[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fj30wkFJz2eSZJG3zT62glLZuAamp3FUEK9YEsxuCYl0":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":16,"requires_php":16,"tags":17,"homepage":18,"download_link":19,"security_score":20,"vuln_count":21,"unpatched_count":22,"last_vuln_date":23,"fetched_at":24,"vulnerabilities":25,"developer":56,"crawl_stats":31,"alternatives":63,"analysis":64,"fingerprints":221},"sync-wc-google","Bulk Product Editor plugin allows you to create and edit your WooCommerce products and categories with Google Sheets.","9.6","N-Media","https:\u002F\u002Fprofiles.wordpress.org\u002Fnmedia\u002F","\u003Cp>Managing products like creating, updating inventory and prices, or updating images, short descriptions, or titles for SEO across multiple products is very hectic and time-consuming. So, rather than focusing on marketing or sales strategy, most of your time is being eaten up by bulk product or category management. \u003Cstrong>\u003Cem>Bulk Product Editor\u003C\u002Fem>\u003C\u002Fstrong> is the ultimate solution. Our plugin provides the easiest and quickest way to manage your products and categories with Google Sheets. Google Sheets are amazing when it comes to managing tabular data in the cloud. We have built a \u003Cstrong>Google Sheet Addon\u003C\u002Fstrong>, approved and listed by the Google Marketplace. No complex or tricky setup, no need to generate API keys — just run our connection wizard, and your store will be connected in less than a minute. Now you can manage your products and categories with ease. Adding a new product or updating an existing product in Google Sheets is really easy and quick, and thousands of products can be pushed or fetched in one click.\u003C\u002Fp>\n\u003Ch4>Watch Video Guide\u003C\u002Fh4>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FaCjnnOXXiP8?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Ch4>What is Sync Vs Fetch?\u003C\u002Fh4>\n\u003Cp>Sync means to push your products from Google Sheets to your connected store, and Fetch is the reverse, i.e., to pull products from your store to Google Sheets.\u003C\u002Fp>\n\u003Ch4>How to fetch products from my store?\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Just click BPS Menu > Fetch\u003C\u002Fli>\n\u003Cli>Click Fetch Products\u003C\u002Fli>\n\u003Cli>Make sure you set the chunk size as per your need\u003C\u002Fli>\n\u003Cli>Chunk means how many products will be pushed and pulled in one round. Recommended: 200–300\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Can custom fields or taxonomies be attached?\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Yes, create a new column in the sheet and set the header name.\u003C\u002Fli>\n\u003Cli>E.g., if you want to add \u003Ccode>seo_title\u003C\u002Fcode> as a custom field, set the header name to \u003Ccode>seo_title\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Note: this \u003Ccode>seo_title\u003C\u002Fcode> must be set inside the \u003Ccode>Manage Fields\u003C\u002Fcode> menu first\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Live Demo\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Check all features in the \u003Ca href=\"https:\u002F\u002Fnajeebmedia.com\u002Fbps-demo\" rel=\"nofollow ugc\">Live Demo\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>This demo has already installed BPS Free and Pro versions.\u003C\u002Fli>\n\u003Cli>When the demo is ready, please follow the instructions as \u003Ca href=\"https:\u002F\u002Fyoutu.be\u002FaCjnnOXXiP8?si=6QNHWX9QUHFbX7iv\" rel=\"nofollow ugc\">explained here\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>One-Click Import\u003C\u002Fli>\n\u003Cli>Sync All Your Products\u003C\u002Fli>\n\u003Cli>Sync All Your Categories\u003C\u002Fli>\n\u003Cli>Add\u002Fremove product fields\u003C\u002Fli>\n\u003Cli>Sync from Store to Google Sheet™\u003C\u002Fli>\n\u003Cli>Built using the latest Google App Script API\u003C\u002Fli>\n\u003Cli>Dynamic Custom Taxonomy Support\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>PRO Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Variable Products Supported\u003C\u002Fli>\n\u003Cli>Auto-Sync [hourly, twice daily, daily]\u003C\u002Fli>\n\u003Cli>Logging Auto Sync\u003C\u002Fli>\n\u003Cli>Export Existing Products into Google Sheet™\u003C\u002Fli>\n\u003Cli>Export Existing Categories into Google Sheet™\u003C\u002Fli>\n\u003Cli>Export Existing Variations into Google Sheet™\u003C\u002Fli>\n\u003Cli>Metadata columns\u003C\u002Fli>\n\u003Cli>Custom Taxonomy Support (product_brand, etc.)