WP-Safety

Product Catalog Feed by PixelYourSite Security & Risk Analysis

wordpress.org/plugins/product-catalog-feed

WooCommerce auto-updated XML feeds for Facebook Product Catalogs (Dynamic Product Ads, Facebook Shops, Instagram), Google Merchant, and Pinterest Cata …

8K active installs v2.2.0 PHP + WP 3.0.1+ Updated Oct 15, 2023
facebook-product-catalog-feedproduct-catalog-woocommercewoocommerce-feedwoocommerce-xml-feedxml-feed
84
B · Generally Safe
CVEs total3
Unpatched0
Last CVEDec 5, 2023
Plugin page Download
Safety Verdict

Is Product Catalog Feed by PixelYourSite Safe to Use in 2026?

Mostly Safe

Score 84/100

Product Catalog Feed by PixelYourSite is generally safe to use though it hasn't been updated recently. 3 past CVEs were resolved.

3 known CVEsLast CVE: Dec 5, 2023Updated 2yr ago
Risk Assessment

The "product-catalog-feed" plugin v2.2.0 exhibits a mixed security posture. While it demonstrates some good practices, such as using prepared statements for a majority of its SQL queries and including a reasonable number of nonce and capability checks, there are significant areas of concern. The presence of 10 AJAX handlers, with 2 lacking authentication checks, presents a notable attack surface. Furthermore, the taint analysis reveals 5 high-severity flows with unsanitized paths, indicating a potential for data manipulation or execution vulnerabilities if these flows are triggered by untrusted input. The use of dangerous functions like `unserialize` and `create_function` also raises red flags, as these can be exploited if input is not rigorously sanitized. The plugin's vulnerability history, with 3 medium-severity CVEs in the past, primarily related to CSRF and XSS, suggests a pattern of past security weaknesses that, while currently patched, warrant attention. The past issues and the current taint analysis findings highlight a need for more robust input validation and sanitization. Overall, while the plugin isn't critically flawed, the combination of unprotected entry points, high-severity taint flows, and historical vulnerabilities suggests a medium-to-high risk profile that requires careful monitoring and potential remediation.

Key Concerns

  • Unprotected AJAX handlers
  • High severity taint flows
  • Use of dangerous functions
  • Low output escaping percentage
  • Medium severity CVEs in history
Vulnerabilities
3 published

Product Catalog Feed by PixelYourSite Security Vulnerabilities

CVEs by Year

3 CVEs in 2023
2023
Patched Has unpatched

Severity Breakdown

Medium
3

3 total CVEs

CVE-2023-49824medium · 4.3Cross-Site Request Forgery (CSRF)

Product Catalog Feed by PixelYourSite <= 2.1.1 - Cross-Site Request Forgery

Dec 5, 2023 Patched in 2.2.0 (49d)
CVE-2023-1805medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product Catalog Feed by PixelYourSite <= 2.1.0 - Reflected Cross-Site Scripting via 'page'

Apr 10, 2023 Patched in 2.1.1 (288d)
CVE-2023-1804medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product Catalog Feed by PixelYourSite <= 2.1.0 - Reflected Cross-Site Scripting via 'edit'

Apr 10, 2023 Patched in 2.1.1 (288d)
Version History

Product Catalog Feed by PixelYourSite Release Timeline

v2.2.0Current
v2.1.11 CVE
CVE-2023-49824
v2.0.13 CVEs
CVE-2023-49824 CVE-2023-1805 CVE-2023-1804
v2.0.03 CVEs
CVE-2023-49824 CVE-2023-1805 CVE-2023-1804
v1.0.53 CVEs
CVE-2023-49824 CVE-2023-1805 CVE-2023-1804
v1.0.43 CVEs
CVE-2023-49824 CVE-2023-1805 CVE-2023-1804
v1.0.33 CVEs
CVE-2023-49824 CVE-2023-1805 CVE-2023-1804
v1.0.13 CVEs
CVE-2023-49824 CVE-2023-1805 CVE-2023-1804
v1.03 CVEs
CVE-2023-49824 CVE-2023-1805 CVE-2023-1804
Code Analysis
Analyzed Mar 16, 2026

Product Catalog Feed by PixelYourSite Code Analysis

Dangerous Functions
11
Raw SQL Queries
11
19 prepared
Unescaped Output
178
68 escaped
Nonce Checks
14
Capability Checks
4
File Operations
41
External Requests
1
Bundled Libraries
0

