Does Zajel Shipment Delivery have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Zajel Shipment Delivery compatible with WordPress 6.4.8?

According to WordPress.org data, Zajel Shipment Delivery 1.0.3 has been tested up to WordPress 6.4.8. Check the plugin's changelog for the latest compatibility information.

Is Zajel Shipment Delivery compatible with PHP 7.4+?

Zajel Shipment Delivery requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Zajel Shipment Delivery updated?

Zajel Shipment Delivery was last updated on May 9, 2024. Frequent updates are generally a positive security signal.

What is Zajel Shipment Delivery's security score?

Zajel Shipment Delivery has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Zajel Shipment Delivery Security & Risk Analysis

wordpress.org/plugins/zajel-shipment-delivery

Zajel connects your store to help you with, syncing orders to Zajel application, print AWB labels and track your packages.

10 active installs v1.0.3 PHP 7.4+ WP 4.7+ Updated May 9, 2024

ecommerceshipsyzajel

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Zajel Shipment Delivery Safe to Use in 2026?

Generally Safe

Score 85/100

Zajel Shipment Delivery has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago

Risk Assessment

The zajel-shipment-delivery v1.0.3 plugin exhibits a concerning security posture due to a significant number of unprotected AJAX handlers. While the plugin demonstrates strong practices in SQL query preparation and output escaping, the absence of authentication checks on all identified AJAX endpoints creates a substantial attack surface. This means that any unauthenticated user could potentially trigger these functions, leading to unauthorized actions or information disclosure.

The static analysis reveals no critical or high-severity issues in taint flows, and the plugin has no recorded vulnerability history, which are positive indicators. However, the lack of nonce checks and capability checks on the AJAX handlers is a critical omission. Bundled libraries like DataTables, if not kept up-to-date, could also introduce vulnerabilities, though this is not explicitly detailed in the provided data.

In conclusion, the plugin's strengths lie in its secure handling of database queries and output. Nevertheless, the direct exposure of all AJAX endpoints without any form of authentication or authorization is a severe weakness. This oversight drastically elevates the risk profile, requiring immediate attention to secure these entry points.

Key Concerns

8 AJAX handlers without auth checks
0 Nonce checks
0 Capability checks

Vulnerabilities

None known

Zajel Shipment Delivery Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Zajel Shipment Delivery Release Timeline

v1.0.4

v1.0.3Current

Code Analysis

Analyzed Mar 16, 2026

Zajel Shipment Delivery Code Analysis

Dangerous Functions

Raw SQL Queries

44 prepared

Unescaped Output

489 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

DataTables

SQL Query Safety

100% prepared44 total queries

Output Escaping

100% escaped489 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

4 flows

notice_messages (admin\class-shipsy-econnect-admin.php:875)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

8 unprotected

Zajel Shipment Delivery Attack Surface

Entry Points8

Unprotected8

AJAX Handlers 8

authwp_ajax_shipsy_get_endpoint_urlincludes\class-shipsy-econnect.php:163

authwp_ajax_shipsy_get_all_addressesincludes\class-shipsy-econnect.php:164

authwp_ajax_shipsy_get_shipping_addressincludes\class-shipsy-econnect.php:165

authwp_ajax_on_sync_submitincludes\class-shipsy-econnect.php:166

authwp_ajax_sync_resultincludes\class-shipsy-econnect.php:167

authwp_ajax_pending_consignments_syncincludes\class-shipsy-econnect.php:168

authwp_ajax_auto_sync_status_updateincludes\class-shipsy-econnect.php:169

authwp_ajax_shipsy_download_labelincludes\class-shipsy-econnect.php:170

WordPress Hooks 27

actionshipsy_auto_sync_consignments_cron_hookadmin\crons\shipsy-cron-handler.php:46

actionshipsy_auto_update_consignment_status_cron_hookadmin\crons\shipsy-cron-handler.php:65

actionplugins_loadedincludes\class-shipsy-econnect.php:142

actionadmin_enqueue_scriptsincludes\class-shipsy-econnect.php:157

actionadmin_enqueue_scriptsincludes\class-shipsy-econnect.php:158

actionadmin_menuincludes\class-shipsy-econnect.php:160

actionadmin_post_on_config_submitincludes\class-shipsy-econnect.php:172

actionadmin_post_on_setting_submitincludes\class-shipsy-econnect.php:173

actionadmin_post_on_setup_submitincludes\class-shipsy-econnect.php:174

actionadmin_headincludes\class-shipsy-econnect.php:176

filterwoocommerce_admin_order_actionsincludes\class-shipsy-econnect.php:177

filterbulk_actions-edit-shop_orderincludes\class-shipsy-econnect.php:180

filterhandle_bulk_actions-edit-shop_orderincludes\class-shipsy-econnect.php:181

filtermanage_edit-shop_order_columnsincludes\class-shipsy-econnect.php:182

actionmanage_shop_order_posts_custom_columnincludes\class-shipsy-econnect.php:183

