WP-Safety

Datafeedr Product Sets Security & Risk Analysis

wordpress.org/plugins/datafeedr-product-sets

Build sets of products to import into your website.

6K active installs v1.3.24 PHP 7.4+ WP 3.8+ Updated Feb 4, 2025
datafeedimport-affiliate-productsimport-csvimport-datafeed
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Datafeedr Product Sets Safe to Use in 2026?

Generally Safe

Score 92/100

Datafeedr Product Sets has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The "datafeedr-product-sets" v1.3.24 plugin demonstrates a generally good security posture, with all identified entry points (AJAX handlers) protected by nonce and capability checks. This is a significant strength. The absence of recorded vulnerabilities and CVEs further bolsters confidence in its current security. However, the static analysis reveals potential areas for improvement. The presence of the `unserialize` function, while not inherently a vulnerability, carries inherent risks if the data being unserialized is not strictly controlled and validated, especially if it originates from untrusted user input. Furthermore, the low percentage of SQL queries using prepared statements (18%) is a concern, as it significantly increases the risk of SQL injection vulnerabilities, even if none have been publicly reported. The taint analysis showing three flows with unsanitized paths, while not classified as critical or high severity, still indicates potential for unexpected behavior or data manipulation if these paths are exploited.

Key Concerns

  • Dangerous function `unserialize` found
  • Low percentage of SQL prepared statements
  • Unsanitized paths in taint flows
  • Low percentage of properly escaped output
Vulnerabilities
None known

Datafeedr Product Sets Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Datafeedr Product Sets Release Timeline

v1.3.24Current
v1.3.23
v1.3.22
v1.3.21
v1.3.20
v1.3.19
v1.3.18
v1.3.17
v1.3.16
v1.3.15
v1.3.14
v1.3.13
v1.3.12
v1.3.11
v1.3.10
v1.3.9
v1.3.8
v1.3.7
v1.3.6
v1.3.5
Code Analysis
Analyzed Mar 16, 2026

Datafeedr Product Sets Code Analysis

Dangerous Functions
2
Raw SQL Queries
14
3 prepared
Unescaped Output
244
85 escaped
Nonce Checks
18
Capability Checks
9
File Operations
1
External Requests
2
Bundled Libraries
0

Dangerous Functions Found

unserialize$update_errors = ( isset( $meta['_dfrps_cpt_errors'][0] ) ) ? unserialize( $meta['_dfrps_cpt_errorclasses\class-dfrps-cpt.php:685
unserialize$product = unserialize( $product_data['data'] );classes\class-dfrps-update.php:536

SQL Query Safety

18% prepared17 total queries

Output Escaping

26% escaped329 total outputs
Data Flows · Security
3 unsanitized

Data Flow Analysis

6 flows3 with unsanitized paths
restrict_manage_posts_by_type (classes\class-dfrps-cpt.php:871)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Datafeedr Product Sets Attack Surface

