WP-Safety

EAN Barcode Generator for WooCommerce: UPC, ISBN & GTIN Inventory Security & Risk Analysis

wordpress.org/plugins/ean-for-woocommerce

Manage GTINs (EAN, UPC, ISBN, etc.) effortlessly in WooCommerce! Create, save, search, and display EANs easily, with tools for bulk actions, etc.

10K active installs v5.5.2 PHP + WP 4.4+ Updated Nov 5, 2025
barcodeeangtinupcwoocommerce
94
A · Safe
CVEs total6
Unpatched0
Last CVEMay 19, 2025
Plugin page Download
Safety Verdict

Is EAN Barcode Generator for WooCommerce: UPC, ISBN & GTIN Inventory Safe to Use in 2026?

Generally Safe

Score 94/100

EAN Barcode Generator for WooCommerce: UPC, ISBN & GTIN Inventory has a strong security track record. Known vulnerabilities have been patched promptly.

6 known CVEsLast CVE: May 19, 2025Updated 5mo ago
Risk Assessment

The "ean-for-woocommerce" plugin v5.5.2 exhibits a mixed security posture. While it demonstrates some good practices, such as a high percentage of SQL queries using prepared statements and a reasonable number of capability checks, several significant concerns remain. The presence of two AJAX handlers without authentication checks represents a direct attack surface that could be exploited by unauthenticated users. The taint analysis revealing two high-severity flows with unsanitized paths is particularly worrying, indicating potential vulnerabilities like Cross-Site Scripting (XSS) or SQL injection if these flows are not properly handled.

The plugin's history of six known medium-severity CVEs, including types like Cross-site Scripting and Missing Authorization, suggests a recurring pattern of vulnerabilities. Although no CVEs are currently unpatched, the past occurrences of critical types of vulnerabilities (even if only at medium severity) indicate a need for more robust security development practices. The last vulnerability in 2025 further emphasizes that even recent versions have had issues. The plugin's total entry points are moderate, but the unprotected AJAX handlers are a critical weakness.

In conclusion, while the plugin is not overtly insecure due to its use of prepared statements and some capability checks, the unprotected AJAX endpoints and high-severity taint flows, coupled with a history of medium-severity vulnerabilities, warrant caution. The developers should prioritize addressing the unsanitized taint flows and implementing proper authorization checks on all AJAX handlers to improve the plugin's overall security.

Key Concerns

  • Unprotected AJAX handlers
  • High severity taint flows (unsanitized)
  • Previous medium severity vulnerabilities
  • Unsanitized output detected in taint analysis
Vulnerabilities
6

EAN Barcode Generator for WooCommerce: UPC, ISBN & GTIN Inventory Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
3 CVEs in 2024
2024
2 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

High
1
Medium
5

6 total CVEs

CVE-2025-48249medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

EAN for WooCommerce <= 5.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

May 19, 2025 Patched in 5.4.7 (10d)
CVE-2025-22673medium · 4.3Missing Authorization

EAN for WooCommerce <= 5.3.5 - Missing Authorization

Feb 3, 2025 Patched in 5.4.0 (10d)
CVE-2024-34370high · 7.2Improper Input Validation

EAN for WooCommerce <= 4.8.9 - Authenticated (Shop Manager+) Arbitrary Options Update

May 3, 2024 Patched in 4.9.0 (693d)
CVE-2023-6897medium · 4.3Authorization Bypass Through User-Controlled Key

EAN for WooCommerce <= 4.9.2 - Insecure Direct Object Reference to Sensitve Information Exposure via Shortcode

Apr 17, 2024 Patched in 4.9.3 (104d)
CVE-2023-6892medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

EAN for WooCommerce <= 4.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via alg_wc_ean_product_meta Shortcode

Apr 17, 2024 Patched in 4.9.3 (104d)
CVE-2023-0062medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

EAN for WooCommerce <= 4.4.2 - Authenticated (Contributor+ )Stored Cross-Site Scripting via Shortcode

Jan 11, 2023 Patched in 4.4.3 (377d)
Code Analysis
Analyzed Mar 16, 2026

EAN Barcode Generator for WooCommerce: UPC, ISBN & GTIN Inventory Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
8 prepared
Unescaped Output
34
77 escaped
Nonce Checks
1
Capability Checks
6
File Operations
1
External Requests
0
Bundled Libraries
0

