WP-Safety

Stock Sync for WooCommerce Security & Risk Analysis

wordpress.org/plugins/stock-sync-for-woocommerce

Sync stock quantities between two WooCommerce stores.

1K active installs v2.10.0 PHP 7.0+ WP 4.5+ Updated Jan 28, 2026
shared-stockstock-synchronizationwoocommerce
99
A · Safe
CVEs total3
Unpatched0
Last CVEApr 24, 2023
Download
Safety Verdict

Is Stock Sync for WooCommerce Safe to Use in 2026?

Generally Safe

Score 99/100

Stock Sync for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

3 known CVEsLast CVE: Apr 24, 2023Updated 3mo ago
Risk Assessment

The stock-sync-for-woocommerce plugin v2.10.0 presents a mixed security posture. On the positive side, all identified AJAX and REST API entry points have proper authorization checks, and there are no identified shortcodes or file operations that could be exploited. The plugin also demonstrates good practices in its SQL query handling, with a high percentage of prepared statements, and a significant portion of its output is properly escaped. However, the presence of two 'unserialize' function calls is a notable concern, as unsanitized serialized data can lead to Remote Code Execution vulnerabilities. While no critical or high severity taint flows were detected in this specific analysis, the history of 'unserialize' vulnerabilities in WordPress plugins warrants caution. Furthermore, the plugin has a history of medium severity vulnerabilities including Cross-site Scripting, Missing Authorization, and Cross-Site Request Forgery, with the last reported vulnerability being relatively recent (April 2023). This history suggests a pattern of past security weaknesses that, while currently patched, indicate areas that may require ongoing scrutiny. The plugin also makes three external HTTP requests, which could be a vector for supply chain attacks if the external endpoints are compromised.

Key Concerns

  • Dangerous function 'unserialize' present
  • History of medium severity vulnerabilities
  • External HTTP requests
Vulnerabilities
3 published

Stock Sync for WooCommerce Security Vulnerabilities

CVEs by Year

3 CVEs in 2023
2023
Patched Has unpatched

Severity Breakdown

Medium
3

3 total CVEs

CVE-2023-31094medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Stock Sync for WooCommerce <= 2.4.0 - Reflected Cross-Site Scripting via page parameter

Apr 24, 2023 Patched in 2.4.1 (274d)
CVE-2022-46807medium · 4.3Missing Authorization

Stock Sync for WooCommerce <= 2.3.2 - Missing Authorization

Mar 22, 2023 Patched in 2.4.0 (307d)
WF-cf13732b-7c24-443a-bae9-d8cf70b5cb33-stock-sync-for-woocommercemedium · 4.3Cross-Site Request Forgery (CSRF)

Stock Sync for WooCommerce <= 2.3.2 - Cross-Site Request Forgery

Mar 22, 2023 Patched in 2.4.0 (307d)
Version History

Stock Sync for WooCommerce Release Timeline

v2.10.0Current
v2.9.1
v2.9.0
v2.8.1
v2.8.0
v2.7.0
v2.6.2
v2.6.1
v2.6.0
v2.5.0
v2.4.1
v2.4.01 CVE
CVE-2023-31094
v2.3.23 CVEs
CVE-2023-31094 CVE-2022-46807 WF-cf13732b-7c24-443a-bae9-d8cf70b5cb33-stock-sync-for-woocommerce
v2.3.13 CVEs
CVE-2023-31094 CVE-2022-46807 WF-cf13732b-7c24-443a-bae9-d8cf70b5cb33-stock-sync-for-woocommerce
v2.3.03 CVEs
CVE-2023-31094 CVE-2022-46807 WF-cf13732b-7c24-443a-bae9-d8cf70b5cb33-stock-sync-for-woocommerce
v2.2.03 CVEs
CVE-2023-31094 CVE-2022-46807 WF-cf13732b-7c24-443a-bae9-d8cf70b5cb33-stock-sync-for-woocommerce
v2.1.03 CVEs
CVE-2023-31094 CVE-2022-46807 WF-cf13732b-7c24-443a-bae9-d8cf70b5cb33-stock-sync-for-woocommerce
v2.0.23 CVEs
CVE-2023-31094 CVE-2022-46807 WF-cf13732b-7c24-443a-bae9-d8cf70b5cb33-stock-sync-for-woocommerce
v2.0.13 CVEs
CVE-2023-31094 CVE-2022-46807 WF-cf13732b-7c24-443a-bae9-d8cf70b5cb33-stock-sync-for-woocommerce
v2.0.03 CVEs
CVE-2023-31094 CVE-2022-46807 WF-cf13732b-7c24-443a-bae9-d8cf70b5cb33-stock-sync-for-woocommerce
Code Analysis
Analyzed Mar 16, 2026

