Does WPShift Companion have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is WPShift Companion compatible with WordPress 6.9.4?

According to WordPress.org data, WPShift Companion 1.0.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is WPShift Companion compatible with PHP 7.4+?

WPShift Companion requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WPShift Companion updated?

WPShift Companion was last updated on Feb 23, 2026. Frequent updates are generally a positive security signal.

What is WPShift Companion's security score?

WPShift Companion has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WPShift Companion Security & Risk Analysis

wordpress.org/plugins/wpshift-companion

Server management for WordPress — provision servers, deploy sites, manage SSL, backups & SMTP. Includes performance optimization and database clea …

10 active installs v1.0.1 PHP 7.4+ WP 5.0+ Updated Feb 23, 2026

backupdeploymenthostingmigrationserver-management

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WPShift Companion Safe to Use in 2026?

Generally Safe

Score 100/100

WPShift Companion has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago

Risk Assessment

The wpshift-companion plugin v1.0.1 exhibits a generally good security posture due to its diligent use of prepared statements for SQL queries and a high percentage of properly escaped output. The absence of known CVEs and recorded vulnerabilities further strengthens this impression. The plugin also demonstrates a strong adherence to security best practices with a significant number of nonce and capability checks implemented across its functionalities.

However, a notable concern arises from the presence of unprotected entry points. Specifically, 2 out of 5 REST API routes lack proper permission callbacks. This creates a potential avenue for unauthorized access or manipulation if these endpoints handle sensitive data or critical functions. While the static analysis did not reveal dangerous functions or unsanitized taint flows, the unprotected REST API routes represent a tangible risk that needs immediate attention. The plugin's vulnerability history being clean is a positive sign, but the identified unprotected routes suggest a need for more comprehensive security validation before release or in future updates.

In conclusion, wpshift-companion v1.0.1 has several strong security foundations, particularly in its data handling and output escaping. The lack of past vulnerabilities is commendable. The primary weakness lies in the unprotected REST API endpoints, which are a direct security risk. Addressing this concern should be the top priority to ensure the plugin's overall security.

Key Concerns

REST API routes without permission callbacks

Vulnerabilities

None known

WPShift Companion Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

WPShift Companion Release Timeline

v1.0.1Current

v1.0.0

Code Analysis

Analyzed Apr 16, 2026

WPShift Companion Code Analysis

Dangerous Functions

Raw SQL Queries

25 prepared

Unescaped Output

332 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared25 total queries

Output Escaping

98% escaped340 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

2 flows

ajax_save_email_settings (includes/class-wpshift-email.php:197)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

