WP-Safety

UPC/EAN/GTIN Barcode Generator/Importer Security & Risk Analysis

wordpress.org/plugins/upc-ean-barcode-generator

Generate UPC/EAN/GTIN codes or import them from CSV/Spreadsheet file into WooCommerce products

500 active installs v2.0.4 PHP 5.8.1+ WP 4.0.1+ Updated Oct 12, 2025
barcodeeangs1gtinupc
95
A · Safe
CVEs total3
Unpatched0
Last CVEOct 16, 2025
Plugin page Download
Safety Verdict

Is UPC/EAN/GTIN Barcode Generator/Importer Safe to Use in 2026?

Generally Safe

Score 95/100

UPC/EAN/GTIN Barcode Generator/Importer has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Oct 16, 2025Updated 5mo ago
Risk Assessment

The upc-ean-barcode-generator plugin v2.0.4 presents a mixed security posture. While it demonstrates good practices in SQL query preparation (89%) and output escaping (92%), significant concerns arise from its attack surface and taint analysis. All 10 AJAX handlers lack authorization checks, creating a substantial entry point for unauthorized actions. The presence of 5 high-severity unsanitized path flows in the taint analysis is particularly alarming, suggesting potential for path traversal or similar vulnerabilities. The plugin's vulnerability history, including past issues with CSRF, path traversal, and missing authorization, further reinforces these concerns, indicating a pattern of exploitable weaknesses.

Despite the plugin's efforts in SQL and output handling, the sheer number of unprotected AJAX endpoints and the critical taint analysis findings represent significant risks. The history of past vulnerabilities, particularly those involving authorization and path manipulation, suggests a recurring need for more robust security implementations. While there are no currently unpatched CVEs, the identified code signals and taint flows indicate potential for new vulnerabilities to be introduced or remain latent. Users should exercise caution and prioritize patching any future updates promptly.

Key Concerns

  • 10 AJAX handlers without auth checks
  • 5 high severity unsanitized path flows
  • 11 dangerous functions (unserialize)
  • 1 missing nonce check
  • Bundled libraries (dompdf, TCPDF)
  • High severity past vulnerability (1)
  • Medium severity past vulnerabilities (2)
Vulnerabilities
3

UPC/EAN/GTIN Barcode Generator/Importer Security Vulnerabilities

CVEs by Year

3 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

High
1
Medium
2

3 total CVEs

CVE-2025-62009medium · 4.3Cross-Site Request Forgery (CSRF)

UPC/EAN/GTIN Code Generator <= 2.0.2 - Cross-Site Request Forgery

Oct 16, 2025 Patched in 2.0.3 (8d)
CVE-2025-53588high · 8.1Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

UPC/EAN/GTIN Code Generator <= 2.0.2 - Authenticated (Subscriber+) Arbitrary File Deletion

Aug 25, 2025 Patched in 2.0.3 (10d)
CVE-2025-31878medium · 4.3Missing Authorization

UPC/EAN/GTIN Code Generator <= 2.0.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update

Apr 1, 2025 Patched in 2.0.3 (133d)
Code Analysis
Analyzed Mar 16, 2026

UPC/EAN/GTIN Barcode Generator/Importer Code Analysis

Dangerous Functions
11
Raw SQL Queries
6
48 prepared
Unescaped Output
12
145 escaped
Nonce Checks
1
Capability Checks
10
File Operations
185
External Requests
0
Bundled Libraries
2

