WP-Safety

ShopMagic for Google Sheets Security & Risk Analysis

wordpress.org/plugins/shopmagic-for-google-sheets

Integrate your WooCommerce store with Google Sheets - the most popular Spreadsheet service for free.

400 active installs v2.1.12 PHP 7.4+ WP 6.4+ Updated Mar 7, 2026
google-sheets-integrationintegrate-google-sheetswoocommerce-google-sheetswoocommerce-to-google-sheetwordpress-google-sheets
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is ShopMagic for Google Sheets Safe to Use in 2026?

Generally Safe

Score 100/100

ShopMagic for Google Sheets has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 27d ago
Risk Assessment

The "shopmagic-for-google-sheets" plugin v2.1.12 exhibits a generally good security posture with several strengths. The attack surface is minimal, with only one AJAX handler and no exposed REST API routes or shortcodes. Crucially, the static analysis indicates that this single entry point has an authentication check, which is a significant positive practice. The plugin also demonstrates good security awareness with a decent number of capability checks and nonce checks, indicating an effort to protect against common web vulnerabilities. The complete absence of known CVEs and a clean vulnerability history further contributes to a positive security assessment, suggesting active maintenance and a focus on security by the developers.

However, there are areas for improvement that introduce some level of risk. The presence of dangerous functions like `exec` and `proc_open` is a notable concern, as these can be misused for remote code execution if not handled with extreme caution and robust input sanitization. Furthermore, the plugin utilizes raw SQL queries without prepared statements, which makes it susceptible to SQL injection vulnerabilities. The static analysis did not identify any taint flows with unsanitized paths, which is reassuring, but the presence of the dangerous functions and raw SQL queries means that any future issues in these areas could become critical. The bundled Guzzle library, while common, is a potential area of risk if it's not kept up-to-date, though no specific version issues were flagged here.

In conclusion, "shopmagic-for-google-sheets" v2.1.12 is a plugin with a solid foundation in terms of attack surface management and a clean historical security record. Its minimal entry points with authentication are commendable. The primary areas of concern lie in the direct use of dangerous system functions and un-prepared SQL queries. While no immediate critical vulnerabilities were detected in this analysis, these elements represent potential weaknesses that require ongoing vigilance and best-practice remediation to ensure long-term security.

Key Concerns

  • Raw SQL queries without prepared statements
  • Dangerous functions present (exec, proc_open)
  • Bundled libraries (Guzzle)
Vulnerabilities
None known

ShopMagic for Google Sheets Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

ShopMagic for Google Sheets Code Analysis

Dangerous Functions
2
Raw SQL Queries
2
0 prepared
Unescaped Output
13
23 escaped
Nonce Checks
4
Capability Checks
7
File Operations
33
External Requests
1
Bundled Libraries
1

Dangerous Functions Found

execexec(implode(' ', $cmd), $output, $returnVar);vendor_prefixed\google\auth\src\CredentialsLoader.php:193
proc_open$this->process = proc_open($this->command, static::DESCRIPTOR_SPEC, $this->pipes, $this->cwd);vendor_prefixed\monolog\monolog\src\Monolog\Handler\ProcessHandler.php:104

Bundled Libraries

Guzzle

SQL Query Safety

0% prepared2 total queries

Output Escaping

64% escaped36 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
processAjaxNoticeDismiss (vendor_prefixed\wpdesk\wp-notice\src\WPDesk\Notice\AjaxHandler.php:72)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

