WP-Safety

MyWorks Sync for WooCommerce & Xero Security & Risk Analysis

wordpress.org/plugins/myworks-sync-for-xero

Automatically sync your customers, orders, inventory and more in real time between your WooCommerce store and Xero - managed directly inside WooCommer …

700 active installs v1.3.2 PHP 5.6+ WP 5.3+ Updated Jan 13, 2026
woocommercewoocommerce-xerowoocommerce-xero-syncwoocommerce-syncxero
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is MyWorks Sync for WooCommerce & Xero Safe to Use in 2026?

Generally Safe

Score 100/100

MyWorks Sync for WooCommerce & Xero has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago
Risk Assessment

The "myworks-sync-for-xero" plugin version 1.3.2 exhibits a concerning security posture primarily due to its extensive attack surface exposed through AJAX handlers. With 21 AJAX handlers and none of them protected by authentication checks, any unauthenticated user could potentially trigger these functions, leading to serious security implications. While the plugin shows good practices in its use of prepared statements for SQL queries and output escaping, the lack of authorization on its AJAX endpoints significantly outweighs these strengths. The absence of any recorded vulnerability history is positive, suggesting a potentially diligent development team or good fortune, but it does not negate the immediate risks posed by the current code. The presence of the `unserialize` function is also a point of concern, as it can be a vector for deserialization vulnerabilities if not handled with extreme care, especially when processing user-supplied data.

Key Concerns

  • 21 unprotected AJAX handlers
  • Use of unserialize function
Vulnerabilities
None known

MyWorks Sync for WooCommerce & Xero Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

MyWorks Sync for WooCommerce & Xero Code Analysis

Dangerous Functions
8
Raw SQL Queries
37
208 prepared
Unescaped Output
98
863 escaped
Nonce Checks
29
Capability Checks
5
File Operations
0
External Requests
4
Bundled Libraries
1

Dangerous Functions Found

unserialize$extra = unserialize($extra);admin\class-myworks-woo-sync-for-xero-admin.php:729
unserialize$ext_data = unserialize($ext_data);admin\partials\map-pages\cf-map.php:137
unserialize$ltd = @unserialize($ltd);includes\class-functions\class-core-functions.php:2211
unserialize$_ppcp_paypal_fees = unserialize($invoice_data['_ppcp_paypal_fees']);includes\class-functions\class-core-functions.php:2312
unserialize$X_Data = @unserialize($X_Data);includes\class-functions\class-core-functions.php:2407
unserialize$wcfm_ext_data = unserialize($wcfm_ext_data);includes\class-functions\class-core-functions.php:2810
unserialize$localkeyresults = unserialize($localdata);includes\class-lib.php:890
unserialize$olim_csd = @unserialize($wv);includes\class-lib.php:2352

Bundled Libraries

Select2

SQL Query Safety

85% prepared245 total queries

Output Escaping

90% escaped961 total outputs
Data Flows
All sanitized

Data Flow Analysis

1 flows
<class-core-functions> (includes\class-functions\class-core-functions.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
21 unprotected

