cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forwoocommerce-services woocommerce-services

Direction: descending
Apr 21, 2025

WooCommerce Shipping & Tax # PSC-2025-64565

PSC, Research URL

PSC-2025-64565

Home page URL

Security reports for WooCommerce Shipping & Tax

Application

WooCommerce Shipping & Tax

Date
Apr 21, 2025
Research Description
WooCommerce Shipping & Tax is a vital extension for any WooCommerce-powered store that simplifies two of the most complex parts of running an eCommerce business: shipping and taxes. This plugin offloads critical services such as label generation and tax calculation to Automattic’s robust and secure cloud infrastructure. By doing so, it minimizes dependency on your own hosting environment, ensuring faster response times and increased platform stability. With the ability to instantly print USPS and DHL shipping labels and automatically calculate accurate tax rates at checkout, WooCommerce Shipping & Tax is designed to save store owners time, money, and resources. The plugin has successfully passed a comprehensive security review and has been awarded the Plugin Security Certification (PSC-2025-64565) by CleanTalk, confirming its reliability and code integrity.
Affected versions
Min -, max -.
Status
SAFE & CERTIFIED
Jun 07, 2024

WooCommerce Shipping & Tax # d6228e99d68810fc638ec1e0c7ddcc9b649a8527

CVE, Research URL

d6228e99d68810fc638ec1e0c7ddcc9b649a8527

Home page URL

Security reports for WooCommerce Shipping & Tax

Application

WooCommerce Shipping & Tax

Date
May 24, 2023
Research Description
WooCommerce Shipping &amp; Tax [woocommerce-services] < 2.2.5 WordPress WooCommerce Shipping & Tax Plugin <= 2.2.4 is vulnerable to Cross Site Scripting (XSS) Update the WordPress WooCommerce Shipping & Tax plugin to the latest available version (at least 2.2.5). Unknown discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress WooCommerce Shipping & Tax Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 2.2.5.
Affected versions
Min -, max -.
Status
vulnerable