WP-Safety

Etsy Integration For WooCommerce Security & Risk Analysis

wordpress.org/plugins/exportfeed-for-woocommerce-product-to-etsy

Sync your WooCommerce products, orders, and inventory effortlessly with Etsy.com. List your products on Etsy and sync orders and stock levels.

900 active installs v6.6.0.6 PHP 7.0+ WP 5.8.0+ Updated Feb 26, 2026
etsyetsy-integrationetsy-orderetsy-syncetsy-upload
100
A · Safe
CVEs total1
Unpatched0
Last CVEAug 16, 2021
Plugin page Download
Safety Verdict

Is Etsy Integration For WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Etsy Integration For WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Aug 16, 2021Updated 1mo ago
Risk Assessment

The plugin 'exportfeed-for-woocommerce-product-to-etsy' version 6.6.0.6 exhibits a mixed security posture. While it demonstrates good practices in many areas, such as a high percentage of prepared SQL statements and properly escaped output, there are several concerning findings that warrant attention. The presence of unprotected AJAX handlers is a significant risk, as it provides an entry point for unauthorized actions. Furthermore, the taint analysis revealed two high-severity flows with unsanitized paths, indicating potential vulnerabilities that could be exploited if input is not handled carefully. The plugin also utilizes the dangerous `unserialize` function, which, if exposed to untrusted input, can lead to remote code execution. The vulnerability history shows a single medium-severity CVE in the past, which, while patched, suggests a pattern of potential security weaknesses that should not be ignored.

Despite these concerns, the plugin does implement a substantial number of nonce and capability checks, which are positive security indicators. The limited attack surface in terms of REST API routes and shortcodes is also beneficial. However, the combination of an unprotected AJAX handler, high-severity taint flows, and the use of `unserialize` creates a notable risk profile. The plugin's vulnerability history, although old, suggests that vigilance and regular security audits are necessary. Overall, the plugin has strengths in its adherence to secure coding practices for SQL and output, but the identified critical entry points and taint flows necessitate remediation to achieve a robust security posture.

Key Concerns

  • Unprotected AJAX handler found
  • High severity taint flows with unsanitized paths (2)
  • Dangerous function 'unserialize' used
  • Medium vulnerability in history (outdated)
Vulnerabilities
1

Etsy Integration For WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2021
2021
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2021-4409medium · 4.3Cross-Site Request Forgery (CSRF)

WooCommerce Etsy Integration <= 3.3.1 - Cross-Site Request Forgery Bypass

Aug 16, 2021 Patched in 3.3.2 (890d)
Code Analysis
Analyzed Mar 16, 2026

Etsy Integration For WooCommerce Code Analysis

Dangerous Functions
8
Raw SQL Queries
93
486 prepared
Unescaped Output
189
1780 escaped
Nonce Checks
80
Capability Checks
164
File Operations
34
External Requests
59
Bundled Libraries
4

Dangerous Functions Found

unserialize$gmc_attributes = unserialize( $productData->gmc_value );core\data\productlistw.php:675
unserialize$attributes = unserialize( $prod->attribute_list );core\data\productlistw.php:934
unserialize$gmc_attributes = unserialize( $prod->gmc_value );core\data\productlistw.php:994
unserialize$attributes = unserialize( $prod->attribute_list );core\data\productlistw.php:1398
unserialize$gmc_attributes = unserialize( $prod->gmc_value );core\data\productlistw.php:1449
unserialize$item->wc_attributes = unserialize( $value );core\data\productlistw.php:2006
unserialize$data = unserialize( $cpf_item->data );core\etsy-views\listing_edit_page.php:8
unserialize$localkeyresults = unserialize( $localdata );core\registration.php:340

Bundled Libraries

Freemius1.0jQueryDataTables1.10.16Select2

SQL Query Safety

84% prepared579 total queries

Output Escaping

90% escaped1969 total outputs
Data Flows
11 unsanitized

Data Flow Analysis

25 flows11 with unsanitized paths
deleteShipping (core\classes\etsyclient.php:1702)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Etsy Integration For WooCommerce Attack Surface

