WP-Safety

Google for WooCommerce Security & Risk Analysis

wordpress.org/plugins/google-listings-and-ads

Native integration with Google that allows merchants to easily display their products across Google’s network.

900K active installs v3.5.3 PHP 7.4+ WP 6.6+ Updated Mar 4, 2026
adsgooglelistingsproduct-feedwoocommerce
99
A · Safe
CVEs total1
Unpatched0
Last CVENov 18, 2024
Download
Safety Verdict

Is Google for WooCommerce Safe to Use in 2026?

Generally Safe

Score 99/100

Google for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Nov 18, 2024Updated 29d ago
Risk Assessment

The plugin 'google-listings-and-ads' v3.5.3 demonstrates a generally good security posture with strong adherence to secure coding practices. The static analysis shows a zero-attack surface for entry points like AJAX, REST API, and shortcodes, indicating that common web vulnerabilities are mitigated at the interface level. Furthermore, the extensive use of prepared statements for SQL queries (86%) and proper output escaping (87%) are positive indicators of protection against common injection and XSS attacks. The presence of nonce and capability checks, while not universal across all potential entry points (which are none), suggests an awareness of authorization mechanisms.

However, there are some areas that warrant attention. The taint analysis revealed two flows with unsanitized paths. While no critical or high severity issues were flagged in this analysis, unsanitized paths can be precursors to vulnerabilities if not handled with extreme care, especially in conjunction with other factors. The plugin also makes 9 external HTTP requests, which could potentially be a vector for related vulnerabilities if the external endpoints are compromised or if the requests themselves are not properly sanitized.

Historically, the plugin has one known medium severity CVE, which is currently patched. The fact that the last vulnerability was recent (2024-11-18) and of medium severity, coupled with the taint analysis findings, suggests that while the plugin is well-defended in many areas, persistent attention to input sanitization and input validation, particularly for external interactions and potentially complex internal data flows, is crucial. The current version appears secure based on the provided data, but the history and taint analysis highlight areas for continued vigilance.

Key Concerns

  • Flows with unsanitized paths found
  • External HTTP requests made
Vulnerabilities
1

Google for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2024-10486medium · 5.3Missing Authorization

Google for WooCommerce <= 2.8.6 - Information Disclosure via Publicly Accessible PHP Info File

Nov 18, 2024 Patched in 2.8.7 (1d)
Code Analysis
Analyzed Mar 16, 2026

Google for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
11
70 prepared
Unescaped Output
32
223 escaped
Nonce Checks
36
Capability Checks
3
File Operations
0
External Requests
9
Bundled Libraries
1

