Descartes ShipRush Integration Security & Risk Analysis
wordpress.org/plugins/descartes-shiprush-integrationExport orders to My.ShipRush.com and update tracking details.
Is Descartes ShipRush Integration Safe to Use in 2026?
Generally Safe
Score 100/100Descartes ShipRush Integration has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The Descartes ShipRush Integration plugin v1.0 exhibits a strong security posture based on the provided static analysis and vulnerability history. The absence of any identified dangerous functions, SQL injection vulnerabilities (all queries use prepared statements), and properly escaped output are significant strengths. The presence of a nonce check, even with a limited attack surface, indicates an awareness of basic security practices. The plugin also has no recorded vulnerabilities or CVEs, suggesting a history of secure development.
However, the analysis reveals a complete lack of capability checks and only a single nonce check across zero entry points. While the attack surface is currently minimal, this could pose a risk if functionality is added in the future without proper authorization checks. The absence of taint analysis results also leaves a blind spot, as no complex data flows were examined.
In conclusion, the plugin is currently in a good security state due to its clean code and lack of historical vulnerabilities. The primary concern lies in the limited implementation of authorization mechanisms (capability checks) and the minimal use of nonces, which could become a weakness if the plugin's functionality expands without addressing these areas. A more comprehensive taint analysis would also provide greater assurance.
Key Concerns
- No capability checks implemented
- Minimal nonce checks (1 total, 0 unprotected)
- No taint analysis results available
Descartes ShipRush Integration Security Vulnerabilities
Descartes ShipRush Integration Code Analysis
Output Escaping
Descartes ShipRush Integration Attack Surface
WordPress Hooks 5
Maintenance & Trust
Descartes ShipRush Integration Maintenance & Trust
Maintenance Signals
Community Trust
Descartes ShipRush Integration Alternatives
BLAZING Shipment Tracking
blazing-woocommerce-shipment-tracking
This plugin adds courier and tracking number to the woocommerce order, and a dedicated email to send shipment tracking info to the customer.
ReachShip WooCommerce Multi-Carrier & Conditional Shipping
elex-reachship-multi-carrier-conditional-shipping
Multi-carrier WooCommerce shipping plugin to get rates, print labels, pickups & track DHL, FedEx, UPS, USPS, Australia Post via ReachShip API.
Live Rates for ShipStation
live-rates-for-shipstation
Pulls live shipping rates from your favorite carriers connected to 3rd party provider ShipStation.
ELEX ShipEngine UPS & FedEx Shipping Method
elex-shipengine-shipping-method
WooCommerce UPS & FedEx Shipping Method Plugin uses ShipEngine API to Display Live Shipping Rates from UPS & FedEx based on Shipping Address & …
Tracking for Fedex USPS
tracking-for-fedex-usps
Once activated, this plugin generated a shortcode [tracking-fedex-usps] that you can insert into any post or page. The shortcode will be displayed as …
Descartes ShipRush Integration Developer Profile
2 plugins · 1K total installs
How We Detect Descartes ShipRush Integration
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/descartes-shiprush-integration/descartes-shiprush-integration.phpHTML / DOM Fingerprints
shiprush_buttononclick="invoke_connect()"invoke_connect()