WP-Safety

StoreKeeper for WooCommerce Security & Risk Analysis

wordpress.org/plugins/storekeeper-for-woocommerce

This plugin provides sync possibilities with the StoreKeeper Backoffice. Allows synchronization of the WooCommerce product catalog, customers, orders …

20 active installs v14.5.0 PHP 7.4+ WP 5.0+ Updated Oct 27, 2025
e-commercesalesstorewoowoocommerce
90
A · Safe
CVEs total2
Unpatched0
Last CVEJul 31, 2025
Download
Safety Verdict

Is StoreKeeper for WooCommerce Safe to Use in 2026?

Generally Safe

Score 90/100

StoreKeeper for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Jul 31, 2025Updated 5mo ago
Risk Assessment

The 'storekeeper-for-woocommerce' plugin v14.5.0 presents a mixed security posture with several areas of concern despite some good security practices. The static analysis reveals a significant attack surface, with 5 out of 7 entry points (AJAX handlers and REST API routes) lacking proper authorization checks. This is a critical weakness, as it exposes functionalities to unauthorized access. While the majority of SQL queries use prepared statements, the presence of dangerous functions like 'unserialize' without further context is a red flag, potentially leading to code execution vulnerabilities if not handled with extreme care. Taint analysis did not reveal critical or high severity issues, which is positive, but the fact that all 12 analyzed flows had unsanitized paths warrants attention, even if the severity was not rated critical. The vulnerability history is a major concern, with 2 previously reported critical vulnerabilities, both related to unrestricted file uploads. Although currently unpatched, this historical pattern suggests a recurring weakness in input validation and file handling, which is a significant risk for any plugin dealing with user-provided data.

Key Concerns

  • Unprotected REST API routes
  • Unprotected AJAX handlers
  • Dangerous function 'unserialize' used
  • All taint flows have unsanitized paths
  • 2 historical critical CVEs (unrestricted upload)
  • Bundled Guzzle library
Vulnerabilities
2

StoreKeeper for WooCommerce Security Vulnerabilities

CVEs by Year

2 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

Critical
2

2 total CVEs

CVE-2025-48148critical · 9.8Unrestricted Upload of File with Dangerous Type

StoreKeeper for WooCommerce <= 14.4.4 - Unauthenticated Arbitrary File Upload

Jul 31, 2025 Patched in 14.4.5 (5d)
CVE-2025-47687critical · 9.8Unrestricted Upload of File with Dangerous Type

StoreKeeper for WooCommerce <= 14.4.4 - Unauthenticated Arbitrary File Upload

May 9, 2025 Patched in 14.4.5 (134d)
Code Analysis
Analyzed Mar 16, 2026

StoreKeeper for WooCommerce Code Analysis

Dangerous Functions
8
Raw SQL Queries
4
109 prepared
Unescaped Output
108
303 escaped
Nonce Checks
2
Capability Checks
2
File Operations
11
External Requests
1
Bundled Libraries
1

Dangerous Functions Found

unserializeif ($errorOutput = unserialize($task['meta_data'])) {src\StoreKeeper\WooCommerce\B2C\Backoffice\Pages\Tabs\TaskLogsTab.php:232
unserializeif ($errorOutput = unserialize($task['meta_data'])) {src\StoreKeeper\WooCommerce\B2C\Backoffice\Pages\Tabs\TaskLogsTab.php:250
unserialize$metaData = unserialize($task['meta_data']);src\StoreKeeper\WooCommerce\B2C\Commands\ProcessAllTasks.php:99
unserialize$unserialized = unserialize($data['option_value']);src\StoreKeeper\WooCommerce\B2C\Commands\ProcessAllTasks.php:145
unserialize$metadata = unserialize(current($value));src\StoreKeeper\WooCommerce\B2C\Models\TaskModel.php:161
unserialize$data['meta_data'] = unserialize($data['meta_data']);src\StoreKeeper\WooCommerce\B2C\Models\TaskModel.php:190
unserializeif ($attributes = unserialize($result->attributes)) {src\StoreKeeper\WooCommerce\B2C\Tools\ProductAttributes.php:158
unserialize$custom_metadata = unserialize($custom_metadata);src\StoreKeeper\WooCommerce\B2C\Tools\TaskHandler.php:666

