Does Inpost International have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Inpost International compatible with WordPress 6.9.4?

According to WordPress.org data, Inpost International 1.0.9 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Inpost International compatible with PHP 7.4+?

Inpost International requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Inpost International updated?

Inpost International was last updated on Feb 24, 2026. Frequent updates are generally a positive security signal.

What is Inpost International's security score?

Inpost International has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Inpost International Security — No Known CVEs

Safety Verdict

Is Inpost International Safe to Use in 2026?

Generally Safe

Score 100/100

Inpost International has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago

Risk Assessment

The 'inpost-international' plugin v1.0.9 demonstrates a generally good security posture with several strengths. Notably, it utilizes prepared statements for all its SQL queries, a critical security best practice that significantly mitigates SQL injection risks. Furthermore, the vast majority of its output is properly escaped, reducing the likelihood of cross-site scripting (XSS) vulnerabilities. The plugin has no recorded historical vulnerabilities, which is a positive indicator of its development team's attention to security.

However, there are a few areas that warrant attention. The presence of an AJAX handler without authentication checks represents a direct entry point that could potentially be exploited by unauthenticated users. While taint analysis found no critical or high severity issues, the existence of four flows with unsanitized paths suggests a potential for indirect vulnerabilities if input from these flows is not carefully handled later in the execution chain. The plugin also makes external HTTP requests, which can be a vector for various attacks if not properly secured and validated.

In conclusion, while the 'inpost-international' plugin benefits from strong SQL and output sanitization practices and a clean vulnerability history, the unprotected AJAX endpoint and the presence of unsanitized paths are notable weaknesses. Addressing these specific concerns would further solidify the plugin's security.

Key Concerns

Unprotected AJAX handler
Flows with unsanitized paths
External HTTP requests

Vulnerabilities

None known

Inpost International Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Inpost International Release Timeline

v1.0.9Current

v1.0.8

v1.0.7

v1.0.6

v1.0.5

v1.0.4

v1.0.3

v1.0.2

v1.0.1

Code Analysis

Analyzed Mar 16, 2026

Inpost International Code Analysis

Dangerous Functions

0

Raw SQL Queries

0

24 prepared

Unescaped Output

61

774 escaped

Nonce Checks

17

Capability Checks

1

File Operations

0

External Requests

8

Bundled Libraries

1

Bundled Libraries

Guzzle

SQL Query Safety

100% prepared24 total queries

Output Escaping

93% escaped835 total outputs

Data Flows · Security

4 unsanitized

Data Flow Analysis

15 flows4 with unsanitized paths

ajax_callback (src\Backend\Ajax_Handler.php:46)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Inpost International Attack Surface

Entry Points6

Unprotected1

AJAX Handlers 5

authwp_ajax_inpost_intl_start_connectionsrc\API\API.php:133

authwp_ajax_inpost_internationalsrc\Backend\Ajax_Handler.php:35

authwp_ajax_inpost_intl_save_locker_to_wc_sessionsrc\Backend\Ajax_Handler.php:37

noprivwp_ajax_inpost_intl_save_locker_to_wc_sessionsrc\Backend\Ajax_Handler.php:38

authwp_ajax_easypack_bulk_create_shipmentssrc\Backend\Orders_Bulk_Actions.php:46

Shortcodes 1

[inpost_intl_fee] src\Shipping\Shipping_Method_Base.php:911

WordPress Hooks 37

actionadmin_noticescompatibility.php:32

actionwp_loadedsrc\API\API.php:134

actionwoocommerce_checkout_update_order_metasrc\Backend\Backend.php:51

actionwoocommerce_store_api_checkout_update_order_from_requestsrc\Backend\Backend.php:53

actionadd_meta_boxessrc\Backend\Backend.php:55

filterwoocommerce_order_item_get_formatted_meta_datasrc\Backend\Backend.php:57

actionadmin_footersrc\Backend\Backend.php:304

actionadmin_enqueue_scriptssrc\Backend\Backend.php:306

filterbulk_actions-edit-shop_ordersrc\Backend\Orders_Bulk_Actions.php:40

filterbulk_actions-woocommerce_page_wc-orderssrc\Backend\Orders_Bulk_Actions.php:41

actionadmin_enqueue_scriptssrc\Backend\Orders_Bulk_Actions.php:42

filtermanage_woocommerce_page_wc-orders_columnssrc\Backend\Orders_Bulk_Actions.php:43

filtermanage_edit-shop_order_columnssrc\Backend\Orders_Bulk_Actions.php:44

actionmanage_shop_order_posts_custom_columnsrc\Backend\Orders_Bulk_Actions.php:48

actionmanage_woocommerce_page_wc-orders_custom_columnsrc\Backend\Orders_Bulk_Actions.php:49

