WP-Safety

Google Merchant Product Feed Security & Risk Analysis

wordpress.org/plugins/merchant-xml-feed-generator

Easily and quickly create XML Feeds for use on the Google Merchant Centre from your WooCommerce Store

10 active installs v1.1.4 PHP + WP 3.0.1+ Updated Oct 27, 2016
google-feedgoogle-merchantgoogle-shoppinggoogle-xml-feedwoocommerce
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Google Merchant Product Feed Safe to Use in 2026?

Generally Safe

Score 85/100

Google Merchant Product Feed has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago
Risk Assessment

The 'merchant-xml-feed-generator' v1.1.4 plugin exhibits a generally strong security posture based on the provided static analysis. The absence of any known CVEs and the complete reliance on prepared statements for SQL queries are significant strengths. Furthermore, the plugin demonstrates good practices by incorporating nonce checks and capability checks, and it has a minimal attack surface with no publicly exposed AJAX handlers, REST API routes, or shortcodes without proper authentication.

However, a notable concern is the presence of the `unserialize` function, which is inherently dangerous if used with untrusted input. While no specific taint flows were identified as critical or high severity, the potential for such a vulnerability exists. The output escaping is also only moderately effective at 58%, indicating a risk of cross-site scripting (XSS) vulnerabilities in certain scenarios.

In conclusion, while the plugin has a clean vulnerability history and avoids many common pitfalls, the identified use of `unserialize` and the suboptimal output escaping warrant attention. The plugin's strengths lie in its controlled attack surface and adherence to basic security checks, but the potential for deserialization and XSS vulnerabilities should be mitigated.

Key Concerns

  • Use of dangerous unserialize function
  • Moderately escaped output (58%)
Vulnerabilities
None known

Google Merchant Product Feed Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Google Merchant Product Feed Release Timeline

No version history available.
Code Analysis
Analyzed Mar 17, 2026

Google Merchant Product Feed Code Analysis

Dangerous Functions
4
Raw SQL Queries
0
0 prepared
Unescaped Output
10
14 escaped
Nonce Checks
1
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
1

Dangerous Functions Found

unserialize$products = unserialize($products);gmpf-generator.php:45
unserialize$variants = unserialize($variants);gmpf-generator.php:190
unserialize$products = unserialize($products);gmpf-products.php:18
unserialize$ship_to = unserialize($ship_to);gmpf-shipping.php:24

Bundled Libraries

DataTables

Output Escaping

58% escaped24 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

1 flows
<gmpf> (gmpf.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Google Merchant Product Feed Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 14
actioninitgmpf.php:37
actionadmin_enqueue_scriptsgmpf.php:39
actionadd_meta_boxesgmpf.php:42
actionsave_postgmpf.php:43
filtersingle_templategmpf.php:52
actiongmpf_load_product_listgmpf.php:56
actiongmpf_load_shippinggmpf.php:58
filtergmpf_products_to_showgmpf.php:61
filtergmpf_hide_variantsgmpf.php:62
actionadmin_noticesgmpf.php:74
actioninittest.php:47
actionadmin_menutest.php:552
actionadmin_headtest.php:553
filterpost_updated_messagestest.php:554
Maintenance & Trust

Google Merchant Product Feed Maintenance & Trust

Maintenance Signals

WordPress version tested4.6.30
Last updatedOct 27, 2016
PHP min version
Downloads3K

Community Trust

Rating60/100
Number of ratings2
Active installs10
Alternatives

Google Merchant Product Feed Alternatives

WPMR Google Feed Manager for WooCommerce – Sell on Google Merchant Center & Shopping

WPMR Google Feed Manager for WooCommerce – Sell on Google Merchant Center & Shopping

wp-product-feed-manager

A
96

The WooCommerce product feed plugin built for Google. Create a Google Merchant feed in 5 minutes—no coding, no errors. Start selling on Google Shoppin &hellip;

10K 3 CVEs
WebToffee WooCommerce Product Feeds – Google Shopping, Pinterest, TikTok Ads, & More

WebToffee WooCommerce Product Feeds – Google Shopping, Pinterest, TikTok Ads, & More

webtoffee-product-feed

A
96

Create WooCommerce product feeds containing unlimited number of products. Supports Google Product feed, Facebook catalog feed, Instagram, Bing & m &hellip;

2K 3 CVEs
ELEX WooCommerce Google Shopping (Google Product Feed)

ELEX WooCommerce Google Shopping (Google Product Feed)

elex-woocommerce-google-product-feed-plugin-basic

A
98

The ELEX WooCommerce Google Shopping (Google Product Feed) plugin is a free WooCommerce plugin that serves in feeding your WooCommerce products to Goo &hellip;

1K 2 CVEs
Ultimate Products Feed : Woocommerce to Google Shopping

Ultimate Products Feed : Woocommerce to Google Shopping

ultimate-products-feed

A
85

Add your products feed to Google Shopping and attract more customers. this plugin is the best way to boost your sales very quickly.

20 No CVEs
Listing & Smart Shopping Campaign for Google

Listing & Smart Shopping Campaign for Google

listing-smart-shopping-campaign-for-google

A
85

Expand your online retailing arena by showcasing your WooCommerce products on the Google Shopping platform.

10 No CVEs
Developer Profile

Google Merchant Product Feed Developer Profile

nvaughan84

1 plugin · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Google Merchant Product Feed

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/merchant-xml-feed-generator/css/gmpf_styles.css/wp-content/plugins/merchant-xml-feed-generator/js/gmpf_scripts.js/wp-content/plugins/merchant-xml-feed-generator/datatables/datatables.min.css/wp-content/plugins/merchant-xml-feed-generator/datatables/datatables.min.js/wp-content/plugins/merchant-xml-feed-generator/tooltipster/css/tooltipster.css/wp-content/plugins/merchant-xml-feed-generator/tooltipster/css/themes/tooltipster-light.css/wp-content/plugins/merchant-xml-feed-generator/tooltipster/js/jquery.tooltipster.min.js
Script Paths
/wp-content/plugins/merchant-xml-feed-generator/js/gmpf_scripts.js
Version Parameters
gmpf_styles.css?ver=1.0.0gmpf_scripts.jsdatatables.min.css?ver=1.0.0datatables.min.jstooltipster.css?ver=1.0.0tooltipster-light.css?ver=1.0.0jquery.tooltipster.min.js

HTML / DOM Fingerprints

CSS Classes
gmpf_block
Data Attributes
gmpf_shop_linkgmpf_descriptiongmpf_default_google_categorygmpf_filtertypegmpf_productsgmpf_shipping_method+1 more
FAQ

Frequently Asked Questions about Google Merchant Product Feed