WP-Safety

W2P: Pipedrive CRM Integration for WooCommerce Security & Risk Analysis

wordpress.org/plugins/w2p-pipedrive-crm-integration-for-woocommerce

Sync your WooCommerce store with Pipedrive to effortlessly manage customer activity and orders in one place.

40 active installs v1.5.11 PHP 8.0+ WP 6.2+ Updated Mar 3, 2026
automationexportintegrationpipedrivewoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is W2P: Pipedrive CRM Integration for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

W2P: Pipedrive CRM Integration for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The "w2p-pipedrive-crm-integration-for-woocommerce" plugin v1.5.11 exhibits a generally good security posture, with no recorded vulnerabilities or critical code signals. The static analysis reveals that all output is properly escaped and the majority of SQL queries utilize prepared statements, which are strong indicators of secure coding practices. The absence of critical taint flows and dangerous functions further strengthens this assessment.

However, a notable concern arises from the significant attack surface exposed through unprotected REST API routes. With 11 total routes and 6 lacking permission callbacks, this presents a considerable risk of unauthorized access or manipulation if these endpoints handle sensitive data or functionality. While the plugin demonstrates good practices in other areas like output escaping and SQL preparation, the unprotected REST API routes are a weakness that could be exploited. The presence of file operations and external HTTP requests, while not inherently problematic without further context, are also points to monitor.

The plugin's vulnerability history is clean, with zero known CVEs and no past incidents. This suggests a development team that is either very diligent in their security practices or has not yet encountered significant security challenges. Nonetheless, the unprotected REST API routes are a glaring weakness that warrants immediate attention to mitigate potential risks.

Key Concerns

  • REST API routes without permission callbacks
  • File operations present
  • External HTTP requests present
Vulnerabilities
None known

W2P: Pipedrive CRM Integration for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

W2P: Pipedrive CRM Integration for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
4
28 prepared
Unescaped Output
0
13 escaped
Nonce Checks
2
Capability Checks
2
File Operations
1
External Requests
2
Bundled Libraries
0

SQL Query Safety

88% prepared32 total queries

Output Escaping

100% escaped13 total outputs
Attack Surface
6 unprotected

W2P: Pipedrive CRM Integration for WooCommerce Attack Surface

Entry Points11
Unprotected6

REST API Routes 11

GET/wp-json/w2p/v1/ordersincludes\api\internal\v1\orders\get-orders.php:16
GET/wp-json/w2p/v1/order/(?P<id>[\d]+)/sendincludes\api\internal\v1\orders\send-order.php:16
GET/wp-json/w2p/v1/queriesincludes\api\internal\v1\query\get-query-endpoints.php:16
GET/wp-json/w2p/v1/query/(?P<id>[\d]+)/sendincludes\api\internal\v1\query\send-query.php:16
GET/wp-json/w2p/v1/parametersincludes\api\internal\v1\settings\parameters-endpoints.php:16
GET/wp-json/w2p/v1/restore-parametersincludes\api\internal\v1\settings\parameters-endpoints.php:44
GET/wp-json/w2p/v1/restore-pipedrive-parameterincludes\api\internal\v1\settings\pipedrive.php:6
POST/wp-json/w2p/v1/run-syncincludes\api\internal\v1\sync\run-sync.php:17
GET/wp-json/w2p/v1/start-syncincludes\api\internal\v1\sync\start-sync.php:17
GET/wp-json/w2p/v1/stop-syncincludes\api\internal\v1\sync\stop-sync.php:17
GET/wp-json/w2p/v1/sync-progressincludes\api\internal\v1\sync\sync-progress.php:16
WordPress Hooks 25
actionrest_api_initincludes\api\internal\v1\orders\get-orders.php:13
actionrest_api_initincludes\api\internal\v1\orders\send-order.php:13
actionrest_api_initincludes\api\internal\v1\query\get-query-endpoints.php:13
actionrest_api_initincludes\api\internal\v1\query\send-query.php:13
actionrest_api_initincludes\api\internal\v1\settings\parameters-endpoints.php:13
actionrest_api_initincludes\api\internal\v1\settings\parameters-endpoints.php:41
actionrest_api_initincludes\api\internal\v1\settings\pipedrive.php:3
actionrest_api_initincludes\api\internal\v1\sync\run-sync.php:14
actionrest_api_initincludes\api\internal\v1\sync\start-sync.php:14
actionrest_api_initincludes\api\internal\v1\sync\stop-sync.php:14
actionrest_api_initincludes\api\internal\v1\sync\sync-progress.php:13
actionwoocommerce_loadedincludes\class\class-w2pcifw-order.php:243
actionw2pcifw_cart_abandonedincludes\hook\hook-helpers.php:1204
actionshow_user_profileincludes\hook\hook-wp-profile.php:59
actionedit_user_profileincludes\hook\hook-wp-profile.php:60
actionpersonal_options_updateincludes\hook\hook-wp-profile.php:89
actionedit_user_profile_updateincludes\hook\hook-wp-profile.php:90
actionadmin_noticesincludes\hook\notices.php:16
actionw2pcifw_resume_syncincludes\utils\sync.php:97
actionw2pcifw_cron_check_syncincludes\utils\sync.php:155
actionadmin_menuw2p.php:52
filtercron_schedulesw2p.php:181
actionw2pcifw_send_queriesw2p.php:261
actionw2pcifw_check_abandoned_cartsw2p.php:275
actionplugins_loadedw2p.php:281