WPShift Companion Attack Surface

Entry Points28

Unprotected2

AJAX Handlers 23

authwp_ajax_wpshift_get_serversadmin/class-wpshift-admin.php:21

authwp_ajax_wpshift_start_backupadmin/class-wpshift-admin.php:22

authwp_ajax_wpshift_init_backupadmin/class-wpshift-admin.php:23

authwp_ajax_wpshift_export_databaseadmin/class-wpshift-admin.php:24

authwp_ajax_wpshift_process_file_chunkadmin/class-wpshift-admin.php:25

authwp_ajax_wpshift_start_background_backupadmin/class-wpshift-admin.php:26

authwp_ajax_wpshift_get_backup_statusadmin/class-wpshift-admin.php:27

authwp_ajax_wpshift_cancel_backupadmin/class-wpshift-admin.php:28

authwp_ajax_wpshift_get_chunkadmin/class-wpshift-admin.php:29

authwp_ajax_wpshift_get_tokenadmin/class-wpshift-admin.php:30

authwp_ajax_wpshift_clear_pending_importadmin/class-wpshift-admin.php:31

authwp_ajax_wpshift_cleanup_backupadmin/class-wpshift-admin.php:32

authwp_ajax_wpshift_initiate_importadmin/class-wpshift-admin.php:33

authwp_ajax_wpshift_upload_chunkadmin/class-wpshift-admin.php:34

authwp_ajax_wpshift_finalize_importadmin/class-wpshift-admin.php:35

authwp_ajax_wpshift_check_statusadmin/class-wpshift-admin.php:36

authwp_ajax_wpshift_disconnectadmin/class-wpshift-admin.php:37

authwp_ajax_wpshift_save_optimizer_settingsadmin/class-wpshift-admin.php:38

authwp_ajax_wpshift_cleanup_databaseadmin/class-wpshift-admin.php:39

authwp_ajax_wpshift_get_site_statusadmin/class-wpshift-admin.php:40

authwp_ajax_wpshift_send_test_emailincludes/class-wpshift-email.php:41

authwp_ajax_wpshift_save_email_settingsincludes/class-wpshift-email.php:42

authwp_ajax_wpshift_refresh_smtpincludes/class-wpshift-email.php:43

REST API Routes 5

GET/wp-json/wpshift/v1/site-healthincludes/class-wpshift-site-health.php:37

GET/wp-json/wpshift/v1/magic-loginwpshift-companion.php:74

GET/wp-json/wpshift/v1/statuswpshift-companion.php:81

GET/wp-json/wpshift/v1/oauth-callbackwpshift-companion.php:94

GET/wp-json/wpshift/v1/import-callbackwpshift-companion.php:131

WordPress Hooks 54

actionadmin_menuadmin/class-wpshift-admin.php:15

actionadmin_bar_menuadmin/class-wpshift-admin.php:16

actionadmin_enqueue_scriptsadmin/class-wpshift-admin.php:17

actionadmin_initadmin/class-wpshift-admin.php:18

actionadmin_noticesadmin/class-wpshift-admin.php:205

actionadmin_noticesadmin/class-wpshift-admin.php:209

actionadmin_noticesadmin/class-wpshift-admin.php:219

actionphpmailer_initincludes/class-wpshift-email.php:38

filterlogin_messageincludes/class-wpshift-magic-login.php:16

actionwp_default_scriptsincludes/class-wpshift-optimizer.php:80

filterscript_loader_srcincludes/class-wpshift-optimizer.php:83

filterstyle_loader_srcincludes/class-wpshift-optimizer.php:84

filterwp_get_attachment_image_attributesincludes/class-wpshift-optimizer.php:87

filterthe_contentincludes/class-wpshift-optimizer.php:88

filterthe_contentincludes/class-wpshift-optimizer.php:91

filterthe_generatorincludes/class-wpshift-optimizer.php:109

actionwp_dashboard_setupincludes/class-wpshift-optimizer.php:129

actionwp_before_admin_bar_renderincludes/class-wpshift-optimizer.php:132

actioninitincludes/class-wpshift-optimizer.php:137

actionpre_pingincludes/class-wpshift-optimizer.php:140

actiondo_feedincludes/class-wpshift-optimizer.php:143

actiondo_feed_rdfincludes/class-wpshift-optimizer.php:144

actiondo_feed_rssincludes/class-wpshift-optimizer.php:145

actiondo_feed_rss2includes/class-wpshift-optimizer.php:146

actiondo_feed_atomincludes/class-wpshift-optimizer.php:147

filternav_menu_css_classincludes/class-wpshift-optimizer.php:150

filternav_menu_item_idincludes/class-wpshift-optimizer.php:151

filterpage_css_classincludes/class-wpshift-optimizer.php:152

filterxmlrpc_enabledincludes/class-wpshift-optimizer.php:157

filterwp_headersincludes/class-wpshift-optimizer.php:158

filterlogin_errorsincludes/class-wpshift-optimizer.php:161

actiontemplate_redirectincludes/class-wpshift-optimizer.php:164

filterwp_revisions_to_keepincludes/class-wpshift-optimizer.php:169

