WP-Safety

Meta for WooCommerce Security & Risk Analysis

wordpress.org/plugins/facebook-for-woocommerce

Get the Official Meta for WooCommerce plugin for powerful ways to help grow your business.

500K active installs v3.6.0 PHP 7.4+ WP 5.6+ Updated Mar 12, 2026
catalog-syncconversions-apifacebookmetawhatsapp
93
A · Safe
CVEs total3
Unpatched0
Last CVEOct 29, 2025
Plugin page Download
Safety Verdict

Is Meta for WooCommerce Safe to Use in 2026?

Generally Safe

Score 93/100

Meta for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Oct 29, 2025Updated 22d ago
Risk Assessment

The 'facebook-for-woocommerce' v3.6.0 plugin presents a mixed security posture. While it demonstrates good practices in areas like SQL query preparation and output escaping, with high percentages of both, there are significant concerns regarding its attack surface. A large number of AJAX handlers and REST API routes lack proper authentication and authorization checks, exposing potential entry points for attackers. The plugin's vulnerability history, including three known CVEs with two high and one medium severity, and a recent vulnerability from October 2025, indicates a pattern of security weaknesses, specifically around missing authorization and CSRF. While there are no currently unpatched CVEs and the taint analysis did not reveal critical or high-severity unsanitized flows, the sheer volume of unprotected entry points and past vulnerabilities warrant caution. Overall, the plugin has some strong security foundations but suffers from critical oversights in access control for a substantial portion of its exposed functionality.

Key Concerns

  • Unprotected AJAX handlers
  • Unprotected REST API routes
  • High severity vulnerabilities in history
  • Medium severity vulnerabilities in history
  • Recent vulnerability (Oct 2025)
Vulnerabilities
3

Meta for WooCommerce Security Vulnerabilities

CVEs by Year

2 CVEs in 2019
2019
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

High
2
Medium
1

3 total CVEs

CVE-2025-64296medium · 5.3Missing Authorization

Facebook for WooCommerce <= 3.5.7 - Missing Authorization to Unauthenticated Notification Dismissal

Oct 29, 2025 Patched in 3.5.8 (7d)
CVE-2019-15840high · 8.8Cross-Site Request Forgery (CSRF)

Facebook for WooCommerce <= 1.9.12 - Cross-Site Request Forgery

Jun 18, 2019 Patched in 1.9.15 (1680d)
CVE-2019-15841high · 8.8Cross-Site Request Forgery (CSRF)

Facebook for WooCommerce <= 1.9.12 - Cross-Site Request Forgery allowing Option Update

Jun 18, 2019 Patched in 1.9.15 (1680d)
Code Analysis
Analyzed Mar 16, 2026

Meta for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
22 prepared
Unescaped Output
31
608 escaped
Nonce Checks
27
Capability Checks
24
File Operations
22
External Requests
8
Bundled Libraries
0

SQL Query Safety

96% prepared23 total queries

Output Escaping

95% escaped639 total outputs
Data Flows
All sanitized

Data Flow Analysis

4 flows
maybe_trigger_test_banner (includes\Admin\Global_Attributes_Banner.php:53)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
23 unprotected

