WP-Safety

XPS Ship Integration Security & Risk Analysis

wordpress.org/plugins/xps-ship-integration

The XPS Ship Integration, a free integration for WooCommerce merchants, is the only integration that gives you all the necessary functionality for shi …

1K active installs v2.0.11 PHP + WP 5.4+ Updated Apr 7, 2026
shippingstampsuspswoocommercexps
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is XPS Ship Integration Safe to Use in 2026?

Generally Safe

Score 100/100

XPS Ship Integration has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The security posture of the xps-ship-integration plugin v2.0.9 appears to be strong based on the provided static analysis and vulnerability history. The plugin demonstrates excellent practices by utilizing prepared statements for all SQL queries and a high percentage of properly escaped output, significantly reducing the risk of SQL injection and cross-site scripting vulnerabilities. The complete absence of known CVEs and historical vulnerabilities further reinforces this positive assessment. The attack surface is managed, with all identified entry points having associated authentication checks, which is a crucial security measure.

Despite the overall good security, there are a couple of areas that warrant attention. The taint analysis reveals flows with unsanitized paths, although they are not classified as critical or high severity. This indicates a potential for vulnerabilities if data is not handled with sufficient care at these specific points. Additionally, while nonce checks are present for all AJAX handlers, the absence of capability checks on any of the entry points is a notable weakness. This means that once authenticated, any user might be able to trigger these AJAX actions, regardless of their WordPress role or permissions.

In conclusion, the xps-ship-integration plugin v2.0.9 exhibits a commendable security foundation with robust SQL and output handling and no historical vulnerabilities. However, the presence of unsanitized paths in taint flows and the lack of capability checks on entry points are areas where improvements could be made to further harden the plugin's security and ensure a more comprehensive protection against potential threats.

Key Concerns

  • Unsanitized paths in taint flows
  • No capability checks on entry points
Vulnerabilities
None known

XPS Ship Integration Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

XPS Ship Integration Release Timeline

v2.0.9
v2.0.5
v2.0.4
v1.0.2
Code Analysis
Analyzed Mar 16, 2026

XPS Ship Integration Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
8 prepared
Unescaped Output
12
310 escaped
Nonce Checks
4
Capability Checks
0
File Operations
2
External Requests
2
Bundled Libraries
0

SQL Query Safety

100% prepared8 total queries

Output Escaping

96% escaped322 total outputs
Data Flows · Security
4 unsanitized

Data Flow Analysis

4 flows4 with unsanitized paths
http_add_tracking_entry (class-webship-shipment-tracking.php:448)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

XPS Ship Integration Attack Surface

Entry Points4
Unprotected0

AJAX Handlers 4

authwp_ajax_webship_add_tracking_entryclass-webship-shipment-tracking.php:27
authwp_ajax_webship_delete_tracking_entryclass-webship-shipment-tracking.php:29
authwp_ajax_webship_add_tracking_entrytrunk\class-webship-shipment-tracking.php:27
authwp_ajax_webship_delete_tracking_entrytrunk\class-webship-shipment-tracking.php:29
WordPress Hooks 48
actionwoocommerce_update_options_integration_webshipclass-wc-webship-integration.php:56
actionadmin_menuclass-wc-webship-integration.php:67
actionadmin_noticesclass-wc-webship-integration.php:73
actionadd_meta_boxesclass-webship-shipment-tracking.php:25
filterwoocommerce_shop_order_list_table_columnsclass-webship-shipment-tracking.php:32
actionwoocommerce_shop_order_list_table_custom_columnclass-webship-shipment-tracking.php:34
filtermanage_shop_order_posts_columnsclass-webship-shipment-tracking.php:37
actionmanage_shop_order_posts_custom_columnclass-webship-shipment-tracking.php:40
filterwc_customer_order_csv_export_order_headersclass-webship-shipment-tracking.php:44
filterwc_customer_order_csv_export_order_rowclass-webship-shipment-tracking.php:45
actionwoocommerce_email_before_order_tableclass-webship-shipment-tracking.php:48
actionwoocommerce_view_orderclass-webship-shipment-tracking.php:52
filterwcs_renewal_order_meta_queryclass-webship-shipment-tracking.php:58
filterwoocommerce_subscriptions_renewal_order_meta_queryclass-webship-shipment-tracking.php:60
actionwoocommerce_update_options_integration_webshiptrunk\class-wc-webship-integration.php:56
actionadmin_menutrunk\class-wc-webship-integration.php:67
actionadmin_noticestrunk\class-wc-webship-integration.php:73
actionadd_meta_boxestrunk\class-webship-shipment-tracking.php:25
filterwoocommerce_shop_order_list_table_columnstrunk\class-webship-shipment-tracking.php:32
actionwoocommerce_shop_order_list_table_custom_columntrunk\class-webship-shipment-tracking.php:34
filtermanage_shop_order_posts_columnstrunk\class-webship-shipment-tracking.php:37
actionmanage_shop_order_posts_custom_columntrunk\class-webship-shipment-tracking.php:40
filterwc_customer_order_csv_export_order_headerstrunk\class-webship-shipment-tracking.php:44
filterwc_customer_order_csv_export_order_rowtrunk\class-webship-shipment-tracking.php:45
actionwoocommerce_email_before_order_tabletrunk\class-webship-shipment-tracking.php:48
actionwoocommerce_view_ordertrunk\class-webship-shipment-tracking.php:52
filterwcs_renewal_order_meta_querytrunk\class-webship-shipment-tracking.php:58
filterwoocommerce_subscriptions_renewal_order_meta_querytrunk\class-webship-shipment-tracking.php:60
filtersafe_style_csstrunk\xpsship-integration.php:125
actionbefore_woocommerce_inittrunk\xpsship-integration.php:281
actionadmin_noticestrunk\xpsship-integration.php:320
actionplugins_loadedtrunk\xpsship-integration.php:389
filterwoocommerce_integrationstrunk\xpsship-integration.php:391
filterwoocommerce_is_attribute_in_product_nametrunk\xpsship-integration.php:580
actionwoocommerce_api_wc_webshiptrunk\xpsship-integration.php:1012
actionwoocommerce_shipping_inittrunk\xpsship-integration.php:1019
filterwoocommerce_shipping_methodstrunk\xpsship-integration.php:1027
actionwoocommerce_settings_savedtrunk\xpsship-integration.php:1039
filtersafe_style_cssxpsship-integration.php:125
actionbefore_woocommerce_initxpsship-integration.php:281
actionadmin_noticesxpsship-integration.php:320
actionplugins_loadedxpsship-integration.php:389
filterwoocommerce_integrationsxpsship-integration.php:391
filterwoocommerce_is_attribute_in_product_namexpsship-integration.php:580
actionwoocommerce_api_wc_webshipxpsship-integration.php:1012
actionwoocommerce_shipping_initxpsship-integration.php:1019
filterwoocommerce_shipping_methodsxpsship-integration.php:1027
actionwoocommerce_settings_savedxpsship-integration.php:1039
Maintenance & Trust