actionwp_enqueue_scriptsincludes/class-wpshift-optimizer.php:176

filteruse_block_editor_for_postincludes/class-wpshift-optimizer.php:179

filteruse_block_editor_for_post_typeincludes/class-wpshift-optimizer.php:180

filtertiny_mce_pluginsincludes/class-wpshift-optimizer.php:221

filterwp_resource_hintsincludes/class-wpshift-optimizer.php:225

filterembed_oembed_discoverincludes/class-wpshift-optimizer.php:244

filtertiny_mce_pluginsincludes/class-wpshift-optimizer.php:245

filterrewrite_rules_arrayincludes/class-wpshift-optimizer.php:248

actioninitincludes/class-wpshift-optimizer.php:316

actioninitincludes/class-wpshift-optimizer.php:324

filterheartbeat_settingsincludes/class-wpshift-optimizer.php:330

filtercomments_openincludes/class-wpshift-optimizer.php:378

filterpings_openincludes/class-wpshift-optimizer.php:379

filtercomments_arrayincludes/class-wpshift-optimizer.php:382

actionadmin_menuincludes/class-wpshift-optimizer.php:385

actioninitincludes/class-wpshift-optimizer.php:390

actionadmin_initincludes/class-wpshift-optimizer.php:397

actionrest_api_initincludes/class-wpshift-site-health.php:30

actionplugins_loadedwpshift-companion.php:41

actionwpshift_process_backup_chunkwpshift-companion.php:52

actionrest_api_initwpshift-companion.php:72

Scheduled Events 1

wpshift_process_backup_chunk

Maintenance & Trust

WPShift Companion Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 23, 2026

PHP min version7.4

Downloads240

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

WPShift Companion Alternatives

UpdraftPlus: WP Backup & Migration Plugin

updraftplus

Backup, restore or migrate your WordPress website to another host or domain. Schedule backups or run manually. Migrate in minutes.

3.0M 14 CVEs

Duplicator – Backups & Migration Plugin – Cloud Backups, Scheduled Backups, & More

duplicator

The best WordPress backup and migration plugin. Quickly and easily backup ,migrate, copy, move, or clone your site from one location to another.

1.0M 15 CVEs

WP STAGING – WordPress Backup, Restore & Migration

wp-staging

Backup, restore, staging, and migration for WordPress. Create full-site backups and test updates safely. 100% Unit Tested.

100K 4 CVEs

BackupBliss – Backup & Migration with Free Cloud Storage

backup-backup

Backup, migrate, and create staging sites with free cloud storage and support.

90K 14 CVEs

BlogVault Backup & Staging

blogvault-real-time-backup

Secure incremental backups with staging, migration, and one-click restore for WordPress. Offsite storage and easy recovery.

80K 1 CVE

Developer Profile

WPShift Companion Developer Profile

wpshift

1 plugin · 10 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WPShift Companion

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wpshift-companion/admin/css/wpshift-admin.css/wp-content/plugins/wpshift-companion/admin/js/wpshift-admin.js/wp-content/plugins/wpshift-companion/admin/js/vendor/moment.min.js/wp-content/plugins/wpshift-companion/admin/js/vendor/tempusdominus-bootstrap-4.min.js

Script Paths

/wp-content/plugins/wpshift-companion/admin/js/wpshift-admin.js/wp-content/plugins/wpshift-companion/admin/js/vendor/moment.min.js/wp-content/plugins/wpshift-companion/admin/js/vendor/tempusdominus-bootstrap-4.min.js

Version Parameters

wpshift-companion/admin/css/wpshift-admin.css?ver=wpshift-companion/admin/js/wpshift-admin.js?ver=wpshift-companion/admin/js/vendor/moment.min.js?ver=wpshift-companion/admin/js/vendor/tempusdominus-bootstrap-4.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

wpshift-logowpshift-backup-actionswpshift-backup-statuswpshift-backup-progresswpshift-backup-log

Data Attributes

data-wpshift-backup-iddata-wpshift-backup-statusdata-wpshift-backup-progress

JS Globals

WPShiftAdminWPShiftMagicLoginWPShiftOptimizerWPShiftEmailWPShiftSiteHealth

REST Endpoints

/wp-json/wpshift/v1/magic-login/wp-json/wpshift/v1/status/wp-json/wpshift/v1/oauth-callback/wp-json/wpshift/v1/import-callback

FAQ