WP-Safety

Linet ERP Integration For Woocommerce Security & Risk Analysis

wordpress.org/plugins/linet-erp-woocommerce-integration

After installing this plugin you can sync woocommerce with Linet ERP.

100 active installs v3.6.16 PHP 5.2+ WP 4.6+ Updated Mar 9, 2026
accountingbusinesserpsyncwoocommerce
97
A · Safe
CVEs total2
Unpatched0
Last CVEApr 10, 2025
Plugin page Download
Safety Verdict

Is Linet ERP Integration For Woocommerce Safe to Use in 2026?

Generally Safe

Score 97/100

Linet ERP Integration For Woocommerce has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Apr 10, 2025Updated 25d ago
Risk Assessment

The linet-erp-woocommerce-integration plugin v3.6.16 exhibits a concerning security posture, despite some positive code hygiene signals. The primary weakness lies in its extensive attack surface, with all 15 identified entry points (AJAX handlers and REST API routes) lacking authentication or permission checks. This makes them prime targets for unauthenticated attackers. Furthermore, the presence of a dangerous `unserialize` function and a high number of unsanitized taint flows, particularly those with high severity, suggest a significant risk of code execution or data compromise if user-supplied data is not meticulously validated and sanitized before being passed to these functions. The vulnerability history, while showing no currently unpatched CVEs, reveals past instances of Path Traversal and CSRF, indicating a pattern of vulnerabilities that require careful attention. While the plugin shows strengths in its use of prepared statements for SQL queries and a high percentage of properly escaped output, these are overshadowed by the fundamental security flaws in its entry point handling and the identified taint flow risks. The plugin's overall security is compromised by these critical oversights.

Key Concerns

  • All AJAX handlers lack authentication checks
  • All REST API routes lack permission callbacks
  • Contains dangerous unserialize function
  • High number of unsanitized taint flows (high severity)
  • Previous Path Traversal vulnerabilities
  • Previous CSRF vulnerabilities
  • Only 1 nonce check for 15 entry points
  • Only 1 capability check for 15 entry points
Vulnerabilities
2

Linet ERP Integration For Woocommerce Security Vulnerabilities

CVEs by Year

2 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

High
1
Medium
1

2 total CVEs

CVE-2025-31411high · 7.2Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Linet ERP-Woocommerce Integration <= 3.5.12 - Authenticated (Admin+) Arbitrary File Read & Deletion

Apr 10, 2025 Patched in 3.6.0 (35d)
CVE-2025-24594medium · 4.3Cross-Site Request Forgery (CSRF)

Linet ERP-Woocommerce Integration <= 3.5.7 - Cross-Site Request Forgery

Jan 24, 2025 Patched in 3.5.8 (5d)
Code Analysis
Analyzed Mar 16, 2026

Linet ERP Integration For Woocommerce Code Analysis

Dangerous Functions
1
Raw SQL Queries
4
22 prepared
Unescaped Output
20
129 escaped
Nonce Checks
1
Capability Checks
1
File Operations
7
External Requests
2
Bundled Libraries
0

Dangerous Functions Found

unserialize$zc_response = $zc_response ? json_decode(unserialize(base64_decode($zc_response)), true) : array();classes\class-wc-li-invoice.php:373

SQL Query Safety

85% prepared26 total queries

Output Escaping

87% escaped149 total outputs
Data Flows
6 unsanitized

Data Flow Analysis

7 flows6 with unsanitized paths
WpItemsSyncAjax (classes\class-wc-li-inventory.php:336)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
15 unprotected

Linet ERP Integration For Woocommerce Attack Surface

Entry Points15
Unprotected15

AJAX Handlers 13

authwp_ajax_LinetGetFileclasses\class-wc-li-settings.php:48
authwp_ajax_LinetDeleteFileclasses\class-wc-li-settings.php:49
authwp_ajax_LinetDeleteProdclasses\class-wc-li-settings.php:50
authwp_ajax_LinetDeleteAttachmentclasses\class-wc-li-settings.php:52
authwp_ajax_LinetCalcAttachmentclasses\class-wc-li-settings.php:53
authwp_ajax_LinetTestclasses\class-wc-li-settings.php:57
authwp_ajax_RulerAjaxclasses\class-wc-li-settings.php:59
authwp_ajax_LinetItemSyncclasses\class-wc-li-settings.php:63
authwp_ajax_LinetCatListclasses\class-wc-li-settings.php:66
authwp_ajax_WpItemSyncclasses\class-wc-li-settings.php:68
authwp_ajax_WpCatSyncclasses\class-wc-li-settings.php:69
authwp_ajax_LinetSingleItemSyncclasses\class-wc-li-settings.php:78
authwp_ajax_LinetSingleProdSyncclasses\class-wc-li-settings.php:79