Stock Sync for WooCommerce Code Analysis

Dangerous Functions
2
Raw SQL Queries
4
19 prepared
Unescaped Output
25
125 escaped
Nonce Checks
5
Capability Checks
8
File Operations
0
External Requests
3
Bundled Libraries
0

Dangerous Functions Found

unserializereturn unserialize( $row->data );includes\woo-stock-sync-rest-controller.php:450
unserializereturn unserialize( $row->data );includes\woo-stock-sync-rest-controller.php:476

SQL Query Safety

83% prepared23 total queries

Output Escaping

83% escaped150 total outputs
Attack Surface

Stock Sync for WooCommerce Attack Surface

Entry Points7
Unprotected0

AJAX Handlers 7

authwp_ajax_wss_api_checkincludes\admin\class-woo-stock-sync-admin.php:30
authwp_ajax_woo_stock_sync_updateincludes\admin\class-woo-stock-sync-admin.php:33
authwp_ajax_woo_stock_sync_push_allincludes\admin\class-woo-stock-sync-admin.php:36
authwp_ajax_woo_stock_sync_pushincludes\admin\class-woo-stock-sync-admin.php:39
authwp_ajax_wss_log_entryincludes\admin\class-woo-stock-sync-admin.php:42
authwp_ajax_wss_clear_logsincludes\admin\class-woo-stock-sync-admin.php:45
authwp_ajax_wss_view_responseincludes\admin\class-woo-stock-sync-admin.php:48
WordPress Hooks 30
filterwoocommerce_settings_tabs_arrayincludes\admin\class-wc-settings-woo-stock-sync.php:8
actionwoocommerce_admin_field_wss_credentials_tableincludes\admin\class-wc-settings-woo-stock-sync.php:15
actionadmin_enqueue_scriptsincludes\admin\class-woo-stock-sync-admin.php:15
actioninitincludes\admin\class-woo-stock-sync-admin.php:18
filterwoocommerce_get_settings_pagesincludes\admin\class-woo-stock-sync-admin.php:21
filterwoocommerce_system_status_environment_rowsincludes\admin\class-woo-stock-sync-admin.php:51
actionadmin_menuincludes\admin\class-woo-stock-sync-ui.php:19
actionshutdownincludes\frontend\class-woo-stock-sync-frontend.php:16
actionwoo_stock_sync_log_cleanincludes\frontend\class-woo-stock-sync-frontend.php:24
actionplugins_loadedincludes\woo-stock-sync-db-table.php:63
filterwoocommerce_rest_api_get_rest_namespacesincludes\woo-stock-sync-rest-controller.php:514
actionwoocommerce_product_set_stockincludes\woo-stock-sync-tracker-primary.php:16
actionwoocommerce_variation_set_stockincludes\woo-stock-sync-tracker-primary.php:17
filterwoocommerce_update_product_stock_queryincludes\woo-stock-sync-tracker-primary.php:20
actionwoocommerce_product_set_stockincludes\woo-stock-sync-tracker-primary.php:21
actionwoocommerce_variation_set_stockincludes\woo-stock-sync-tracker-primary.php:22
filterwoocommerce_update_product_stock_queryincludes\woo-stock-sync-tracker-secondary.php:19
actionwoocommerce_updated_product_stockincludes\woo-stock-sync-tracker-secondary.php:20
actionwoocommerce_product_set_stockincludes\woo-stock-sync-tracker-secondary.php:23
actionwoocommerce_variation_set_stockincludes\woo-stock-sync-tracker-secondary.php:24
filterwoocommerce_product_data_store_cpt_get_products_queryincludes\woo-stock-sync-utils.php:81
filterwoocommerce_rest_pre_insert_product_objectincludes\woo-stock-sync-utils.php:289
filterwoocommerce_rest_pre_insert_product_variation_objectincludes\woo-stock-sync-utils.php:290
filterwoocommerce_can_restock_refunded_itemsincludes\woo-stock-sync-utils.php:306
filterwoocommerce_can_restore_order_stockincludes\woo-stock-sync-utils.php:307
filterwoocommerce_can_reduce_order_stockincludes\woo-stock-sync-utils.php:308
actionadmin_noticesincludes\wp-flash-messages.php:14
actionplugins_loadedwoo-stock-sync.php:44
actionbefore_woocommerce_initwoo-stock-sync.php:52
actionplugins_loadedwoo-stock-sync.php:141

