WP-Safety

Product Feed Manager For WooCommerce – Sell on 200+ Online Marketplaces Security & Risk Analysis

wordpress.org/plugins/best-woocommerce-feed

Generate WooCommerce product feeds for 200+ marketplaces. Sell on Google Shopping, Facebook, Instagram, Amazon, eBay, TikTok and more.

10K active installs v7.4.73 PHP 7.4+ WP 6.7+ Updated Mar 6, 2026
facebook-cataloggoogle-shopping-feedproduct-feedproduct-feed-managementwoocommerce-product-feed
99
A · Safe
CVEs total2
Unpatched0
Last CVEDec 28, 2023
Plugin page Download
Safety Verdict

Is Product Feed Manager For WooCommerce – Sell on 200+ Online Marketplaces Safe to Use in 2026?

Generally Safe

Score 99/100

Product Feed Manager For WooCommerce – Sell on 200+ Online Marketplaces has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Dec 28, 2023Updated 28d ago
Risk Assessment

The "best-woocommerce-feed" plugin v7.4.74 exhibits a mixed security posture. On the positive side, it demonstrates a strong commitment to secure coding practices by using prepared statements for all SQL queries and a relatively high percentage of proper output escaping. The absence of REST API routes and shortcodes limits potential attack vectors. However, the presence of 28 AJAX handlers, with 7 lacking authentication checks, presents a significant concern for unauthorized access and potential exploits. The plugin also utilizes the dangerous `unserialize` function, which, if not handled with extreme care, can lead to remote code execution vulnerabilities. While there are no currently unpatched CVEs, the plugin's history of "Path Traversal" and "Missing Authorization" vulnerabilities, including a high severity one, suggests a recurring pattern of insecure input validation and access control issues.

The taint analysis shows a low number of flows with unsanitized paths, which is a good sign. However, even a few such flows, especially if they can be combined with other weaknesses, can be critical. The bundled libraries, Select2 and Guzzle, are common and generally secure, but their specific versions are not detailed, which could hide potential risks if they are outdated. Overall, the plugin has strengths in data handling but has notable weaknesses in access control for its AJAX endpoints and a history that warrants vigilance.

Key Concerns

  • Unprotected AJAX handlers
  • Use of 'unserialize' function
  • History of high severity vulnerability
  • History of 'Path Traversal' vulnerabilities
  • History of 'Missing Authorization' vulnerabilities
  • Flows with unsanitized paths found
Vulnerabilities
2

Product Feed Manager For WooCommerce – Sell on 200+ Online Marketplaces Security Vulnerabilities

CVEs by Year

1 CVE in 2019
2019
1 CVE in 2023
2023
Patched Has unpatched

Severity Breakdown

High
1
Low
1

2 total CVEs

CVE-2023-52144low · 2.7Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Product Feed Manager <= 7.3.15 - Authenticated (Admin+) Directory Traversal

Dec 28, 2023 Patched in 7.3.16 (26d)
WF-3fda31fa-efc9-44b9-99ba-9e3e23aa2ee0-best-woocommerce-feedhigh · 8.8Missing Authorization

Freemius SDK <= 2.2.3 - Missing Authorization to Arbitrary Options Update

Feb 25, 2019 Patched in 2.2.3.1 (1793d)
Code Analysis
Analyzed Mar 16, 2026

Product Feed Manager For WooCommerce – Sell on 200+ Online Marketplaces Code Analysis

Dangerous Functions
5
Raw SQL Queries
0
67 prepared
Unescaped Output
241
890 escaped
Nonce Checks
25
Capability Checks
16
File Operations
40
External Requests
36
Bundled Libraries
2

Dangerous Functions Found

unserialize$product_attributes = unserialize( $value->value );admin\class-rex-feed-attributes.php:687
unserialize$field_data[ 'configs' ] = @unserialize( $field_data[ 'configs' ] );admin\class-rex-product-feed-actions.php:1517
unserialize$val = false !== @unserialize( $meta[ 'meta_value' ] ) ? unserialize( $meta[ 'meta_value' ] ) : $metadmin\class-rex-product-feed-discount-rules-asana-plugins.php:84
unserialize$val = false !== @unserialize( $meta[ 'meta_value' ] ) ? unserialize( $meta[ 'meta_value' ] ) : $metadmin\class-rex-product-feed-discount-rules-asana-plugins.php:84
unserializereturn unserialize( $response[ 'body' ] ); //phpcs:ignoreadmin\class-rex-product-feed-system-status.php:68