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fnajeebmedia.com\u002Fwordpress-plugin\u002Fwoocommerce-bulk-product-edit-google-sheet\" rel=\"nofollow ugc\">Start managing your store with WooCommerce Bulk Products Editor\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Use Cases\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Opening a new store\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Cem>Add all of your products to the Google Sheet, select \u003Ccode>Sync Products\u003C\u002Fcode>, and bask in the joy.\u003C\u002Fem>\u003Cbr \u002F>\n\u003Cstrong>Managing an existing store\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Cem>To manage any updates or new products, export all of your products from your store to Google Sheets™.\u003C\u002Fem>\u003Cbr \u002F>\n\u003Cstrong>Managing the stock\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Cem>If the present solution’s stock management is driving you crazy, use Bulk Product Sync to add \u003Ccode>manage_stock\u003C\u002Fcode> and \u003Ccode>quantity\u003C\u002Fcode> columns to the sheet, and you’ll be free of the problem.\u003C\u002Fem>\u003C\u002Fp>\n","Managing products like creating, updating inventory and prices, or updating images, short descriptions, or titles for SEO across multiple products is  &hellip;",500,39899,84,27,"2025-10-23T07:12:00.000Z","",[],"http:\u002F\u002Fwww.najeebmedia.com\u002Fgooglesync","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsync-wc-google.zip",97,2,0,"2025-04-08 00:00:00","2026-03-15T15:16:48.613Z",[26,42],{"id":27,"url_slug":28,"title":29,"description":30,"plugin_slug":4,"theme_slug":31,"affected_versions":32,"patched_in_version":33,"severity":34,"cvss_score":35,"cvss_vector":36,"vuln_type":37,"published_date":23,"updated_date":38,"references":39,"days_to_patch":41},"CVE-2025-31599","bulk-product-sync-unauthenticated-sql-injection","Bulk Product Sync \u003C= 8.6 - Unauthenticated SQL Injection","The Bulk Product Sync plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 8.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.",null,"\u003C=8.6","9.0","high",7.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:N\u002FA:N","Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","2025-04-23 17:51:33",[40],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Ff7a2f989-7735-4bed-9cd9-1590093b0cd9?source=api-prod",16,{"id":43,"url_slug":44,"title":45,"description":46,"plugin_slug":4,"theme_slug":31,"affected_versions":32,"patched_in_version":33,"severity":47,"cvss_score":48,"cvss_vector":49,"vuln_type":50,"published_date":51,"updated_date":52,"references":53,"days_to_patch":55},"CVE-2025-31852","bulk-product-sync-cross-site-request-forgery","Bulk Product Sync \u003C= 8.6 - Cross-Site Request Forgery","The Bulk Product Sync – Bulk Product Editor for WooCommerce with Google Sheets™ plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.6. