Syncee Premium Dropshipping & Wholesale Security & Risk Analysis

wordpress.org/plugins/syncee-global-dropshipping

Find dropshipping and wholesale products from trusted US/CA/EU/AU suppliers, import them to your WooCommerce store.

1K active installs v1.0.23 PHP 7.2+ WP 4.6+ Updated Dec 17, 2025
dropshipdropshippingecommerceproductssuppliers
98
A · Safe
CVEs total2
Unpatched0
Last CVEJun 18, 2026
Download
Safety Verdict

Is Syncee Premium Dropshipping & Wholesale Safe to Use in 2026?

Generally Safe

Score 98/100

Syncee Premium Dropshipping & Wholesale has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

2 known CVEsLast CVE: Jun 18, 2026Updated 6mo ago
Risk Assessment

The syncee-global-dropshipping plugin v1.0.23 exhibits a mixed security posture. On the positive side, the static analysis reveals good practices in areas like SQL query handling (100% prepared statements) and output escaping (100% properly escaped). There are no detected dangerous functions, and a reasonable number of capability checks are in place. The plugin also doesn't appear to bundle external libraries, which can sometimes introduce vulnerabilities.

However, there are notable concerns. The presence of two taint flows with unsanitized paths, even without critical or high severity, suggests potential for attackers to manipulate data in unexpected ways. Furthermore, the plugin has a history of one known CVE, although it is currently patched. The common vulnerability type of 'Missing Authorization' in its history is a significant red flag, indicating past weaknesses in access control, which could resurface or indicate a persistent coding pattern.

In conclusion, while the plugin has adopted some secure coding practices, the unsanitized taint flows and past authorization issues warrant careful consideration. The lack of reported vulnerabilities in the current version is a positive sign, but the historical context and findings from the taint analysis suggest that ongoing vigilance and thorough code review are essential.

Key Concerns

  • Taint flows with unsanitized paths found
  • Known vulnerability history
  • Past common vulnerability: Missing Authorization
  • No nonce checks on entry points
Vulnerabilities
2 published

Syncee Premium Dropshipping & Wholesale Security Vulnerabilities

CVEs by Year

1 CVE in 2022
2022
1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2026-54846medium · 5.3Missing Authorization

Syncee Premium Dropshipping & Wholesale <= 1.0.27 - Missing Authorization

Jun 18, 2026 Patched in 1.0.28 (6d)
CVE-2022-3694medium · 4.3Missing Authorization

Syncee – Global Dropshipping <= 1.0.9 - Missing Authorization.

Oct 27, 2022 Patched in 1.0.10 (453d)
Version History

Syncee Premium Dropshipping & Wholesale Release Timeline

v1.0.251 CVE
v1.0.241 CVE
v1.0.23Current1 CVE
v1.0.221 CVE
v1.0.211 CVE
v1.0.201 CVE
v1.0.191 CVE
v1.0.181 CVE
v1.0.171 CVE
v1.0.161 CVE
v1.0.151 CVE
v1.0.141 CVE
v1.0.131 CVE
v1.0.121 CVE
v1.0.111 CVE
Code Analysis
Analyzed Mar 16, 2026

Syncee Premium Dropshipping & Wholesale Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
11 escaped
Nonce Checks
0
Capability Checks
1
File Operations
1
External Requests
1
Bundled Libraries
0

Output Escaping

100% escaped11 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths
saveAccessTokenFromSyncee (includes\RestForSyncee.php:128)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Syncee Premium Dropshipping & Wholesale Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 6
actionrest_api_initincludes\RestForSyncee.php:25
actionadmin_enqueue_scriptsSyncee.php:36
actionadmin_enqueue_scriptsSyncee.php:37
actionwp_enqueue_scriptsSyncee.php:39
actionwp_enqueue_scriptsSyncee.php:40
actionadmin_menuSyncee.php:189
Maintenance & Trust

Syncee Premium Dropshipping & Wholesale Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 17, 2025
PHP min version7.2
Downloads32K

Community Trust

Rating90/100
Number of ratings49
Active installs1K
Developer Profile

Syncee Premium Dropshipping & Wholesale Developer Profile

akosglys

2 plugins · 1K total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
304 days
View full developer profile
Detection Fingerprints

How We Detect Syncee Premium Dropshipping & Wholesale

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/syncee-global-dropshipping/JS/index.js/wp-content/plugins/syncee-global-dropshipping/JS/sweetalert.js/wp-content/plugins/syncee-global-dropshipping/View/index.css
Script Paths
wp-content/plugins/syncee-global-dropshipping/JS/index.jswp-content/plugins/syncee-global-dropshipping/JS/sweetalert.js
Version Parameters
syncee-global-dropshipping/JS/index.js?ver=syncee-global-dropshipping/JS/sweetalert.js?ver=syncee-global-dropshipping/View/index.css?ver=

HTML / DOM Fingerprints

CSS Classes
js-syncee-admin-interface
Data Attributes
data-syncee-access-tokendata-syncee-user-tokendata-syncee-installer-urldata-syncee-urldata-syncee-retailer-nonce
JS Globals
syncee_globals
REST Endpoints
/wp-json/syncee/retailer/v1/
FAQ

Frequently Asked Questions about Syncee Premium Dropshipping & Wholesale