 prepared
Unescaped Output
0
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

0% prepared2 total queries
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
submit_form (my_shipping.php:96)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

WP E-Commerce Extra Shipping Options Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 1
filterwpsc_shipping_modulesmy_shipping.php:254
Maintenance & Trust

WP E-Commerce Extra Shipping Options Maintenance & Trust

Maintenance Signals

WordPress version tested3.3.2
Last updatedUnknown
PHP min version
Downloads6K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

WP E-Commerce Extra Shipping Options Alternatives

WP E-Commerce Region Based Shipping Australia States

WP E-Commerce Region Based Shipping Australia States

wp-e-commerce-region-based-shipping-for-australia-states

A
85

"WP E-Commerce Region Based Shipping Australia States" module gives the clients the ability to set the various new postage options.

10 No CVEs
DHL Shipping Germany for WooCommerce

DHL Shipping Germany for WooCommerce

dhl-for-woocommerce

A
100

Automate e-commerce orders with Official DHL for WooCommerce. Covers DHL Paket and Deutsche Post International.

4K No CVEs
The Courier Guy Shipping for WooCommerce

The Courier Guy Shipping for WooCommerce

the-courier-guy

A
100

This is the official WooCommerce extension to ship products using The Courier Guy.

3K No CVEs
AppScenic – Smart AI Dropshipping

AppScenic – Smart AI Dropshipping

appscenic

A
92

Expand your store catalogue with no upfront inventory cost. Source high-quality products from verified domestic suppliers and use AI in the process.

2K No CVEs
CDEKDelivery

CDEKDelivery

cdekdelivery

A
100

Integration with CDEK delivery for your WooCommerce store.

2K No CVEs
Developer Profile

WP E-Commerce Extra Shipping Options Developer Profile

Dijitul

2 plugins · 20 total installs

89
trust score
Avg Security Score
93/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect WP E-Commerce Extra Shipping Options

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-e-commerce-extra-shipping-option/my_shipping.php

HTML / DOM Fingerprints

HTML Comments
You must always supply this Use this function to return HTML for setting any configuration options for your shipping method * This will appear in the WP E-Commerce admin area under Products > Settings > Shipping * * Whatever you output here will be wrapped inside the right <form> tags, and also * a <table> </table> block Use this function to store the settings submitted by the form above * Submitted form data is in $_POST If there is a per-item shipping charge that applies irrespective of the chosen shipping method * then it should be calculated and returned here. The value returned from this function is used * as-is on the product pages. It is also included in the final cart & checkout figure along * with the results from GetQuote (below) +14 more
Data Attributes
name="shipping[first]"name="shipping[recorded]"name="shipping[special]"name="shipping[saturday]"name="shipping[europe]"name="shipping[international]"
JS Globals
my_shipping
FAQ

Frequently Asked Questions about WP E-Commerce Extra Shipping Options