Bundled Libraries

Guzzle

SQL Query Safety

86% prepared81 total queries

Output Escaping

87% escaped255 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
preserve_action_in_login_form_for_json_api_authorization (src\Integration\JetpackWPCOM.php:102)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Google for WooCommerce Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 171
actionbefore_woocommerce_initgoogle-listings-and-ads.php:60
actionwoocommerce_loadedgoogle-listings-and-ads.php:72
actionplugins_loadedgoogle-listings-and-ads.php:106
actionshutdownsrc\ActionScheduler\AsyncActionRunner.php:61
actionadmin_enqueue_scriptssrc\Admin\Admin.php:91
actionwp_default_scriptssrc\Admin\Admin.php:113
actionadmin_initsrc\Admin\Admin.php:121
actionsave_postsrc\Admin\BulkEdit\BulkEditInitializer.php:23
actionsave_postsrc\Admin\BulkEdit\BulkEditInitializer.php:37
actionbulk_edit_custom_boxsrc\Admin\BulkEdit\CouponBulkEdit.php:63
actionbulk_edit_save_postsrc\Admin\BulkEdit\CouponBulkEdit.php:64
actionwoocommerce_new_couponsrc\Admin\MetaBox\CouponChannelVisibilityMetaBox.php:166
actionwoocommerce_update_couponsrc\Admin\MetaBox\CouponChannelVisibilityMetaBox.php:167
actionadd_meta_boxessrc\Admin\MetaBox\MetaBoxInitializer.php:56
actionwoocommerce_new_productsrc\Admin\Product\Attributes\AttributesTab.php:65
actionwoocommerce_update_productsrc\Admin\Product\Attributes\AttributesTab.php:73
actionwoocommerce_product_data_tabssrc\Admin\Product\Attributes\AttributesTab.php:82
actionwoocommerce_product_data_panelssrc\Admin\Product\Attributes\AttributesTab.php:88
actionwoocommerce_product_after_variable_attributessrc\Admin\Product\Attributes\VariationsAttributes.php:64
actionwoocommerce_save_product_variationsrc\Admin\Product\Attributes\VariationsAttributes.php:72
filterwoocommerce_rest_prepare_product_objectsrc\Admin\Product\ChannelVisibilityBlock.php:59
actionwoocommerce_rest_insert_product_objectsrc\Admin\Product\ChannelVisibilityBlock.php:63
actioninitsrc\Admin\ProductBlocksService.php:98
actionadmin_initsrc\Admin\Redirect.php:61
actionwoocommerce_system_status_reportsrc\Admin\SystemStatusService.php:50
filterposts_wheresrc\Ads\AssetSuggestionsService.php:597
actionrest_api_initsrc\API\Site\RESTControllers.php:30
actionadmin_noticessrc\Autoloader.php:54
actionadmin_menusrc\ConnectionTest.php:57
actionadmin_initsrc\ConnectionTest.php:64
filterwoocommerce_gla_site_urlsrc\ConnectionTest.php:1109
filterwoocommerce_gla_site_urlsrc\ConnectionTest.php:1155
actionwoocommerce_new_couponsrc\Coupon\SyncerHooks.php:123
actionwoocommerce_update_couponsrc\Coupon\SyncerHooks.php:124
actionwoocommerce_gla_bulk_update_couponsrc\Coupon\SyncerHooks.php:125
actionwp_trash_postsrc\Coupon\SyncerHooks.php:128
actionbefore_delete_postsrc\Coupon\SyncerHooks.php:129
actiontrashed_postsrc\Coupon\SyncerHooks.php:130
actiondeleted_postsrc\Coupon\SyncerHooks.php:131
actionwoocommerce_delete_couponsrc\Coupon\SyncerHooks.php:132
actionwoocommerce_trash_couponsrc\Coupon\SyncerHooks.php:133
actionuntrashed_postsrc\Coupon\SyncerHooks.php:136
actionset_object_termssrc\Coupon\SyncerHooks.php:139
filterposts_wheresrc\DB\ProductFeedQueryHelper.php:95
filterposts_wheresrc\DB\ProductFeedQueryHelper.php:136
actionwoocommerce_gla_batch_updated_productssrc\Event\ClearProductStatsCache.php:39
actionwoocommerce_gla_batch_deleted_productssrc\Event\ClearProductStatsCache.php:45
actionwoocommerce_gla_mc_settings_syncsrc\Event\StartProductSync.php:39
actionwoocommerce_gla_mapping_rules_changesrc\Event\StartProductSync.php:46
actionwoocommerce_gla_sync_mode_updatedsrc\Event\StartProductSync.php:53
actionwp_headsrc\Google\GlobalSiteTag.php:114
actionwoocommerce_before_thankyousrc\Google\GlobalSiteTag.php:122
actionwoocommerce_after_single_productsrc\Google\GlobalSiteTag.php:129
actionwp_body_opensrc\Google\GlobalSiteTag.php:136
filterwoocommerce_loop_add_to_cart_linksrc\Google\GlobalSiteTag.php:152
filterwoocommerce_available_variationsrc\Google\GlobalSiteTag.php:163
actionwp_footersrc\Google\GlobalSiteTag.php:209