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action granted they can trick a site administrator into performing an action such as clicking on a link.","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2025-04-01 00:00:00","2025-04-23 17:51:35",[54],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fa16b8075-1b09-47b9-8447-8b424ffaa5aa?source=api-prod",23,{"slug":57,"display_name":7,"profile_url":8,"plugin_count":55,"total_installs":58,"avg_security_score":59,"avg_patch_time_days":60,"trust_score":61,"computed_at":62},"nmedia",4840,85,588,69,"2026-04-05T02:02:33.519Z",[],{"attackSurface":65,"codeSignals":188,"taintFlows":205,"riskAssessment":206,"analyzedAt":220},{"hooks":66,"ajaxHandlers":184,"restRoutes":185,"shortcodes":186,"cronEvents":187,"entryPointCount":22,"unprotectedCount":22},[67,72,76,81,85,89,95,99,102,106,109,113,117,121,124,128,132,136,140,144,147,149,152,155,158,161,165,170,174,176,179],{"type":68,"name":69,"callback":69,"file":70,"line":71},"action","admin_menu","includes\\admin.class.php",12,{"type":73,"name":74,"callback":75,"file":70,"line":41},"filter","manage_edit-product_cat_columns","add_categories_columns",{"type":73,"name":77,"callback":78,"priority":79,"file":70,"line":80},"manage_product_cat_custom_column","categories_column_content",10,17,{"type":73,"name":82,"callback":83,"priority":84,"file":70,"line":84},"manage_product_posts_columns","product_column",20,{"type":73,"name":86,"callback":87,"priority":84,"file":70,"line":88},"manage_product_posts_custom_column","product_column_data",21,{"type":73,"name":90,"callback":91,"priority":92,"file":93,"line":94},"wcgs_sync_data_products_before_processing","format_data_products",11,"includes\\formats.class.php",19,{"type":73,"name":96,"callback":97,"priority":98,"file":93,"line":84},"wcgs_products_data_attributes","product_attributes",99,{"type":73,"name":100,"callback":101,"priority":98,"file":93,"line":88},"wcgs_products_data_categories","product_extract_id_categories",{"type":73,"name":103,"callback":104,"priority":98,"file":93,"line":105},"wcgs_products_data_brands","product_extract_id_brands",22,{"type":73,"name":107,"callback":108,"priority":98,"file":93,"line":55},"wcgs_products_data_tags","product_extract_id_tags",{"type":73,"name":110,"callback":111,"priority":98,"file":93,"line":112},"wcgs_products_data_image","variation_image",24,{"type":73,"name":114,"callback":115,"priority":98,"file":93,"line":116},"wcgs_products_data_images","product_images",25,{"type":73,"name":118,"callback":119,"priority":98,"file":93,"line":120},"wcgs_products_data_dimensions","product_dimensions",26,{"type":73,"name":122,"callback":123,"priority":98,"file":93,"line":14},"wcgs_products_data_downloads","product_downloads",{"type":73,"name":125,"callback":126,"priority":92,"file":93,"line":127},"wbps_products_synback","syncback_data_products",34,{"type":73,"name":129,"callback":130,"priority":79,"file":93,"line":131},"wbps_products_list_before_syncback","map_brands_to_product_brand",35,{"type":73,"name":133,"callback":134,"priority":92,"file":93,"line":135},"wcgs_sync_data_categories_before_processing","format_data_categories",38,{"type":73,"name":137,"callback":138,"priority":98,"file":93,"line":139},"wcgs_categories_data_image","categories_image",39,{"type":73,"name":141,"callback":142,"file":93,"line":143},"wbps_fields_format_required","closure",76,{"type":73,"name":129,"callback":145,"priority":92,"file":146,"line":105},"add_variations","includes\\hooks.class.php",{"type":73,"name":129,"callback":148,"priority":88,"file":146,"line":55},"add_meta_columns",{"type":68,"name":150,"callback":151,"file":146,"line":116},"wcgs_after_categories_synced","categories_row_update",{"type":68,"name":153,"callback":154,"priority":92,"file":146,"line":14},"wbps_after_categories_synced","link_category_with_sheet",{"type":68,"name":156,"callback":142,"priority":79,"file":146,"line":157},"woocommerce_update_product",33,{"type":68,"name":159,"callback":142,"priority":79,"file":146,"line":160},"save_post_product",50,{"type":68,"name":162,"callback":163,"priority":79,"file":146,"line":164},"transition_post_status","handle_product_trashed",73,{"type":73,"name":166,"callback":167,"priority":79,"file":168,"line":169},"woocommerce_product_data_store_cpt_get_products_query","wcgs_product_meta_query","includes\\wc-api.class.php",13,{"type":73,"name":171,"callback":172,"priority":79,"file":173,"line":94},"woocommerce_rest_check_permissions","wbps_specific_permission_bypass","includes\\wprest.class.php",{"type":68,"name