MyWorks Sync for WooCommerce & Xero Attack Surface

Entry Points21
Unprotected21

AJAX Handlers 21

authwp_ajax_myworks_wc_xero_sync_check_licenseincludes\class-myworks-woo-sync-for-xero.php:225
authwp_ajax_myworks_wc_xero_sync_del_license_local_keyincludes\class-myworks-woo-sync-for-xero.php:226
authwp_ajax_myworks_wc_xero_sync_refresh_log_chartincludes\class-myworks-woo-sync-for-xero.php:229
authwp_ajax_myworks_wc_xero_sync_save_xero_c_keyincludes\class-myworks-woo-sync-for-xero.php:232
authwp_ajax_myworks_wc_xero_sync_quick_refresh_cpincludes\class-myworks-woo-sync-for-xero.php:235
authwp_ajax_myworks_wc_xero_sync_quick_refresh_customersincludes\class-myworks-woo-sync-for-xero.php:236
authwp_ajax_myworks_wc_xero_sync_quick_refresh_productsincludes\class-myworks-woo-sync-for-xero.php:237
authwp_ajax_myworks_wc_xero_sync_clear_all_mappingsincludes\class-myworks-woo-sync-for-xero.php:240
authwp_ajax_myworks_wc_xero_sync_clear_customer_mappingsincludes\class-myworks-woo-sync-for-xero.php:241
authwp_ajax_myworks_wc_xero_sync_clear_product_mappingsincludes\class-myworks-woo-sync-for-xero.php:242
authwp_ajax_myworks_wc_xero_sync_clear_variation_mappingsincludes\class-myworks-woo-sync-for-xero.php:243
authwp_ajax_myworks_wc_xero_sync_clear_all_logsincludes\class-myworks-woo-sync-for-xero.php:246
authwp_ajax_myworks_wc_xero_sync_clear_all_log_errorsincludes\class-myworks-woo-sync-for-xero.php:247
authwp_ajax_myworks_wc_xero_sync_clear_all_pending_queuesincludes\class-myworks-woo-sync-for-xero.php:250
authwp_ajax_myworks_wc_xero_sync_clear_all_queuesincludes\class-myworks-woo-sync-for-xero.php:251
authwp_ajax_myworks_wc_xero_sync_automap_customers_wf_xfincludes\class-myworks-woo-sync-for-xero.php:254
authwp_ajax_myworks_wc_xero_sync_automap_products_wf_xfincludes\class-myworks-woo-sync-for-xero.php:255
authwp_ajax_myworks_wc_xero_sync_automap_variations_wf_xfincludes\class-myworks-woo-sync-for-xero.php:256
authwp_ajax_myworks_wc_xero_sync_windowincludes\class-myworks-woo-sync-for-xero.php:259
authwp_ajax_myworks_wc_xero_sync_order_sync_status_listincludes\class-myworks-woo-sync-for-xero.php:262
authwp_ajax_myworks_wc_xero_sync_order_invoice_pdfincludes\class-myworks-woo-sync-for-xero.php:265
WordPress Hooks 33
filtermanage_woocommerce_page_wc-orders_columnsadmin\class-myworks-woo-sync-for-xero-admin.php:1065
actionmanage_woocommerce_page_wc-orders_custom_columnadmin\class-myworks-woo-sync-for-xero-admin.php:1066
filtermanage_edit-shop_order_columnsadmin\class-myworks-woo-sync-for-xero-admin.php:1069
actionmanage_shop_order_posts_custom_columnadmin\class-myworks-woo-sync-for-xero-admin.php:1070
actionadmin_headadmin\class-myworks-woo-sync-for-xero-admin.php:1074
actionadmin_footeradmin\class-myworks-woo-sync-for-xero-admin.php:1077
actionadd_meta_boxesadmin\class-myworks-woo-sync-for-xero-admin.php:1080
actionshutdownincludes\class-functions\class-session-handler.php:28
actionwp_logoutincludes\class-functions\class-session-handler.php:29
filternonce_user_logged_outincludes\class-functions\class-session-handler.php:33
actionplugins_loadedincludes\class-myworks-woo-sync-for-xero.php:147
actioninitincludes\class-myworks-woo-sync-for-xero.php:164
actionadmin_initincludes\class-myworks-woo-sync-for-xero.php:165
actionadmin_enqueue_scriptsincludes\class-myworks-woo-sync-for-xero.php:168
actionadmin_enqueue_scriptsincludes\class-myworks-woo-sync-for-xero.php:169
actionadmin_menuincludes\class-myworks-woo-sync-for-xero.php:172
actionwoocommerce_new_orderincludes\class-myworks-woo-sync-for-xero.php:176
actionwoocommerce_order_status_cancelledincludes\class-myworks-woo-sync-for-xero.php:195
actionwoocommerce_order_refundedincludes\class-myworks-woo-sync-for-xero.php:198
actionwoocommerce_payment_completeincludes\class-myworks-woo-sync-for-xero.php:201
actionwoocommerce_process_product_metaincludes\class-myworks-woo-sync-for-xero.php:204
actionwoocommerce_save_product_variationincludes\class-myworks-woo-sync-for-xero.php:207
actionpost_updatedincludes\class-myworks-woo-sync-for-xero.php:212
actionwoocommerce_delete_product_variationincludes\class-myworks-woo-sync-for-xero.php:216
actiondelete_postincludes\class-myworks-woo-sync-for-xero.php:217
actionwp_trash_postincludes\class-myworks-woo-sync-for-xero.php:218
filtercron_schedulesincludes\class-myworks-woo-sync-for-xero.php:221
actionwp_enqueue_scriptsincludes\class-myworks-woo-sync-for-xero.php:280
actionwp_enqueue_scriptsincludes\class-myworks-woo-sync-for-xero.php:281
actioninitincludes\class-myworks-woo-sync-for-xero.php:283
filterquery_varsincludes\class-myworks-woo-sync-for-xero.php:284
actionparse_requestincludes\class-myworks-woo-sync-for-xero.php:285
actionbefore_woocommerce_initmyworks-sync-for-xero.php:51
Maintenance & Trust