filterwoocommerce_gtag_snippetsrc\Google\GlobalSiteTag.php:250
actionwp_headsrc\Google\SiteVerificationMeta.php:27
actioninitsrc\Infrastructure\GoogleListingsAndAdsPlugin.php:96
actionadmin_initsrc\Installer.php:48
actionlogin_form_jetpack_json_api_authorizationsrc\Integration\JetpackWPCOM.php:49
filterjetpack_xmlrpc_test_connection_responsesrc\Integration\JetpackWPCOM.php:52
actionwp_loginsrc\Integration\JetpackWPCOM.php:76
actionlogin_messagesrc\Integration\JetpackWPCOM.php:77
actionlogin_formsrc\Integration\JetpackWPCOM.php:78
filtersite_urlsrc\Integration\JetpackWPCOM.php:79
filterlogin_redirectsrc\Integration\JetpackWPCOM.php:91
filterallowed_redirect_hostssrc\Integration\JetpackWPCOM.php:92
filterwoocommerce_gla_product_attribute_value_options_brandsrc\Integration\WooCommerceBrands.php:53
filterwoocommerce_gla_product_attribute_value_brandsrc\Integration\WooCommerceBrands.php:59
filterwoocommerce_gla_product_attribute_valuessrc\Integration\WooCommercePreOrders.php:57
actionwc_pre_orders_pre_orders_disabled_for_productsrc\Integration\WooCommercePreOrders.php:66
actionwoocommerce_new_productsrc\Integration\WooCommerceProductBundles.php:52
actionwoocommerce_update_productsrc\Integration\WooCommerceProductBundles.php:60
filterwoocommerce_gla_product_attribute_value_pricesrc\Integration\WooCommerceProductBundles.php:70
filterwoocommerce_gla_product_attribute_value_sale_pricesrc\Integration\WooCommerceProductBundles.php:78
filterwoocommerce_gla_product_property_value_is_virtualsrc\Integration\WooCommerceProductBundles.php:88
filterwoocommerce_gla_get_sync_ready_products_pre_filtersrc\Integration\WooCommerceProductBundles.php:98
filterwoocommerce_gla_attribute_hidden_product_types_isBundlesrc\Integration\WooCommerceProductBundles.php:130
filterwoocommerce_gla_supported_product_typessrc\Integration\WooCommerceProductBundles.php:138
filterwoocommerce_rest_query_varssrc\Integration\WPCOMProxy.php:114
filterrest_request_after_callbackssrc\Integration\WPCOMProxy.php:162
filterwoocommerce_settings_groupssrc\Integration\WPCOMProxy.php:244
filterwoocommerce_gla_product_attribute_value_options_mpnsrc\Integration\YoastWooCommerceSeo.php:42
filterwoocommerce_gla_product_attribute_value_options_gtinsrc\Integration\YoastWooCommerceSeo.php:48
filterwoocommerce_gla_product_attribute_value_mpnsrc\Integration\YoastWooCommerceSeo.php:54
filterwoocommerce_gla_product_attribute_value_gtinsrc\Integration\YoastWooCommerceSeo.php:62
filterwoocommerce_gla_attribute_mapping_sourcessrc\Integration\YoastWooCommerceSeo.php:71
filterwoocommerce_gla_gtin_migration_valuesrc\Integration\YoastWooCommerceSeo.php:80
actioninitsrc\Internal\DependencyManagement\ThirdPartyServiceProvider.php:77
filterwoocommerce_gla_custom_merchant_issuessrc\Internal\Requirements\GoogleProductFeedValidator.php:34
actiondeactivated_pluginsrc\Internal\Requirements\GoogleProductFeedValidator.php:43
actionadmin_noticessrc\Internal\Requirements\RequirementValidator.php:43
actionaction_scheduler_unexpected_shutdownsrc\Jobs\ActionSchedulerJobMonitor.php:69
actionwoocommerce_gla_debug_messagesrc\Logging\DebugLogger.php:43
actionwoocommerce_gla_exceptionsrc\Logging\DebugLogger.php:44
actionwoocommerce_gla_errorsrc\Logging\DebugLogger.php:45
actionwoocommerce_gla_mc_client_exceptionsrc\Logging\DebugLogger.php:46
actionwoocommerce_gla_ads_client_exceptionsrc\Logging\DebugLogger.php:47
actionwoocommerce_gla_sv_client_exceptionsrc\Logging\DebugLogger.php:48
actionwoocommerce_gla_guzzle_client_exceptionsrc\Logging\DebugLogger.php:49
actionwoocommerce_gla_guzzle_invalid_responsesrc\Logging\DebugLogger.php:50
actionadmin_menusrc\Menu\AttributeMapping.php:20
actionadmin_menusrc\Menu\Dashboard.php:47
actionadmin_menusrc\Menu\GetStarted.php:45
actionadmin_menusrc\Menu\NotificationManager.php:51
filtergoogle_for_woocommerce_admin_menu_notification_countsrc\Menu\NotificationManager.php:53
filtergoogle_for_woocommerce_admin_menu_notification_countsrc\Menu\NotificationManager.php:54
actionadmin_enqueue_scriptssrc\Menu\NotificationManager.php:80
actionadmin_menusrc\Menu\ProductFeed.php:20