filterbulk_actions-woocommerce_page_wc-ordersincludes\class-shipsy-econnect.php:186

filterhandle_bulk_actions-woocommerce_page_wc-ordersincludes\class-shipsy-econnect.php:187

filtermanage_woocommerce_page_wc-orders_columnsincludes\class-shipsy-econnect.php:188

actionmanage_woocommerce_page_wc-orders_custom_columnincludes\class-shipsy-econnect.php:189

actionadmin_noticesincludes\class-shipsy-econnect.php:192

actionadmin_headincludes\class-shipsy-econnect.php:193

actionadd_meta_boxesincludes\class-shipsy-econnect.php:194

filtercron_schedulesincludes\class-shipsy-econnect.php:197

actioninitincludes\class-shipsy-econnect.php:198

actionwp_enqueue_scriptsincludes\class-shipsy-econnect.php:212

actionwp_enqueue_scriptsincludes\class-shipsy-econnect.php:213

actionwoocommerce_view_orderincludes\class-shipsy-econnect.php:214

Scheduled Events 2

shipsy_auto_sync_consignments_cron_hook

shipsy_auto_update_consignment_status_cron_hook

Maintenance & Trust

Zajel Shipment Delivery Maintenance & Trust

Maintenance Signals

WordPress version tested6.4.8

Last updatedMay 9, 2024

PHP min version7.4

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Zajel Shipment Delivery Alternatives

DTDC Econnect Plugin

dtdc-econnect

\"Bigger, Better, & Brighter Range of DTDC Express and E-commerce Based Business for your wider range of shipment.

300 No CVEs

Jeebly Shipment Delivery

jeebly-shipping

About Jeebly

20 No CVEs

WooCommerce

woocommerce

Everything you need to launch an online store in days and keep it growing for years. From your first sale to millions in revenue, Woo is with you.

7.0M 43 CVEs

Popup Builder & Popup Maker for WordPress – OptinMonster Email Marketing and Lead Generation

optinmonster

🤩 Make popups & optin forms to get more email newsletter subscribers, leads, and sales - #1 most popular popup builder plugin! 🚀

1.0M 6 CVEs

WooCommerce PayPal Payments

woocommerce-paypal-payments

100

PayPal's latest payment processing solution. Accept PayPal, Pay Later, credit/debit cards, alternative digital wallets and bank accounts.

800K 1 CVE

Developer Profile

Zajel Shipment Delivery Developer Profile

zajelwp

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Zajel Shipment Delivery

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/zajel-shipment-delivery/admin/css/ec-ui-style.css/wp-content/plugins/zajel-shipment-delivery/admin/css/ec-overlay-style.css/wp-content/plugins/zajel-shipment-delivery/admin/css/ec-config-style.css/wp-content/plugins/zajel-shipment-delivery/assets/css/bootstrap.min.css/wp-content/plugins/zajel-shipment-delivery/assets/css/jquery.dataTables.min.css/wp-content/plugins/zajel-shipment-delivery/assets/css/sweetalert.css/wp-content/plugins/zajel-shipment-delivery/assets/js/bootstrap.min.js/wp-content/plugins/zajel-shipment-delivery/assets/js/jquery.dataTables.min.js+4 more

Script Paths

/wp-content/plugins/zajel-shipment-delivery/admin/js/shipsy-econnect-admin.js

Version Parameters

zajel-shipment-delivery/assets/css/bootstrap.min.css?ver=zajel-shipment-delivery/assets/css/jquery.dataTables.min.css?ver=zajel-shipment-delivery/assets/css/sweetalert.css?ver=zajel-shipment-delivery/admin/css/ec-ui-style.css?ver=zajel-shipment-delivery/admin/css/ec-overlay-style.css?ver=zajel-shipment-delivery/admin/css/ec-config-style.css?ver=zajel-shipment-delivery/assets/js/bootstrap.min.js?ver=zajel-shipment-delivery/assets/js/jquery.dataTables.min.js?ver=zajel-shipment-delivery/assets/js/jquery.validate.min.js?ver=zajel-shipment-delivery/assets/js/sweetalert.js?ver=zajel-shipment-delivery/assets/js/libphonenumber-js.max.js?ver=zajel-shipment-delivery/admin/js/shipsy-econnect-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

ec-ui-styleec-overlay-styleec-config-style

Data Attributes

data-nonce-value

JS Globals

localized_dataSHIPSY_ECONNECT_URL

FAQ