All-in-One GSheetSync for WooCommerce Security & Risk Analysis

wordpress.org/plugins/all-in-one-gsheetsync-for-woocommerce

Use All-in-One GSheetSync for WooCommerce to connect your Google Spreadsheet with your WooCommerce system effortlessly.

0 active installs v1.0.2 PHP + WP 5.3+ Updated Dec 27, 2024
inventory-managementorder-syncwoocommercewoocommerce-google-sheetwoocommerce-stock
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is All-in-One GSheetSync for WooCommerce Safe to Use in 2026?

Generally Safe

Score 92/100

All-in-One GSheetSync for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The "all-in-one-gsheetsync-for-woocommerce" plugin version 1.0.2 demonstrates a generally good security posture with several strengths. The code analysis shows 100% of SQL queries utilize prepared statements and an impressive 99% of output is properly escaped, significantly mitigating common web vulnerabilities like SQL injection and cross-site scripting. Furthermore, the plugin has no recorded CVEs, suggesting a history of responsible development and patching. However, there are notable areas of concern. The plugin exposes 16 AJAX handlers, with a significant 4 of these lacking authentication checks. This creates a substantial attack surface for unauthorized actions. While taint analysis shows no critical or high severity unsanitized paths, the presence of 6 flows with unsanitized paths warrants attention, especially given the lack of capability checks on some AJAX endpoints. The plugin also bundles DataTables and Guzzle, which, if outdated or vulnerable, could introduce risks, although no specific vulnerabilities are indicated in the provided data. In conclusion, while the plugin benefits from strong practices in SQL and output handling and a clean vulnerability history, the unsecured AJAX endpoints represent a significant security weakness that requires immediate attention.

Key Concerns

  • Unprotected AJAX handlers
  • Taint flows with unsanitized paths
  • Missing capability checks on entry points
  • Bundled libraries
Vulnerabilities
None known

All-in-One GSheetSync for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

All-in-One GSheetSync for WooCommerce Release Timeline

v1.0.2Current
v1.0.1
v1.0
Code Analysis
Analyzed Apr 16, 2026

All-in-One GSheetSync for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
6 prepared
Unescaped Output
3
249 escaped
Nonce Checks
7
Capability Checks
0
File Operations
0
External Requests
7
Bundled Libraries
2

Bundled Libraries

DataTablesGuzzle

SQL Query Safety

100% prepared6 total queries

Output Escaping

99% escaped252 total outputs
Data Flows · Security
6 unsanitized

Data Flow Analysis

7 flows6 with unsanitized paths
aiogsc_ajax_call (admin/settings_initiate.php:21)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

All-in-One GSheetSync for WooCommerce Attack Surface

Entry Points17
Unprotected4

AJAX Handlers 16

authwp_ajax_aiogsc_ajax_calladmin/settings_initiate.php:17
noprivwp_ajax_aiogsc_ajax_calladmin/settings_initiate.php:18
authwp_ajax_aiogsc_RetrieveSheetHeadersadmin/settings_initiate.php:232
noprivwp_ajax_aiogsc_RetrieveSheetHeadersadmin/settings_initiate.php:234
authwp_ajax_retrieveSheetValuesadmin/settings_initiate.php:277
noprivwp_ajax_retrieveSheetValuesadmin/settings_initiate.php:279
authwp_ajax_aiogsc_RetrieveOrderHeadersadmin/settings_initiate.php:297
noprivwp_ajax_aiogsc_RetrieveOrderHeadersadmin/settings_initiate.php:299
authwp_ajax_aiogsc_RetrieveCustomerHeadersadmin/settings_initiate.php:387
noprivwp_ajax_aiogsc_RetrieveCustomerHeadersadmin/settings_initiate.php:389
authwp_ajax_aiogsc_logs_datatablesadmin/settings_initiate.php:687
noprivwp_ajax_aiogsc_logs_datatablesadmin/settings_initiate.php:688
authwp_ajax_aiogsc_SetLogOptionadmin/settings_initiate.php:769
authwp_ajax_clearlogadmin/settings_initiate.php:779
authwp_ajax_aiogsc_RetrieveOrderItemHeadersadmin/settings_initiate.php:800
noprivwp_ajax_aiogsc_RetrieveOrderItemHeadersadmin/settings_initiate.php:802

