WP-Safety

GST for WooCommerce Security & Risk Analysis

wordpress.org/plugins/gst-for-woocommerce

The Plugin allows You To apply GST (Goods and services tax) on product and also category-wise.

60 active installs v2.0 PHP 7.4+ WP 5.1+ Updated Sep 19, 2024
gstgst-for-woocommercetmdwoowoocommerce
70
B · Generally Safe
CVEs total1
Unpatched1
Last CVESep 26, 2025
Plugin page Download
Safety Verdict

Is GST for WooCommerce Safe to Use in 2026?

Mostly Safe

Score 70/100

GST for WooCommerce is generally safe to use though it hasn't been updated recently. 1 past CVE were resolved. Keep it updated.

1 known CVE 1 unpatched Last CVE: Sep 26, 2025Updated 1yr ago
Risk Assessment

The "gst-for-woocommerce" plugin v2.0 exhibits a concerning security posture, primarily due to a significant number of unprotected AJAX handlers and a complete lack of nonce and capability checks across its entry points. The static analysis reveals 6 AJAX handlers, all of which are exposed without any authentication or authorization, creating a substantial attack surface that could be exploited by unauthenticated users. This is further exacerbated by the presence of the `unserialize` function, a known risk vector, and a notable percentage of SQL queries not using prepared statements, potentially leading to SQL injection vulnerabilities.

The taint analysis highlights 6 flows with unsanitized paths, with 2 classified as high severity. This indicates that data entering the plugin is not being properly validated or sanitized before being used in potentially dangerous operations. The vulnerability history, while not detailing critical or high severity CVEs, does show a past medium-severity CSRF vulnerability. The recurrence of CSRF as a common vulnerability type in its history suggests a pattern of insufficient input validation or token protection, particularly relevant given the identified lack of nonce checks.

In conclusion, while the plugin has no reported external HTTP requests or file operations, which are positive indicators, the critical deficiencies in authentication, authorization, and input sanitization on its AJAX endpoints present a high risk. The reliance on `unserialize` and the significant number of unsanitized taint flows are major red flags. The past vulnerability history, though not severe, reinforces the need for robust security practices. The plugin's overall security is significantly compromised by these fundamental oversights.

Key Concerns

  • Unprotected AJAX handlers
  • Missing nonce checks
  • Missing capability checks
  • Dangerous function: unserialize
  • High severity taint flows
  • SQL queries not using prepared statements
  • Unpatched CVE
  • Unsanitized paths in taint flows
Vulnerabilities
1

GST for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-60173medium · 4.3Cross-Site Request Forgery (CSRF)

GST for WooCommerce <= 2.0 - Cross-Site Request Forgery

Sep 26, 2025Unpatched
Code Analysis
Analyzed Mar 16, 2026

GST for WooCommerce Code Analysis

Dangerous Functions
4
Raw SQL Queries
19
6 prepared
Unescaped Output
52
107 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$gst_rate = unserialize( $gst_data->tmd_rates );classes\class-tmd-gst-data.php:204
unserialize$setting_data = unserialize( $settings );classes\class-tmd-gst-data.php:341
unserialize$tmd_gst_rates = unserialize( $gst_datas['_gst_rates'] );classes\class-tmd-gst-data.php:593
unserializeif( !empty($tab_pd) && $tab_pd['_gst_rates'] ){ $tab_gst_rates = unserialize($tab_pd['_gst_rates']);classes\class-tmd-gst-data.php:834

SQL Query Safety

24% prepared25 total queries

Output Escaping

67% escaped159 total outputs
Data Flows
6 unsanitized

Data Flow Analysis

6 flows6 with unsanitized paths
tmd_gst_front_order_invoice_html (inc\tmd-ajax.php:22)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
6 unprotected