Entry Points4
Unprotected1

AJAX Handlers 4

authwp_ajax_load_more_productsetcpf-imported-from-etsy.php:17
authwp_ajax_load_sku_productsetcpf-synced-sku.php:32
authwp_ajax_exportfeed_etsyetsy-export-feed-admin.php:181
authwp_ajax_exportfeed_etsyetsy-export-feed-admin.php:184
WordPress Hooks 54
actionetcpf_feed_main_hookcore\ajax\wp\get-feed.php:52
actionetcpf_select_feed_main_hookcore\ajax\wp\select-feed.php:22
actionget_etsy_feed_config_hookcore\ajax\wp\update-feed-config.php:35
filtercron_schedulescore\classes\cron.php:9
filtercron_schedulescore\classes\upload_cron.php:6
actionetcpf_mutipl_images_uploadcore\classes\upload_cron.php:21
filtersafe_style_csscore\helpers.php:5
actionadmin_noticesdatabase\upgrade.php:24
actionetcpf_update_product_countsetcpf-imported-from-etsy.php:18
actionmanage_edit-shop_order_columnsetcpf_order_tags.php:4
actionmanage_woocommerce_page_wc-orders_columnsetcpf_order_tags.php:5
actionmanage_shop_order_posts_custom_columnetcpf_order_tags.php:22
actionmanage_woocommerce_page_wc-orders_custom_columnetcpf_order_tags.php:23
actionrestrict_manage_postsetcpf_order_tags.php:50
actionwoocommerce_order_list_table_restrict_manage_ordersetcpf_order_tags.php:51
actionpre_get_postsetcpf_order_tags.php:78
filterwoocommerce_order_query_argsetcpf_order_tags.php:79
actionadmin_enqueue_scriptsetsy-export-feed-admin.php:18
actionadmin_menuetsy-export-feed-admin.php:330
actionetcpf_init_pageview_etsyetsy-export-feed-admin.php:331
actionetcpf_get_php_infoetsy-export-feed-admin.php:332
actionwp_enqueue_scriptsetsy-export-feed-admin.php:333
actionerrorreportpageetsy-export-feed-admin.php:334
actionetcpf_etsy_reportetsy-export-feed-admin.php:335
filterbody_classetsy-export-feed-admin.php:337
actionetcpf_init_pageview_etsy_manageetsy-export-feed-admin.php:684
actionetcpf_insert_into_dbetsy-export-feed-setup.php:242
actionbefore_woocommerce_initexportfeed-for-etsy-product-feed.php:64
actionetcpf_plugins_loadedexportfeed-for-etsy-product-feed.php:90
actionplugins_loadedexportfeed-for-etsy-product-feed.php:99
actionadmin_noticesexportfeed-for-etsy-product-feed.php:103
actionadmin_noticesexportfeed-for-etsy-product-feed.php:108
actionadmin_noticesexportfeed-for-etsy-product-feed.php:111
actionrun_refresh_token_cronexportfeed-for-etsy-product-feed.php:179
filterauto_feed_submission_hookexportfeed-for-etsy-product-feed.php:180
filterauto_etsy_order_hookexportfeed-for-etsy-product-feed.php:181
filteretcpf_auto_email_failed_ordersexportfeed-for-etsy-product-feed.php:182
actionadmin_noticesexportfeed-for-etsy-product-feed.php:257
actionadmin_initexportfeed-for-etsy-product-feed.php:278
actionsave_postexportfeed-for-etsy-product-feed.php:418
actionwoocommerce_update_product_variationexportfeed-for-etsy-product-feed.php:424
actionwoocommerce_update_product_variationexportfeed-for-etsy-product-feed.php:430
actionupdate_post_metaexportfeed-for-etsy-product-feed.php:436
actionwoocommerce_update_orderexportfeed-for-etsy-product-feed.php:442
actionwoocommerce_order_status_changedexportfeed-for-etsy-product-feed.php:448
actionwoocommerce_product_set_stockexportfeed-for-etsy-product-feed.php:454
actionwoocommerce_variation_set_stockexportfeed-for-etsy-product-feed.php:460
actionbefore_delete_postexportfeed-for-etsy-product-feed.php:466
actionwp_trash_postexportfeed-for-etsy-product-feed.php:467
actionwp_dashboard_setupexportfeed-for-etsy-product-feed.php:468
actionwp_dashboard_setupexportfeed-for-etsy-product-feed.php:582
actionadmin_noticesexportfeed-for-etsy-product-feed.php:750
actionadmin_noticesexportfeed-for-etsy-product-feed.php:751
actionetcpf_product_update_eventexportfeed-for-etsy-product-feed.php:789

Scheduled Events 12

update_etsyfeeds_hook
run_refresh_token_cron
update_etsyfeeds_hook
etcpf_auto_feed_submission_hook
auto_etsy_order_hook
etcpf_auto_email_failed_orders
etcpf_mutipl_images_upload
etcpf_update_product_counts
etcpf_cleanup_cache
etcpf_product_update_event
etcpf_product_update_event
etcpf_product_update_event
Maintenance & Trust

Etsy Integration For WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedFeb 26, 2026
PHP min version7.0
Downloads164K

Community Trust

Rating80/100
Number of ratings41
Active installs900
Alternatives

Etsy Integration For WooCommerce Alternatives

Etsy Shop

Etsy Shop

etsy-shop

A
97

Plugin that allow you to insert Etsy Shop sections in pages or posts using the bracket/shortcode method.