Meta for WooCommerce Attack Surface

Entry Points34
Unprotected23

AJAX Handlers 32

authwp_ajax_wc_facebook_dismiss_noticefacebook-commerce-admin-notice.php:27
authwp_ajax_ajax_check_feed_upload_statusfacebook-commerce.php:331
authwp_ajax_ajax_reset_all_fb_productsfacebook-commerce.php:337
authwp_ajax_ajax_display_test_resultfacebook-commerce.php:342
authwp_ajax_ajax_fb_toggle_visibilityfacebook-commerce.php:366
authwp_ajax_wpmelon_adv_bulk_editfacebook-commerce.php:376
authwp_ajax_ajax_fb_background_check_queuefacebook-commerce.php:539
authwp_ajax_fb_dismiss_unmapped_attributes_bannerfacebook-commerce.php:543
authwp_ajax_dismiss_fb_unmapped_attribute_bannerincludes\Admin\Global_Attributes_Banner.php:41
authwp_ajax_test_fb_bannerincludes\Admin\Global_Attributes_Banner.php:44
authwp_ajax_wc_facebook_enhanced_catalog_attributesincludes\Admin\Product_Categories.php:44
authwp_ajax_fb_dismiss_attribute_noticeincludes\Admin\Settings_Screens\Product_Attributes.php:57
authwp_ajax_get_facebook_product_dataincludes\Admin.php:117
authwp_ajax_sync_facebook_attributesincludes\Admin.php:119
authwp_ajax_facebook_for_woocommerce_set_product_sync_bulk_action_promptincludes\AJAX.php:37
authwp_ajax_facebook_for_woocommerce_set_excluded_terms_promptincludes\AJAX.php:40
authwp_ajax_wc_facebook_sync_productsincludes\AJAX.php:43
authwp_ajax_wc_facebook_sync_couponsincludes\AJAX.php:46
authwp_ajax_wc_facebook_sync_shipping_profilesincludes\AJAX.php:49
authwp_ajax_wc_facebook_sync_navigation_menuincludes\AJAX.php:52
authwp_ajax_wc_facebook_get_sync_statusincludes\AJAX.php:55
authwp_ajax_wc_facebook_opt_out_of_syncincludes\Handlers\PluginRender.php:86
noprivwp_ajax_wc_facebook_opt_out_of_syncincludes\Handlers\PluginRender.php:87
authwp_ajax_wc_banner_close_actionincludes\Handlers\PluginRender.php:88
noprivwp_ajax_wc_banner_close_actionincludes\Handlers\PluginRender.php:89
authwp_ajax_wc_facebook_sync_all_productsincludes\Handlers\PluginRender.php:90
noprivwp_ajax_wc_facebook_sync_all_productsincludes\Handlers\PluginRender.php:91
authwp_ajax_wc_banner_post_update_close_actionincludes\Handlers\PluginRender.php:92
noprivwp_ajax_wc_banner_post_update_close_actionincludes\Handlers\PluginRender.php:93
authwp_ajax_wc_banner_post_update__master_sync_off_close_actionincludes\Handlers\PluginRender.php:94
noprivwp_ajax_wc_banner_post_update__master_sync_off_close_actionincludes\Handlers\PluginRender.php:95
authwp_ajax_wc_facebook_product_set_banner_closedincludes\Handlers\PluginRender.php:96