Scheduled Events 7

w2pcifw_send_queries
w2pcifw_cron_check_sync
w2pcifw_check_abandoned_carts
w2pcifw_send_queries
w2pcifw_send_queries
w2pcifw_resume_sync
w2pcifw_cron_check_sync
Maintenance & Trust

W2P: Pipedrive CRM Integration for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 3, 2026
PHP min version8.0
Downloads2K

Community Trust

Rating100/100
Number of ratings4
Active installs40
Alternatives

W2P: Pipedrive CRM Integration for WooCommerce Alternatives

Bit integrations – Easy Automator with no-code automation, integrate Webhook and automate 300+ Platform

Bit integrations – Easy Automator with no-code automation, integrate Webhook and automate 300+ Platform

bit-integrations

A
98

Perfect Automation and integration plugin: Connect 300+ platforms and automate CRM, Email marketing tools, Google Sheets, Contact forms, LMS and more

20K 1 CVE
WP SendFox

WP SendFox

wp-sendfox

C
63

Capture emails and add them to your SendFox list via comments, registration, WooCommerce checkout, Gutenberg page or Divi Builder page.

1K 1 unpatched
jav's – WooCommerce and Trello integration WooTrello

jav's – WooCommerce and Trello integration WooTrello

wootrello

A
100

Woocommerce + Trello = WooTrello. It will connect woocommerce with trello.

200 No CVEs
ClickSend SMS Woo Integration

ClickSend SMS Woo Integration

clicksendsms

A
85

ClickSend SMS Woo Integration helps to send transactions & promotional sms to wooCommerce store owners.

100 No CVEs
Integration with HubSpot for WooCommerce

Integration with HubSpot for WooCommerce

hubwoo-integration

A
85

A very powerful plugin to integrate your WooCommerce store with HubSpot seemlesly.

100 No CVEs
Developer Profile

W2P: Pipedrive CRM Integration for WooCommerce Developer Profile

Tristan DIENY

1 plugin · 40 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect W2P: Pipedrive CRM Integration for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/w2p-pipedrive-crm-integration-for-woocommerce/admin/build/static/js/main.
Script Paths
/wp-content/plugins/w2p-pipedrive-crm-integration-for-woocommerce/admin/build/static/js/main.
Version Parameters
w2p-pipedrive-crm-integration-for-woocommerce/admin/build/static/js/main.w2p-pipedrive-crm-integration-for-woocommerce/admin/build/static/css/main.

HTML / DOM Fingerprints

JS Globals
appGlobalData
REST Endpoints
/wp-json/w2p/v1
FAQ

Frequently Asked Questions about W2P: Pipedrive CRM Integration for WooCommerce