MyWorks Sync for WooCommerce & Xero Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 13, 2026
PHP min version5.6
Downloads62K

Community Trust

Rating100/100
Number of ratings2
Active installs700
Alternatives

MyWorks Sync for WooCommerce & Xero Alternatives

Sync orders with Xero from WooCommerce – Xelation

Sync orders with Xero from WooCommerce – Xelation

xelation

A
100

Automatically sync your WooCommerce orders with Xero along with payments, contacts & inventory.

80 No CVEs
Parex Bridge for Quickbooks & Xero

Parex Bridge for Quickbooks & Xero

parex-bridge-for-quickbooks-xero

A
100

Parex Bridge for QuickBooks & Xero Plugin allows you to quickly integrate WooCommerce Order information with QuickBooks Online or Xero

90 No CVEs
Data Sync for Xero by Wbsync

Data Sync for Xero by Wbsync

data-sync-x-by-wbsync

A
85

Automatically sync your data, like orders and inventory, from WooCommerce to Xero.

100 No CVEs
Vibe BuddyPress WooCommerce

Vibe BuddyPress WooCommerce

vibe-buddypress-woocommerce

A
85

Vibe BuddyPress WooCommerce helps users to Sync the Buddypress Profile Fields with Woocommerce billing and shipping fields.

100 No CVEs
HarmonyUser Sync – Sync Users & Customers Across Multiple Sites

HarmonyUser Sync – Sync Users & Customers Across Multiple Sites

wowown-harmony-user-sync

A
100

Effortlessly synchronize WordPress users and WooCommerce customers across multiple websites securely and reliably.

10 No CVEs
Developer Profile

MyWorks Sync for WooCommerce & Xero Developer Profile

MyWorks

3 plugins · 6K total installs

91
trust score
Avg Security Score
95/100
Avg Patch Time
8 days
View full developer profile
Detection Fingerprints

How We Detect MyWorks Sync for WooCommerce & Xero

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/myworks-sync-for-xero/admin/css/bootstrap.min.css/wp-content/plugins/myworks-sync-for-xero/admin/css/connection-page.css/wp-content/plugins/myworks-sync-for-xero/admin/css/select2.min.css/wp-content/plugins/myworks-sync-for-xero/admin/css/bootstrap-switch.css/wp-content/plugins/myworks-sync-for-xero/admin/css/toggle-switch.css/wp-content/plugins/myworks-sync-for-xero/admin/css/wc-widget-css.css/wp-content/plugins/myworks-sync-for-xero/admin/css/myworks-sync-for-xero-admin.css
Version Parameters
myworks-sync-for-xero/css/wc-widget-css.css?ver=myworks-sync-for-xero/css/myworks-sync-for-xero-admin.css?ver=myworks-sync-for-xero/css/bootstrap.min.css?ver=myworks-sync-for-xero/css/connection-page.css?ver=myworks-sync-for-xero/css/select2.min.css?ver=myworks-sync-for-xero/css/bootstrap-switch.css?ver=myworks-sync-for-xero/css/toggle-switch.css?ver=

HTML / DOM Fingerprints

CSS Classes
myworks-sync-for-xero-admin
HTML Comments
<!-- HPOS compatibility declare -->
Data Attributes
data-plugin-name="myworks-sync-for-xero"data-plugin-version="1.3.2"
JS Globals
MWXS_LMWXS_A
FAQ

Frequently Asked Questions about MyWorks Sync for WooCommerce & Xero