Dangerous Functions Found

unserialize$result = unserialize($result);inc\admin.php:68
unserialize$d = unserialize($data['wpwoofgoogle'][0]);inc\generate-feed.php:335
unserialize$mainMeta = unserialize($mainMeta);inc\generate-feed.php:2570
unserialize$extrameda = unserialize($extrameda);inc\generate-feed.php:2581
unserialize$fieldData = (!empty($field_params['field_obj']->post_content)) ? unserialize($field_params['field_oinc\rapid-addon.php:551
unserializeself::schedule_feed( unserialize( $value['option_value'] ) );product-catalog-feed.php:427
unserializeself::schedule_feed(unserialize($value['option_value']));product-catalog-feed.php:665
create_functionadd_action('admin_notices', create_function('', 'echo "' . $message . '";'), 9999);product-catalog-feed.php:755
unserialize$itemInfo = unserialize($item['option_value']);view\admin\feed-manage-list.php:67
unserialize$feedInfo = unserialize(get_option($option_name));view\admin\feed-manage-list.php:289
unserialize$itemInfo = unserialize($item['option_value']);view\admin\feed-manage-list.php:329

SQL Query Safety

63% prepared30 total queries

Output Escaping

28% escaped246 total outputs
Data Flows · Security
8 unsanitized

Data Flow Analysis

11 flows8 with unsanitized paths
<admin> (inc\admin.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Product Catalog Feed by PixelYourSite Attack Surface

Entry Points10
Unprotected2

AJAX Handlers 10

authwp_ajax_wpwoofgtaxonmyinc\admin.php:145
authwp_ajax_wpwoofcategoriesinc\admin.php:205
authwp_ajax_wpwoof_dismiss_admin_noticeinc\admin_notices.php:38
authwp_ajax_set_wpwoof_disable_statusproduct-catalog-feed.php:462
authwp_ajax_set_wpwoof_categoryproduct-catalog-feed.php:463
authwp_ajax_set_wpwoof_scheduleproduct-catalog-feed.php:464
authwp_ajax_set_wpwoof_global_dataproduct-catalog-feed.php:465
authwp_ajax_wpwoof_check_feed_nameproduct-catalog-feed.php:466
authwp_ajax_wpwoof_addfeed_submitproduct-catalog-feed.php:467
authwp_ajax_wpwoof_statusproduct-catalog-feed.php:468
WordPress Hooks 42
actionadmin_noticesinc\admin_notices.php:7
actionplugins_loadedinc\common.php:82
actionadmin_footerinc\feed-list-table.php:156
actionadmin_initinc\import-addon.php:65
filterpmxi_addonsinc\rapid-addon.php:144
filterwp_all_import_addon_parseinc\rapid-addon.php:145
filterwp_all_import_addon_importinc\rapid-addon.php:146
filterwp_all_import_addon_saved_postinc\rapid-addon.php:147
filterpmxi_options_optionsinc\rapid-addon.php:148
filterwp_all_import_image_sectionsinc\rapid-addon.php:149
filterpmxi_custom_typesinc\rapid-addon.php:150
filterpmxi_post_list_orderinc\rapid-addon.php:151
filterwp_all_import_post_type_imageinc\rapid-addon.php:152
actionpmxi_extend_options_featuredinc\rapid-addon.php:153
actionadmin_initinc\rapid-addon.php:154
filterwp_all_import_acf_is_show_groupinc\rapid-addon.php:219
filterwp_all_import_is_show_add_new_imagesinc\rapid-addon.php:912
filterwp_all_import_is_allow_import_imagesinc\rapid-addon.php:915
filterwp_all_import_is_images_section_enabledinc\rapid-addon.php:958
actionadmin_noticesinc\rapid-addon.php:1153
actionupgrader_process_completeproduct-catalog-feed.php:207
actioninitproduct-catalog-feed.php:209
actionadmin_initproduct-catalog-feed.php:210
actionproduct_cat_edit_form_fieldsproduct-catalog-feed.php:216
actionproduct_cat_add_form_fieldsproduct-catalog-feed.php:217
actionedited_product_catproduct-catalog-feed.php:219
actioncreate_product_catproduct-catalog-feed.php:220
filterwoocommerce_product_data_tabsproduct-catalog-feed.php:227
actionwoocommerce_product_after_variable_attributesproduct-catalog-feed.php:232
actionwoocommerce_process_product_metaproduct-catalog-feed.php:233
actionwoocommerce_save_product_variationproduct-catalog-feed.php:234
actionadmin_menuproduct-catalog-feed.php:237
actionadmin_enqueue_scriptsproduct-catalog-feed.php:238
filtercron_schedulesproduct-catalog-feed.php:240
actionwpwoof_feed_updateproduct-catalog-feed.php:241
actionwpwoof_generate_feedproduct-catalog-feed.php:242
actionbefore_woocommerce_initproduct-catalog-feed.php:245
actionwoocommerce_product_data_panelsproduct-catalog-feed.php:261
actionadmin_noticesproduct-catalog-feed.php:471
actionadmin_noticesproduct-catalog-feed.php:479
actionadmin_noticesproduct-catalog-feed.php:485
actionadmin_noticesproduct-catalog-feed.php:755