Bundled Libraries

Select2Guzzle

SQL Query Safety

100% prepared67 total queries

Output Escaping

79% escaped1131 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths
<class-rex-feed-validator-loader> (admin\feed-validator\class-rex-feed-validator-loader.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
7 unprotected

Product Feed Manager For WooCommerce – Sell on 200+ Online Marketplaces Attack Surface

Entry Points28
Unprotected7

AJAX Handlers 28

authwp_ajax_pfm_dismiss_feed_banneradmin\class-pfm-first-feed-banner.php:35
authwp_ajax_rexfeed_sales_notification_noticeadmin\class-rex-product-feed-sales-notification-bar.php:55
noprivwp_ajax_rexfeed_sales_notification_noticeadmin\class-rex-product-feed-sales-notification-bar.php:56
authwp_ajax_rexfeed_hide_deal_noticeadmin\class-rex-product-feed-special-occasion-banner.php:77
authwp_ajax_rex_feed_validate_feedadmin\feed-validator\class-rex-feed-validator-loader.php:114
authwp_ajax_rex_feed_get_validation_resultsadmin\feed-validator\class-rex-feed-validator-loader.php:115
authwp_ajax_rex_feed_clear_validation_resultsadmin\feed-validator\class-rex-feed-validator-loader.php:116
authwp_ajax_rex_feed_export_validation_resultsadmin\feed-validator\class-rex-feed-validator-loader.php:117
authwp_ajax_pfm_save_consentincludes\class-rex-product-feed-setup-wizard-ajax.php:18
authwp_ajax_pfm_track_setup_startincludes\class-rex-product-feed-setup-wizard-ajax.php:19
authwp_ajax_pfm_track_setup_completedincludes\class-rex-product-feed-setup-wizard-ajax.php:20
authwp_ajax_pfm_track_first_strikeincludes\class-rex-product-feed-setup-wizard-ajax.php:21
authwp_ajax_pfm_get_all_merchantsincludes\class-rex-product-feed-setup-wizard-ajax.php:22
authwp_ajax_pfm_get_template_mappingsincludes\class-rex-product-feed-setup-wizard-ajax.php:23
authwp_ajax_pfm_create_feedincludes\class-rex-product-feed-setup-wizard-ajax.php:24
authwp_ajax_rexfeed-generate-feedincludes\class-rex-product-feed-setup-wizard-ajax.php:25
authwp_ajax_rex_wpfm_database_updateincludes\class-rex-product-feed.php:240
noprivwp_ajax_check_for_missing_attributesincludes\class-rex-product-feed.php:242
authwp_ajax_check_for_missing_attributesincludes\class-rex-product-feed.php:243
authwp_ajax_rexfeed_create_contactincludes\class-rex-product-feed.php:270
noprivwp_ajax_rexfeed_create_contactincludes\class-rex-product-feed.php:271
authwp_ajax_wpfm_add_to_cartincludes\class-rex-product-feed.php:287
noprivwp_ajax_wpfm_add_to_cartincludes\class-rex-product-feed.php:288
authwp_ajax_rex_feed_track_paywall_hitincludes\class-rex-product-telemetry.php:23
authwp_ajax_rex_feed_track_upgrade_clickedincludes\class-rex-product-telemetry.php:24
authwp_ajax_rex_feed_track_setup_startedincludes\class-rex-product-telemetry.php:25
authwp_ajax_rex_feed_track_setup_completedincludes\class-rex-product-telemetry.php:26
authwp_ajax_rex_feed_save_optin_preferenceincludes\class-rex-product-telemetry.php:27
WordPress Hooks 86
actionadmin_noticesadmin\class-pfm-first-feed-banner.php:33
actionadmin_headadmin\class-pfm-first-feed-banner.php:34
actionactivated_pluginadmin\class-rex-feed-scheduler.php:27
actionupgrader_process_completeadmin\class-rex-feed-scheduler.php:30
actioninitadmin\class-rex-feed-scheduler.php:33
actionadmin_menuadmin\class-rex-product-feed-admin.php:442
actioncurrent_screenadmin\class-rex-product-feed-admin.php:447
actionadmin_menuadmin\class-rex-product-feed-admin.php:714
actioncurrent_screenadmin\class-rex-product-feed-admin.php:719
filtermanage_product-feed_posts_columnsadmin\class-rex-product-feed-cpt.php:30
actionmanage_product-feed_posts_custom_columnadmin\class-rex-product-feed-cpt.php:31
actionadd_meta_boxesadmin\class-rex-product-feed-metabox.php:28
actionadd_meta_boxesadmin\class-rex-product-feed-metabox.php:29
actionadd_meta_boxesadmin\class-rex-product-feed-metabox.php:30
actionadd_meta_boxesadmin\class-rex-product-feed-metabox.php:31
actionadd_meta_boxesadmin\class-rex-product-feed-metabox.php:32
actionadd_meta_boxesadmin\class-rex-product-feed-metabox.php:33
actionadd_meta_boxesadmin\class-rex-product-feed-metabox.php:34
actionadd_meta_boxesadmin\class-rex-product-feed-metabox.php:40
actionadmin_noticesadmin\class-rex-product-feed-metabox.php:41
actionadmin_noticesadmin\class-rex-product-feed-metabox.php:332
actionadmin_noticesadmin\class-rex-product-feed-metabox.php:342
actionadmin_noticesadmin\class-rex-product-feed-sales-notification-bar.php:51