REST API Routes 2

POST/wp-json/linet-fast-sync/v1/itemclasses\class-wc-li-sns.php:154
POST/wp-json/linet-fast-sync/v2/syncclasses\class-wc-li-sns.php:162
WordPress Hooks 29
filtermanage_edit-product_cat_columnsclasses\class-wc-li-inventory.php:22
filtermanage_product_cat_custom_columnclasses\class-wc-li-inventory.php:23
filtermanage_edit-product_cat_sortable_columnsclasses\class-wc-li-inventory.php:24
actionmanage_product_posts_custom_columnclasses\class-wc-li-inventory.php:30
filtermanage_edit-product_columnsclasses\class-wc-li-inventory.php:31
filtermanage_edit-product_sortable_columnsclasses\class-wc-li-inventory.php:32
actionpre_get_postsclasses\class-wc-li-inventory.php:33
actionadmin_footer-edit.phpclasses\class-wc-li-inventory.php:39
actionadmin_footer-edit-tags.phpclasses\class-wc-li-inventory.php:41
actionedited_product_catclasses\class-wc-li-inventory.php:42
actionsave_post_productclasses\class-wc-li-inventory.php:48
actionquick_edit_custom_boxclasses\class-wc-li-inventory.php:57
actionquick_edit_custom_boxclasses\class-wc-li-inventory.php:76
actionmanage_edit-shop_order_columnsclasses\class-wc-li-invoice-manager.php:58
filtermanage_shop_order_posts_custom_columnclasses\class-wc-li-invoice-manager.php:59
actionwpcf7_before_send_mailclasses\class-wc-li-linet-cf7.php:13
actionwoocommerce_order_actionsclasses\class-wc-li-order-actions.php:32
actionwoocommerce_order_action_linet_manual_invoiceclasses\class-wc-li-order-actions.php:36
actionlinetItemSyncclasses\class-wc-li-settings.php:28
actionwoocommerce_product_after_variable_attributesclasses\class-wc-li-settings.php:80
actionadmin_initclasses\class-wc-li-settings.php:883
actionadmin_menuclasses\class-wc-li-settings.php:885
actionpost_submitbox_startclasses\class-wc-li-settings.php:887
actionproduct_cat_edit_form_fieldsclasses\class-wc-li-settings.php:890
actionrest_api_initclasses\class-wc-li-sns.php:153
actionrest_api_initclasses\class-wc-li-sns.php:161
actionelementor_pro/initwoocommerce-linet.php:167
actionwoocommerce_initwoocommerce-linet.php:250
actionbefore_woocommerce_initwoocommerce-linet.php:253

Scheduled Events 1

linetItemSync
Maintenance & Trust

Linet ERP Integration For Woocommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedMar 9, 2026
PHP min version5.2
Downloads12K

Community Trust

Rating100/100
Number of ratings1
Active installs100
Alternatives

Linet ERP Integration For Woocommerce Alternatives

Contabilium Oficial para WooCommerce

Contabilium Oficial para WooCommerce

contabilium-oficial-para-woo

A
100

Contabilium es un sistema de gestión online que te permite administrar todos tus ingresos y gastos de una forma sencilla y rápida en cualquier momento &hellip;

300 No CVEs
Fortnox for WooCommerce

Fortnox for WooCommerce

woocommerce-fortnox-integration

A
98

Synchronizes all customers, products and orders from WooCommerce to Fortnox. Saves you both sweat and hours of work.

200 2 CVEs
Data Sync for Xero by Wbsync

Data Sync for Xero by Wbsync

data-sync-x-by-wbsync

A
85

Automatically sync your data, like orders and inventory, from WooCommerce to Xero.

100 No CVEs
Splash Sync

Splash Sync

splash-connector

A
99

Splash Sync, the synchronization system of innovative companies! Synchronize your website with all your business applications.

100 1 CVE
Visma for WooCommerce

Visma for WooCommerce

woo-visma-integration

A
100

Visma for WooCommerce är den mest omfattande integrationen mellan WooCommerce och Visma eEkonomi. Pluginet automatiserar hela flödet från webshop till &hellip;

90 No CVEs
Developer Profile

Linet ERP Integration For Woocommerce Developer Profile

aribhour

1 plugin · 100 total installs

92
trust score
Avg Security Score
97/100
Avg Patch Time
20 days
View full developer profile
Detection Fingerprints

How We Detect Linet ERP Integration For Woocommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/linet-erp-woocommerce-integration/js/backend.js/wp-content/plugins/linet-erp-woocommerce-integration/css/backend.css/wp-content/plugins/linet-erp-woocommerce-integration/css/frontend.css
Script Paths
/wp-content/plugins/linet-erp-woocommerce-integration/js/backend.js/wp-content/plugins/linet-erp-woocommerce-integration/js/frontend.js
Version Parameters
/wp-content/plugins/linet-erp-woocommerce-integration/js/backend.js?ver=/wp-content/plugins/linet-erp-woocommerce-integration/css/backend.css?ver=/wp-content/plugins/linet-erp-woocommerce-integration/css/frontend.css?ver=/wp-content/plugins/linet-erp-woocommerce-integration/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
linet-erp-woocommerce-integration
Data Attributes
data-iddata-keydata-valuedata-linet-id
JS Globals
linet_erp_config
REST Endpoints
/wp-json/linet-erp-woocommerce-integration/v1
FAQ

Frequently Asked Questions about Linet ERP Integration For Woocommerce