Bundled Libraries

Guzzle

SQL Query Safety

96% prepared113 total queries

Output Escaping

74% escaped411 total outputs
Data Flows
12 unsanitized

Data Flow Analysis

12 flows12 with unsanitized paths
handleSave (src\StoreKeeper\WooCommerce\B2C\Backoffice\MetaBoxes\OrderSyncMetaBox.php:191)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
5 unprotected

StoreKeeper for WooCommerce Attack Surface

Entry Points7
Unprotected5

AJAX Handlers 2

authwp_ajax_upload_product_imagesrc\StoreKeeper\WooCommerce\B2C\Core.php:192
noprivwp_ajax_upload_product_imagesrc\StoreKeeper\WooCommerce\B2C\Core.php:193

REST API Routes 5

GET/wp-json/wopb/v2/get_single_premade/src\StoreKeeper\WooCommerce\B2C\Backoffice\Helpers\ProductXEditor.php:114
GET/wp-json/wopb/v2/condition/src\StoreKeeper\WooCommerce\B2C\Backoffice\Helpers\ProductXEditor.php:128
GET/wp-json/wopb/v2/condition_save/src\StoreKeeper\WooCommerce\B2C\Backoffice\Helpers\ProductXEditor.php:142
GET/wp-json/wopb/v2/data_builder/src\StoreKeeper\WooCommerce\B2C\Backoffice\Helpers\ProductXEditor.php:156
GET/wp-json/wopb/v2/template_action/src\StoreKeeper\WooCommerce\B2C\Backoffice\Helpers\ProductXEditor.php:170
WordPress Hooks 116
actionadmin_enqueue_scriptssrc\StoreKeeper\WooCommerce\B2C\Backoffice\BackofficeCore.php:40
actionadmin_noticessrc\StoreKeeper\WooCommerce\B2C\Backoffice\BackofficeCore.php:53
actionadd_meta_boxessrc\StoreKeeper\WooCommerce\B2C\Backoffice\BackofficeCore.php:72
actioninitsrc\StoreKeeper\WooCommerce\B2C\Backoffice\BackofficeCore.php:84
actioninitsrc\StoreKeeper\WooCommerce\B2C\Backoffice\MenuStructure.php:22
actionadmin_menusrc\StoreKeeper\WooCommerce\B2C\Backoffice\MenuStructure.php:23
actionadmin_enqueue_scriptssrc\StoreKeeper\WooCommerce\B2C\Backoffice\MenuStructure.php:24
actionadd_meta_boxessrc\StoreKeeper\WooCommerce\B2C\Backoffice\MetaBoxes\OrderSyncMetaBox.php:201
actionwoocommerce_after_register_post_typesrc\StoreKeeper\WooCommerce\B2C\Backoffice\MetaBoxes\OrderSyncMetaBox.php:202
filterwoocommerce_product_data_tabssrc\StoreKeeper\WooCommerce\B2C\Backoffice\Pages\StoreKeeperSeoPages.php:14
actionwoocommerce_product_data_panelssrc\StoreKeeper\WooCommerce\B2C\Backoffice\Pages\StoreKeeperSeoPages.php:15
actionwoocommerce_admin_process_product_objectsrc\StoreKeeper\WooCommerce\B2C\Backoffice\Pages\StoreKeeperSeoPages.php:16
actionproduct_cat_add_form_fieldssrc\StoreKeeper\WooCommerce\B2C\Backoffice\Pages\StoreKeeperSeoPages.php:18
actionproduct_cat_edit_form_fieldssrc\StoreKeeper\WooCommerce\B2C\Backoffice\Pages\StoreKeeperSeoPages.php:19
actionedited_product_catsrc\StoreKeeper\WooCommerce\B2C\Backoffice\Pages\StoreKeeperSeoPages.php:20
actioncreate_product_catsrc\StoreKeeper\WooCommerce\B2C\Backoffice\Pages\StoreKeeperSeoPages.php:21
actionadmin_enqueue_scriptssrc\StoreKeeper\WooCommerce\B2C\Backoffice\Pages\StoreKeeperSeoPages.php:23
filterwoocommerce_product_type_querysrc\StoreKeeper\WooCommerce\B2C\Commands\SyncWoocommerceProductPage.php:82
actionbefore_woocommerce_initsrc\StoreKeeper\WooCommerce\B2C\Core.php:149
