WP-Safety

Invelity SPS connect Security & Risk Analysis

wordpress.org/plugins/invelity-sps-connect

Plugin Invelity SPS (Slovak parcel service) connect je vytvorený pre obchodníkov na platforme Woocommerce ktorý potrebuju automaticky exportovat údaje …

50 active installs v1.0.8 PHP 5.6+ WP 4.6.1+ Updated Jul 2, 2020
glsshippingwoocommerce
63
C · Use Caution
CVEs total1
Unpatched1
Last CVEDec 26, 2025
Plugin page Download
Safety Verdict

Is Invelity SPS connect Safe to Use in 2026?

Use With Caution

Score 63/100

Invelity SPS connect has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Dec 26, 2025Updated 5yr ago
Risk Assessment

The plugin "invelity-sps-connect" v1.0.8 exhibits a mixed security posture. While it demonstrates good practices in some areas, such as 100% use of prepared statements for SQL queries and a relatively small attack surface with no identified unprotected entry points, significant concerns remain. The presence of two instances of the `unserialize` function is a critical risk, as deserialization vulnerabilities are notoriously dangerous and can lead to remote code execution if improperly handled. This is further compounded by the taint analysis revealing one flow with an unsanitized path, which could be exploited to bypass security controls or inject malicious data.

The vulnerability history also raises a red flag. With one known CVE, currently unpatched, and categorized as medium severity, it indicates a past pattern of security weaknesses. The common vulnerability type being Cross-site Scripting suggests that input sanitization and output escaping are areas that require diligent attention. Although the static analysis shows 44% of outputs are properly escaped, this figure is still concerning, and the unpatched CVE strongly suggests that the identified XSS vulnerability was not adequately addressed.

In conclusion, despite some positive security attributes like prepared SQL statements, the "invelity-sps-connect" plugin has notable weaknesses. The use of `unserialize`, the identified taint flow, and the unpatched CVE point to specific vulnerabilities that require immediate attention. The plugin needs a thorough review and remediation of these identified issues to improve its overall security.

Key Concerns

  • Unpatched CVE
  • Taint flow with unsanitized path
  • Use of dangerous function: unserialize
  • Low percentage of properly escaped output
  • No capability checks
Vulnerabilities
1

Invelity SPS connect Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-68876medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Invelity SPS connect <= 1.0.8 - Reflected Cross-Site Scripting

Dec 26, 2025Unpatched
Code Analysis
Analyzed Mar 16, 2026

Invelity SPS connect Code Analysis

Dangerous Functions
2
Raw SQL Queries
0
0 prepared
Unescaped Output
22
17 escaped
Nonce Checks
1
Capability Checks
0
File Operations
3
External Requests
3
Bundled Libraries
0

Dangerous Functions Found

unserialize$sucessfull = unserialize(str_replace('\\', '', urldecode($_REQUEST['sps-sucessfull'])));classes\class.invelitySpsConnectProcess.php:260
unserialize$unsucessfull = unserialize(str_replace('\\', '', urldecode($_REQUEST['sps-unsucessfull'])));classes\class.invelitySpsConnectProcess.php:261

Output Escaping

44% escaped39 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths
<class.invelitySpsConnectProcess> (classes\class.invelitySpsConnectProcess.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Invelity SPS connect Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 8
actionadmin_enqueue_scriptsclasses\class.invelityPluginsAdmin.php:19
actionadmin_menuclasses\class.invelityPluginsAdmin.php:20
actionadmin_menuclasses\class.invelitySpsConnectAdmin.php:17
actionadmin_initclasses\class.invelitySpsConnectAdmin.php:18
actionadmin_enqueue_scriptsclasses\class.invelitySpsConnectAdmin.php:19
actionadmin_footer-edit.phpclasses\class.invelitySpsConnectProcess.php:21
actionload-edit.phpclasses\class.invelitySpsConnectProcess.php:22
actionwp_before_admin_bar_renderclasses\class.invelitySpsConnectProcess.php:23
Maintenance & Trust

Invelity SPS connect Maintenance & Trust

Maintenance Signals

WordPress version tested5.4.19
Last updatedJul 2, 2020
PHP min version5.6
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs50
Alternatives

Invelity SPS connect Alternatives

GLS Shipping for WooCommerce

GLS Shipping for WooCommerce

gls-shipping-for-woocommerce

A
99

GLS Shipping plugin for WooCommerce

1K 1 CVE
Invelity MyGLS connect

Invelity MyGLS connect

invelity-mygls-connect

B
78

Jednoduchý prenos objednávok do GLS cez API a tlač štítkov

200 1 unpatched
Invelity GLS online connect

Invelity GLS online connect

invelity-gls-online-connect

A
85

Plugin Invelity GLS online connect je vytvorený pre obchodníkov na platforme Woocommerce ktorý potrebuju automaticky exportovat údaje o objednávkach d &hellip;

60 No CVEs
Invelity GLS Connect

Invelity GLS Connect

invelity-gls-connect

A
85

Plugin Invelity GLS connect je vytvorený pre obchodníkov na platforme Woocommerce ktorý potrebuju automaticky exportovat údaje o objednávkach do systé &hellip;

20 No CVEs
Weight Based Shipping Table Rate for WooCommerce – Flexible Shipping

Weight Based Shipping Table Rate for WooCommerce – Flexible Shipping

flexible-shipping

A
99

Weight based shipping methods for WooCommerce. Flexible shipping with table rate rules by cart weight and order value. Accurate rates at checkout.

100K 2 CVEs
Developer Profile

Invelity SPS connect Developer Profile

INVELITY

8 plugins · 380 total installs

82
trust score
Avg Security Score
83/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Invelity SPS connect

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/invelity-sps-connect/assets/css/invelity-plugins-main-admin.css
Version Parameters
invelity-plugins-main-admin-css?ver=1.0.0

HTML / DOM Fingerprints

CSS Classes
invelity-plugins-main-admin-cssinvelity-button
FAQ

Frequently Asked Questions about Invelity SPS connect