WP-Safety

Datafeedr API Security & Risk Analysis

wordpress.org/plugins/datafeedr-api

Connect to the Datafeedr API.

6K active installs v1.4.0 PHP 7.4+ WP 3.8+ Updated Mar 23, 2026
data-feeddatafeedimport-affiliate-productsimport-csvimport-datafeed
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Datafeedr API Safe to Use in 2026?

Generally Safe

Score 100/100

Datafeedr API has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The datafeedr-api plugin version 1.3.25 exhibits a mixed security posture. On the positive side, it has a clean vulnerability history with no known CVEs recorded, which suggests a history of relatively secure development or prompt patching. The plugin also shows a good number of capability checks and a reasonable amount of output escaping, indicating some adherence to WordPress security best practices. However, there are significant areas of concern. The presence of the `unserialize` function is a critical risk, as it can lead to object injection vulnerabilities if not handled with extreme care, especially with user-controlled input. Furthermore, the static analysis reveals one AJAX handler without authentication checks, creating a direct entry point for potential attacks. The fact that 100% of its SQL queries are not using prepared statements is a major red flag, increasing the risk of SQL injection vulnerabilities, especially when combined with other potential weaknesses. While taint analysis did not reveal critical flows, the combination of these factors presents a tangible risk.

Key Concerns

  • Unprotected AJAX handler
  • SQL queries without prepared statements
  • Dangerous function 'unserialize' used
  • Low output escaping percentage
Vulnerabilities
None known

Datafeedr API Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Datafeedr API Release Timeline

v1.4.0Current
v1.3.25
v1.3.24
v1.3.23
v1.3.21
v1.3.20
v1.3.19
v1.3.18
v1.3.17
v1.3.16
v1.3.15
v1.3.14
v1.3.13
v1.3.12
v1.3.11
v1.3.10
v1.3.9
v1.3.8
v1.3.7
v1.3.6
Code Analysis
Analyzed Mar 16, 2026

Datafeedr API Code Analysis

Dangerous Functions
2
Raw SQL Queries
2
0 prepared
Unescaped Output
105
124 escaped
Nonce Checks
2
Capability Checks
7
File Operations
2
External Requests
5
Bundled Libraries
0

Dangerous Functions Found

unserializeupdate_option( 'dfrapi_networks', unserialize( $networks ) );classes\class-dfrapi-import.php:92
unserializeupdate_option( 'dfrapi_merchants', unserialize( $merchants ) );classes\class-dfrapi-import.php:102

SQL Query Safety

0% prepared2 total queries

Output Escaping

54% escaped229 total outputs
Attack Surface
1 unprotected

Datafeedr API Attack Surface

Entry Points3
Unprotected1

AJAX Handlers 3

authwp_ajax_search_formclasses\class-dfrapi-initialize.php:16
authwp_ajax_dfrapi_delete_cached_api_datahooks\admin\ajax.php:45
authwp_ajax_dfrapi_test_api_connectionhooks\admin\ajax.php:74
WordPress Hooks 59
filtercron_schedulesclasses\class-datafeedr-cron.php:45
actionadmin_initclasses\class-dfrapi-account.php:19
actionadmin_menuclasses\class-dfrapi-account.php:20
actioninitclasses\class-dfrapi-account.php:21
actioninitclasses\class-dfrapi-configuration.php:20
actionadmin_initclasses\class-dfrapi-configuration.php:21
actionadmin_menuclasses\class-dfrapi-configuration.php:22
actionadmin_noticesclasses\class-dfrapi-configuration.php:23
actionadmin_initclasses\class-dfrapi-export.php:17
actionadmin_menuclasses\class-dfrapi-export.php:18
actioncurrent_screenclasses\class-dfrapi-help.php:16
filterwp_check_filetype_and_extclasses\class-dfrapi-image-uploader.php:140
filterwp_unique_filenameclasses\class-dfrapi-image-uploader.php:171
filterhttp_request_argsclasses\class-dfrapi-image-uploader.php:174
actionadmin_initclasses\class-dfrapi-import.php:17
actionadmin_menuclasses\class-dfrapi-import.php:18
actionadmin_noticesclasses\class-dfrapi-import.php:19
actionplugins_loadedclasses\class-dfrapi-initialize.php:12
actionadmin_menuclasses\class-dfrapi-initialize.php:13
actionadmin_menuclasses\class-dfrapi-initialize.php:14
actionadmin_menuclasses\class-dfrapi-initialize.php:15
actioninitclasses\class-dfrapi-merchants.php:22
actionadmin_initclasses\class-dfrapi-merchants.php:23
actionadmin_noticesclasses\class-dfrapi-merchants.php:24
actionadmin_noticesclasses\class-dfrapi-merchants.php:25
actioninitclasses\class-dfrapi-networks.php:24
actionadmin_initclasses\class-dfrapi-networks.php:25
actionadmin_noticesclasses\class-dfrapi-networks.php:26
actionadmin_noticesclasses\class-dfrapi-networks.php:27
actionadmin_initclasses\class-dfrapi-tools.php:17
actionadmin_menuclasses\class-dfrapi-tools.php:18
actionadmin_noticesclasses\class-dfrapi-tools.php:19
actionadmin_noticeshooks\admin\admin-notices.php:31
actionadmin_noticeshooks\admin\admin-notices.php:55
actionadmin_noticeshooks\admin\admin-notices.php:85
actionadmin_noticeshooks\admin\admin-notices.php:120
actionadmin_noticeshooks\admin\admin-notices.php:144
actionadmin_noticeshooks\admin\admin-notices.php:173
actionadmin_noticeshooks\admin\admin-notices.php:253
actionadmin_noticeshooks\admin\admin-notices.php:332
filterdebug_informationhooks\admin\debug-information.php:11
actionadmin_enqueue_scriptshooks\admin\enqueue-scripts.php:17
actionadmin_enqueue_scriptshooks\admin\enqueue-scripts.php:39
actionadmin_footerhooks\admin\interface.php:25
filterplugin_row_metahooks\admin\interface.php:67
filterdfrapi_list_merchantshooks\admin\merchants.php:89
filterdfrapi_list_merchantshooks\admin\merchants.php:114
filterdfrapi_list_merchantshooks\admin\merchants.php:139
filterdfrapi_network_supports_tracking_idhooks\admin\networks.php:32
filterdfrapi_api_optionshooks\global\affiliate-ids.php:17
filterdfrapi_affiliate_idhooks\global\affiliate-ids.php:32
filterdfrapi_affiliate_idhooks\global\affiliate-ids.php:50
filterdfrapi_affiliate_idhooks\global\affiliate-ids.php:68
filterdfrapi_after_tracking_id_insertionhooks\global\affiliate-ids.php:96
filterdfrapi_after_tracking_id_insertionhooks\global\affiliate-ids.php:118
filterdfrapi_before_affiliate_id_insertionhooks\global\affiliate-ids.php:149
filterwp_mail_content_typehooks\global\emails.php:70
filterwp_mail_content_typehooks\global\emails.php:100
actioninithooks\global\emails.php:107
Maintenance & Trust