SQL Query Safety

80% prepared10 total queries

Output Escaping

69% escaped111 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

7 flows3 with unsanitized paths
<class-alg-wc-ean-manage-settings> (includes\class-alg-wc-ean-manage-settings.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

EAN Barcode Generator for WooCommerce: UPC, ISBN & GTIN Inventory Attack Surface

Entry Points18
Unprotected2

AJAX Handlers 2

authwp_ajax_alg_wc_ean_generate_ajaxincludes\class-alg-wc-ean-compatibility.php:441
authwp_ajax_alg_wc_ean_generate_ajaxincludes\class-alg-wc-ean-edit.php:96

Shortcodes 16

[alg_wc_ean] includes\class-alg-wc-ean-shortcodes.php:37
[alg_wc_ean_is_unique] includes\class-alg-wc-ean-shortcodes.php:38
[alg_wc_ean_is_valid] includes\class-alg-wc-ean-shortcodes.php:39
[alg_wc_ean_product_attr] includes\class-alg-wc-ean-shortcodes.php:40
[alg_wc_ean_product_image] includes\class-alg-wc-ean-shortcodes.php:41
[alg_wc_ean_product_name] includes\class-alg-wc-ean-shortcodes.php:42
[alg_wc_ean_product_sku] includes\class-alg-wc-ean-shortcodes.php:43
[alg_wc_ean_product_price] includes\class-alg-wc-ean-shortcodes.php:44
[alg_wc_ean_product_id] includes\class-alg-wc-ean-shortcodes.php:45
[alg_wc_ean_product_author_id] includes\class-alg-wc-ean-shortcodes.php:46
[alg_wc_ean_product_meta] includes\class-alg-wc-ean-shortcodes.php:47
[alg_wc_ean_product_function] includes\class-alg-wc-ean-shortcodes.php:48
[alg_wc_ean_product_terms] includes\class-alg-wc-ean-shortcodes.php:49
[alg_wc_ean_if] includes\class-alg-wc-ean-shortcodes.php:50
[alg_wc_ean_if_product_cat] includes\class-alg-wc-ean-shortcodes.php:51
[alg_wc_ean_if_product_tag] includes\class-alg-wc-ean-shortcodes.php:52
WordPress Hooks 108
actionplugins_loadedean-for-woocommerce.php:58
filterwoocommerce_duplicate_product_exclude_metaincludes\class-alg-wc-ean-admin.php:25
filterwoocommerce_gla_attribute_mapping_sources_custom_attributesincludes\class-alg-wc-ean-compatibility.php:42
actionmvx_process_product_objectincludes\class-alg-wc-ean-compatibility.php:47
actionmvx_frontend_dashboard_after_product_excerpt_metabox_panelincludes\class-alg-wc-ean-compatibility.php:48
filterwc_pos_scanning_fieldsincludes\class-alg-wc-ean-compatibility.php:52
filterwoocommerce_rest_prepare_product_objectincludes\class-alg-wc-ean-compatibility.php:54
filterop_barcode_key_settingincludes\class-alg-wc-ean-compatibility.php:59
actiondokan_new_product_after_product_tagsincludes\class-alg-wc-ean-compatibility.php:64
actiondokan_product_edit_after_product_tagsincludes\class-alg-wc-ean-compatibility.php:65
actiondokan_new_product_addedincludes\class-alg-wc-ean-compatibility.php:66
actiondokan_product_updatedincludes\class-alg-wc-ean-compatibility.php:67
actiondokan_product_after_variation_pricingincludes\class-alg-wc-ean-compatibility.php:68
filterwcfm_product_fields_stockincludes\class-alg-wc-ean-compatibility.php:73
actionafter_wcfm_products_manage_meta_saveincludes\class-alg-wc-ean-compatibility.php:74
filterwcfm_variation_edit_dataincludes\class-alg-wc-ean-compatibility.php:77
filterwcfm_product_manage_fields_variationsincludes\class-alg-wc-ean-compatibility.php:78
actionafter_wcfm_product_variation_meta_saveincludes\class-alg-wc-ean-compatibility.php:79
actionwcdn_order_item_afterincludes\class-alg-wc-ean-compatibility.php:84
filterwf_pklist_package_product_table_additional_column_valincludes\class-alg-wc-ean-compatibility.php:102
