WP-Safety

FG PrestaShop to WooCommerce Security & Risk Analysis

wordpress.org/plugins/fg-prestashop-to-woocommerce

A plugin to migrate PrestaShop e-commerce solution to WooCommerce

1K active installs v4.63.0 PHP 5.6+ WP 4.5+ Updated Feb 4, 2026
converterdropshippingimporterprestashopwoocommerce
99
A · Safe
CVEs total2
Unpatched0
Last CVEMar 29, 2024
Plugin page Download
Safety Verdict

Is FG PrestaShop to WooCommerce Safe to Use in 2026?

Generally Safe

Score 99/100

FG PrestaShop to WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Mar 29, 2024Updated 1mo ago
Risk Assessment

The "fg-prestashop-to-woocommerce" plugin version 4.63.0 exhibits a mixed security posture. On the positive side, it demonstrates good practices with a high percentage of SQL queries using prepared statements and properly escaped output, and it has no bundled libraries, which avoids common vulnerabilities. However, significant concerns arise from the static analysis, specifically the presence of one AJAX handler without any authentication checks, presenting a direct attack vector.

The vulnerability history reveals a concerning pattern of two known medium-severity vulnerabilities, one of which was recently discovered in March 2024. These past vulnerabilities include exposure of sensitive information and cross-site scripting, suggesting potential weaknesses in input validation or output sanitization for specific scenarios that may not have been caught by the static analysis tools or taint analysis. The fact that these were medium severity and are currently unpatched indicates a need for diligent maintenance and timely updates.

In conclusion, while the plugin has strengths in its use of prepared statements and output escaping, the unprotected AJAX endpoint and the history of medium-severity vulnerabilities, particularly the recent one, introduce notable risks. The lack of capability checks in the identified entry point is a critical oversight that could be exploited to unauthorizedly perform actions within the WordPress installation.

Key Concerns

  • Unprotected AJAX handler found
  • Vulnerability history: 2 medium CVEs
  • Taint analysis shows unsanitized paths
  • No capability checks on entry points
Vulnerabilities
2

FG PrestaShop to WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2017
2017
1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2024-30511medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

FG PrestaShop to WooCommerce <= 4.45.1 - Unauthenticated Sensitive Information Disclosure

Mar 29, 2024 Patched in 4.47.0 (6d)
WF-d5e70f6f-fc83-4c89-a1d5-35f188e0fd90-fg-prestashop-to-woocommercemedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

FG PrestaShop to WooCommerce Plugin <= 3.19.1 - Cross-Site Scripting

Aug 24, 2017 Patched in 3.20.0 (2343d)
Code Analysis
Analyzed Mar 16, 2026

FG PrestaShop to WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
40 prepared
Unescaped Output
13
72 escaped
Nonce Checks
9
Capability Checks
0
File Operations
11
External Requests
2
Bundled Libraries
0

SQL Query Safety

98% prepared41 total queries

Output Escaping

85% escaped85 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
display (admin\class-fg-prestashop-to-woocommerce-debug-info.php:21)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

