WP-Safety

ELEX WooCommerce Google Shopping (Google Product Feed) Security & Risk Analysis

wordpress.org/plugins/elex-woocommerce-google-product-feed-plugin-basic

The ELEX WooCommerce Google Shopping (Google Product Feed) plugin is a free WooCommerce plugin that serves in feeding your WooCommerce products to Goo …

1K active installs v1.4.5 PHP 5.6+ WP 3.0.1+ Updated Feb 2, 2026
google-merchant-centergoogle-product-feedgoogle-shoppingwoocommerce-google-product-feedwoocommerce-google-shopping
98
A · Safe
CVEs total2
Unpatched0
Last CVESep 5, 2025
Plugin page Download
Safety Verdict

Is ELEX WooCommerce Google Shopping (Google Product Feed) Safe to Use in 2026?

Generally Safe

Score 98/100

ELEX WooCommerce Google Shopping (Google Product Feed) has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

2 known CVEsLast CVE: Sep 5, 2025Updated 3mo ago
Risk Assessment

The ELEX WooCommerce Google Product Feed Plugin Basic v1.4.5 exhibits a generally good security posture, with a strong emphasis on prepared statements for SQL queries and proper output escaping. The absence of unpatched CVEs and the limited number of medium-severity past vulnerabilities suggest the developers have been responsive to security issues. The static analysis also shows all identified AJAX handlers have authentication checks, and there are no REST API routes without permission callbacks. However, the taint analysis reveals a concerning finding: three flows with unsanitized paths and two high-severity taint flows. This indicates potential for attackers to manipulate input that could lead to unexpected behavior or compromise, even if direct critical vulnerabilities are not immediately apparent in this version. The presence of unsanitized paths, despite overall good practices, warrants attention as it could be a precursor to more severe issues if not addressed.

Key Concerns

  • High severity taint flows found
  • Unsanitized paths in taint analysis
Vulnerabilities
2 published

ELEX WooCommerce Google Shopping (Google Product Feed) Security Vulnerabilities

CVEs by Year

1 CVE in 2021
2021
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2025-10046medium · 4.9Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

ELEX WooCommerce Google Shopping (Google Product Feed) <= 1.4.3 - Authenticated (Admin+) SQL Inejction

Sep 5, 2025 Patched in 1.4.4 (1d)
WF-0ef7d891-0efa-45e5-ad16-2f34fc017c8f-elex-woocommerce-google-product-feed-plugin-basicmedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ELEX WooCommerce Google Shopping (Google Product Feed) <= 1.2.3 - Reflected Cross-Site Scripting

Sep 6, 2021 Patched in 1.2.4 (869d)
Version History

ELEX WooCommerce Google Shopping (Google Product Feed) Release Timeline

v1.4.5Current
v1.4.4
v1.4.31 CVE
CVE-2025-10046
v1.4.21 CVE
CVE-2025-10046
v1.4.01 CVE
CVE-2025-10046
v1.3.71 CVE
CVE-2025-10046
v1.3.61 CVE
CVE-2025-10046
v1.3.51 CVE
CVE-2025-10046
v1.3.41 CVE
CVE-2025-10046
v1.3.31 CVE
CVE-2025-10046
v1.3.21 CVE
CVE-2025-10046
v1.3.11 CVE
CVE-2025-10046
v1.3.01 CVE
CVE-2025-10046
v1.2.91 CVE
CVE-2025-10046
v1.2.81 CVE
CVE-2025-10046
v1.2.71 CVE
CVE-2025-10046
v1.2.61 CVE
CVE-2025-10046
v1.2.51 CVE
CVE-2025-10046
v1.2.41 CVE
CVE-2025-10046
v1.2.32 CVEs
CVE-2025-10046 WF-0ef7d891-0efa-45e5-ad16-2f34fc017c8f-elex-woocommerce-google-product-feed-plugin-basic
Code Analysis
Analyzed Mar 16, 2026

ELEX WooCommerce Google Shopping (Google Product Feed) Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
24 prepared
Unescaped Output
6
211 escaped
Nonce Checks
13
Capability Checks
1
File Operations
11
External Requests
0
Bundled Libraries
0

SQL Query Safety

92% prepared26 total queries

Output Escaping

97% escaped217 total outputs
Data Flows · Security
3 unsanitized

Data Flow Analysis

6 flows3 with unsanitized paths
elex_gpf_generate_feed (includes\elex-ajax-functions.php:94)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