actionadmin_headadmin\class-rex-product-feed-sales-notification-bar.php:53
actionadmin_headadmin\class-rex-product-feed-special-occasion-banner.php:73
actionadmin_noticesadmin\class-rex-product-feed-special-occasion-banner.php:75
filterposts_whereadmin\feed\abstract-rex-product-feed-generator.php:1069
filterposts_joinadmin\feed\abstract-rex-product-feed-generator.php:1070
filterposts_distinctadmin\feed\abstract-rex-product-feed-generator.php:1073
filterposts_whereadmin\feed\abstract-rex-product-feed-generator.php:1074
filterposts_joinadmin\feed\abstract-rex-product-feed-generator.php:1075
actionrex_feed_after_product_processedadmin\feed-validator\class-rex-feed-validator-loader.php:120
actionrex_feed_after_generation_completeadmin\feed-validator\class-rex-feed-validator-loader.php:121
actionrex_product_feed_scheduler_generateadmin\feed-validator\class-rex-feed-validator-loader.php:124
filterrex_feed_product_feed_tabsadmin\feed-validator\class-rex-feed-validator-loader.php:127
actionrex_feed_after_feed_updatedadmin\feed-validator\class-rex-feed-validator-loader.php:128
actiontransition_post_statusincludes\class-rex-product-feed-linno-telemetry.php:29
actionadmin_enqueue_scriptsincludes\class-rex-product-feed-setup-wizard.php:19
actioninitincludes\class-rex-product-feed.php:165
actionadmin_initincludes\class-rex-product-feed.php:208
actionadmin_initincludes\class-rex-product-feed.php:209
actionadmin_enqueue_scriptsincludes\class-rex-product-feed.php:212
actionadmin_enqueue_scriptsincludes\class-rex-product-feed.php:213
actioninitincludes\class-rex-product-feed.php:214
actionadmin_initincludes\class-rex-product-feed.php:216
actionadmin_initincludes\class-rex-product-feed.php:218
actionadmin_menuincludes\class-rex-product-feed.php:219
actionenter_title_hereincludes\class-rex-product-feed.php:220
actionadmin_footerincludes\class-rex-product-feed.php:221
filterrex_product_feed_tracking_enabledincludes\class-rex-product-feed.php:222
actionpost_submitbox_startincludes\class-rex-product-feed.php:224
filterbulk_actions-edit-product-feedincludes\class-rex-product-feed.php:226
filterpost_row_actionsincludes\class-rex-product-feed.php:227
actionpublish_product-feedincludes\class-rex-product-feed.php:229
actiondraft_product-feedincludes\class-rex-product-feed.php:230
actionafter_delete_postincludes\class-rex-product-feed.php:231
actionadmin_initincludes\class-rex-product-feed.php:232
actionadmin_noticesincludes\class-rex-product-feed.php:233
actionadmin_action_wpfm_duplicate_post_as_draftincludes\class-rex-product-feed.php:235
filterpost_row_actionsincludes\class-rex-product-feed.php:236
actionwp_footerincludes\class-rex-product-feed.php:237
actionadmin_post_rex_feed_rollbackincludes\class-rex-product-feed.php:245
filterbest-woocommerce-feed_tracker_dataincludes\class-rex-product-feed.php:247
actionwoocommerce_update_non_option_settingincludes\class-rex-product-feed.php:258
filterpost_updated_messagesincludes\class-rex-product-feed.php:261
filterrex_feed_product_price_before_formattingincludes\class-rex-product-feed.php:263
filterrex_feed_product_price_before_formattingincludes\class-rex-product-feed.php:264
filterrex_feed_product_price_before_formattingincludes\class-rex-product-feed.php:265
filterrex_feed_product_price_before_formattingincludes\class-rex-product-feed.php:266
filterrex_feed_product_price_before_formattingincludes\class-rex-product-feed.php:267
filterrexfeed_product_attribute_raw_valueincludes\class-rex-product-feed.php:273
actionwp_enqueue_scriptsincludes\class-rex-product-feed.php:286
actioninitincludes\class-rex-product-feed.php:289
actiontransition_post_statusincludes\class-rex-product-feed.php:363
actionrex_product_feed_activatedincludes\class-rex-product-telemetry.php:15
actiontransition_post_statusincludes\class-rex-product-telemetry.php:16
actioncurrent_screenincludes\class-rex-product-telemetry.php:17
actionrex_product_feed_advanced_feature_usedincludes\class-rex-product-telemetry.php:18
actionrex_product_feed_custom_filter_usedincludes\class-rex-product-telemetry.php:19
actionrex_product_feed_deactivatedincludes\class-rex-product-telemetry.php:20
actionadmin_initrex-product-feed.php:175
actionadmin_noticesrex-product-feed.php:176
actionadmin_noticesrex-product-feed.php:180
filterthemify_top_pagesrex-product-feed.php:330
actionin_plugin_update_message-best-woocommerce-feed/rex-product-feed.phprex-product-feed.php:357
actionbefore_woocommerce_initrex-product-feed.php:382
Maintenance & Trust