REST API Routes 2

GET/wp-json/wc-facebook/v1extrasincludes\Handlers\Connection.php:1463
GET/wp-json/wc-facebook/v1webhookincludes\Handlers\WebHook.php:41
WordPress Hooks 165
actioninitclass-wc-facebookcommerce.php:189
actionwoocommerce_initclass-wc-facebookcommerce.php:191
filterwoocommerce_checkout_fieldsclass-wc-facebookcommerce.php:192
actioninitclass-wc-facebookcommerce.php:195
actionadmin_noticesclass-wc-facebookcommerce.php:196
actioninitclass-wc-facebookcommerce.php:253
actionadmin_initclass-wc-facebookcommerce.php:254
actionadmin_initclass-wc-facebookcommerce.php:279
actionadmin_noticesfacebook-commerce-admin-notice.php:25
actionadmin_enqueue_scriptsfacebook-commerce-admin-notice.php:26
actionwp_headfacebook-commerce-events-tracker.php:197
actionwp_footerfacebook-commerce-events-tracker.php:198
actionwp_enqueue_scriptsfacebook-commerce-events-tracker.php:201
actionwoocommerce_after_single_productfacebook-commerce-events-tracker.php:204
actionwoocommerce_after_single_productfacebook-commerce-events-tracker.php:205
actionwoocommerce_after_shop_loopfacebook-commerce-events-tracker.php:208
actionpre_get_postsfacebook-commerce-events-tracker.php:211
filterwoocommerce_redirect_single_search_resultfacebook-commerce-events-tracker.php:212
actionwoocommerce_add_to_cartfacebook-commerce-events-tracker.php:215
actionwoocommerce_ajax_added_to_cartfacebook-commerce-events-tracker.php:217
actionwp_headfacebook-commerce-events-tracker.php:220
actionshutdownfacebook-commerce-events-tracker.php:221
actionwoocommerce_after_checkout_formfacebook-commerce-events-tracker.php:225
actionwoocommerce_blocks_checkout_enqueue_datafacebook-commerce-events-tracker.php:228
actionwoocommerce_new_orderfacebook-commerce-events-tracker.php:231
actionwoocommerce_process_shop_order_metafacebook-commerce-events-tracker.php:232
actionwoocommerce_checkout_update_order_metafacebook-commerce-events-tracker.php:233
actionwoocommerce_thankyoufacebook-commerce-events-tracker.php:234
actionwpcf7_contact_formfacebook-commerce-events-tracker.php:237
actionshutdownfacebook-commerce-events-tracker.php:240
actiontemplate_redirectfacebook-commerce-events-tracker.php:532
actionwoocommerce_before_shop_loopfacebook-commerce-events-tracker.php:533
filterwoocommerce_add_to_cart_fragmentsfacebook-commerce-events-tracker.php:791
filterwoocommerce_add_to_cart_fragmentsfacebook-commerce-events-tracker.php:865
actionwp_footerfacebook-commerce-events-tracker.php:1180
actionwoocommerce_order_status_changedfacebook-commerce-iframe-whatsapp-utility-event.php:33
actionwp_enqueue_scriptsfacebook-commerce-pixel-event.php:111
actionwp_footerfacebook-commerce-pixel-event.php:114
actionwc_facebook_async_syncfacebook-commerce.php:313
actionadmin_noticesfacebook-commerce.php:327
actionadmin_enqueue_scriptsfacebook-commerce.php:329
filterwoocommerce_duplicate_product_exclude_metafacebook-commerce.php:348
actionwoocommerce_process_product_metafacebook-commerce.php:354
actionwoocommerce_product_quick_edit_savefacebook-commerce.php:356
actionwoocommerce_product_bulk_edit_savefacebook-commerce.php:361
actionpmxi_after_xml_importfacebook-commerce.php:371
actiontransition_post_statusfacebook-commerce.php:397
actionbefore_delete_postfacebook-commerce.php:404
actionwp_trash_postfacebook-commerce.php:407
actionuntrashed_postfacebook-commerce.php:409
actionpublish_to_draftfacebook-commerce.php:412
actionupdated_post_metafacebook-commerce.php:415
actionbefore_woocommerce_initfacebook-for-woocommerce.php:33
actionadmin_initfacebook-for-woocommerce.php:96
actionadmin_noticesfacebook-for-woocommerce.php:98
actioninitfacebook-for-woocommerce.php:102
actionplugins_loadedfacebook-for-woocommerce.php:106
actionadmin_initincludes\Admin\Enhanced_Settings.php:51
actionadmin_menuincludes\Admin\Enhanced_Settings.php:52
actionwp_loadedincludes\Admin\Enhanced_Settings.php:53
actionadmin_noticesincludes\Admin\Enhanced_Settings.php:54
actionwoocommerce_attribute_addedincludes\Admin\Global_Attributes_Banner.php:32
actioncreated_termincludes\Admin\Global_Attributes_Banner.php:35
actionadmin_noticesincludes\Admin\Global_Attributes_Banner.php:38
actionadmin_initincludes\Admin\Global_Attributes_Banner.php:47
actionadmin_noticesincludes\Admin\Global_Attributes_Banner.php:62
actionsettingsincludes\Admin\Notes\SettingsMoved.php:84
actionadmin_enqueue_scriptsincludes\Admin\Product_Categories.php:35
actionproduct_cat_add_form_fieldsincludes\Admin\Product_Categories.php:37
actionproduct_cat_edit_form_fieldsincludes\Admin\Product_Categories.php:38
actionproduct_cat_edit_form_fieldsincludes\Admin\Product_Categories.php:39
actioncreated_termincludes\Admin\Product_Categories.php:41
actionedit_termincludes\Admin\Product_Categories.php:42
actionadmin_initincludes\Admin\Settings.php:49
actionadmin_menuincludes\Admin\Settings.php:50
actionwp_loadedincludes\Admin\Settings.php:51
actionadmin_noticesincludes\Admin\Settings.php:52
actioninitincludes\Admin\Settings_Screens\Product_Attributes.php:47
actionadmin_enqueue_scriptsincludes\Admin\Settings_Screens\Product_Attributes.php:48
actionwoocommerce_admin_field_attribute_mapping_tableincludes\Admin\Settings_Screens\Product_Attributes.php:49
actionwoocommerce_admin_field_info_noteincludes\Admin\Settings_Screens\Product_Attributes.php:50
