WP-Safety

CrossPeak OMS for WooCommerce Security & Risk Analysis

wordpress.org/plugins/crosspeakoms

Easy eCommerce Order Management

10 active installs v2.0.2 PHP 7.1+ WP 4.0.0+ Updated Jul 16, 2025
call-center-softwareomsorder-management-for-woocommerceorder-management-systemwoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is CrossPeak OMS for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

CrossPeak OMS for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8mo ago
Risk Assessment

The "crosspeakoms" plugin version 2.0.2 exhibits a mixed security posture. On the positive side, it demonstrates good practices in output escaping, with 94% of outputs properly handled, and there are no recorded vulnerabilities (CVEs) or critical taint flows identified. This suggests a level of care in development and a lack of known exploitable issues. However, significant concerns arise from the attack surface. Three out of seven entry points are unprotected, specifically one AJAX handler and two REST API routes lacking permission callbacks. This creates direct pathways for unauthorized access or manipulation if not properly secured by other means.

The static analysis reveals the presence of dangerous functions, SQL queries, file operations, and external HTTP requests. While the SQL queries are only 50% prepared, and there are no explicit nonce checks, the absence of known vulnerabilities and taint issues is reassuring. The vulnerability history being clean is a strong indicator of past security diligence, but it does not negate the risks presented by the current code's attack surface. The plugin's strengths lie in its output sanitization and lack of historical exploitable issues, but its weaknesses are concentrated in its unprotected entry points, which require careful consideration and potentially additional server-side access controls.

Key Concerns

  • Unprotected AJAX handler
  • REST API routes without permission callbacks
  • SQL queries not fully using prepared statements
  • Lack of nonce checks
Vulnerabilities
None known

CrossPeak OMS for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

CrossPeak OMS for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
1 prepared
Unescaped Output
2
34 escaped
Nonce Checks
0
Capability Checks
4
File Operations
3
External Requests
1
Bundled Libraries
0

SQL Query Safety

50% prepared2 total queries

Output Escaping

94% escaped36 total outputs
Attack Surface
3 unprotected

CrossPeak OMS for WooCommerce Attack Surface

Entry Points7
Unprotected3

AJAX Handlers 1

authwp_ajax_test_connectioncrosspeakoms.php:126

REST API Routes 6

GET/wp-json/wc-crosspeak/v1/customercrosspeakoms.php:1282
GET/wp-json/wc-crosspeak/v1/pendingcrosspeakoms.php:1294
GET/wp-json/wc-crosspeak/v1/test-connectioncrosspeakoms.php:1306
GET/wp-json/wc-crosspeak/v1/calculate_cart_totalscrosspeakoms.php:1320
GET/wp-json/wc-crosspeak/v1/silent_update_ordercrosspeakoms.php:1330
GET/wp-json/wc-crosspeak/v1/pending/(?P<id>\d+)crosspeakoms.php:1340
WordPress Hooks 30
actionadd_meta_boxescrosspeakoms-admin.php:80
filterwoocommerce_integrationscrosspeakoms.php:86
actionwoocommerce_checkout_order_processedcrosspeakoms.php:90
actionwoocommerce_new_ordercrosspeakoms.php:92
actionwoocommerce_update_ordercrosspeakoms.php:96
actionwoocommerce_order_edit_statuscrosspeakoms.php:97
actionwoocommerce_order_status_changedcrosspeakoms.php:98
actionwoocommerce_process_shop_order_metacrosspeakoms.php:100
actionwp_trash_postcrosspeakoms.php:103
actionwoocommerce_rest_pre_insert_shop_order_objectcrosspeakoms.php:106
actionsave_postcrosspeakoms.php:109
actionwp_insert_commentcrosspeakoms.php:112
actionwoocommerce_rest_insert_order_notecrosspeakoms.php:115
actionwoocommerce_product_set_stockcrosspeakoms.php:118
actionwp_enqueue_scriptscrosspeakoms.php:121
actionwoocommerce_checkout_update_order_metacrosspeakoms.php:122
actionadmin_enqueue_scriptscrosspeakoms.php:125
actionwoocommerce_cart_calculate_feescrosspeakoms.php:129
filterwoocommerce_package_ratescrosspeakoms.php:130
actionwoocommerce_before_calculate_totalscrosspeakoms.php:131
actionwoocommerce_email_order_detailscrosspeakoms.php:133
filterwoocommerce_my_account_my_orders_columnscrosspeakoms.php:135
actionwoocommerce_my_account_my_orders_column_crosspeak-trackingcrosspeakoms.php:136
actionwoocommerce_order_details_before_order_tablecrosspeakoms.php:138
actionrest_api_initcrosspeakoms.php:141
actioncrosspeak_product_update_taskcrosspeakoms.php:144
actioncrosspeak_coupon_update_taskcrosspeakoms.php:145
actioncrosspeak_order_update_taskcrosspeakoms.php:146
actioncrosspeak_product_stock_update_taskcrosspeakoms.php:147
actionplugins_loadedcrosspeakoms.php:1368
Maintenance & Trust