GST for WooCommerce Attack Surface

Entry Points6
Unprotected6

AJAX Handlers 6

authwp_ajax_tmd_gst_get_update_to_gst_advance_msginc\tmd-ajax.php:7
noprivwp_ajax_tmd_gst_get_update_to_gst_advance_msginc\tmd-ajax.php:8
authwp_ajax_tmd_gst_front_order_invoice_htmlinc\tmd-ajax.php:20
noprivwp_ajax_tmd_gst_front_order_invoice_htmlinc\tmd-ajax.php:21
authwp_ajax_tmd_gst_admin_order_invoice_htmlinc\tmd-ajax.php:42
noprivwp_ajax_tmd_gst_admin_order_invoice_htmlinc\tmd-ajax.php:43
WordPress Hooks 28
actionadmin_menuadmin\menus\admin-menus.php:19
actionadmin_initclasses\class-tmd-gst-data.php:13
actionadmin_initclasses\class-tmd-gst-data.php:15
actionadmin_initclasses\class-tmd-gst-data.php:17
actionwoocommerce_cart_calculate_feesclasses\class-tmd-gst-data.php:19
filterwoocommerce_product_data_tabsclasses\class-tmd-gst-data.php:21
actionwoocommerce_product_data_panelsclasses\class-tmd-gst-data.php:23
actionadmin_headclasses\class-tmd-gst-data.php:25
actionwoocommerce_process_product_metaclasses\class-tmd-gst-data.php:27
filterwoocommerce_add_cart_item_dataclasses\class-tmd-gst-data.php:29
filterwoocommerce_get_item_dataclasses\class-tmd-gst-data.php:31
actionwoocommerce_checkout_create_orderclasses\class-tmd-gst-data.php:33
filterwoocommerce_order_item_display_meta_keyclasses\class-tmd-gst-data.php:35
actionbefore_delete_postclasses\class-tmd-gst-data.php:37
filterwoocommerce_account_orders_columnsclasses\class-tmd-gst-data.php:39
actionwoocommerce_my_account_my_orders_column_custom-columnclasses\class-tmd-gst-data.php:41
filterwoocommerce_hidden_order_itemmetaclasses\class-tmd-gst-data.php:43
filtermanage_edit-shop_order_columnsclasses\class-tmd-gst-data.php:45
actionmanage_shop_order_posts_custom_columnclasses\class-tmd-gst-data.php:47
actionwoocommerce_checkout_create_orderclasses\class-tmd-gst-data.php:49
actionwoocommerce_after_order_object_saveclasses\class-tmd-gst-data.php:51
filterwoocommerce_get_price_htmlclasses\class-tmd-gst-data.php:53
actionwoocommerce_calculated_totalclasses\class-tmd-gst-data.php:55
actionwoocommerce_order_status_changedclasses\class-tmd-gst-data.php:57
actionadmin_enqueue_scriptstmd-gst-main.php:59
actionwp_enqueue_scriptstmd-gst-main.php:60
actionplugins_loadedtmd-gst-main.php:234
actionadmin_noticestmd-gst-main.php:266
Maintenance & Trust

GST for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5
Last updatedSep 19, 2024
PHP min version7.4
Downloads6K

Community Trust

Rating0/100
Number of ratings0
Active installs60
Alternatives

GST for WooCommerce Alternatives

WooCommerce Tax (formerly WooCommerce Shipping & Tax)

WooCommerce Tax (formerly WooCommerce Shipping & Tax)

woocommerce-services

A
100

We’re here to help with tax rates: collect accurate sales tax, automatically.

600K 1 CVE
GST Invoice for WooCommerce

GST Invoice for WooCommerce

woo-gst

A
100

This plugin is for GST tax setting. It set all tax including Tax slabs setting for CGST, SGST and IGST automatically.

2K No CVEs
WebPlanex: GST Invoice India

WebPlanex: GST Invoice India

webplanex-gst-invoice-india

A
100

Automated Tax Compliance & Streamlined Billing for WooCommerce. Generate GST-compliant invoices effortlessly and stay 100% compliant.

300 No CVEs
Rename VAT to GST for WooCommerce

Rename VAT to GST for WooCommerce

rename-vat-to-gst-for-woocommerce

A
100

Replaces VAT and Tax terminology with GST throughout WooCommerce (emails, cart, checkout, admin, order pages).

200 No CVEs
Indian GST Invoice Suite

Indian GST Invoice Suite

indian-gst-invoice-suite

A
100

Generate GST Compliant PDF invoices, Supports CGST/SGST/IGST, HSN/SAC, and more for WooCommerce.

20 No CVEs
Developer Profile

GST for WooCommerce Developer Profile

Ashwani kumar

3 plugins · 60 total installs

85
trust score
Avg Security Score
87/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect GST for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/gst-for-woocommerce/assets/css/tmd-gst-style.css/wp-content/plugins/gst-for-woocommerce/assets/css/tmd-style-ui.css/wp-content/plugins/gst-for-woocommerce/assets/css/select-ui.css/wp-content/plugins/gst-for-woocommerce/assets/css/datatable-ui.css/wp-content/plugins/gst-for-woocommerce/assets/js/admin-script.js/wp-content/plugins/gst-for-woocommerce/assets/js/datatable-ui.js/wp-content/plugins/gst-for-woocommerce/assets/js/select-ui.js/wp-content/plugins/gst-for-woocommerce/assets/js/ajax.js+4 more
Script Paths
assets/js/admin-script.jsassets/js/datatable-ui.jsassets/js/select-ui.jsassets/js/ajax.jsassets/js/jquery-jspdf.jsassets/js/jquery-jspdf-convas.js+2 more
Version Parameters
gst-for-woocommerce/assets/css/tmd-gst-style.css?ver=gst-for-woocommerce/assets/css/tmd-style-ui.css?ver=gst-for-woocommerce/assets/css/select-ui.css?ver=gst-for-woocommerce/assets/css/datatable-ui.css?ver=gst-for-woocommerce/assets/js/admin-script.js?ver=gst-for-woocommerce/assets/js/datatable-ui.js?ver=gst-for-woocommerce/assets/js/select-ui.js?ver=gst-for-woocommerce/assets/js/ajax.js?ver=gst-for-woocommerce/assets/js/jquery-jspdf.js?ver=gst-for-woocommerce/assets/js/jquery-jspdf-convas.js?ver=gst-for-woocommerce/assets/js/jquery-gst-pdf.js?ver=gst-for-woocommerce/assets/js/front-ajax.js?ver=

HTML / DOM Fingerprints

CSS Classes
tmd-gst-fr-styletmd-gst-fr-tmd-styletmd-gst-fr-selecttmd-gst-fr-datatable
JS Globals
tmd_ajax_script
FAQ

Frequently Asked Questions about GST for WooCommerce