filterwp_get_attachment_urlsrc\StoreKeeper\WooCommerce\B2C\Core.php:182
filterwp_get_attachment_image_srcsrc\StoreKeeper\WooCommerce\B2C\Core.php:183
filterwp_calculate_image_srcsetsrc\StoreKeeper\WooCommerce\B2C\Core.php:184
actionwoocommerce_shipping_initsrc\StoreKeeper\WooCommerce\B2C\Core.php:187
actionwoocommerce_review_order_after_shippingsrc\StoreKeeper\WooCommerce\B2C\Core.php:188
filterwoocommerce_package_ratessrc\StoreKeeper\WooCommerce\B2C\Core.php:189
actionwp_enqueue_scriptssrc\StoreKeeper\WooCommerce\B2C\Core.php:191
filtercron_schedulessrc\StoreKeeper\WooCommerce\B2C\Core.php:199
actionadmin_initsrc\StoreKeeper\WooCommerce\B2C\Core.php:200
filtercron_schedulessrc\StoreKeeper\WooCommerce\B2C\Core.php:205
actionsk_sync_paid_orderssrc\StoreKeeper\WooCommerce\B2C\Core.php:218
filterwoocommerce_localisation_address_formatssrc\StoreKeeper\WooCommerce\B2C\Core.php:303
filterwoocommerce_formatted_address_replacementssrc\StoreKeeper\WooCommerce\B2C\Core.php:304
filterwoocommerce_my_account_my_address_formatted_addresssrc\StoreKeeper\WooCommerce\B2C\Core.php:305
filterwoocommerce_get_order_addresssrc\StoreKeeper\WooCommerce\B2C\Core.php:306
actionadmin_noticessrc\StoreKeeper\WooCommerce\B2C\Core.php:311
actionplugin_loadedsrc\StoreKeeper\WooCommerce\B2C\Core.php:347
actionwoocommerce_checkout_order_processedsrc\StoreKeeper\WooCommerce\B2C\Core.php:354
actionwoocommerce_new_ordersrc\StoreKeeper\WooCommerce\B2C\Core.php:355
actionwoocommerce_payment_completesrc\StoreKeeper\WooCommerce\B2C\Core.php:357
actionwoocommerce_update_ordersrc\StoreKeeper\WooCommerce\B2C\Core.php:363
actionwoocommerce_order_status_pendingsrc\StoreKeeper\WooCommerce\B2C\Core.php:365
actionwoocommerce_order_status_failedsrc\StoreKeeper\WooCommerce\B2C\Core.php:366
actionwoocommerce_order_status_on-holdsrc\StoreKeeper\WooCommerce\B2C\Core.php:367
actionwoocommerce_order_status_processingsrc\StoreKeeper\WooCommerce\B2C\Core.php:368
actionwoocommerce_order_status_completedsrc\StoreKeeper\WooCommerce\B2C\Core.php:369
actionwoocommerce_order_status_refundedsrc\StoreKeeper\WooCommerce\B2C\Core.php:370
actionwoocommerce_order_status_cancelledsrc\StoreKeeper\WooCommerce\B2C\Core.php:371
actionwoocommerce_checkout_create_ordersrc\StoreKeeper\WooCommerce\B2C\Core.php:374
filterwoocommerce_coupon_codesrc\StoreKeeper\WooCommerce\B2C\Core.php:386
actionrest_api_initsrc\StoreKeeper\WooCommerce\B2C\Core.php:410
filterinitsrc\StoreKeeper\WooCommerce\B2C\Core.php:415
filterwoocommerce_short_descriptionsrc\StoreKeeper\WooCommerce\B2C\Core.php:418
actionwoocommerce_order_details_after_order_tablesrc\StoreKeeper\WooCommerce\B2C\Frontend\FrontendCore.php:39
actionwoocommerce_checkout_create_order_fee_itemsrc\StoreKeeper\WooCommerce\B2C\Frontend\FrontendCore.php:41
filterwoocommerce_default_address_fieldssrc\StoreKeeper\WooCommerce\B2C\Frontend\FrontendCore.php:76
filterwoocommerce_get_country_localesrc\StoreKeeper\WooCommerce\B2C\Frontend\FrontendCore.php:77
filterwoocommerce_country_locale_field_selectorssrc\StoreKeeper\WooCommerce\B2C\Frontend\FrontendCore.php:78