4K 3 CVEs
Importify – AI Dropshipping for WooCommerce

Importify – AI Dropshipping for WooCommerce

importify

A
100

Importify is a dropshipping app that allows you to find products from a variety of wholesalers, add them to your WooCommerce store, and sell them onli &hellip;

2K 1 CVE
LitCommerce: Multi-channel Selling Tool For WooCommerce

LitCommerce: Multi-channel Selling Tool For WooCommerce

litcommerce

A
100

Bulk List/Sync your WooCommerce Products and Orders with biggest online marketplaces like Amazon, eBay, Etsy, TikTok Shop, Walmart, Facebook Shop, Goo &hellip;

2K No CVEs
POKY – Product Importer

POKY – Product Importer

poky-product-importer

A
92

POKY enables WooCommerce merchants to import products from 28+ platforms to your store

900 No CVEs
SharkDropship & Affiliate for AliExpress, eBay, Amazon, Etsy and Temu

SharkDropship & Affiliate for AliExpress, eBay, Amazon, Etsy and Temu

woo-aliexpress-dropshipping

A
99

🚀 Multi-Supplier Dropshipping & Affiliate Plugin for WooCommerce Import products from AliExpress, eBay, Amazon, Etsy, and Temu with one click.

600 2 CVEs
Developer Profile

Etsy Integration For WooCommerce Developer Profile

ExportFeed.com

3 plugins · 1K total installs

72
trust score
Avg Security Score
90/100
Avg Patch Time
890 days
View full developer profile
Detection Fingerprints

How We Detect Etsy Integration For WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/exportfeed-for-woocommerce-product-to-etsy/css/etsy-export-feed-style.css/wp-content/plugins/exportfeed-for-woocommerce-product-to-etsy/css/dashboard-style.css/wp-content/plugins/exportfeed-for-woocommerce-product-to-etsy/css/freemius/assets/css/style.css/wp-content/plugins/exportfeed-for-woocommerce-product-to-etsy/freemius/assets/js/plugin-sdk.js/wp-content/plugins/exportfeed-for-woocommerce-product-to-etsy/js/etsy-export-feed-script.js/wp-content/plugins/exportfeed-for-woocommerce-product-to-etsy/js/etsy-export-feed-dashboard.js/wp-content/plugins/exportfeed-for-woocommerce-product-to-etsy/js/etsy-export-feed-setup.js/wp-content/plugins/exportfeed-for-woocommerce-product-to-etsy/js/etcpf_functions.js+1 more
Script Paths
/wp-content/plugins/exportfeed-for-woocommerce-product-to-etsy/freemius/assets/js/plugin-sdk.js
Version Parameters
exportfeed-for-woocommerce-product-to-etsy/css/etsy-export-feed-style.css?ver=exportfeed-for-woocommerce-product-to-etsy/css/dashboard-style.css?ver=exportfeed-for-woocommerce-product-to-etsy/css/freemius/assets/css/style.css?ver=exportfeed-for-woocommerce-product-to-etsy/freemius/assets/js/plugin-sdk.js?ver=exportfeed-for-woocommerce-product-to-etsy/js/etsy-export-feed-script.js?ver=exportfeed-for-woocommerce-product-to-etsy/js/etsy-export-feed-dashboard.js?ver=exportfeed-for-woocommerce-product-to-etsy/js/etsy-export-feed-setup.js?ver=exportfeed-for-woocommerce-product-to-etsy/js/etcpf_functions.js?ver=exportfeed-for-woocommerce-product-to-etsy/js/etsy-export-feeds-information.js?ver=

HTML / DOM Fingerprints

CSS Classes
etcpf_main_wrapperetsy-export-feed-page-wrapperetsy-export-feed-dashboard-wrapperetsy-feed-configuration-wrapperetsy-feed-listing-wrapperetsy-feed-settings-wrapperetsy-feed-setup-wrapperetsy-feed-edit-wrapper
HTML Comments
<!-- DO NOT REMOVE THIS IF, IT IS ESSENTIAL FOR THE `function_exists` CALL ABOVE TO PROPERLY WORK. --><!-- license GNU General Public License version 3 or later; see GPLv3.txt --><!-- cron schedules for Feed Updates -->
Data Attributes
data-etcpf-feed-iddata-etcpf-feed-slugdata-etcpf-feed-action
JS Globals
ETCPF_PLUGIN_VERSIONETCPF_PLUGIN_BASENAMEETCPF_PATHETCPF_URLetcpf_dataetsy_export_feed_script_vars+2 more
REST Endpoints
/wp-json/etcpf/v1/feeds/wp-json/etcpf/v1/feed//wp-json/etcpf/v1/settings/wp-json/etcpf/v1/products
FAQ

Frequently Asked Questions about Etsy Integration For WooCommerce