ELEX WooCommerce Google Shopping (Google Product Feed) Attack Surface

Entry Points10
Unprotected0

AJAX Handlers 10

authwp_ajax_elex_gpf_show_mapping_fieldsincludes\elex-ajax-functions.php:10
authwp_ajax_elex_gpf_generate_feedincludes\elex-ajax-functions.php:11
authwp_ajax_elex_gpf_manage_feed_edit_fileincludes\elex-ajax-functions.php:12
authwp_ajax_elex_gpf_get_exclude_prod_optionincludes\elex-ajax-functions.php:13
authwp_ajax_elex_gpf_pause_scheduleincludes\elex-ajax-functions.php:14
authwp_ajax_check_if_the_feed_exists_gfincludes\elex-ajax-functions.php:15
authwp_ajax_elex_gpf_manage_feed_remove_fileincludes\elex-manage-feed-ajax.php:10
authwp_ajax_elex_gpf_manage_feed_refresh_fileincludes\elex-manage-feed-ajax.php:11
authwp_ajax_elex_gpf_get_reportsincludes\elex-manage-feed-ajax.php:12
authwp_ajax_elex_gpf_save_settings_tab_fieldincludes\elex-save-settings-tab-fields.php:9
WordPress Hooks 14
actionadmin_noticeselex-product-feed-basic.php:46
actionadmin_menuelex-product-feed-basic.php:59
actionadmin_menuelex-product-feed-basic.php:119
filtercron_scheduleselex-product-feed-basic.php:286
actionelex_run_every_thirty_minuteselex-product-feed-basic.php:299
actioninitelex-product-feed-basic.php:305
actionplugins_loadedelex-product-feed-basic.php:330
actionbefore_woocommerce_initelex-product-feed-basic.php:347
actionwoocommerce_product_options_general_product_dataincludes\elex-add-custom-fields.php:10
actionwoocommerce_process_product_metaincludes\elex-add-custom-fields.php:11
actionwoocommerce_product_after_variable_attributesincludes\elex-add-custom-fields.php:12
actionwoocommerce_save_product_variationincludes\elex-add-custom-fields.php:13
actionadmin_noticesreview_and_troubleshoot_notify\review-and-troubleshoot-notify-class.php:20
actionadmin_initreview_and_troubleshoot_notify\review-and-troubleshoot-notify-class.php:21

Scheduled Events 1

elex_run_every_thirty_minutes
Maintenance & Trust

ELEX WooCommerce Google Shopping (Google Product Feed) Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 2, 2026
PHP min version5.6
Downloads60K

Community Trust

Rating76/100
Number of ratings14
Active installs1K
Alternatives

ELEX WooCommerce Google Shopping (Google Product Feed) Alternatives

WPMR Google Feed Manager for WooCommerce – Sell on Google Merchant Center & Shopping

WPMR Google Feed Manager for WooCommerce – Sell on Google Merchant Center & Shopping

wp-product-feed-manager

A
96

The WooCommerce product feed plugin built for Google. Create a Google Merchant feed in 5 minutes—no coding, no errors. Start selling on Google Shoppin &hellip;

10K 3 CVEs
WebToffee WooCommerce Product Feeds – Google Shopping, Pinterest, TikTok Ads, & More

WebToffee WooCommerce Product Feeds – Google Shopping, Pinterest, TikTok Ads, & More

webtoffee-product-feed

A
96

Create WooCommerce product feeds containing unlimited number of products. Supports Google Product feed, Facebook catalog feed, Instagram, Bing & m &hellip;

2K 3 CVEs
TFM Google Product Feed

TFM Google Product Feed

tfm-google-product-feed

A
85

The ThemesFor.me Google Product Feed allows to expose all your products from WooCommerce and provide them in the Google Merchants Console.

60 No CVEs
Listing & Smart Shopping Campaign for Google

Listing & Smart Shopping Campaign for Google

listing-smart-shopping-campaign-for-google

A
85

Expand your online retailing arena by showcasing your WooCommerce products on the Google Shopping platform.

10 No CVEs
Product Reviews XML for Google Merchant Center

Product Reviews XML for Google Merchant Center

product-reviews-xml-for-google

A
100

Generate a compliant XML Feed of your WooCommerce product reviews for Google Merchant Center. Display stars on Google Shopping ads.

10 No CVEs
Developer Profile

ELEX WooCommerce Google Shopping (Google Product Feed) Developer Profile

ELEXtensions

22 plugins · 28K total installs

87
trust score
Avg Security Score
98/100
Avg Patch Time
58 days
View full developer profile
Detection Fingerprints

How We Detect ELEX WooCommerce Google Shopping (Google Product Feed)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/elex-woocommerce-google-product-feed-plugin-basic/assets/css/elex-exclude-product-page-style.css/wp-content/plugins/elex-woocommerce-google-product-feed-plugin-basic/assets/js/elex-exclude-products-script.js/wp-content/plugins/elex-woocommerce-google-product-feed-plugin-basic/resources/css/elex-market-styles.css
Script Paths
/wp-content/plugins/elex-woocommerce-google-product-feed-plugin-basic/assets/js/elex-exclude-products-script.js
Version Parameters
elex-woocommerce-google-product-feed-plugin-basic/assets/css/elex-exclude-product-page-style.css?ver=elex-woocommerce-google-product-feed-plugin-basic/assets/js/elex-exclude-products-script.js?ver=elex-woocommerce-google-product-feed-plugin-basic/resources/css/elex-market-styles.css?ver=

HTML / DOM Fingerprints

CSS Classes
elex-sub-headersub_header_bannerelex_delete_image_elementelex-exc-prod-img
FAQ

Frequently Asked Questions about ELEX WooCommerce Google Shopping (Google Product Feed)