filterwoocommerce_billing_fieldssrc\StoreKeeper\WooCommerce\B2C\Frontend\FrontendCore.php:79
filterwoocommerce_shipping_fieldssrc\StoreKeeper\WooCommerce\B2C\Frontend\FrontendCore.php:80
actionwoocommerce_before_edit_account_address_formsrc\StoreKeeper\WooCommerce\B2C\Frontend\FrontendCore.php:82
actionwoocommerce_checkout_create_ordersrc\StoreKeeper\WooCommerce\B2C\Frontend\FrontendCore.php:83
actionwoocommerce_checkout_processsrc\StoreKeeper\WooCommerce\B2C\Frontend\FrontendCore.php:84
actionwoocommerce_before_checkout_formsrc\StoreKeeper\WooCommerce\B2C\Frontend\FrontendCore.php:85
actioninitsrc\StoreKeeper\WooCommerce\B2C\Frontend\FrontendCore.php:92
filterinitsrc\StoreKeeper\WooCommerce\B2C\Frontend\FrontendCore.php:97
filterinitsrc\StoreKeeper\WooCommerce\B2C\Frontend\FrontendCore.php:103
actionwp_enqueue_stylesrc\StoreKeeper\WooCommerce\B2C\Frontend\FrontendCore.php:108
actionwoocommerce_after_shop_loopsrc\StoreKeeper\WooCommerce\B2C\Frontend\Handlers\CategorySummaryHandler.php:12
actionwoocommerce_no_products_foundsrc\StoreKeeper\WooCommerce\B2C\Frontend\Handlers\CategorySummaryHandler.php:13
actionwoocommerce_registration_errorssrc\StoreKeeper\WooCommerce\B2C\Frontend\Handlers\CustomerEmailHandler.php:13
actionwoocommerce_checkout_processsrc\StoreKeeper\WooCommerce\B2C\Frontend\Handlers\CustomerEmailHandler.php:14
actionwp_loginsrc\StoreKeeper\WooCommerce\B2C\Frontend\Handlers\CustomerLoginRegisterHandler.php:13
actionuser_registersrc\StoreKeeper\WooCommerce\B2C\Frontend\Handlers\CustomerLoginRegisterHandler.php:14
filterthe_contentsrc\StoreKeeper\WooCommerce\B2C\Frontend\Handlers\MarkdownHandler.php:9
filterwoocommerce_short_descriptionsrc\StoreKeeper\WooCommerce\B2C\Frontend\Handlers\MarkdownHandler.php:10
actionwp_headsrc\StoreKeeper\WooCommerce\B2C\Frontend\Handlers\ProductAddOnHandler.php:63
actionwp_enqueue_scriptssrc\StoreKeeper\WooCommerce\B2C\Frontend\Handlers\ProductAddOnHandler.php:64
filterwoocommerce_post_classsrc\StoreKeeper\WooCommerce\B2C\Frontend\Handlers\ProductAddOnHandler.php:67
actionwoocommerce_before_add_to_cart_buttonsrc\StoreKeeper\WooCommerce\B2C\Frontend\Handlers\ProductAddOnHandler.php:68
actionwoocommerce_before_add_to_cart_formsrc\StoreKeeper\WooCommerce\B2C\Frontend\Handlers\ProductAddOnHandler.php:69
filterwoocommerce_add_to_cart_validationsrc\StoreKeeper\WooCommerce\B2C\Frontend\Handlers\ProductAddOnHandler.php:72
filterwoocommerce_update_cart_validationsrc\StoreKeeper\WooCommerce\B2C\Frontend\Handlers\ProductAddOnHandler.php:73
actionwoocommerce_add_to_cartsrc\StoreKeeper\WooCommerce\B2C\Frontend\Handlers\ProductAddOnHandler.php:74
actionwoocommerce_before_calculate_totalssrc\StoreKeeper\WooCommerce\B2C\Frontend\Handlers\ProductAddOnHandler.php:75
filterwoocommerce_add_cart_item_datasrc\StoreKeeper\WooCommerce\B2C\Frontend\Handlers\ProductAddOnHandler.php:76
filterwoocommerce_cart_item_namesrc\StoreKeeper\WooCommerce\B2C\Frontend\Handlers\ProductAddOnHandler.php:77
filterwoocommerce_cart_item_classsrc\StoreKeeper\WooCommerce\B2C\Frontend\Handlers\ProductAddOnHandler.php:78