Product Feed Manager For WooCommerce – Sell on 200+ Online Marketplaces Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 6, 2026
PHP min version7.4
Downloads1.0M

Community Trust

Rating96/100
Number of ratings247
Active installs10K
Alternatives

Product Feed Manager For WooCommerce – Sell on 200+ Online Marketplaces Alternatives

Product Feed PRO for WooCommerce by AdTribes – Product Feeds for WooCommerce

Product Feed PRO for WooCommerce by AdTribes – Product Feeds for WooCommerce

woo-product-feed-pro

A
97

Most popular WooCommerce product feed plugin supporting Google shopping feed, meta/facebook feed, bing product feed & more.

80K 6 CVEs
WebToffee WooCommerce Product Feeds – Google Shopping, Pinterest, TikTok Ads, & More

WebToffee WooCommerce Product Feeds – Google Shopping, Pinterest, TikTok Ads, & More

webtoffee-product-feed

A
96

Create WooCommerce product feeds containing unlimited number of products. Supports Google Product feed, Facebook catalog feed, Instagram, Bing & m &hellip;

2K 3 CVEs
Product Feed Manager by Conversios: Google Shopping, TikTok, Meta & 100+ Channels

Product Feed Manager by Conversios: Google Shopping, TikTok, Meta & 100+ Channels

product-feed-manager-for-woocommerce

A
100

Create and manage WooCommerce product feeds with accurate data syncing for Google Shopping, Meta, TikTok, and 100+ channels to improve approval rates.