Entry Points18
Unprotected0

AJAX Handlers 18

authwp_ajax_dfrps_ajax_add_individual_productfunctions\ajax.php:9
authwp_ajax_dfrps_ajax_get_productsfunctions\ajax.php:10
authwp_ajax_dfrps_ajax_block_individual_productfunctions\ajax.php:11
authwp_ajax_dfrps_ajax_remove_individual_productfunctions\ajax.php:12
authwp_ajax_dfrps_ajax_unblock_individual_productfunctions\ajax.php:13
authwp_ajax_dfrps_ajax_save_queryfunctions\ajax.php:14
authwp_ajax_dfrps_ajax_update_taxonomyfunctions\ajax.php:15
authwp_ajax_dfrps_ajax_update_import_intofunctions\ajax.php:16
authwp_ajax_dfrps_ajax_update_nowfunctions\ajax.php:17
authwp_ajax_dfrps_ajax_delete_saved_searchfunctions\ajax.php:18
authwp_ajax_dfrps_ajax_update_progress_barfunctions\ajax.php:19
authwp_ajax_dfrps_ajax_dashboardfunctions\ajax.php:20
authwp_ajax_dfrps_ajax_test_loopbacksfunctions\ajax.php:21
authwp_ajax_dfrps_ajax_reset_cronfunctions\ajax.php:22
authwp_ajax_dfrps_ajax_fix_missing_imagesfunctions\ajax.php:23
authwp_ajax_dfrps_ajax_batch_import_imagesfunctions\ajax.php:24
authwp_ajax_dfrps_ajax_start_batch_image_importfunctions\ajax.php:25
authwp_ajax_dfrps_ajax_stop_batch_image_importfunctions\ajax.php:26
WordPress Hooks 63
actionadmin_initclasses\class-dfrps-configuration.php:21
actionadmin_menuclasses\class-dfrps-configuration.php:22
actionadmin_noticesclasses\class-dfrps-configuration.php:23
actionsave_postclasses\class-dfrps-cpt.php:11
actionadmin_head-post-new.phpclasses\class-dfrps-cpt.php:12
actionadmin_head-post.phpclasses\class-dfrps-cpt.php:13
actionadmin_menuclasses\class-dfrps-cpt.php:14
actionadmin_enqueue_scriptsclasses\class-dfrps-cpt.php:15
actionadmin_menuclasses\class-dfrps-cpt.php:16
actionrestrict_manage_postsclasses\class-dfrps-cpt.php:18
actionadmin_headclasses\class-dfrps-cpt.php:19
actionwp_before_admin_bar_renderclasses\class-dfrps-cpt.php:20
actionadmin_menuclasses\class-dfrps-cpt.php:21
actionadmin_menuclasses\class-dfrps-cpt.php:22
actionwp_trash_postclasses\class-dfrps-cpt.php:23
actiontransition_post_statusclasses\class-dfrps-cpt.php:24
actiontransition_post_statusclasses\class-dfrps-cpt.php:25
actiontransition_post_statusclasses\class-dfrps-cpt.php:26
actiontransition_post_statusclasses\class-dfrps-cpt.php:27
actionadd_meta_boxesclasses\class-dfrps-cpt.php:28
filterrequestclasses\class-dfrps-cpt.php:32
filterenter_title_hereclasses\class-dfrps-cpt.php:39
filteradmin_body_classclasses\class-dfrps-cpt.php:40
filterpage_row_actionsclasses\class-dfrps-cpt.php:41
filterwpseo_use_page_analysisclasses\class-dfrps-cpt.php:42
filterpost_updated_messagesclasses\class-dfrps-cpt.php:43
filterbulk_post_updated_messagesclasses\class-dfrps-cpt.php:44
filterparse_queryclasses\class-dfrps-cpt.php:45
filterparse_queryclasses\class-dfrps-cpt.php:47
actioncurrent_screenclasses\class-dfrps-help.php:16
filterhttp_request_argsclasses\class-dfrps-image-importer.php:93
actionadmin_enqueue_scriptsclasses\class-dfrps-initialize.php:21
actionadmin_enqueue_scriptsclasses\class-dfrps-initialize.php:22
actionplugins_loadedclasses\class-dfrps-initialize.php:23
actionadmin_menuclasses\class-dfrps-initialize.php:24
filterplugin_row_metaclasses\class-dfrps-initialize.php:25
actionadmin_menuclasses\class-dfrps-menu.php:10
actionadmin_initclasses\class-dfrps-tools.php:17
actionadmin_menuclasses\class-dfrps-tools.php:18
actionadmin_noticesclasses\class-dfrps-tools.php:19
filterwp_mail_content_typeclasses\class-dfrps-update.php:339
actionadmin_noticesdatafeedr-product-sets.php:133
actionadmin_noticesdatafeedr-product-sets.php:148
actionadmin_noticesdatafeedr-product-sets.php:164
actionadmin_noticesdatafeedr-product-sets.php:197
actionadmin_noticesdatafeedr-product-sets.php:225
actioninitdatafeedr-product-sets.php:287
actionadmin_noticesfunctions\actions.php:32
actionadmin_noticesfunctions\actions.php:56
actiondfrpswc_do_productfunctions\actions.php:85
actiondfrapi_as_dfrps_import_product_imagefunctions\actions.php:144
filterwp_mail_content_typefunctions\actions.php:218
actiondfrps_product_set_updates_disabledfunctions\actions.php:223
actionmanage_product_posts_custom_columnfunctions\actions.php:259
filtercron_schedulesfunctions\cron.php:25
actiondfrps_cronfunctions\cron.php:44
filterbulk_actions-edit-datafeedr-productsetfunctions\filters.php:29
filterhandle_bulk_actions-edit-datafeedr-productsetfunctions\filters.php:59
filterhandle_bulk_actions-edit-datafeedr-productsetfunctions\filters.php:89
filterpage_row_actionsfunctions\filters.php:194
filtermanage_edit-product_columnsfunctions\filters.php:210
filterdebug_informationfunctions\filters.php:218
actionthe_postfunctions\helper.php:756

Scheduled Events 2

dfrps_cron
dfrps_cron
Maintenance & Trust

Datafeedr Product Sets Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedFeb 4, 2025
PHP min version7.4
Downloads157K

Community Trust

Rating86/100
Number of ratings4
Active installs6K
Alternatives

Datafeedr Product Sets Alternatives

Datafeedr API

Datafeedr API

datafeedr-api

A
100

Connect to the Datafeedr API.

6K No CVEs
Datafeedr WooCommerce Importer

Datafeedr WooCommerce Importer

datafeedr-woocommerce-importer

A
92

Import products from the Datafeedr API into your WooCommerce store.

6K No CVEs
WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets

WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets

wp-all-import

B
75

Easily import any file of any size into any plugin, post type, custom field, or taxonomy. Supports WooCommerce, ACF, images, galleries, users, real es …

100K 22 CVEs
Import Users from CSV

Import Users from CSV

import-users-from-csv

A
99

Import users from a CSV into WordPress

10K 1 CVE
Import WP – Export and Import CSV and XML files to WordPress

Import WP – Export and Import CSV and XML files to WordPress

jc-importer

A
90

Import WP, a simple, fast and powerful XML and CSV import solution, Making it easy to import posts, pages, categories, tags, users and attachments.

5K 5 CVEs
Developer Profile

Datafeedr Product Sets Developer Profile

datafeedr

6 plugins · 23K total installs

85
trust score
Avg Security Score
96/100
Avg Patch Time
70 days
View full developer profile
Detection Fingerprints

How We Detect Datafeedr Product Sets

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/datafeedr-product-sets/assets/css/style.css/wp-content/plugins/datafeedr-product-sets/assets/js/admin.js/wp-content/plugins/datafeedr-product-sets/assets/js/frontend.js
Script Paths
/wp-content/plugins/datafeedr-product-sets/assets/js/admin.js/wp-content/plugins/datafeedr-product-sets/assets/js/frontend.js
Version Parameters
datafeedr-product-sets/assets/css/style.css?ver=datafeedr-product-sets/assets/js/admin.js?ver=datafeedr-product-sets/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
dfrps_wp_cron_disabled_notice
Data Attributes
dfrps_configuration
FAQ

Frequently Asked Questions about Datafeedr Product Sets