filterwoocommerce_cart_item_remove_linksrc\StoreKeeper\WooCommerce\B2C\Frontend\Handlers\ProductAddOnHandler.php:79
filterwoocommerce_cart_item_quantitysrc\StoreKeeper\WooCommerce\B2C\Frontend\Handlers\ProductAddOnHandler.php:80
actionwoocommerce_cart_item_removedsrc\StoreKeeper\WooCommerce\B2C\Frontend\Handlers\ProductAddOnHandler.php:81
actionwoocommerce_after_cart_item_quantity_updatesrc\StoreKeeper\WooCommerce\B2C\Frontend\Handlers\ProductAddOnHandler.php:82
filterwoocommerce_cart_item_permalinksrc\StoreKeeper\WooCommerce\B2C\Frontend\Handlers\ProductAddOnHandler.php:83
actionwoocommerce_cart_calculate_feessrc\StoreKeeper\WooCommerce\B2C\Frontend\Handlers\ProductAddOnHandler.php:84
actionwoocommerce_checkout_create_order_line_itemsrc\StoreKeeper\WooCommerce\B2C\Frontend\Handlers\ProductAddOnHandler.php:87
filterwoocommerce_order_item_get_formatted_meta_datasrc\StoreKeeper\WooCommerce\B2C\Frontend\Handlers\ProductAddOnHandler.php:88
filterwoocommerce_structured_data_productsrc\StoreKeeper\WooCommerce\B2C\Frontend\Handlers\StoreKeeperSeoHandler.php:15
actionwp_headsrc\StoreKeeper\WooCommerce\B2C\Frontend\Handlers\StoreKeeperSeoHandler.php:16
actiondocument_title_partssrc\StoreKeeper\WooCommerce\B2C\Frontend\Handlers\StoreKeeperSeoHandler.php:17
filterterm_descriptionsrc\StoreKeeper\WooCommerce\B2C\Imports\CategoryImport.php:370
filterpre_term_descriptionsrc\StoreKeeper\WooCommerce\B2C\Imports\CategoryImport.php:371
actionwoocommerce_thankyousrc\StoreKeeper\WooCommerce\B2C\PaymentGateway\PaymentGateway.php:38
filterwoocommerce_payment_gatewayssrc\StoreKeeper\WooCommerce\B2C\PaymentGateway\PaymentGateway.php:39
filterwoocommerce_api_backoffice_pay_gateway_returnsrc\StoreKeeper\WooCommerce\B2C\PaymentGateway\PaymentGateway.php:40
filterinitsrc\StoreKeeper\WooCommerce\B2C\PaymentGateway\PaymentGateway.php:41
actionwoocommerce_blocks_loadedsrc\StoreKeeper\WooCommerce\B2C\PaymentGateway\PaymentGateway.php:42
actionwoocommerce_create_refundsrc\StoreKeeper\WooCommerce\B2C\PaymentGateway\PaymentGateway.php:45
actionwoocommerce_order_refundedsrc\StoreKeeper\WooCommerce\B2C\PaymentGateway\PaymentGateway.php:46
actionwoocommerce_order_partially_refundedsrc\StoreKeeper\WooCommerce\B2C\PaymentGateway\PaymentGateway.php:47
actionwoocommerce_blocks_payment_method_type_registrationsrc\StoreKeeper\WooCommerce\B2C\PaymentGateway\PaymentGateway.php:54
actionwoocommerce_before_checkout_formsrc\StoreKeeper\WooCommerce\B2C\PaymentGateway\PaymentGateway.php:87
actionwoocommerce_thankyou_order_received_textsrc\StoreKeeper\WooCommerce\B2C\PaymentGateway\PaymentGateway.php:90
actionwoocommerce_thankyou_order_received_textsrc\StoreKeeper\WooCommerce\B2C\PaymentGateway\PaymentGateway.php:93
actionwoocommerce_before_checkout_formsrc\StoreKeeper\WooCommerce\B2C\PaymentGateway\PaymentGateway.php:96
actionload-plugins.phpsrc\StoreKeeper\WooCommerce\B2C\Updator.php:16
actionload-plugin-install.phpsrc\StoreKeeper\WooCommerce\B2C\Updator.php:17
actionupgrader_process_completesrc\StoreKeeper\WooCommerce\B2C\Updator.php:18

