WP-Safety

Product Import Export for WooCommerce – Import Export Product CSV Suite Security & Risk Analysis

wordpress.org/plugins/product-import-export-for-woo

Easily import/export WooCommerce products (simple, grouped, external/affiliate) via CSV. Transfer product data, including images, reviews, categories, …

90K active installs v2.6.2 PHP 5.6+ WP 3.0+ Updated Mar 10, 2026
csv-import-exportexport-woocommerce-productsproduct-exportproduct-importwoocommerce-product-import
94
A · Safe
CVEs total7
Unpatched0
Last CVEMar 25, 2025
Plugin page Download
Safety Verdict

Is Product Import Export for WooCommerce – Import Export Product CSV Suite Safe to Use in 2026?

Generally Safe

Score 94/100

Product Import Export for WooCommerce – Import Export Product CSV Suite has a strong security track record. Known vulnerabilities have been patched promptly.

7 known CVEsLast CVE: Mar 25, 2025Updated 24d ago
Risk Assessment

The 'product-import-export-for-woo' plugin v2.6.2 presents a mixed security posture. While it demonstrates good practices in areas like SQL query preparation (92%) and output escaping (93%), significant concerns arise from its attack surface and past vulnerability history.

A notable area of concern is the presence of 16 AJAX handlers, with a significant 7 of these lacking proper authentication checks. This directly contributes to a higher risk of unauthorized actions. The taint analysis also highlights two high-severity flows, indicating potential vulnerabilities that could be exploited if not properly handled. The use of `unserialize` is a known dangerous function, and while the number of flows analyzed is small, it warrants careful scrutiny.

The plugin's vulnerability history is a significant red flag. With 7 known CVEs, including 4 high-severity and 2 medium-severity ones, it suggests a pattern of recurring security weaknesses. The common vulnerability types listed (Deserialization, SSRF, Path Traversal, Unrestricted Upload, Missing Authorization) are critical and can lead to severe compromises. The fact that all previously disclosed vulnerabilities are marked as patched is a positive sign, but the sheer number and severity of past issues indicate a persistent need for vigilance and robust security development practices.

Key Concerns

  • AJAX handlers without authentication
  • High severity taint flows
  • Dangerous function 'unserialize'
  • High number of total CVEs
  • High severity vulnerabilities in history
  • Medium severity vulnerabilities in history
  • Common vulnerability types (Deserialization, SSRF, Path Traversal, Upload, Auth)
Vulnerabilities
7

Product Import Export for WooCommerce – Import Export Product CSV Suite Security Vulnerabilities

CVEs by Year

1 CVE in 2020
2020
2 CVEs in 2024
2024
4 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

High
4
Medium
2
Low
1

7 total CVEs

CVE-2025-1913high · 7.2Deserialization of Untrusted Data

Product Import Export for WooCommerce <= 2.5.0 - Authenticated (Admin+) PHP Object Injection via form_data Parameter

Mar 25, 2025 Patched in 2.5.1 (255d)
CVE-2025-1912high · 7.6Server-Side Request Forgery (SSRF)

Product Import Export for WooCommerce <= 2.5.0 - Authenticated (Administrator+) Server-Side Request Forgery via validate_file Function

Mar 25, 2025 Patched in 2.5.1 (1d)
CVE-2025-1911low · 2.7External Control of File Name or Path

Product Import Export for WooCommerce <= 2.5.0 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Deletion via admin_log_page Function

Mar 25, 2025 Patched in 2.5.1 (1d)
CVE-2025-1769medium · 4.9Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Product Import Export for WooCommerce <= 2.5.0 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Read via download_file Function

Mar 25, 2025 Patched in 2.5.1 (1d)
CVE-2024-30231high · 7.2Unrestricted Upload of File with Dangerous Type

Product Import Export for WooCommerce <= 2.4.1 - Authenticated(Shop Manager+) Arbitrary File Upload

Mar 26, 2024 Patched in 2.4.2 (2d)
CVE-2024-22152high · 7.2Unrestricted Upload of File with Dangerous Type

Product Import Export for WooCommerce <= 2.3.7 - Authenticated(Shop Manager+) Arbitrary File Upload via upload_import_file

Jan 16, 2024 Patched in 2.3.8 (7d)
CVE-2020-12074medium · 4.3Missing Authorization

Product Import Export for WooCommerce <= 1.7.4 - Missing Authorization to CSV Import