XPS Ship Integration Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedApr 7, 2026
PHP min version
Downloads31K

Community Trust

Rating66/100
Number of ratings4
Active installs1K
Alternatives

XPS Ship Integration Alternatives

WooCommerce Shipping

WooCommerce Shipping

woocommerce-shipping

A
100

A free shipping plugin for US merchants to print discounted shipping labels and compare live label rates directly from your WooCommerce dashboard.

60K No CVEs
USPS Simple Shipping for Woocommerce

USPS Simple Shipping for Woocommerce

woo-usps-simple-shipping

A
100

USPS Simple provides real-time USPS domestic rates.

8K No CVEs
Shipping Live Rates for USPS for WooCommerce

Shipping Live Rates for USPS for WooCommerce

flexible-shipping-usps

A
99

Offer USPS shipping methods with real-time rates. Show dynamic prices at WooCommerce cart and checkout based on weight and destination.

2K 2 CVEs
ELEX WooCommerce USPS Shipping Method

ELEX WooCommerce USPS Shipping Method

elex-usps-shipping-method

A
100

The plugin will help you to Automate USPS shipping by displaying LIVE shipping rates on the Cart and Checkout page.

800 No CVEs
AfterShip Shipping: Free Shipping Labels for WooCommerce, Discounted Shipping Rates

AfterShip Shipping: Free Shipping Labels for WooCommerce, Discounted Shipping Rates

postmen-woo-shipping

A
100

WooCommerce Shipping - Print shipping labels faster, compare costs and delivery time across 60 carrier services to optimize your shipping routes.

200 No CVEs
Developer Profile

XPS Ship Integration Developer Profile

Descartes Systems Group

2 plugins · 1K total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect XPS Ship Integration

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/xps-ship-integration/assets/css/admin-style.css/wp-content/plugins/xps-ship-integration/assets/css/frontend-style.css/wp-content/plugins/xps-ship-integration/assets/js/admin-script.js/wp-content/plugins/xps-ship-integration/assets/js/frontend-script.js
Script Paths
/wp-content/plugins/xps-ship-integration/assets/js/admin-script.js/wp-content/plugins/xps-ship-integration/assets/js/frontend-script.js
Version Parameters
xps-ship-integration/assets/css/admin-style.css?ver=xps-ship-integration/assets/css/frontend-style.css?ver=xps-ship-integration/assets/js/admin-script.js?ver=xps-ship-integration/assets/js/frontend-script.js?ver=

HTML / DOM Fingerprints

CSS Classes
xps-ship-integration-admin-wrapperxps-ship-integration-frontend-wrapperxps-ship-integration-settings-form
HTML Comments
<!-- XPS Ship Integration Plugin Loaded --><!-- XPS Ship Frontend Script Loaded --><!-- XPS Ship Admin Script Loaded -->
Data Attributes
data-xps-client-code="xps"data-xps-logo-url="https://xpsshipper.com/ec/static/images/client/xps/xps-cover-small.png"
JS Globals
window.XPS_SHIP_CONFIGvar xpsShipAdminSettings
REST Endpoints
/wp-json/xps-ship-integration/v1/shipping-methods/wp-json/xps-ship-integration/v1/tracking-update
Shortcode Output
[xps_shipping_calculator][xps_tracking_info]
FAQ

Frequently Asked Questions about XPS Ship Integration