filterwf_pklist_product_table_additional_column_valincludes\class-alg-wc-ean-compatibility.php:103
filterwf_pklist_alter_product_table_headincludes\class-alg-wc-ean-compatibility.php:104
filterwf_pklist_add_product_metaincludes\class-alg-wc-ean-compatibility.php:108
filterwf_pklist_add_package_product_metaincludes\class-alg-wc-ean-compatibility.php:109
filterwf_pklist_alter_product_nameincludes\class-alg-wc-ean-compatibility.php:112
filterwf_pklist_alter_package_product_nameincludes\class-alg-wc-ean-compatibility.php:113
filterwoocommerce_gpf_custom_field_listincludes\class-alg-wc-ean-compatibility.php:119
filterwc_customer_order_export_format_data_sourcesincludes\class-alg-wc-ean-compatibility.php:124
filterwc_customer_order_export_csv_order_row_one_row_per_itemincludes\class-alg-wc-ean-compatibility.php:125
filteralg_wc_ean_searchincludes\class-alg-wc-ean-compatibility.php:130
actionwp_footerincludes\class-alg-wc-ean-compatibility.php:440
actionwp_footerincludes\class-alg-wc-ean-compatibility.php:442
actionwp_footerincludes\class-alg-wc-ean-compatibility.php:520
actionwp_enqueue_scriptsincludes\class-alg-wc-ean-display.php:40
filterwoocommerce_available_variationincludes\class-alg-wc-ean-display.php:41
actionwoocommerce_after_shop_loop_item_titleincludes\class-alg-wc-ean-display.php:46
actionwoocommerce_after_cart_item_nameincludes\class-alg-wc-ean-display.php:51
filterwoocommerce_get_item_dataincludes\class-alg-wc-ean-display.php:56
filterwoocommerce_structured_data_productincludes\class-alg-wc-ean-display.php:61
filterrank_math/json_ldincludes\class-alg-wc-ean-display.php:64
filtermanage_edit-product_columnsincludes\class-alg-wc-ean-display.php:75
actionmanage_product_posts_custom_columnincludes\class-alg-wc-ean-display.php:76
filtermanage_edit-product_sortable_columnsincludes\class-alg-wc-ean-display.php:77
actionpre_get_postsincludes\class-alg-wc-ean-display.php:78
actionadmin_headincludes\class-alg-wc-ean-display.php:79
actionsave_post_productincludes\class-alg-wc-ean-edit.php:40
actionwoocommerce_save_product_variationincludes\class-alg-wc-ean-edit.php:54
actionwoocommerce_product_quick_edit_endincludes\class-alg-wc-ean-edit.php:62
actionwoocommerce_product_bulk_edit_endincludes\class-alg-wc-ean-edit.php:67
actionwoocommerce_product_bulk_and_quick_editincludes\class-alg-wc-ean-edit.php:72
actionmanage_product_posts_custom_columnincludes\class-alg-wc-ean-edit.php:78
actionadmin_footerincludes\class-alg-wc-ean-edit.php:84
actionadmin_footerincludes\class-alg-wc-ean-edit.php:92
filterwoocommerce_product_export_column_namesincludes\class-alg-wc-ean-export-import.php:25
filterwoocommerce_product_export_product_default_columnsincludes\class-alg-wc-ean-export-import.php:26
filterwoocommerce_product_export_product_column_alg_eanincludes\class-alg-wc-ean-export-import.php:27
filterwoocommerce_csv_product_import_mapping_optionsincludes\class-alg-wc-ean-export-import.php:29
filterwoocommerce_csv_product_import_mapping_default_columnsincludes\class-alg-wc-ean-export-import.php:30
filterwoocommerce_product_importer_parsed_dataincludes\class-alg-wc-ean-export-import.php:31
actionalg_wc_ean_settings_savedincludes\class-alg-wc-ean-manage-settings.php:24
actionalg_wc_ean_settings_savedincludes\class-alg-wc-ean-manage-settings.php:25
actionalg_wc_ean_settings_savedincludes\class-alg-wc-ean-manage-settings.php:26
actionwoocommerce_order_item_meta_endincludes\class-alg-wc-ean-order-items-table.php:35