Scheduled Events 6

wpwoof_generate_feed
wpwoof_generate_feed
wpwoof_feed_update
wpwoof_feed_update
wpwoof_feed_update
wpwoof_generate_feed
Maintenance & Trust

Product Catalog Feed by PixelYourSite Maintenance & Trust

Maintenance Signals

WordPress version tested6.3.8
Last updatedOct 15, 2023
PHP min version
Downloads84K

Community Trust

Rating64/100
Number of ratings11
Active installs8K
Alternatives

Product Catalog Feed by PixelYourSite Alternatives

GG Woo Feed for WooCommerce Shopping Feed on Google and Other Channels

GG Woo Feed for WooCommerce Shopping Feed on Google and Other Channels

gg-woo-feed

A
99

No #1 WooCommerce Feed Generator Creates product feed for marketing channel Google Shopping Merchant, Meta Remarketing, Printerest and Others Channels

1K 2 CVEs
Product XML Feed Manager for WooCommerce – Google Shopping, Social Sites, Skroutz & More

Product XML Feed Manager for WooCommerce – Google Shopping, Social Sites, Skroutz & More

product-xml-feeds-for-woocommerce

A
97

Create your own XML feeds to export them, utilize tens of preconfigured shortcodes for you on your WooCommerce store as per marketplace needs

1K 2 CVEs
Daisycon prijsvergelijkers

Daisycon prijsvergelijkers

daisycon

A
98

Promoot adverteerders van Daisycon eenvoudig en goed met de verschillende professionele prijsvergelijkers voor publishers.

400 2 CVEs
Product Catalog Mode For WooCommerce

Product Catalog Mode For WooCommerce

product-catalog-mode-for-woocommerce

A
100

Product Catalog Mode for WooCommerce TURN INTO your online store as CATALOG ONLY MODE hiding by product price, Add to Cart button on a single click.

100 No CVEs
Remove Product Content for WooCommerce

Remove Product Content for WooCommerce

remove-product-content-for-woocommerce

A
100

The Remove Product Content for WooCommerce plugin allows store owners to easily customize product pages by removing unwanted sections or elements.

80 No CVEs
Developer Profile

Product Catalog Feed by PixelYourSite Developer Profile

PixelYourSite

2 plugins · 508K total installs

70
trust score
Avg Security Score
87/100
Avg Patch Time
246 days
View full developer profile
Detection Fingerprints

How We Detect Product Catalog Feed by PixelYourSite

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/product-catalog-feed/assets/css/style.css/wp-content/plugins/product-catalog-feed/assets/css/magnific-popup.css/wp-content/plugins/product-catalog-feed/assets/css/bootstrap.min.css/wp-content/plugins/product-catalog-feed/assets/css/pxls-admin.css/wp-content/plugins/product-catalog-feed/assets/js/bootstrap.min.js/wp-content/plugins/product-catalog-feed/assets/js/custom.js/wp-content/plugins/product-catalog-feed/assets/js/magnific-popup.js/wp-content/plugins/product-catalog-feed/assets/js/pxls-admin.js+1 more
Script Paths
/wp-content/plugins/product-catalog-feed/assets/js/bootstrap.min.js/wp-content/plugins/product-catalog-feed/assets/js/custom.js/wp-content/plugins/product-catalog-feed/assets/js/magnific-popup.js/wp-content/plugins/product-catalog-feed/assets/js/pxls-admin.js/wp-content/plugins/product-catalog-feed/assets/js/woof-woo-products-feed.js
Version Parameters
product-catalog-feed/assets/css/style.css?ver=product-catalog-feed/assets/css/magnific-popup.css?ver=product-catalog-feed/assets/css/bootstrap.min.css?ver=product-catalog-feed/assets/css/pxls-admin.css?ver=product-catalog-feed/assets/js/bootstrap.min.js?ver=product-catalog-feed/assets/js/custom.js?ver=product-catalog-feed/assets/js/magnific-popup.js?ver=product-catalog-feed/assets/js/pxls-admin.js?ver=product-catalog-feed/assets/js/woof-woo-products-feed.js?ver=

HTML / DOM Fingerprints

CSS Classes
wpwoof_product_catalogwpwoof-admin-noticewpwoof_add_field_categorywpwoof-google-taxonomy-containerwpwoof-mpn-containerwpwoof-gtin-containerwpwoof-brand-containerwpwoof-identifier_exists-container+7 more
Data Attributes
data-wpwoof-debugdata-wpwoof-feed-id
JS Globals
wpwoof_datawoocommerce_wpwoof_common
REST Endpoints
/wp-json/wpwoof/v1/feeds
FAQ

Frequently Asked Questions about Product Catalog Feed by PixelYourSite