Mar 11, 2020 Patched in 1.7.5 (1413d)
Code Analysis
Analyzed Mar 16, 2026

Product Import Export for WooCommerce – Import Export Product CSV Suite Code Analysis

Dangerous Functions
1
Raw SQL Queries
8
96 prepared
Unescaped Output
76
1059 escaped
Nonce Checks
15
Capability Checks
7
File Operations
37
External Requests
5
Bundled Libraries
1

Dangerous Functions Found

unserialize$comment_parent_session= unserialize( get_option( 'wf_prod_review_alter_id'));admin\modules\product_review\import\import.php:398

Bundled Libraries

Select2

SQL Query Safety

92% prepared104 total queries

Output Escaping

93% escaped1135 total outputs
Data Flows
9 unsanitized

Data Flow Analysis

14 flows9 with unsanitized paths
download_file (admin\modules\export\export.php:902)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
7 unprotected

Product Import Export for WooCommerce – Import Export Product CSV Suite Attack Surface

Entry Points16
Unprotected7

AJAX Handlers 16

authwp_ajax_wbte_ema_banner_analytics_page_dismissadmin\banner\class-wbte-ema-banner.php:46
authwp_ajax_wbte_sc_hide_promotion_banneradmin\banner\class-wt-bfcm-twenty-twenty-five.php:91
authwp_ajax_wt_p_iew_dismiss_cta_banner_default_pageadmin\banner\class-wt-p-iew-cta-banner-default-page.php:22
authwp_ajax_wt_piew_top_header_loadedadmin\class-wt-import-export-for-woo-admin.php:80
authwp_ajax_wt_dismiss_product_ie_cta_banneradmin\cross-promotion-banners\class-wt-p-iew-cta-banner.php:32
authwp_ajax_wt_dismiss_invoice_cta_banneradmin\cross-promotion-banners\class-wt-pklist-cta-banner.php:31
authwp_ajax_wt_dismiss_smart_coupon_cta_banneradmin\cross-promotion-banners\class-wt-smart-coupon-cta-banner.php:30
authwp_ajax_iew_export_ajax_basicadmin\modules\export\export.php:109
authwp_ajax_iew_export_dismiss_adbanneradmin\modules\export\export.php:118
authwp_ajax_iew_history_ajax_basicadmin\modules\history\history.php:60
authwp_ajax_iew_import_ajax_basicadmin\modules\import\import.php:104
authwp_ajax_wt_iew_request_a_featureadmin\modules\request_feature\request_feature.php:27
authwp_ajax_wt_iew_dismiss_wc_pages_bannerclass-wt-product-review-request.php:118
authwp_ajax_pipe_submit_uninstall_reasonincludes\class-wf-prodimpexp-plugin-uninstall-feedback.php:11
authwp_ajax_wt_iew_save_settings_basicincludes\class-wt-import-export-for-woo.php:232
authwp_ajax_wt_iew_delete_templateincludes\class-wt-import-export-for-woo.php:233
WordPress Hooks 123
actionadmin_enqueue_scriptsadmin\banner\class-wbte-ema-banner.php:44
actionadmin_footeradmin\banner\class-wbte-ema-banner.php:45
actionadmin_initadmin\banner\class-wbte-ema-banner.php:181
actionadmin_enqueue_scriptsadmin\banner\class-wt-bfcm-twenty-twenty-five.php:80
actionadmin_noticesadmin\banner\class-wt-bfcm-twenty-twenty-five.php:83
actionadmin_head-edit.phpadmin\banner\class-wt-bfcm-twenty-twenty-five.php:88
actionadmin_footeradmin\banner\class-wt-p-iew-cta-banner-default-page.php:21
actionadmin_print_scriptsadmin\class-wt-import-export-for-woo-admin.php:77
actionadmin_enqueue_scriptsadmin\cross-promotion-banners\class-wt-p-iew-cta-banner.php:30
actionadd_meta_boxesadmin\cross-promotion-banners\class-wt-p-iew-cta-banner.php:31
actionadmin_enqueue_scriptsadmin\cross-promotion-banners\class-wt-pklist-cta-banner.php:29
actionadd_meta_boxesadmin\cross-promotion-banners\class-wt-pklist-cta-banner.php:30
actionadmin_enqueue_scriptsadmin\cross-promotion-banners\class-wt-smart-coupon-cta-banner.php:28
actionadd_meta_boxesadmin\cross-promotion-banners\class-wt-smart-coupon-cta-banner.php:29
filterwt_iew_advanced_setting_fields_basicadmin\modules\export\export.php:103
filterwt_iew_admin_menu_basicadmin\modules\export\export.php:112
actionadmin_initadmin\modules\export\export.php:115
filterwt_iew_admin_menu_basicadmin\modules\history\history.php:54
filterwt_iew_advanced_setting_fields_basicadmin\modules\history\history.php:57
actionwt_iew_after_advanced_setting_update_basicadmin\modules\history\history.php:63
actionadmin_initadmin\modules\history\history.php:66
filterwt_iew_advanced_setting_fields_basicadmin\modules\import\import.php:98
filterwt_iew_admin_menu_basicadmin\modules\import\import.php:107