actionadmin_footersrc\Backend\Orders_Bulk_Actions.php:258

actionwoocommerce_email_order_metasrc\Emails\OrderEmail.php:26

actionwoocommerce_checkout_processsrc\Frontend\Frontend.php:80

filterwoocommerce_shipping_packagessrc\Frontend\Frontend.php:82

filterwoocommerce_get_order_item_totalssrc\Frontend\Frontend.php:84

actionwoocommerce_after_shipping_ratesrc\Frontend\Frontend.php:86

actionwoocommerce_blocks_loadedsrc\Plugin.php:76

actionafter_setup_themesrc\Plugin.php:314

filterwoocommerce_shipping_methodssrc\Plugin.php:336

actionwoocommerce_blocks_checkout_block_registrationsrc\Plugin.php:399

filtercron_schedulessrc\Plugin.php:406

actionadmin_initsrc\Settings\Admin_Settings.php:40

filterinstall_plugins_nonmenu_tabssrc\Settings\Admin_Settings.php:43

actionadmin_enqueue_scriptssrc\Settings\Admin_Settings.php:45

filterwoocommerce_product_data_tabssrc\Settings\Product_Settings.php:55

actionwoocommerce_product_data_panelssrc\Settings\Product_Settings.php:56

actionwoocommerce_admin_process_product_objectsrc\Settings\Product_Settings.php:57

actionwoocommerce_product_options_shippingsrc\Settings\Product_Settings.php:58

actionadmin_enqueue_scriptssrc\Settings\Settings_Helper.php:416

actionadmin_initsrc\Settings\Settings_Helper.php:418

actionadmin_menusrc\Settings\Settings_Helper.php:421

actionwoocommerce_review_order_before_submittemplates\classic-checkout-map-button.php:8

Maintenance & Trust

Inpost International Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 24, 2026

PHP min version7.4

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs100

Alternatives

Inpost International Alternatives

InPost PL

inpost-for-woocommerce

A

100

InPost PL dla WooCommerce to dedykowana wtyczka do integracji, stworzona z myślą o małych i średnich firmach, które chcą w szybki i wygodny sposób zin …

10K No CVEs

Inpost Paczkomaty

inpost-paczkomaty

A

85

Umożliwia dodanie Paczkomaty Inpost jako forma dostawy produktów. Zawiera mapkę gdzie można wybrać paczkomat w którym chce się odebrać przesyłkę.

8K No CVEs

MyParcel

woocommerce-myparcel

A

99

Export your WooCommerce orders to MyParcel (www.myparcel.nl) and print labels directly from the WooCommerce admin

8K 1 CVE

TrackShip for WooCommerce

trackship-for-woocommerce

A

99

TrackShip auto-tracks orders, adds a branded tracking experience to your store and handles all customer touchpoints from shipping to delivery

7K 2 CVEs

Apaczka: integracja z WooCommerce

apaczka-pl

A

100

Zarządzaj wysyłkami różnych kurierów w jednym miejscu

3K No CVEs

Developer Profile

Inpost International Developer Profile

inpostitaly

2 plugins · 300 total installs

94

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Inpost International

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/inpost-international/build/inpost-frontend.css/wp-content/plugins/inpost-international/build/inpost-frontend.js/wp-content/plugins/inpost-international/build/inpost-backend.css/wp-content/plugins/inpost-international/build/inpost-backend.js

Script Paths

/wp-content/plugins/inpost-international/build/inpost-frontend.js/wp-content/plugins/inpost-international/build/inpost-backend.js

Version Parameters

inpost-international/build/inpost-frontend.css?ver=inpost-international/build/inpost-frontend.js?ver=inpost-international/build/inpost-backend.css?ver=inpost-international/build/inpost-backend.js?ver=

HTML / DOM Fingerprints

CSS Classes

inpost-locker-finder-wrapperinpost-locker-finderinpost-locker-finder-iframe

Data Attributes

data-inpost-map-settingsdata-inpost-api-endpoint

JS Globals

inpost_intl_maps

REST Endpoints

/wp-json/inpost-international/v1/maps/settings

FAQ

Inpost International Security & Risk Analysis

Is Inpost International Safe to Use in 2026?

Generally Safe

Key Concerns

Inpost International Security Vulnerabilities

Inpost International Release Timeline

Inpost International Code Analysis

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

Inpost International Attack Surface

AJAX Handlers 5

Shortcodes 1

Inpost International Maintenance & Trust

Maintenance Signals

Community Trust

Inpost International Alternatives

InPost PL

Inpost Paczkomaty

MyParcel

TrackShip for WooCommerce

Apaczka: integracja z WooCommerce

Inpost International Developer Profile

How We Detect Inpost International

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Inpost International