WP-Safety

WP Keap/Infusionsoft WooCommerce Plugin Security & Risk Analysis

wordpress.org/plugins/wp-infusionsoft-woocommerce

Keap/Infusionsoft WooCommerce Plugin allows you to quickly integrate WooCommerce Orders with Keap/Infusionsoft.

40 active installs v1.2.0 PHP 5.3+ WP 3.8+ Updated Dec 15, 2025
infusionsoft-and-woocommerceinfusionsoft-keapkeapwoocommerce-keap
100
A · Safe
CVEs total1
Unpatched0
Last CVEAug 26, 2021
Plugin page Download
Safety Verdict

Is WP Keap/Infusionsoft WooCommerce Plugin Safe to Use in 2026?

Generally Safe

Score 100/100

WP Keap/Infusionsoft WooCommerce Plugin has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Aug 26, 2021Updated 3mo ago
Risk Assessment

The plugin "wp-infusionsoft-woocommerce" v1.2.0 exhibits a generally strong security posture, evidenced by the absence of unprotected entry points like AJAX handlers, REST API routes, and shortcodes. The code also demonstrates good practices with a high percentage of SQL queries using prepared statements and properly escaped output. The presence of numerous nonce and capability checks further indicates a conscious effort to secure functionality.

However, there are areas for concern. The taint analysis revealed two flows with unsanitized paths, and while they are not rated critical or high, they represent a potential risk for input sanitization vulnerabilities if not properly handled. Additionally, the plugin has a history of a medium severity CVE, specifically Cross-site Scripting, which was last patched in 2021. While currently unpatched vulnerabilities are zero, the past occurrence of XSS suggests that input validation and output encoding should remain a focus. The presence of file operations and external HTTP requests, while not inherently insecure, warrants careful review to ensure they are implemented securely and do not introduce vulnerabilities.

In conclusion, the plugin has a solid foundation with many security best practices implemented. The primary weaknesses lie in the identified unsanitized paths from the taint analysis and the historical XSS vulnerability. Continued vigilance in code review, especially around input handling and external interactions, is recommended. The plugin's strengths in authentication checks and prepared statements are commendable, but the identified areas require attention to maintain a robust security profile.

Key Concerns

  • Taint flows with unsanitized paths
  • Medium severity CVE in vulnerability history
Vulnerabilities
1

WP Keap/Infusionsoft WooCommerce Plugin Security Vulnerabilities

CVEs by Year

1 CVE in 2021
2021
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

WF-cc1e9778-2860-4e3c-a2e4-28f10d585fed-wp-infusionsoft-woocommercemedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CRM Perks - Various Plugins (Various Versions) - Reflected Cross-Site Scripting

Aug 26, 2021 Patched in 1.0.9 (880d)
Code Analysis
Analyzed Mar 16, 2026

WP Keap/Infusionsoft WooCommerce Plugin Code Analysis

Dangerous Functions
0
Raw SQL Queries
7
15 prepared
Unescaped Output
69
336 escaped
Nonce Checks
10
Capability Checks
20
File Operations
3
External Requests
3
Bundled Libraries
1

Bundled Libraries

Select2

SQL Query Safety

68% prepared22 total queries

Output Escaping

83% escaped405 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

5 flows2 with unsanitized paths
push_object (api\api.php:795)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

WP Keap/Infusionsoft WooCommerce Plugin Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 31
actionadd_meta_boxesincludes\crmperks-wc.php:8
actionsave_postincludes\plugin-pages.php:28
filterwoocommerce_settings_tabs_arrayincludes\plugin-pages.php:30
actionwoocommerce_update_orderincludes\plugin-pages.php:36
actionadd_meta_boxesincludes\plugin-pages.php:39
actionadd_meta_boxesincludes\plugin-pages.php:40
actionadmin_noticesincludes\plugin-pages.php:42
filterpost_updated_messagesincludes\plugin-pages.php:45
actionadmin_menuincludes\plugin-pages.php:47
filteradmin_menuincludes\plugin-pages.php:50
filterplugin_action_linksincludes\plugin-pages.php:51
actionwp_trash_postincludes\plugin-pages.php:71
actionuntrash_postincludes\plugin-pages.php:72
actionwp_insert_commentincludes\plugin-pages.php:76
actiontrash_commentincludes\plugin-pages.php:77
actionadmin_noticeswp\crmperks-notices.php:15
actionmanage_posts_extra_tablenavwp\crmperks-notices.php:16
filterplugin_row_metawp\crmperks-notices.php:20
actionplugins_loadedwp-infusionsoft-woocommerce.php:65
actionadmin_noticeswp-infusionsoft-woocommerce.php:81
actionwoocommerce_order_status_changedwp-infusionsoft-woocommerce.php:105
actionywraq_after_create_orderwp-infusionsoft-woocommerce.php:106
actionwoocommerce_subscription_status_updatedwp-infusionsoft-woocommerce.php:107
actionwoocommerce_checkout_update_order_metawp-infusionsoft-woocommerce.php:109
actionwoocommerce_new_orderwp-infusionsoft-woocommerce.php:110
actionwoocommerce_saved_order_itemswp-infusionsoft-woocommerce.php:112
actionprofile_updatewp-infusionsoft-woocommerce.php:115
actionuser_registerwp-infusionsoft-woocommerce.php:117
actionshutdownwp-infusionsoft-woocommerce.php:118
actioninitwp-infusionsoft-woocommerce.php:142
actionbefore_woocommerce_initwp-infusionsoft-woocommerce.php:153
Maintenance & Trust

WP Keap/Infusionsoft WooCommerce Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 15, 2025
PHP min version5.3
Downloads8K

Community Trust

Rating92/100
Number of ratings9
Active installs40
Alternatives

WP Keap/Infusionsoft WooCommerce Plugin Alternatives

Keap Official Opt-in Forms

Keap Official Opt-in Forms

infusionsoft-official-opt-in-forms

D
43

Build your email subscriber list from visitors to your WordPress website with Keap's Official Opt-in Forms plugin.

1K 2 unpatched
WP Gravity Forms Keap/Infusionsoft

WP Gravity Forms Keap/Infusionsoft

gf-infusionsoft

A
96

Gravity Forms Keap/infusionsoft Add-on sends Gravity Forms entries to infusionsoft/Keap CRM.

300 3 CVEs
Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms

Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms

cf7-infusionsoft

A
100

Send Contact Form 7, WPForms, Elementor, Ninja Forms, Contact Form Entries Plugin and many other contact form submissions to infusionsoft/Keap.

200 1 CVE
Gravity Forms Keap Feed

Gravity Forms Keap Feed

systasis-gf-infusionsoft-feed

A
100

Sync form submissions between Gravity Forms and Keap

100 No CVEs
Developer Profile

WP Keap/Infusionsoft WooCommerce Plugin Developer Profile

CRM Perks

32 plugins · 105K total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
349 days
View full developer profile
Detection Fingerprints

How We Detect WP Keap/Infusionsoft WooCommerce Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-infusionsoft-woocommerce/assets/css/style.css/wp-content/plugins/wp-infusionsoft-woocommerce/assets/js/script.js
Version Parameters
wp-infusionsoft-woocommerce/assets/css/style.css?ver=wp-infusionsoft-woocommerce/assets/js/script.js?ver=

HTML / DOM Fingerprints

CSS Classes
vxc_infusionsoft_pro
Data Attributes
data-crmperks-infusionsoft-iddata-crmperks-infusionsoft-action
JS Globals
vxc_infusionsoft_ajax_object
FAQ

Frequently Asked Questions about WP Keap/Infusionsoft WooCommerce Plugin