actionadmin_menusrc\Menu\Reports.php:20
actionadmin_menusrc\Menu\Settings.php:20
actionadmin_menusrc\Menu\SetupAds.php:20
actionadmin_menusrc\Menu\SetupMerchantCenter.php:20
actionadmin_menusrc\Menu\Shipping.php:20
filterwoocommerce_gla_custom_merchant_issuessrc\MerchantCenter\MerchantCenterService.php:63
actioncomplete-setupsrc\Notes\CompleteSetup.php:48
actioncontact-informationsrc\Notes\ContactInformation.php:49
actionleave-reviewsrc\Notes\LeaveReviewActionTrait.php:28
actionreconnect-wordpresssrc\Notes\ReconnectWordPress.php:68
actionsetup-campaignsrc\Notes\SetupCampaign.php:55
actionsetup-campaignsrc\Notes\SetupCampaign.php:70
actionsetup-campaign-learn-moresrc\Notes\SetupCampaign.php:79
actionsetup-campaignsrc\Notes\SetupCampaignTwoWeeks.php:55
actionsetup-campaignsrc\Notes\SetupCampaignTwoWeeks.php:72
actioncoupon-viewssrc\Notes\SetupCouponSharing.php:72
actionwoocommerce_gla_ads_setup_completedsrc\Options\AdsSetupCompleted.php:29
actionwoocommerce_gla_mc_settings_syncsrc\Options\MerchantSetupCompleted.php:26
actionwoocommerce_gla_onboarding_completedsrc\Options\OnboardingCompleted.php:29
filterwoocommerce_gla_sync_modesrc\Options\SyncStatus.php:28
filterwoocommerce_gla_is_pull_enabled_for_datatypesrc\Options\SyncStatus.php:29
actionwoocommerce_new_productsrc\Product\ChannelVisibilityMetaBox.php:144
actionwoocommerce_update_productsrc\Product\ChannelVisibilityMetaBox.php:145
filterwoocommerce_product_data_store_cpt_get_products_querysrc\Product\ProductMetaHandler.php:200
actionwoocommerce_new_productsrc\Product\SyncerHooks.php:117
actionwoocommerce_new_product_variationsrc\Product\SyncerHooks.php:118
actionwoocommerce_update_productsrc\Product\SyncerHooks.php:119
actionwoocommerce_update_product_variationsrc\Product\SyncerHooks.php:120
actionwoocommerce_process_product_metasrc\Product\SyncerHooks.php:123
actionwp_trash_postsrc\Product\SyncerHooks.php:126
actionbefore_delete_postsrc\Product\SyncerHooks.php:127
actionwoocommerce_before_delete_product_variationsrc\Product\SyncerHooks.php:128
actiontrashed_postsrc\Product\SyncerHooks.php:129
actiondeleted_postsrc\Product\SyncerHooks.php:130
actionuntrashed_postsrc\Product\SyncerHooks.php:133
filterwoocommerce_duplicate_product_exclude_metasrc\Product\SyncerHooks.php:136
actionupdate_optionsrc\Settings\SyncerHooks.php:93
actionwoocommerce_after_shipping_zone_object_savesrc\Shipping\SyncerHooks.php:84
actionwoocommerce_delete_shipping_zonesrc\Shipping\SyncerHooks.php:87
actionwoocommerce_shipping_zone_method_addedsrc\Shipping\SyncerHooks.php:90
actionwoocommerce_shipping_zone_method_deletedsrc\Shipping\SyncerHooks.php:91
actionwoocommerce_shipping_zone_method_status_toggledsrc\Shipping\SyncerHooks.php:94
actionwoocommerce_shipping_classes_save_classsrc\Shipping\SyncerHooks.php:97
actionsaved_product_shipping_classsrc\Shipping\SyncerHooks.php:98
actiondelete_product_shipping_classsrc\Shipping\SyncerHooks.php:99
actionwoocommerce_update_options_shipping_free_shippingsrc\Shipping\SyncerHooks.php:102
actionwoocommerce_update_options_shipping_flat_ratesrc\Shipping\SyncerHooks.php:103
actionupdated_optionsrc\Shipping\SyncerHooks.php:118
actionadded_optionsrc\Shipping\SyncerHooks.php:123
actioninitsrc\TaskList\CompleteSetupTask.php:28
actionwoocommerce_gla_track_eventsrc\Tracking\Events\GenericEvents.php:20
actionwoocommerce_gla_site_claim_overwrite_requiredsrc\Tracking\Events\SiteClaimEvents.php:21
actionwoocommerce_gla_site_claim_successsrc\Tracking\Events\SiteClaimEvents.php:22
actionwoocommerce_gla_site_claim_failuresrc\Tracking\Events\SiteClaimEvents.php:23
actionwoocommerce_gla_url_switch_requiredsrc\Tracking\Events\SiteClaimEvents.php:24
actionwoocommerce_gla_url_switch_successsrc\Tracking\Events\SiteClaimEvents.php:25
actionwoocommerce_gla_site_verify_successsrc\Tracking\Events\SiteVerificationEvents.php:17
actionwoocommerce_gla_site_verify_failuresrc\Tracking\Events\SiteVerificationEvents.php:18
actioninitsrc\Tracking\EventTracking.php:44
filterwoocommerce_tracker_datasrc\Tracking\TrackerSnapshot.php:41
Maintenance & Trust