filterwpml_query_languageadmin\modules\product\export\export.php:139
filterhttps_ssl_verifyadmin\modules\product\import\import.php:1970
filterintermediate_image_sizesadmin\modules\product\import\import.php:1972
filterwt_iew_exporter_post_types_basicadmin\modules\product\product.php:58
filterwt_iew_importer_post_types_basicadmin\modules\product\product.php:59
filterwt_iew_exporter_alter_filter_fields_basicadmin\modules\product\product.php:61
filterwt_iew_exporter_alter_mapping_fields_basicadmin\modules\product\product.php:63
filterwt_iew_importer_alter_mapping_fields_basicadmin\modules\product\product.php:64
filterwt_iew_exporter_alter_advanced_fields_basicadmin\modules\product\product.php:66
filterwt_iew_importer_alter_advanced_fields_basicadmin\modules\product\product.php:67
filterwt_iew_exporter_alter_meta_mapping_fields_basicadmin\modules\product\product.php:69
filterwt_iew_importer_alter_meta_mapping_fields_basicadmin\modules\product\product.php:70
filterwt_iew_exporter_alter_mapping_enabled_fields_basicadmin\modules\product\product.php:72
filterwt_iew_importer_alter_mapping_enabled_fields_basicadmin\modules\product\product.php:73
filterwt_iew_exporter_do_export_basicadmin\modules\product\product.php:75
filterwt_iew_importer_do_import_basicadmin\modules\product\product.php:76
filterwt_iew_importer_steps_basicadmin\modules\product\product.php:78
actionadmin_footer-edit.phpadmin\modules\product\product.php:80
actionload-edit.phpadmin\modules\product\product.php:81
filterwt_iew_exporter_post_types_basicadmin\modules\product_categories\product_categories.php:48
filterwt_iew_importer_post_types_basicadmin\modules\product_categories\product_categories.php:49
filterwt_iew_exporter_alter_filter_fields_basicadmin\modules\product_categories\product_categories.php:51
filterwt_iew_exporter_alter_mapping_fields_basicadmin\modules\product_categories\product_categories.php:53
filterwt_iew_importer_alter_mapping_fields_basicadmin\modules\product_categories\product_categories.php:54
filterwt_iew_exporter_alter_advanced_fields_basicadmin\modules\product_categories\product_categories.php:56
filterwt_iew_importer_alter_advanced_fields_basicadmin\modules\product_categories\product_categories.php:57
filterwt_iew_exporter_alter_meta_mapping_fields_basicadmin\modules\product_categories\product_categories.php:59
filterwt_iew_importer_alter_meta_mapping_fields_basicadmin\modules\product_categories\product_categories.php:60
filterwt_iew_exporter_alter_mapping_enabled_fields_basicadmin\modules\product_categories\product_categories.php:62
filterwt_iew_importer_alter_mapping_enabled_fields_basicadmin\modules\product_categories\product_categories.php:63
filterwt_iew_exporter_do_export_basicadmin\modules\product_categories\product_categories.php:65
filterwt_iew_importer_do_import_basicadmin\modules\product_categories\product_categories.php:66
filterwt_iew_importer_steps_basicadmin\modules\product_categories\product_categories.php:68
filterwt_iew_exporter_post_types_basicadmin\modules\product_review\product_review.php:48
filterwt_iew_importer_post_types_basicadmin\modules\product_review\product_review.php:49
filterwt_iew_exporter_alter_filter_fields_basicadmin\modules\product_review\product_review.php:51
filterwt_iew_exporter_alter_mapping_fields_basicadmin\modules\product_review\product_review.php:53
filterwt_iew_importer_alter_mapping_fields_basicadmin\modules\product_review\product_review.php:54
filterwt_iew_exporter_alter_advanced_fields_basicadmin\modules\product_review\product_review.php:56
filterwt_iew_importer_alter_advanced_fields_basicadmin\modules\product_review\product_review.php:57
filterwt_iew_exporter_alter_meta_mapping_fields_basicadmin\modules\product_review\product_review.php:59
filterwt_iew_importer_alter_meta_mapping_fields_basicadmin\modules\product_review\product_review.php:60
filterwt_iew_exporter_alter_mapping_enabled_fields_basicadmin\modules\product_review\product_review.php:62
filterwt_iew_importer_alter_mapping_enabled_fields_basicadmin\modules\product_review\product_review.php:63
filterwt_iew_exporter_do_export_basicadmin\modules\product_review\product_review.php:65