actionadmin_initincludes\Admin\Settings_Screens\Product_Attributes.php:53
actionadmin_noticesincludes\Admin\Settings_Screens\Product_Attributes.php:54
actioninitincludes\Admin\Settings_Screens\Product_Sync.php:46
actionadmin_enqueue_scriptsincludes\Admin\Settings_Screens\Product_Sync.php:47
actionwoocommerce_admin_field_product_sync_titleincludes\Admin\Settings_Screens\Product_Sync.php:48
actionwoocommerce_admin_field_product_sync_google_product_categoriesincludes\Admin\Settings_Screens\Product_Sync.php:49
actionwoocommerce_admin_field_product_sync_catalog_displayincludes\Admin\Settings_Screens\Product_Sync.php:50
actionwoocommerce_admin_field_localization_plugin_statusincludes\Admin\Settings_Screens\Product_Sync.php:53
actioninitincludes\Admin\Settings_Screens\Shops.php:52
actionadmin_enqueue_scriptsincludes\Admin\Settings_Screens\Shops.php:53
actionadmin_noticesincludes\Admin\Settings_Screens\Shops.php:54
actionadmin_footerincludes\Admin\Settings_Screens\Shops.php:55
actionadmin_enqueue_scriptsincludes\Admin\Settings_Screens\Shops.php:56
actionwoocommerce_admin_field_localization_plugin_statusincludes\Admin\Settings_Screens\Shops.php:59
actionadmin_enqueue_scriptsincludes\Admin\WhatsApp_Integration_Settings.php:42
actionadmin_menuincludes\Admin\WhatsApp_Integration_Settings.php:43
actionadmin_footerincludes\Admin\WhatsApp_Integration_Settings.php:44
actionadmin_enqueue_scriptsincludes\Admin.php:74
actionadmin_footerincludes\Admin.php:85
actionadmin_footerincludes\Admin.php:86
actionadmin_noticesincludes\Admin.php:89
actionadmin_noticesincludes\Admin.php:92
filterrequestincludes\Admin.php:93
actionadmin_noticesincludes\Admin.php:96
filtermanage_product_posts_columnsincludes\Admin.php:99
actionmanage_product_posts_custom_columnincludes\Admin.php:100
actionrestrict_manage_postsincludes\Admin.php:103
filterrequestincludes\Admin.php:104
actionwoocommerce_product_bulk_edit_endincludes\Admin.php:107
actionwoocommerce_product_bulk_edit_saveincludes\Admin.php:108
filterwoocommerce_product_data_tabsincludes\Admin.php:111
actionwoocommerce_product_data_panelsincludes\Admin.php:112
actionwoocommerce_product_after_variable_attributesincludes\Admin.php:115
actionwoocommerce_save_product_variationincludes\Admin.php:116
actionrest_api_initincludes\API\Plugin\Controller.php:52
actionadmin_enqueue_scriptsincludes\API\Plugin\InitializeRestAPI.php:27
actioninitincludes\Checkout.php:39
filterquery_varsincludes\Checkout.php:40
filtertemplate_includeincludes\Checkout.php:41
actioninitincludes\CollectionPage.php:35
filterquery_varsincludes\CollectionPage.php:36
actionwoocommerce_product_queryincludes\CollectionPage.php:37
filterwoocommerce_loop_display_modeincludes\CollectionPage.php:38
filterwoocommerce_get_catalog_ordering_argsincludes\CollectionPage.php:133
filterwp_redirectincludes\Framework\AdminMessageHandler.php:70
actionadmin_noticesincludes\Framework\AdminNoticeHandler.php:45
actionadmin_footerincludes\Framework\AdminNoticeHandler.php:46
actionadmin_footerincludes\Framework\AdminNoticeHandler.php:47
actionhttp_api_curlincludes\Framework\Api\Base.php:84
actionadmin_initincludes\Framework\Lifecycle.php:46
actionwp_loadedincludes\Framework\Lifecycle.php:51
actioninitincludes\Framework\Lifecycle.php:53
actionadmin_initincludes\Framework\Plugin\Dependencies.php:95
actioninitincludes\Framework\Plugin.php:217
actionadmin_noticesincludes\Framework\Plugin.php:220
filterwoocommerce_system_status_environment_rowsincludes\Framework\Plugin.php:229
filtercron_schedulesincludes\Framework\Utilities\BackgroundJobHandler.php:92
filterwoocommerce_debug_toolsincludes\Framework\Utilities\BackgroundJobHandler.php:96
filtergettextincludes\Framework\Utilities\BackgroundJobHandler.php:97
filternonce_user_logged_outincludes\Framework\Utilities\BackgroundJobHandler.php:165
actionfbe_webhookincludes\Handlers\Connection.php:132
actionrest_api_initincludes\Handlers\Connection.php:134
actionadmin_enqueue_scriptsincludes\Handlers\PluginRender.php:85
actionadmin_noticesincludes\Handlers\PluginRender.php:112
actionadmin_noticesincludes\Handlers\PluginRender.php:114
actionrest_api_initincludes\Handlers\WebHook.php:31
actioninitincludes\Integrations\Bookings.php:29
filterwc_facebook_product_priceincludes\Integrations\Bookings.php:41
actionrest_api_initincludes\OfferManagement\OfferManagementEndpointBase.php:81
actionwoocommerce_initincludes\ProductAttributeMapper.php:868
actionplugins_loadedincludes\ProductAttributeMapper.php:871
actionwc_facebook_feed_generation_completedincludes\Products\Feed.php:72
actionwoocommerce_variation_set_stockincludes\Products\Stock.php:40
actionwoocommerce_product_set_stockincludes\Products\Stock.php:41
actionshutdownincludes\Products\Sync.php:56
actionwoocommerce_product_set_stockincludes\Products\Sync.php:59
actionwoocommerce_variation_set_stockincludes\Products\Sync.php:60
actionwoocommerce_product_import_inserted_product_objectincludes\Products\Sync.php:63
filterwoocommerce_debug_toolsincludes\Utilities\DebugTools.php:19
filtercron_schedulesincludes\Utilities\Heartbeat.php:67
actioninitincludes\Utilities\Heartbeat.php:68
filterwoocommerce_tracker_dataincludes\Utilities\Tracker.php:86
actionicl_menu_footerincludes\WPMLInjector.php:37
actionicl_ajx_custom_callincludes\WPMLInjector.php:38