Google for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 4, 2026
PHP min version7.4
Downloads39.7M

Community Trust

Rating54/100
Number of ratings257
Active installs900K
Alternatives

Google for WooCommerce Alternatives

Product Feed Manager for WooCommerce – CTX Feed – Support 220+ Shopping & Social Channels

Product Feed Manager for WooCommerce – CTX Feed – Support 220+ Shopping & Social Channels

webappick-product-feed-for-woocommerce

A
92

Create WooCommerce product feeds for Google Shopping, Facebook, TikTok & 220+ channels. 2026 compliant. 6 formats. Trusted by 70,000+ stores.

70K 4 CVEs
Mercantor

Mercantor

mercantor

A
100

Seamlessly sync your WooCommerce products to Google Merchant Center with real-time updates, multilingual support, and automatic error handling.

0 No CVEs
Product Feed PRO for WooCommerce by AdTribes – Product Feeds for WooCommerce

Product Feed PRO for WooCommerce by AdTribes – Product Feeds for WooCommerce

woo-product-feed-pro

A
97

Most popular WooCommerce product feed plugin supporting Google shopping feed, meta/facebook feed, bing product feed & more.

80K 6 CVEs
Pixel Manager for WooCommerce – Conversion Tracking, Google Ads, GA4, TikTok, Dynamic Remarketing

Pixel Manager for WooCommerce – Conversion Tracking, Google Ads, GA4, TikTok, Dynamic Remarketing

woocommerce-google-adwords-conversion-tracking-tag

A
95

Conversion tracking for WooCommerce. Google Ads, GA4, Meta/Facebook Pixel, TikTok & more. Recover 30% more conversions with server-side tracking!

50K 4 CVEs
Reddit for WooCommerce

Reddit for WooCommerce

reddit-for-woocommerce

A
100

Integrate your WooCommerce store with Reddit Ads to track conversions and export products for advertising.

20K No CVEs
Developer Profile

Google for WooCommerce Developer Profile

WooCommerce

36 plugins · 4.7M total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
234 days
View full developer profile
Detection Fingerprints

How We Detect Google for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/google-listings-and-ads/client/google-marketing.css/wp-content/plugins/google-listings-and-ads/client/google-marketing.js/wp-content/plugins/google-listings-and-ads/client/vendor.css/wp-content/plugins/google-listings-and-ads/client/vendor.js
Script Paths
/wp-content/plugins/google-listings-and-ads/client/google-marketing.js/wp-content/plugins/google-listings-and-ads/client/vendor.js
Version Parameters
google-listings-and-ads/client/google-marketing.css?ver=google-listings-and-ads/client/google-marketing.js?ver=google-listings-and-ads/client/vendor.css?ver=google-listings-and-ads/client/vendor.js?ver=

HTML / DOM Fingerprints

CSS Classes
gla-settingsgla-wizardgla-product-sync-status
Data Attributes
data-gla-product-iddata-gla-sync-status
JS Globals
window.wc_gla_settings
REST Endpoints
/wp-json/google-listings-and-ads/v1/sync-status
FAQ

Frequently Asked Questions about Google for WooCommerce