actionwoocommerce_email_before_order_tableincludes\class-alg-wc-ean-order-items-table.php:36
actionwoocommerce_email_after_order_tableincludes\class-alg-wc-ean-order-items-table.php:37
actionalg_wc_ean_settings_savedincludes\class-alg-wc-ean-order-tools.php:24
actionalg_wc_ean_settings_savedincludes\class-alg-wc-ean-order-tools.php:25
actionalg_wc_ean_settings_savedincludes\class-alg-wc-ean-order-tools.php:26
actionwoocommerce_checkout_order_processedincludes\class-alg-wc-ean-orders.php:29
actionwoocommerce_new_order_itemincludes\class-alg-wc-ean-orders.php:34
filterwoocommerce_order_item_display_meta_keyincludes\class-alg-wc-ean-orders.php:38
actioninitincludes\class-alg-wc-ean-product-block-editor.php:24
actionwoocommerce_layout_template_after_instantiationincludes\class-alg-wc-ean-product-block-editor.php:45
filterwoocommerce_rest_pre_insert_product_objectincludes\class-alg-wc-ean-product-block-editor.php:48
filterwoocommerce_rest_pre_insert_product_variation_objectincludes\class-alg-wc-ean-product-block-editor.php:49
filterwoocommerce_rest_prepare_product_objectincludes\class-alg-wc-ean-product-block-editor.php:52
filterwoocommerce_rest_prepare_product_variation_objectincludes\class-alg-wc-ean-product-block-editor.php:53
actionalg_wc_ean_settings_savedincludes\class-alg-wc-ean-product-tools.php:30
actionalg_wc_ean_settings_savedincludes\class-alg-wc-ean-product-tools.php:31
actionwp_insert_postincludes\class-alg-wc-ean-product-tools.php:34
actioninitincludes\class-alg-wc-ean-product-tools.php:38
actionalg_wc_ean_products_periodic_actionincludes\class-alg-wc-ean-product-tools.php:39
actioninitincludes\class-alg-wc-ean-product-tools.php:41
filterbulk_actions-edit-productincludes\class-alg-wc-ean-product-tools.php:45
filterhandle_bulk_actions-edit-productincludes\class-alg-wc-ean-product-tools.php:46
actionadmin_footerincludes\class-alg-wc-ean-product-tools.php:47
actionbefore_delete_postincludes\class-alg-wc-ean-product-tools.php:50
filterwoocommerce_rest_prepare_product_objectincludes\class-alg-wc-ean-rest-api.php:32
filterwoocommerce_rest_prepare_product_variation_objectincludes\class-alg-wc-ean-rest-api.php:33
filterwoocommerce_rest_product_object_queryincludes\class-alg-wc-ean-rest-api.php:36
actionpre_get_postsincludes\class-alg-wc-ean-rest-api.php:37
filterwoocommerce_rest_query_varsincludes\class-alg-wc-ean-rest-api.php:38
filterwoocommerce_rest_prepare_shop_order_objectincludes\class-alg-wc-ean-rest-api.php:43
filterwoocommerce_rest_orders_prepare_object_queryincludes\class-alg-wc-ean-rest-api.php:46
actionpre_get_postsincludes\class-alg-wc-ean-search.php:44
actionpre_get_postsincludes\class-alg-wc-ean-search.php:51
filterwoocommerce_json_search_found_productsincludes\class-alg-wc-ean-search.php:53
filtertheme_mod_search_by_skuincludes\class-alg-wc-ean-search.php:61
filterflatsome_ajax_search_functionincludes\class-alg-wc-ean-search.php:62
actioninitincludes\class-alg-wc-ean.php:84
actionbefore_woocommerce_initincludes\class-alg-wc-ean.php:87
actioninitincludes\class-alg-wc-ean.php:168
actioninitincludes\class-alg-wc-ean.php:171
filterwoocommerce_get_settings_pagesincludes\class-alg-wc-ean.php:174
actionadmin_initincludes\class-alg-wc-ean.php:181
actionadmin_footerincludes\settings\class-alg-wc-ean-settings-print-products.php:117
filterwoocommerce_get_sections_alg_wc_eanincludes\settings\class-alg-wc-ean-settings-section.php:59
actionadmin_noticesincludes\settings\class-alg-wc-ean-settings.php:155
Maintenance & Trust

