Does Sync Product From Amazon have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Sync Product From Amazon compatible with WordPress 6.7.5?

According to WordPress.org data, Sync Product From Amazon 1.0.0 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

How often is Sync Product From Amazon updated?

Sync Product From Amazon was last updated on Jan 16, 2025. Frequent updates are generally a positive security signal.

What is Sync Product From Amazon's security score?

Sync Product From Amazon has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Sync Product From Amazon Security & Risk Analysis

wordpress.org/plugins/sync-product-from-amazon

This plugin will be used to retrieve various Amazon product details.

0 active installs v1.0.0 PHP + WP 6.2+ Updated Jan 16, 2025

amazonproduct

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Sync Product From Amazon Safe to Use in 2026?

Generally Safe

Score 92/100

Sync Product From Amazon has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The "sync-product-from-amazon" v1.0.0 plugin demonstrates a generally good security posture, with notable strengths in its handling of SQL queries and output escaping. The complete absence of dangerous functions, file operations, and the use of prepared statements for all SQL queries indicate a deliberate effort to follow secure coding practices. Furthermore, the 100% proper escaping of outputs significantly mitigates risks related to cross-site scripting (XSS) vulnerabilities.

However, the plugin presents a significant concern regarding its attack surface. Out of the four identified entry points, three are REST API routes that lack permission callbacks. This means these routes are potentially accessible and executable by any user, regardless of their role or authentication status, opening them up to unauthorized access and manipulation. The vulnerability history is clean, with no recorded CVEs, which is positive but doesn't negate the inherent risks posed by unprotected entry points. The plugin's strengths in SQL and output handling are commendable, but the lack of authorization checks on a substantial portion of its attack surface is a critical weakness that requires immediate attention.

Key Concerns

REST API routes without permission callbacks

Vulnerabilities

None known

Sync Product From Amazon Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Sync Product From Amazon Release Timeline

v1.0

Code Analysis

Analyzed Apr 16, 2026

Sync Product From Amazon Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

234 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared4 total queries

Output Escaping

100% escaped234 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

1 flows

<class-admin> (inc/classes/class-admin.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

3 unprotected

Sync Product From Amazon Attack Surface

Entry Points4

Unprotected3

REST API Routes 3

POST/wp-json/sync-product-from-amazon/v1/fetch-productinc/classes/class-api.php:228

POST/wp-json/sync-product-from-amazon/v1/import-productinc/classes/class-api.php:243

POST/wp-json/sync-product-from-amazon/v1/clear-cacheinc/classes/class-api.php:258

Shortcodes 1

[sync_product_from_amazon] inc/classes/class-admin.php:85

WordPress Hooks 18

actionadmin_menuinc/classes/class-admin.php:88

actionadmin_initinc/classes/class-admin.php:89

actioninitinc/classes/class-admin.php:90

actionadmin_enqueue_scriptsinc/classes/class-admin.php:91

actionadmin_enqueue_scriptsinc/classes/class-admin.php:92

actionenqueue_block_editor_assetsinc/classes/class-admin.php:93

filterthe_contentinc/classes/class-admin.php:95

actionrest_api_initinc/classes/class-api.php:201

actionrest_api_initinc/classes/class-api.php:202

actionrest_api_initinc/classes/class-api.php:203

actioninitinc/classes/class-blocks.php:51

filterblock_categories_allinc/classes/class-blocks.php:52

actionwp_enqueue_scriptsinc/classes/class-front.php:61

actionwp_enqueue_scriptsinc/classes/class-front.php:62

actionenqueue_block_assetsinc/classes/class-front.php:64

filterscript_loader_taginc/classes/class-front.php:65

filtershould_load_separate_core_block_assetsinc/classes/class-front.php:66

actionplugins_loadedinc/classes/class-i18.php:51

Maintenance & Trust

Sync Product From Amazon Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedJan 16, 2025

PHP min version

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Sync Product From Amazon Alternatives

Amazon Product in a Post Plugin

amazon-product-in-a-post-plugin

Add formatted Amazon Products to any page or post using the Amazon Product Advertising API.

900 1 unpatched

WP-Lister Lite for Amazon

wp-lister-for-amazon

List products from WordPress on Amazon.

900 4 CVEs

AmaSync – Amazon Product Importer & Affiliate for WooCommerce

affiliate-products-importer-for-woocommerce

100

Easily import Amazon affiliate products into your WooCommerce store.

300 No CVEs

Zonify – Amazon Product Importer for WooCommerce

zonify

100

Import Amazon products into WooCommerce and optionally redirect customers to Amazon using affiliate links.

100 No CVEs

Sharkdropship & affiliate for Amazon

sharkdropship-affiliate-for-amazon

100

Complete Amazon dropshipping solution for WordPress and WooCommerce. Import products, manage inventory, and automate your dropshipping business.

70 No CVEs

Developer Profile

Sync Product From Amazon Developer Profile

MULTIDOTS Inc

9 plugins · 220 total installs

trust score

Avg Security Score

97/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Sync Product From Amazon

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/sync-product-from-amazon/assets/build/admin.css/wp-content/plugins/sync-product-from-amazon/assets/build/admin.js/wp-content/plugins/sync-product-from-amazon/assets/build/js/blocks/amazon-product-custom-fields/index.js

Script Paths

/wp-content/plugins/sync-product-from-amazon/assets/build/admin.js/wp-content/plugins/sync-product-from-amazon/assets/build/js/blocks/amazon-product-custom-fields/index.js

Version Parameters

sync-product-from-amazon/assets/build/admin.css?ver=sync-product-from-amazon/assets/build/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

sync-product-from-amazonsync-product-from-amazon__left_wrappersync-product-from-amazon__imagesync-product-from-amazon__details_wrapsync-product-from-amazon__price_detailsync-product-from-amazon__org_pricesync-product-from-amazon__sale_price

JS Globals

siteConfig

REST Endpoints

/wp-json/sync-product-from-amazon/v1/fetch-product

Shortcode Output

[sync_product_from_amazon]

FAQ