Scheduled Events 1

woo_stock_sync_log_clean
Maintenance & Trust

Stock Sync for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 28, 2026
PHP min version7.0
Downloads38K

Community Trust

Rating88/100
Number of ratings7
Active installs1K
Alternatives

Stock Sync for WooCommerce Alternatives

Attribute Stock for WooCommerce – Shared Stock & Variable Quantities (Lite Version)

Attribute Stock for WooCommerce – Shared Stock & Variable Quantities (Lite Version)

attribute-stock-for-woocommerce

A
100

Set up complex stock configurations with ease. Shared stock, variable quantities, the possibilities are endless.

2K No CVEs
Inventory Sync for WooCommerce

Inventory Sync for WooCommerce

inventory-sync-for-woocommerce

A
100

Allows to sync the stock quantity of products with the same SKU between two WooCommerce stores.

90 No CVEs
Essential Addons for Elementor – Popular Elementor Templates & Widgets

Essential Addons for Elementor – Popular Elementor Templates & Widgets

essential-addons-for-elementor-lite

B
76

Elementor addon offering 110+ widgets and templates — Elementor Gallery, Slider, Form, Post Grid, Menu, Accordion, WooCommerce & more.

2.0M 59 CVEs
Limit Login Attempts Reloaded – Login Security, 2FA, Brute Force Protection & Firewall

Limit Login Attempts Reloaded – Login Security, 2FA, Brute Force Protection & Firewall

limit-login-attempts-reloaded

A
98

Stop password guessing attacks, secure WooCommerce, block bad IPs, block by countries (Pro), and add email 2FA. Lightweight with better performance.

2.0M 4 CVEs
Google for WooCommerce

Google for WooCommerce

google-listings-and-ads

A
99

Native integration with Google that allows merchants to easily display their products across Google’s network.

900K 1 CVE
Developer Profile

Stock Sync for WooCommerce Developer Profile

WP Trio

3 plugins · 21K total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
236 days
View full developer profile
Detection Fingerprints

How We Detect Stock Sync for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/stock-sync-for-woocommerce/assets/css/admin.css/wp-content/plugins/stock-sync-for-woocommerce/assets/js/admin.js/wp-content/plugins/stock-sync-for-woocommerce/assets/js/public.js
Script Paths
/wp-content/plugins/stock-sync-for-woocommerce/assets/js/admin.js/wp-content/plugins/stock-sync-for-woocommerce/assets/js/public.js
Version Parameters
stock-sync-for-woocommerce/assets/css/admin.css?ver=stock-sync-for-woocommerce/assets/js/admin.js?ver=stock-sync-for-woocommerce/assets/js/public.js?ver=

HTML / DOM Fingerprints

CSS Classes
woo-stock-sync-adminwoo-stock-sync-uiwss-api-checkwoo-stock-sync-updatewoo-stock-sync-push-allwoo-stock-sync-pushwss-log-entrywss-clear-logs+1 more
HTML Comments
Prevent direct access to the script.Plugin fileLoad Composer libsLoad DB table file+22 more
Data Attributes
data-action="wss_api_check"data-action="woo_stock_sync_update"data-action="woo_stock_sync_push_all"data-action="woo_stock_sync_push"data-action="wss_log_entry"data-action="wss_clear_logs"+1 more
JS Globals
WooStockSyncAdminWooStockSyncUiWooStockSync
REST Endpoints
/wp-json/woo-stock-sync/v1/products/wp-json/woo-stock-sync/v1/stock/update
FAQ

Frequently Asked Questions about Stock Sync for WooCommerce