Scheduled Events 1

wc_facebook_async_sync
Maintenance & Trust

Meta for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 12, 2026
PHP min version7.4
Downloads48.4M

Community Trust

Rating44/100
Number of ratings474
Active installs500K
Alternatives

Meta for WooCommerce Alternatives

Meta pixel for WordPress

Meta pixel for WordPress

official-facebook-pixel

A
98

Grow your business with Meta for WordPress!

400K 2 CVEs
Pixel Cat – Conversion Pixel Manager

Pixel Cat – Conversion Pixel Manager

facebook-conversion-pixel

A
96

Add Meta & Facebook Pixel, Google Analytics (GA4) and any header script to your site. Everything you need to track users, ads, events & conversions.

40K 4 CVEs
PixelFlow

PixelFlow

pixelflow

A
100

Facebook Conversions API for WooCommerce. One-click setup. Auto track WooCommerce events to Meta with 100% accuracy. Bypass iOS restrictions & ad &hellip;

0 No CVEs
Joinchat

Joinchat

creame-whatsapp-me

A
100

WhatsApp, Messenger, Telegram, Phone call… capture users through their favorite Apps and turn into clients

700K No CVEs
Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty

Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty

chaty

A
92

WhatsApp chat, Facebook Messenger, Telegram, TikTok, Instagram, Email, Line, WeChat Phone call, SMS, 20+ live chat icons & WhatsApp chat pop up 💬

400K 11 CVEs
Developer Profile

Meta for WooCommerce Developer Profile

Facebook

3 plugins · 990K total installs

73
trust score
Avg Security Score
92/100
Avg Patch Time
1236 days
View full developer profile
Detection Fingerprints

How We Detect Meta for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/facebook-for-woocommerce/facebook-for-woocommerce.php/wp-content/plugins/facebook-for-woocommerce/assets/css/admin.css/wp-content/plugins/facebook-for-woocommerce/assets/css/settings.css/wp-content/plugins/facebook-for-woocommerce/assets/css/woo-admin-bar.css/wp-content/plugins/facebook-for-woocommerce/assets/js/admin.js/wp-content/plugins/facebook-for-woocommerce/assets/js/settings.js/wp-content/plugins/facebook-for-woocommerce/assets/js/woo-admin-bar.js/wp-content/plugins/facebook-for-woocommerce/assets/js/woo-admin-bar.js?ver=3.6.0+4 more
Script Paths
/wp-content/plugins/facebook-for-woocommerce/assets/js/woo-admin-bar.js/wp-content/plugins/facebook-for-woocommerce/assets/js/admin.js/wp-content/plugins/facebook-for-woocommerce/assets/js/settings.js
Version Parameters
facebook-for-woocommerce/assets/css/admin.css?ver=facebook-for-woocommerce/assets/css/settings.css?ver=facebook-for-woocommerce/assets/css/woo-admin-bar.css?ver=facebook-for-woocommerce/assets/js/admin.js?ver=facebook-for-woocommerce/assets/js/settings.js?ver=facebook-for-woocommerce/assets/js/woo-admin-bar.js?ver=

HTML / DOM Fingerprints

CSS Classes
facebook-for-woocommerce-admin-noticewoo-admin-bar-facebook-button
HTML Comments
<!-- Facebook for WooCommerce by Meta --><!-- Facebook for WooCommerce End -->
Data Attributes
data-facebook-admin-bar-enableddata-facebook-admin-bar-logged-in
JS Globals
wc_facebook_admin_bar
FAQ

Frequently Asked Questions about Meta for WooCommerce