":175,"callback":142,"file":173,"line":88},"rest_api_init",{"type":68,"name":175,"callback":177,"file":173,"line":178},"init_api",30,{"type":68,"name":180,"callback":181,"file":182,"line":183},"woocommerce_init","wbps_init","sync-wc-google.php",47,[],[],[],[],{"dangerousFunctions":189,"sqlUsage":190,"outputEscaping":192,"fileOperations":203,"externalRequests":194,"nonceChecks":22,"capabilityChecks":22,"bundledLibraries":204},[],{"prepared":120,"raw":22,"locations":191},[],{"escaped":193,"rawEcho":194,"locations":195},75,3,[196,200,202],{"file":197,"line":198,"context":199},"templates\\main.php",44,"raw output",{"file":197,"line":201,"context":199},68,{"file":197,"line":164,"context":199},1,[],[],{"summary":207,"deductions":208},"The static analysis of the \"sync-wc-google\" plugin v9.6 reveals a generally positive security posture with commendable practices in place.  The complete absence of unprotected entry points like unauthenticated AJAX handlers or REST API routes, coupled with the consistent use of prepared statements for all SQL queries, significantly reduces the attack surface and mitigates common web vulnerabilities. The high percentage of properly escaped output further strengthens this position. However, a notable concern is the complete lack of nonce checks and capability checks throughout the codebase. While the static analysis did not identify any specific taint flows indicating immediate unsanitized input, the absence of these fundamental security mechanisms leaves the plugin vulnerable to potential exploitation if any new entry points are introduced or if existing ones are not sufficiently protected by other means.  The vulnerability history, with two known CVEs including a high-severity SQL injection and a medium-severity CSRF, despite being currently unpatched, strongly suggests past weaknesses in input sanitization and protection against unauthorized actions. While the current version shows no *unpatched* vulnerabilities, these historical patterns highlight areas where the plugin has previously struggled and require continued vigilance.",[209,212,214,216,218],{"reason":210,"points":211},"No nonce checks found",15,{"reason":213,"points":211},"No capability checks found",{"reason":215,"points":211},"Historical high-severity SQL injection",{"reason":217,"points":79},"Historical medium-severity CSRF",{"reason":219,"points":194},"Minor output escaping issues (4% unescaped)","2026-03-16T19:40:29.589Z",{"wat":222,"direct":241},{"assetPaths":223,"generatorPatterns":235,"scriptPaths":236,"versionParams":238},[224,225,226,227,228,229,230,231,232,233,234],"\u002Fwp-content\u002Fplugins\u002Fsync-wc-google\u002Fassets\u002Fwbps.css","\u002Fwp-content\u002Fplugins\u002Fsync-wc-google\u002Fassets\u002Fwbps.js","\u002Fwp-content\u002Fplugins\u002Fsync-wc-google\u002Fincludes\u002Ffunctions.php","\u002Fwp-content\u002Fplugins\u002Fsync-wc-google\u002Fincludes\u002Fmeta.json.php","\u002Fwp-content\u002Fplugins\u002Fsync-wc-google\u002Fincludes\u002Fadmin.class.php","\u002Fwp-content\u002Fplugins\u002Fsync-wc-google\u002Fincludes\u002Fformats.class.php","\u002Fwp-content\u002Fplugins\u002Fsync-wc-google\u002Fincludes\u002Fwc-api.class.php","\u002Fwp-content\u002Fplugins\u002Fsync-wc-google\u002Fincludes\u002Fproducts.class.php","\u002Fwp-content\u002Fplugins\u002Fsync-wc-google\u002Fincludes\u002Fcategories.class.php","\u002Fwp-content\u002Fplugins\u002Fsync-wc-google\u002Fincludes\u002Fwprest.class.php","\u002Fwp-content\u002Fplugins\u002Fsync-wc-google\u002Fincludes\u002Fhooks.class.php",[],[237],"\u002F\u002Fapis.google.com\u002Fjs\u002Fplatform.js",[239,240],"sync-wc-google\u002Fassets\u002Fwbps.js?ver=","sync-wc-google\u002Fassets\u002Fwbps.css?ver=",{"cssClasses":242,"htmlComments":243,"htmlAttributes":244,"restEndpoints":246,"jsGlobals":248,"shortcodeOutput":253},[],[],[245],"data-wbps-row-id",[247],"\u002Fwbps\u002Fv1\u002F",[249,250,251,252],"wbps_categories_tag_data","WBPS_VERSION","WBPS_SHORTNAME","wbps_load_file",[]]