WP-Safety

Market Exporter Security & Risk Analysis

wordpress.org/plugins/market-exporter

Плагин для экспорта товарных предложений из WooCommerce в YML файл для Яндекс Маркет.

1K active installs v2.0.23 PHP 5.6+ WP 5.6+ Updated May 26, 2025
exportmarketwoocommerceyandex-marketyml
96
A · Safe
CVEs total3
Unpatched0
Last CVEJun 5, 2025
Plugin page Download
Safety Verdict

Is Market Exporter Safe to Use in 2026?

Generally Safe

Score 96/100

Market Exporter has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Jun 5, 2025Updated 10mo ago
Risk Assessment

The market-exporter plugin, version 2.0.23, presents a mixed security posture. While it demonstrates good practices in output escaping and the absence of dangerous functions or external HTTP requests, significant concerns remain regarding its attack surface and historical vulnerability patterns. The static analysis revealed three AJAX handlers lacking authentication checks, representing a direct and potentially exploitable entry point for attackers. Furthermore, the plugin's entire SQL query is executed without prepared statements, posing a risk of SQL injection if any user-controlled data is involved in constructing that query. The vulnerability history indicates a recurring pattern of Cross-Site Request Forgery (CSRF) and Missing Authorization vulnerabilities, suggesting systemic issues in how user actions and permissions are handled. Although there are no currently unpatched CVEs, the prevalence of past vulnerabilities, particularly high and medium severity ones, warrants caution. Overall, while the plugin has some strengths, the identified unauthenticated entry points and the history of authorization-related vulnerabilities create a considerable security risk.

Key Concerns

  • 3 unprotected AJAX handlers
  • 1 SQL query without prepared statements
  • History of high/medium severity vulnerabilities
Vulnerabilities
3

Market Exporter Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
2 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

High
1
Medium
2

3 total CVEs

CVE-2025-49269medium · 4.3Cross-Site Request Forgery (CSRF)

Market Exporter <= 2.0.22 - Cross-Site Request Forgery

Jun 5, 2025 Patched in 2.0.23 (7d)
CVE-2025-26995medium · 5.4Missing Authorization

Market Exporter <= 2.0.21 - Missing Authorization

Feb 23, 2025 Patched in 2.0.22 (9d)
CVE-2024-5637high · 7.5Missing Authorization

Market Exporter <= 2.0.19 - Missing Authorization to Arbitrary File Deletion

Jun 6, 2024 Patched in 2.0.20 (1d)
Code Analysis
Analyzed Mar 16, 2026

Market Exporter Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
0 prepared
Unescaped Output
0
16 escaped
Nonce Checks
4
Capability Checks
4
File Operations
8
External Requests
0
Bundled Libraries
0

SQL Query Safety

0% prepared1 total queries

Output Escaping

100% escaped16 total outputs
Attack Surface
3 unprotected

Market Exporter Attack Surface

Entry Points7
Unprotected3

AJAX Handlers 7

authwp_ajax_dismiss_rate_noticeincludes\class-core.php:207
authwp_ajax_me_settingsincludes\class-restapi.php:66
authwp_ajax_me_update_settingsincludes\class-restapi.php:67
authwp_ajax_me_elementsincludes\class-restapi.php:68
authwp_ajax_me_update_generateincludes\class-restapi.php:69
authwp_ajax_me_filesincludes\class-restapi.php:70
authwp_ajax_me_update_filesincludes\class-restapi.php:71
WordPress Hooks 12
actionadmin_initincludes\class-core.php:100
actionadmin_noticesincludes\class-core.php:102
actionadmin_noticesincludes\class-core.php:108
actionadmin_initincludes\class-core.php:192
actionadmin_menuincludes\class-core.php:195
actionadmin_enqueue_scriptsincludes\class-core.php:200
actionadmin_enqueue_scriptsincludes\class-core.php:201
actionrest_api_initincludes\class-core.php:204
actionmarket_exporter_cronincludes\class-core.php:210
actionwoocommerce_update_productincludes\class-core.php:212
filterme_export_main_variation_linkincludes\class-generator.php:462
actionplugins_loadedmarket-exporter.php:121

Scheduled Events 3

market_exporter_cron
market_exporter_cron
market_exporter_cron
Maintenance & Trust

Market Exporter Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedMay 26, 2025
PHP min version5.6
Downloads47K

Community Trust

Rating96/100
Number of ratings45
Active installs1K
Alternatives

Market Exporter Alternatives

YML for Yandex Market

YML for Yandex Market

yml-for-yandex-market

A
98

Creates a YML-feed to upload to Yandex Market and not only.

10K 3 CVEs
Mergado Pack

Mergado Pack

mergado-marketing-pack

C
56

Connect your online store to the e-commerce world and get even more from hundreds shopping channels

800 2 unpatched
Import from YML

Import from YML

import-from-yml

A
99

Import products from YML-feed to WooCommerce.

500 1 CVE
XML for Avito

XML for Avito

xml-for-avito

A
99

Создаёт XML-feed для загрузки на Авито.

100 1 CVE
XML for Hotline

XML for Hotline

xml-for-hotline

A
92

Creates a XML-feed to upload to Hotline.ua.

100 No CVEs
Developer Profile

Market Exporter Developer Profile

Anton Vanyukov

2 plugins · 2K total installs

93
trust score
Avg Security Score
98/100
Avg Patch Time
12 days
View full developer profile
Detection Fingerprints

How We Detect Market Exporter

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/market-exporter/admin/css/market-exporter.min.css/wp-content/plugins/market-exporter/admin/js/market-exporter-i18n.min.js/wp-content/plugins/market-exporter/admin/js/market-exporter.min.js
Script Paths
/wp-content/plugins/market-exporter/admin/js/market-exporter-i18n.min.js/wp-content/plugins/market-exporter/admin/js/market-exporter.min.js
Version Parameters
market-exporter.min.css?ver=market-exporter-i18n.min.js?ver=market-exporter.min.js?ver=

HTML / DOM Fingerprints

Data Attributes
id="svg"id="svgg"id="path0"
JS Globals
ajax_stringswooyaI18n
REST Endpoints
/wp-json/market-exporter/v1/
FAQ

Frequently Asked Questions about Market Exporter