Title: Plugin security issues
Last modified: January 6, 2026

---

# Plugin security issues

 *  Resolved [frisbee9580](https://wordpress.org/support/users/frisbee9580/)
 * (@frisbee9580)
 * [4 months, 1 week ago](https://wordpress.org/support/topic/plugin-security-issues-2/)
 * Hi,
   We are evaluating the plugin and did a quick code quality review as of version
   1.1.93.Could you advise on the following items?**1. SSL Verification disabled
   on remote requests**We found multiple wp_remote_get(…, [‘sslverify’ => false])
   calls when downloading labels andother resources. This is a potential security
   risk.Why is SSL verification disabled?**2. Remote downloads using file_get_contents()**
   We saw file_get_contents($file_url) used to download remote label files (no WP
   HTTP API,timeouts, or error handling).Can this be replaced with wp_remote_get()
   with explicit timeouts and safe handling?Are the remote URLs always guaranteed
   to be ShipAny-owned/whitelisted?**3. Caching/writes inside the plugin directory**
   The plugin creates/writes to wp-content/plugins/shipany/cache and attempts mkdir(…,
   0777) / chmod(…).Not sure that’s suitable for Bedrock/Trellis projects where 
   plugin directories are read-only. Not runtime storage. The permission choices
   are also questionable.

Viewing 1 replies (of 1 total)

 *  Plugin Author [shipany](https://wordpress.org/support/users/shipany/)
 * (@shipany)
 * [3 months, 3 weeks ago](https://wordpress.org/support/topic/plugin-security-issues-2/#post-18793011)
 * We are pleased to inform you that version 1.1.95 has been released. Please try
   it and share your feedback, and kindly let us know if you encounter any further
   issues.

Viewing 1 replies (of 1 total)

You must be [logged in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fplugin-security-issues-2%2F%3Foutput_format%3Dmd&locale=en_US)
to reply to this topic.

 * ![](https://ps.w.org/shipany/assets/icon-256×256.png?rev=2607964)
 * [ShipAny WooCommerce: Ship, Label, Tracking](https://wordpress.org/plugins/shipany/)
 * [Support Threads](https://wordpress.org/support/plugin/shipany/)
 * [Active Topics](https://wordpress.org/support/plugin/shipany/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/shipany/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/shipany/reviews/)

 * 1 reply
 * 2 participants
 * Last reply from: [shipany](https://wordpress.org/support/users/shipany/)
 * Last activity: [3 months, 3 weeks ago](https://wordpress.org/support/topic/plugin-security-issues-2/#post-18793011)
 * Status: resolved