Shortcodes 1

[aiogsc_logs_datatables] admin/settings_initiate.php:685
WordPress Hooks 18
actionwoocommerce_thankyouadmin/settings_initiate.php:504
actionwoocommerce_payment_completeadmin/settings_initiate.php:507
actionwoocommerce_order_status_processingadmin/settings_initiate.php:509
actionwoocommerce_order_status_completedadmin/settings_initiate.php:511
actionwoocommerce_created_customeradmin/settings_initiate.php:535
actionuser_registeradmin/settings_initiate.php:537
actionwoocommerce_order_status_changedadmin/settings_initiate.php:563
filterbulk_actions-edit-productadmin/settings_initiate.php:565
actionadmin_action_instant_syncadmin/settings_initiate.php:573
filterbulk_actions-edit-shop_orderadmin/settings_initiate.php:601
actionadmin_action_instant_sync_orderadmin/settings_initiate.php:610
actionadmin_noticesadmin/settings_initiate.php:634
actionadmin_menuall-in-one-gsheetsync-for-woocommerce.php:27
actionadmin_enqueue_scriptsall-in-one-gsheetsync-for-woocommerce.php:60
actionplugins_loadedall-in-one-gsheetsync-for-woocommerce.php:61
filterplugin_row_metaall-in-one-gsheetsync-for-woocommerce.php:65
actionadmin_noticesall-in-one-gsheetsync-for-woocommerce.php:111
actionadmin_initall-in-one-gsheetsync-for-woocommerce.php:116
Maintenance & Trust

All-in-One GSheetSync for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedDec 27, 2024
PHP min version
Downloads908

Community Trust

Rating0/100
Number of ratings0
Active installs0
Developer Profile

All-in-One GSheetSync for WooCommerce Developer Profile

techiesaround

1 plugin · 0 total installs

88
trust score
Avg Security Score
92/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect All-in-One GSheetSync for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/all-in-one-gsheetsync-for-woocommerce/aiogsc_style.css/wp-content/plugins/all-in-one-gsheetsync-for-woocommerce/admin/js/aiogsc_script.js/wp-content/plugins/all-in-one-gsheetsync-for-woocommerce/admin/css/bootstrap.min.css/wp-content/plugins/all-in-one-gsheetsync-for-woocommerce/admin/js/jquery.dataTables.min.js/wp-content/plugins/all-in-one-gsheetsync-for-woocommerce/admin/js/dataTables.bootstrap.min.js/wp-content/plugins/all-in-one-gsheetsync-for-woocommerce/admin/js/dataTables.bootstrap.min.css/wp-content/plugins/all-in-one-gsheetsync-for-woocommerce/admin/js/aiogsc_logstable.js
Script Paths
admin/js/aiogsc_script.jsadmin/js/jquery.dataTables.min.jsadmin/js/dataTables.bootstrap.min.jsadmin/js/aiogsc_logstable.js
Version Parameters
all-in-one-gsheetsync-for-woocommerce/aiogsc_style.css?ver=all-in-one-gsheetsync-for-woocommerce/admin/js/aiogsc_script.js?ver=all-in-one-gsheetsync-for-woocommerce/admin/css/bootstrap.min.css?ver=all-in-one-gsheetsync-for-woocommerce/admin/js/jquery.dataTables.min.js?ver=all-in-one-gsheetsync-for-woocommerce/admin/js/dataTables.bootstrap.min.js?ver=all-in-one-gsheetsync-for-woocommerce/admin/js/dataTables.bootstrap.min.css?ver=all-in-one-gsheetsync-for-woocommerce/admin/js/aiogsc_logstable.js?ver=

HTML / DOM Fingerprints

CSS Classes
aiogsc-settings
Data Attributes
data-nonce
JS Globals
aiogsc_ajax_objectaiogsc_url
REST Endpoints
/wp-json/aiogsc/v1/sync
FAQ

Frequently Asked Questions about All-in-One GSheetSync for WooCommerce