Scheduled Events 1

sk_sync_paid_orders
Maintenance & Trust

StoreKeeper for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8
Last updatedOct 27, 2025
PHP min version7.4
Downloads6K

Community Trust

Rating0/100
Number of ratings0
Active installs20
Alternatives

StoreKeeper for WooCommerce Alternatives

SourceKnowledge Shopping Ads

SourceKnowledge Shopping Ads

sourceknowledge-shopping-ads

A
85

The official WooCommerce SourceKnowledge Shopping Ads plugin helps store owners integrate WooCommerce with SourceKnowledge and reach in-market shopper &hellip;

10 No CVEs
SV Discount Progress Bar

SV Discount Progress Bar

sv-disper-bar

A
85

The plugin allows WooCommerce users to install a discount progress bar on their website to provide cumulative discounts.

10 No CVEs
Softwear for woocommerce

Softwear for woocommerce

softwear-for-woocommerce

A
100

Connecting Softwear to WooCommerce to sync all your products, orders and payments.

0 No CVEs
External Product New Tab for WooCommerce

External Product New Tab for WooCommerce

wc-external-product-new-tab

A
100

This plugin sets all external / affiliate product buy now links on a WooCommerce site to open in a new web browser tab.

4K No CVEs
Invoice Payment Gateway for WooCommerce

Invoice Payment Gateway for WooCommerce

wc-invoice-gateway

A
92

The Invoice Payment Gateway for WooCommerce plugin adds an Invoice Payment Gateway feature to the WooCommerce plugin for B2B transactions when instant &hellip;

3K No CVEs
Developer Profile

StoreKeeper for WooCommerce Developer Profile

StoreKeeper B.V.

1 plugin · 20 total installs

81
trust score
Avg Security Score
90/100
Avg Patch Time
70 days
View full developer profile
Detection Fingerprints

How We Detect StoreKeeper for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/storekeeper-for-woocommerce/src/StoreKeeper/WooCommerce/B2C/Backoffice/static/storekeeperOverlay.css/wp-content/plugins/storekeeper-for-woocommerce/src/StoreKeeper/WooCommerce/B2C/Backoffice/static/shipping-methods.override.js
Script Paths
/wp-content/plugins/storekeeper-for-woocommerce/src/StoreKeeper/WooCommerce/B2C/Backoffice/static/shipping-methods.override.js

HTML / DOM Fingerprints

CSS Classes
storekeeper-overlay
Data Attributes
data-storekeeper-id
JS Globals
shippingZones
FAQ

Frequently Asked Questions about StoreKeeper for WooCommerce