FG PrestaShop to WooCommerce Attack Surface

Entry Points1
Unprotected1

AJAX Handlers 1

authwp_ajax_fgp2wc_importincludes\class-fg-prestashop-to-woocommerce.php:200
WordPress Hooks 19
filterwoocommerce_mail_callbackadmin\class-fg-prestashop-to-woocommerce-admin.php:1654
actionbefore_woocommerce_initfg-prestashop-to-woocommerce.php:60
actioninitfg-prestashop-to-woocommerce.php:87
filterplugin_action_links_fg-prestashop-to-woocommerce/fg-prestashop-to-woocommerce.phpincludes\class-fg-prestashop-to-woocommerce.php:182
actionadmin_initincludes\class-fg-prestashop-to-woocommerce.php:193
filterfgp2wc_sql_pre_queryincludes\class-fg-prestashop-to-woocommerce.php:194
actionfgp2wc_post_test_database_connectionincludes\class-fg-prestashop-to-woocommerce.php:195
actionfgp2wc_post_empty_databaseincludes\class-fg-prestashop-to-woocommerce.php:196
actionload-importer-fgp2wcincludes\class-fg-prestashop-to-woocommerce.php:197
actionfgp2wc_import_noticesincludes\class-fg-prestashop-to-woocommerce.php:198
actionadmin_footerincludes\class-fg-prestashop-to-woocommerce.php:199
filterfgp2wc_pre_import_checkincludes\class-fg-prestashop-to-woocommerce.php:201
filterfgp2wc_get_option_namesincludes\class-fg-prestashop-to-woocommerce.php:202
actionfgp2wc_post_insert_product_categoryincludes\class-fg-prestashop-to-woocommerce.php:203
actionfgp2wc_post_test_database_connectionincludes\class-fg-prestashop-to-woocommerce.php:209
filterfgp2wc_post_display_settings_optionsincludes\class-fg-prestashop-to-woocommerce.php:215
filterfgp2wc_post_save_plugin_optionsincludes\class-fg-prestashop-to-woocommerce.php:216
actionfgp2wc_dispatchincludes\class-fg-prestashop-to-woocommerce.php:217
filterfgp2wc_get_option_namesincludes\class-fg-prestashop-to-woocommerce.php:218
Maintenance & Trust

FG PrestaShop to WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 4, 2026
PHP min version5.6
Downloads150K

Community Trust

Rating94/100
Number of ratings124
Active installs1K
Alternatives

FG PrestaShop to WooCommerce Alternatives

FG OpenCart to WooCommerce

FG OpenCart to WooCommerce

fg-opencart-to-woocommerce

A
100

A plugin to migrate OpenCart e-commerce solution to WooCommerce

300 No CVEs
Zonify – Amazon Product Importer for WooCommerce

Zonify – Amazon Product Importer for WooCommerce

zonify

A
100

Import Amazon products into WooCommerce and optionally redirect customers to Amazon using affiliate links.

100 No CVEs
FOX – Currency Switcher Professional for WooCommerce

FOX – Currency Switcher Professional for WooCommerce

woocommerce-currency-switcher

A
93

FOX - Currency Switcher Professional for WooCommerce (former name is WOOCS) is currency plugin for woocommerce and multi currency shop, switch & pay

50K 12 CVEs
Categories to Tags Converter

Categories to Tags Converter

wpcat2tag-importer

A
92

Convert existing categories to tags or tags to categories, selectively.

50K No CVEs
WP Ultimate CSV Importer – Import CSV, XML & Excel into WordPress

WP Ultimate CSV Importer – Import CSV, XML & Excel into WordPress

wp-ultimate-csv-importer

A
88

Effortlessly import, export, and migrate your WordPress data with WP Ultimate CSV Importer. This all-in-one solution supports CSV, XML, and Excel file &hellip;

20K 26 CVEs
Developer Profile

FG PrestaShop to WooCommerce Developer Profile

Kerfred

9 plugins · 10K total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
674 days
View full developer profile
Detection Fingerprints

How We Detect FG PrestaShop to WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/fg-prestashop-to-woocommerce/css/fg-prestashop-to-woocommerce-admin.css
Script Paths
/wp-content/plugins/fg-prestashop-to-woocommerce/js/fg-prestashop-to-woocommerce-admin.js
Version Parameters
fg-prestashop-to-woocommerce/css/fg-prestashop-to-woocommerce-admin.css?ver=fg-prestashop-to-woocommerce/js/fg-prestashop-to-woocommerce-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
fgp2wc-admin-notice-wrapper
HTML Comments
<!-- The code that runs during plugin activation. --><!-- The code that runs during plugin deactivation. --><!-- Compatibility with WooCommerce HPOS --><!-- The core plugin class that is used to define internationalization, admin-specific hooks, and public-facing site hooks. -->+28 more
Data Attributes
data-upload_dir_basedirdata-log_filenamedata-log_file_url
JS Globals
fgp2wc_admin_params
FAQ

Frequently Asked Questions about FG PrestaShop to WooCommerce