filterwt_iew_importer_do_import_basicadmin\modules\product_review\product_review.php:66
filterwt_iew_importer_steps_basicadmin\modules\product_review\product_review.php:68
filterwt_iew_exporter_post_types_basicadmin\modules\product_tags\product_tags.php:48
filterwt_iew_importer_post_types_basicadmin\modules\product_tags\product_tags.php:49
filterwt_iew_exporter_alter_filter_fields_basicadmin\modules\product_tags\product_tags.php:51
filterwt_iew_exporter_alter_mapping_fields_basicadmin\modules\product_tags\product_tags.php:53
filterwt_iew_importer_alter_mapping_fields_basicadmin\modules\product_tags\product_tags.php:54
filterwt_iew_exporter_alter_advanced_fields_basicadmin\modules\product_tags\product_tags.php:56
filterwt_iew_importer_alter_advanced_fields_basicadmin\modules\product_tags\product_tags.php:57
filterwt_iew_exporter_alter_meta_mapping_fields_basicadmin\modules\product_tags\product_tags.php:59
filterwt_iew_importer_alter_meta_mapping_fields_basicadmin\modules\product_tags\product_tags.php:60
filterwt_iew_exporter_alter_mapping_enabled_fields_basicadmin\modules\product_tags\product_tags.php:62
filterwt_iew_importer_alter_mapping_enabled_fields_basicadmin\modules\product_tags\product_tags.php:63
filterwt_iew_exporter_do_export_basicadmin\modules\product_tags\product_tags.php:65
filterwt_iew_importer_do_import_basicadmin\modules\product_tags\product_tags.php:66
filterwt_iew_importer_steps_basicadmin\modules\product_tags\product_tags.php:68
actionadmin_enqueue_scriptsadmin\modules\request_feature\request_feature.php:24
actionwt_iew_plugin_settings_after_wrapadmin\modules\request_feature\request_feature.php:25
actionadmin_footeradmin\modules\request_feature\request_feature.php:26
filterwp_kses_allowed_htmladmin\wt-ds\class-wbte-ds.php:115
actionadmin_enqueue_scriptsadmin\wt-ds\class-wbte-ds.php:118
filterwp_kses_allowed_htmladmin\wt-ds\icons\class-wbte-ds.php:115
actionadmin_enqueue_scriptsadmin\wt-ds\icons\class-wbte-ds.php:118
actionadmin_noticesclass-wt-product-review-request.php:73
actioninitclass-wt-product-review-request.php:89
actionadmin_noticesclass-wt-product-review-request.php:106
actionadmin_print_footer_scriptsclass-wt-product-review-request.php:107
actionwt_iew_import_completeclass-wt-product-review-request.php:113
actionwt_iew_export_completeclass-wt-product-review-request.php:114
actionadmin_noticesclass-wt-product-review-request.php:117
actionadmin_noticeshelpers\class-wt-common-helper.php:75
actionadmin_footerincludes\class-wf-prodimpexp-plugin-uninstall-feedback.php:10
actioninitincludes\class-wt-import-export-for-woo.php:219
actionadmin_menuincludes\class-wt-import-export-for-woo.php:242
actionadmin_enqueue_scriptsincludes\class-wt-import-export-for-woo.php:245
actionadmin_enqueue_scriptsincludes\class-wt-import-export-for-woo.php:246
actionexport_filtersincludes\class-wt-import-export-for-woo.php:248
actioninitincludes\class-wt-import-export-for-woo.php:251
filterwt_bfcm_banner_screensincludes\class-wt-import-export-for-woo.php:258
actionwp_enqueue_scriptsincludes\class-wt-import-export-for-woo.php:271
actionwp_enqueue_scriptsincludes\class-wt-import-export-for-woo.php:272
actionadmin_noticesincludes\class-wt-non-apache-info.php:26
actionadmin_print_footer_scriptsincludes\class-wt-non-apache-info.php:27
actionplugins_loadedproduct-import-export-for-woo.php:77
actionadmin_noticesproduct-import-export-for-woo.php:85
actioninitproduct-import-export-for-woo.php:155
actionadmin_print_footer_scriptsproduct-import-export-for-woo.php:185
actionin_plugin_update_message-product-import-export-for-woo/product-import-export-for-woo.phpproduct-import-export-for-woo.php:192
actionwt_product_addon_basic_help_contentproduct-import-export-for-woo.php:231
actionwt_product_addon_basic_gopro_contentproduct-import-export-for-woo.php:251
filtermanage_posts_extra_tablenavproduct-import-export-for-woo.php:293
actionadmin_headproduct-import-export-for-woo.php:298
actionbefore_woocommerce_initproduct-import-export-for-woo.php:309
actionadmin_initproduct-import-export-for-woo.php:388
actionadmin_initwt_product_import_export_welcome-script.php:7
Maintenance & Trust