ShopMagic for Google Sheets Attack Surface

Entry Points1
Unprotected0

AJAX Handlers 1

authwp_ajax_wpdesk_notice_dismissvendor_prefixed\wpdesk\wp-notice\src\WPDesk\Notice\AjaxHandler.php:42
WordPress Hooks 19
actionshopmagic/core/initialized/v2src\Plugin.php:35
actionshopmagic/core/rest/initsrc\Plugin.php:67
actionadmin_enqueue_scriptsvendor_prefixed\wpdesk\wp-builder\src\Plugin\AbstractPlugin.php:148
actionwp_enqueue_scriptsvendor_prefixed\wpdesk\wp-builder\src\Plugin\AbstractPlugin.php:149
actionadmin_enqueue_scriptsvendor_prefixed\wpdesk\wp-notice\src\WPDesk\Notice\AjaxHandler.php:41
actionadmin_noticesvendor_prefixed\wpdesk\wp-notice\src\WPDesk\Notice\Notice.php:144
actionadmin_footervendor_prefixed\wpdesk\wp-notice\src\WPDesk\Notice\Notice.php:145
filterwp_autoloader_loader_loaders_to_loadvendor_prefixed\wpdesk\wp-plugin-flow-common\src\Initialization\PluginDisablerByFileTrait.php:45
filterwp_autoloader_loader_loaders_to_createvendor_prefixed\wpdesk\wp-plugin-flow-common\src\Initialization\PluginDisablerByFileTrait.php:46
actionplugins_loadedvendor_prefixed\wpdesk\wp-plugin-flow-common\src\Initialization\Simple\SimplePaidStrategy.php:58
actionplugins_loadedvendor_prefixed\wpdesk\wp-plugin-flow-common\src\PluginBootstrap.php:81
actionbefore_woocommerce_initvendor_prefixed\wpdesk\wp-plugin-flow-common\src\PluginBootstrap.php:88
actionactivated_pluginvendor_prefixed\wpdesk\wp-plugin-flow-common\src\PluginBootstrap.php:102
filterdoing_it_wrong_trigger_errorvendor_prefixed\wpdesk\wp-plugin-flow-common\src\PluginBootstrap.php:123
actionadmin_enqueue_scriptsvendor_prefixed\wpdesk\wp-wpdesk-tracker\src\PSR\WPDesk\Tracker\Assets.php:28
actionadmin_menuvendor_prefixed\wpdesk\wp-wpdesk-tracker\src\PSR\WPDesk\Tracker\OptInPage.php:35
actionadmin_initvendor_prefixed\wpdesk\wp-wpdesk-tracker\src\PSR\WPDesk\Tracker\OptInPage.php:36
actionadmin_noticesvendor_prefixed\wpdesk\wp-wpdesk-tracker\src\PSR\WPDesk\Tracker\OptOut.php:28
filterplugin_row_metavendor_prefixed\wpdesk\wp-wpdesk-tracker\src\PSR\WPDesk\Tracker\PluginActionLinks.php:36
Maintenance & Trust

ShopMagic for Google Sheets Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 7, 2026
PHP min version7.4
Downloads15K

Community Trust

Rating100/100
Number of ratings1
Active installs400
Alternatives

ShopMagic for Google Sheets Alternatives

GSheetConnector for CF7 – Connect Contact Form 7 to Google Sheets and Send Form Submissions in Real Time

GSheetConnector for CF7 – Connect Contact Form 7 to Google Sheets and Send Form Submissions in Real Time

cf7-google-sheets-connector

A
96

Send your Contact Form 7 data directly to your Google Sheets spreadsheet.

40K 4 CVEs
GSheetConnector For WPForms – WPForms Google Sheets Integration (Real-Time Sync)

GSheetConnector For WPForms – WPForms Google Sheets Integration (Real-Time Sync)

gsheetconnector-wpforms

A
95

Connect WPForms to Google Sheets and automatically send form entries to a google sheet in real-time. No manual exports, no coding required.

8K 3 CVEs
GSheetConnector for WC

GSheetConnector for WC

wc-gsheetconnector

A
97

Google Sheet Integration for WooCommerce Plugin, Addon plugin of WooCommerce - Helps to send the orders directly to Google Sheets in a real-time.

3K 3 CVEs
Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms

Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms

integration-for-contact-form-7-and-google-sheets

A
94

Send Contact Form 7, WPForms, Elementor, Ninja Forms, Contact Form Entries Plugin and many other contact form submissions to Google Sheets.

1K 2 CVEs
Caldera Forms Google Sheets Connector

Caldera Forms Google Sheets Connector

gsheetconnector-caldera-forms

C
64

Send your Caldera Forms data directly to your Google Sheets spreadsheet.

100 1 unpatched
Developer Profile

ShopMagic for Google Sheets Developer Profile

wpdesk

23 plugins · 127K total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
135 days
View full developer profile
Detection Fingerprints

How We Detect ShopMagic for Google Sheets

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/shopmagic-for-google-sheets/assets/css/shopmagic-for-google-sheets.css/wp-content/plugins/shopmagic-for-google-sheets/assets/js/shopmagic-for-google-sheets.js
Script Paths
https://cdnjs.cloudflare.com/ajax/libs/moment.js/2.29.1/moment.min.jshttps://cdnjs.cloudflare.com/ajax/libs/moment-timezone/0.5.34/moment-timezone-with-data.min.js
Version Parameters
shopmagic-for-google-sheets/assets/css/shopmagic-for-google-sheets.css?ver=shopmagic-for-google-sheets/assets/js/shopmagic-for-google-sheets.js?ver=

HTML / DOM Fingerprints

CSS Classes
shopmagic-for-google-sheets-notice
HTML Comments
<!-- WPDesk Notice -->
Data Attributes
data-action="shopmagic_google_sheets_dismiss_notice"data-nonce="shopmagic_google_sheets_admin_nonce"
JS Globals
shopmagicGoogleSheetsAdmin
REST Endpoints
/wp-json/shopmagic-google-sheets/v1/settings
FAQ

Frequently Asked Questions about ShopMagic for Google Sheets