100 No CVEs
Products Feed Generator

Products Feed Generator

products-feed-generator

A
92

Generates an XML Products Feed for Google Merchant Center in RSS 2.0 format.

30 No CVEs
Product Feed Manager for WooCommerce – CTX Feed – Support 220+ Shopping & Social Channels

Product Feed Manager for WooCommerce – CTX Feed – Support 220+ Shopping & Social Channels

webappick-product-feed-for-woocommerce

A
92

Create WooCommerce product feeds for Google Shopping, Facebook, TikTok & 220+ channels. 2026 compliant. 6 formats. Trusted by 70,000+ stores.

70K 4 CVEs
Developer Profile

Product Feed Manager For WooCommerce – Sell on 200+ Online Marketplaces Developer Profile

RexTheme

3 plugins · 21K total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
293 days
View full developer profile
Detection Fingerprints

How We Detect Product Feed Manager For WooCommerce – Sell on 200+ Online Marketplaces

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/best-woocommerce-feed/admin/assets/css/rtf-common.css/wp-content/plugins/best-woocommerce-feed/admin/assets/css/rtf-import.css/wp-content/plugins/best-woocommerce-feed/admin/assets/css/rtf-notice.css/wp-content/plugins/best-woocommerce-feed/admin/assets/css/rtf-preview.css/wp-content/plugins/best-woocommerce-feed/admin/assets/css/rtf-settings.css/wp-content/plugins/best-woocommerce-feed/admin/assets/css/rtf-styles.css/wp-content/plugins/best-woocommerce-feed/admin/assets/js/rtf-common.js/wp-content/plugins/best-woocommerce-feed/admin/assets/js/rtf-import.js+4 more
Script Paths
/wp-content/plugins/best-woocommerce-feed/admin/assets/js/rtf-common.js/wp-content/plugins/best-woocommerce-feed/admin/assets/js/rtf-import.js/wp-content/plugins/best-woocommerce-feed/admin/assets/js/rtf-notice.js/wp-content/plugins/best-woocommerce-feed/admin/assets/js/rtf-preview.js/wp-content/plugins/best-woocommerce-feed/admin/assets/js/rtf-settings.js/wp-content/plugins/best-woocommerce-feed/admin/assets/js/rtf-styles.js
Version Parameters
/wp-content/plugins/best-woocommerce-feed/admin/assets/css/rtf-common.css?ver=/wp-content/plugins/best-woocommerce-feed/admin/assets/css/rtf-import.css?ver=/wp-content/plugins/best-woocommerce-feed/admin/assets/css/rtf-notice.css?ver=/wp-content/plugins/best-woocommerce-feed/admin/assets/css/rtf-preview.css?ver=/wp-content/plugins/best-woocommerce-feed/admin/assets/css/rtf-settings.css?ver=/wp-content/plugins/best-woocommerce-feed/admin/assets/css/rtf-styles.css?ver=/wp-content/plugins/best-woocommerce-feed/admin/assets/js/rtf-common.js?ver=/wp-content/plugins/best-woocommerce-feed/admin/assets/js/rtf-import.js?ver=/wp-content/plugins/best-woocommerce-feed/admin/assets/js/rtf-notice.js?ver=/wp-content/plugins/best-woocommerce-feed/admin/assets/js/rtf-preview.js?ver=/wp-content/plugins/best-woocommerce-feed/admin/assets/js/rtf-settings.js?ver=/wp-content/plugins/best-woocommerce-feed/admin/assets/js/rtf-styles.js?ver=

HTML / DOM Fingerprints

CSS Classes
rtf-commonrtf-importrtf-noticertf-previewrtf-settingsrtf-stylesrtf-notice-wrapper
HTML Comments
<!-- START RTF PREMIUM ADVERTISEMENT --><!-- END RTF PREMIUM ADVERTISEMENT --><!-- THIS IS THE SETTING FOR THE FEED PLUGIN. DO NOT MODIFY THIS FILE DIRECTLY. -->
Data Attributes
data-rtf-iddata-rtf-type
JS Globals
wpfm_admin_settingsrtf_params
FAQ

Frequently Asked Questions about Product Feed Manager For WooCommerce – Sell on 200+ Online Marketplaces