Product Import Export for WooCommerce – Import Export Product CSV Suite Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 10, 2026
PHP min version5.6
Downloads4.2M

Community Trust

Rating92/100
Number of ratings411
Active installs90K
Alternatives

Product Import Export for WooCommerce – Import Export Product CSV Suite Alternatives

WP All Import – Product Import for WooCommerce

WP All Import – Product Import for WooCommerce

woocommerce-xml-csv-product-import

A
100

Drag & drop to import products from any CSV, XML, Excel, or Google Sheets file. Supports variations, images, attributes, brands, and more with pow &hellip;

20K No CVEs
WP All Export – Product Export Add-On for WooCommerce

WP All Export – Product Export Add-On for WooCommerce

product-export-for-woocommerce

A
100

Drag & drop to export products to CSV, Excel, or XML files of any format. Supports variations, images, attributes, brands, and more with powerful &hellip;

10K No CVEs
Export All Posts, Products, Orders, Refunds & Users

Export All Posts, Products, Orders, Refunds & Users

wp-ultimate-exporter

B
77

Export any WordPress website including WooCommerce data seamlessly with our powerful export plugin. Save records as CSV, XML, or Excel file for secure &hellip;

9K 9 CVEs
Import WooCommerce Suite

Import WooCommerce Suite

import-woocommerce

A
100

Use the WooCommerce Import Suite to import Products, Orders, Coupons, Customers, and Reviews with ease. Requires the WP Ultimate CSV Importer Free plu &hellip;

4K 1 CVE
Product Excel Import & Export for WooCommerce

Product Excel Import & Export for WooCommerce

woo-product-excel-importer

A
100

WordPress Plugin to Import Products and Export Products for Woocommerce in Bulk with Excel.

2K No CVEs
Developer Profile

Product Import Export for WooCommerce – Import Export Product CSV Suite Developer Profile

WebToffee

17 plugins · 377K total installs

78
trust score
Avg Security Score
98/100
Avg Patch Time
155 days
View full developer profile
Detection Fingerprints

How We Detect Product Import Export for WooCommerce – Import Export Product CSV Suite

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/product-import-export-for-woo/assets/css/wt_import_export_for_woo_admin.css/wp-content/plugins/product-import-export-for-woo/assets/css/wt_product_import_export_for_woo_basic.css/wp-content/plugins/product-import-export-for-woo/assets/css/wt_product_import_export_for_woo_welcome-screen.css/wp-content/plugins/product-import-export-for-woo/assets/js/wt_import_export_for_woo_admin.js/wp-content/plugins/product-import-export-for-woo/assets/js/wt_product_import_export_for_woo_basic.js/wp-content/plugins/product-import-export-for-woo/assets/js/wt_product_import_export_for_woo_welcome-screen.js
Script Paths
/wp-content/plugins/product-import-export-for-woo/assets/js/wt_product_import_export_for_woo_basic.js
Version Parameters
product-import-export-for-woo/assets/css/wt_product_import_export_for_woo_basic.css?ver=product-import-export-for-woo/assets/js/wt_product_import_export_for_woo_basic.js?ver=

HTML / DOM Fingerprints

CSS Classes
wt-product-update-messagewt_product_import_export_for_woo_basic_productwt_import_export_for_woo_basic_exportwt_import_export_for_woo_basic_import
JS Globals
WT_P_IEW_VERSION
FAQ

Frequently Asked Questions about Product Import Export for WooCommerce – Import Export Product CSV Suite