EAN Barcode Generator for WooCommerce: UPC, ISBN & GTIN Inventory Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedNov 5, 2025
PHP min version
Downloads601K

Community Trust

Rating98/100
Number of ratings55
Active installs10K
Alternatives

EAN Barcode Generator for WooCommerce: UPC, ISBN & GTIN Inventory Alternatives

UPC/EAN/GTIN Barcode Generator/Importer

UPC/EAN/GTIN Barcode Generator/Importer

upc-ean-barcode-generator

A
95

Generate UPC/EAN/GTIN codes or import them from CSV/Spreadsheet file into WooCommerce products

500 3 CVEs
Flexible EAN for WooCommerce

Flexible EAN for WooCommerce

flexible-ean-for-woocommerce

A
100

The Flexible EAN for WooCommerce plugin can save the EAN barcode for simple and variable products.

100 No CVEs
Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce

Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce

a4-barcode-generator

A
97

Generate & print barcode labels for WooCommerce products and orders. Put various data on labels like price, SKU, name, attributes, customer data, etc

1K 4 CVEs
Barcode Generator for WooCommerce – Show barcodes on products, orders, invoices and other pages

Barcode Generator for WooCommerce – Show barcodes on products, orders, invoices and other pages

embedding-barcodes-into-product-pages-and-orders

A
97

Embed product and order barcodes into web-pages, emails, invoices or any other places on your website.

300 3 CVEs
EAN, UPC and ISBN for WooCommerce

EAN, UPC and ISBN for WooCommerce

ean-upc-and-isbn-for-woocommerce

A
100

UPC, EAN, and ITF are globally recognized unique identifiers for products.

100 No CVEs
Developer Profile

EAN Barcode Generator for WooCommerce: UPC, ISBN & GTIN Inventory Developer Profile

WPFactory

63 plugins · 136K total installs

77
trust score
Avg Security Score
97/100
Avg Patch Time
98 days
View full developer profile
Detection Fingerprints

How We Detect EAN Barcode Generator for WooCommerce: UPC, ISBN & GTIN Inventory

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/ean-for-woocommerce/assets/css/alg-wc-ean-backend.css/wp-content/plugins/ean-for-woocommerce/assets/css/alg-wc-ean-frontend.css/wp-content/plugins/ean-for-woocommerce/assets/js/alg-wc-ean-frontend.js/wp-content/plugins/ean-for-woocommerce/assets/js/alg-wc-ean-variations.js
Script Paths
/wp-content/plugins/ean-for-woocommerce/assets/js/alg-wc-ean-frontend.js/wp-content/plugins/ean-for-woocommerce/assets/js/alg-wc-ean-variations.js
Version Parameters
ean-for-woocommerce/assets/css/alg-wc-ean-backend.css?ver=ean-for-woocommerce/assets/css/alg-wc-ean-frontend.css?ver=ean-for-woocommerce/assets/js/alg-wc-ean-frontend.js?ver=ean-for-woocommerce/assets/js/alg-wc-ean-variations.js?ver=

HTML / DOM Fingerprints

CSS Classes
column-eanalg-wc-ean-barcode-shortcode
HTML Comments
<!-- EAN for WooCommerce --><!-- EAN --><!-- EAN Barcode Generator for WooCommerce: UPC, ISBN & GTIN Inventory -->
Data Attributes
data-alg-wc-ean-product-iddata-alg-wc-ean-product-variation-iddata-alg-wc-ean-barcode-datadata-alg-wc-ean-barcode-type
JS Globals
alg_wc_ean_frontend_params
REST Endpoints
/wp-json/alg-wc-ean/v1/barcode
Shortcode Output
[alg_wc_ean_barcode]
FAQ

Frequently Asked Questions about EAN Barcode Generator for WooCommerce: UPC, ISBN & GTIN Inventory