CrossPeak OMS for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedJul 16, 2025
PHP min version7.1
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

CrossPeak OMS for WooCommerce Alternatives

Popcustoms – Print on demand & dropshipping, Free Personalizer

Popcustoms – Print on demand & dropshipping, Free Personalizer

popcustoms-integration-for-woocommerce

A
100

Print on demand products & embroidery provider, fulfillment & global dropshipping, customize shoes, T-shirt, hats, hoodie, jacket, blanket and more.

100 No CVEs
Thenine Logistic

Thenine Logistic

thenine-logistic

A
100

Professional WordPress Order Management System (OMS) integrated with WooCommerce. Features custom login page, modern dashboard.

0 No CVEs
Essential Addons for Elementor – Popular Elementor Templates & Widgets

Essential Addons for Elementor – Popular Elementor Templates & Widgets

essential-addons-for-elementor-lite

B
76

Elementor addon offering 110+ widgets and templates — Elementor Gallery, Slider, Form, Post Grid, Menu, Accordion, WooCommerce & more.

2.0M 56 CVEs
Google for WooCommerce

Google for WooCommerce

google-listings-and-ads

A
99

Native integration with Google that allows merchants to easily display their products across Google’s network.

900K 1 CVE
WooPayments: Integrated WooCommerce Payments

WooPayments: Integrated WooCommerce Payments

woocommerce-payments

A
89

Securely accept credit and debit cards on your WooCommerce store. Manage payments without leaving your WordPress dashboard. Only with WooPayments.

900K 7 CVEs
Developer Profile

CrossPeak OMS for WooCommerce Developer Profile

CrossPeak

3 plugins · 14K total installs

77
trust score
Avg Security Score
97/100
Avg Patch Time
1614 days
View full developer profile
Detection Fingerprints

How We Detect CrossPeak OMS for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/crosspeakoms/assets/css/admin-style.css/wp-content/plugins/crosspeakoms/assets/js/admin-script.js/wp-content/plugins/crosspeakoms/assets/js/frontend-script.js
Version Parameters
crosspeakoms/assets/css/admin-style.css?ver=crosspeakoms/assets/js/admin-script.js?ver=crosspeakoms/assets/js/frontend-script.js?ver=

HTML / DOM Fingerprints

CSS Classes
crosspeak-tracking-infocrosspeak-tracking-linkcrosspeak-order-notecrosspeak-order-status
Data Attributes
data-crosspeak-order-id
JS Globals
CrossPeakOMSAdminCrossPeakOMSFrotnend
REST Endpoints
/wp-json/crosspeakoms/v1/pending-updates/wp-json/crosspeakoms/v1/remove-from-pending/wp-json/crosspeakoms/v1/customer/wp-json/crosspeakoms/v1/settings
FAQ

Frequently Asked Questions about CrossPeak OMS for WooCommerce