Datafeedr API Maintenance & Trust

Maintenance Signals

WordPress version tested7.0
Last updatedMar 23, 2026
PHP min version7.4
Downloads241K

Community Trust

Rating80/100
Number of ratings13
Active installs6K
Alternatives

Datafeedr API Alternatives

Datafeedr Product Sets

Datafeedr Product Sets

datafeedr-product-sets

A
92

Build sets of products to import into your website.

6K No CVEs
Datafeedr WooCommerce Importer

Datafeedr WooCommerce Importer

datafeedr-woocommerce-importer

A
92

Import products from the Datafeedr API into your WooCommerce store.

6K No CVEs
WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets

WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets

wp-all-import

B
75

Easily import any file of any size into any plugin, post type, custom field, or taxonomy. Supports WooCommerce, ACF, images, galleries, users, real es …

100K 22 CVEs
Import Users from CSV

Import Users from CSV

import-users-from-csv

A
99

Import users from a CSV into WordPress

10K 1 CVE
Import WP – Export and Import CSV and XML files to WordPress

Import WP – Export and Import CSV and XML files to WordPress

jc-importer

A
90

Import WP, a simple, fast and powerful XML and CSV import solution, Making it easy to import posts, pages, categories, tags, users and attachments.

5K 5 CVEs
Developer Profile

Datafeedr API Developer Profile

datafeedr

6 plugins · 23K total installs

85
trust score
Avg Security Score
96/100
Avg Patch Time
70 days
View full developer profile
Detection Fingerprints

How We Detect Datafeedr API

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/datafeedr-api/css/style.css/wp-content/plugins/datafeedr-api/css/searchform.css/wp-content/plugins/datafeedr-api/js/general.js/wp-content/plugins/datafeedr-api/js/searchfilter.js/wp-content/plugins/datafeedr-api/js/merchants.js/wp-content/plugins/datafeedr-api/js/searchform.js/wp-content/plugins/datafeedr-api/js/jquery.reveal.js
Script Paths
/wp-content/plugins/datafeedr-api/js/general.js/wp-content/plugins/datafeedr-api/js/searchfilter.js/wp-content/plugins/datafeedr-api/js/merchants.js/wp-content/plugins/datafeedr-api/js/searchform.js/wp-content/plugins/datafeedr-api/js/jquery.reveal.js
Version Parameters
datafeedr-api/css/style.css?ver=datafeedr-api/css/searchform.css?ver=datafeedr-api/js/general.js?ver=datafeedr-api/js/searchfilter.js?ver=datafeedr-api/js/merchants.js?ver=datafeedr-api/js/searchform.js?ver=datafeedr-api/js/jquery.reveal.js?ver=

HTML / DOM Fingerprints

CSS Classes
dfrapi
Data Attributes
data-dfr-target
JS Globals
dfrapi_ajax_object
FAQ

Frequently Asked Questions about Datafeedr API