Dangerous Functions Found

unserialize$this->_currentObject = unserialize($obj);extlibs\PHPExcel\PHPExcel\CachedObjectStorage\APC.php:72
unserialize$this->_currentObject = unserialize(fread($this->_fileHandle,$this->_cellCache[$pCoord]['sz']));extlibs\PHPExcel\PHPExcel\CachedObjectStorage\DiscISAM.php:54
unserialize$this->_currentObject = unserialize($obj);extlibs\PHPExcel\PHPExcel\CachedObjectStorage\Memcache.php:77
unserialize$this->_currentObject = unserialize(gzinflate($this->_cellCache[$pCoord]));extlibs\PHPExcel\PHPExcel\CachedObjectStorage\MemoryGZip.php:41
unserialize$this->_currentObject = unserialize($this->_cellCache[$pCoord]);extlibs\PHPExcel\PHPExcel\CachedObjectStorage\MemorySerialized.php:41
unserialize$this->_currentObject = unserialize(fread($this->_fileHandle,$this->_cellCache[$pCoord]['sz']));extlibs\PHPExcel\PHPExcel\CachedObjectStorage\PHPTemp.php:51
unserialize$this->_currentObject = unserialize($cellResult);extlibs\PHPExcel\PHPExcel\CachedObjectStorage\SQLite.php:52
unserialize$this->_currentObject = unserialize($cellData['value']);extlibs\PHPExcel\PHPExcel\CachedObjectStorage\SQLite3.php:64
unserialize$this->_currentObject = unserialize($obj);extlibs\PHPExcel\PHPExcel\CachedObjectStorage\Wincache.php:83
unserialize$this->{$key} = unserialize(serialize($val));extlibs\PHPExcel\PHPExcel\Worksheet.php:1527
unserialize$this->{$key} = unserialize(serialize($val));extlibs\PHPExcel\PHPExcel.php:479

Bundled Libraries

dompdfTCPDF

SQL Query Safety

89% prepared54 total queries

Output Escaping

92% escaped157 total outputs
Data Flows
5 unsanitized

Data Flow Analysis

6 flows5 with unsanitized paths
uploadDataFile (src\features\DataSources\SpreadSheet.php:31)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
10 unprotected

UPC/EAN/GTIN Barcode Generator/Importer Attack Surface

Entry Points10
Unprotected10

AJAX Handlers 10

authwp_ajax_uegen_regenerate_codesrc\Core.php:40
authwp_ajax_uegen_generate_products_codessrc\Core.php:41
authwp_ajax_uegen_unassign_imported_file_datasrc\Core.php:42
authwp_ajax_uegen_save_settingssrc\Core.php:45
authwp_ajax_uegen_check_custom_fieldsrc\Core.php:46
authwp_ajax_uegen_upload_spreadsheet_filesrc\Core.php:49
authwp_ajax_uegen_import_data_from_filesrc\Core.php:50
authwp_ajax_uegen_get_imported_files_infosrc\Core.php:51
authwp_ajax_uegen_delete_imported_file_datasrc\Core.php:52
authwp_ajax_uegen_get_products_count_infosrc\Core.php:53
WordPress Hooks 26
actionwpmu_new_blogindex.php:32
actionplugins_loadedindex.php:40
actionbefore_woocommerce_initindex.php:48
actionadmin_menusrc\Core.php:34
actionadmin_menusrc\Core.php:35
filterupload_dirsrc\features\DataSources\SpreadSheet.php:28
actioninitsrc\features\Integrations\CodeStoreField.php:31
filteruegen_code_store_field_optionssrc\features\Integrations\CodeStoreField.php:35
filteruegen_get_product_code_field_valuesrc\features\Integrations\CodeStoreField.php:45
filteruegen_get_product_code_input_namesrc\features\Integrations\CodeStoreField.php:53
actionuegen_set_product_code_field_valuesrc\features\Integrations\CodeStoreField.php:61
actionuegen_unset_product_code_field_valuesrc\features\Integrations\CodeStoreField.php:67
actionuegen_check_if_code_value_not_usedsrc\features\Integrations\CodeStoreField.php:73
filteruegen_get_empty_codes_productssrc\features\Integrations\CodeStoreField.php:79
filteruegen_get_all_products_querysrc\features\Integrations\CodeStoreField.php:87
filteruegen_get_empty_codes_products_querysrc\features\Integrations\CodeStoreField.php:95
filteruegen_add_search_query_paramssrc\features\Integrations\CodeStoreField.php:103
filteruegen_add_search_query_tablessrc\features\Integrations\CodeStoreField.php:111
actioninitsrc\features\products\Products.php:40
actionwoocommerce_process_product_metasrc\features\products\Products.php:54
actionwoocommerce_product_options_skusrc\features\products\Products.php:55
actionwoocommerce_variation_optionssrc\features\products\Products.php:57
actionwoocommerce_save_product_variationsrc\features\products\Products.php:58
actionwoocommerce_after_product_object_savesrc\features\products\Products.php:60
actionedit_form_topsrc\features\products\Products.php:62
actionposts_searchsrc\features\products\Products.php:64
Maintenance & Trust

UPC/EAN/GTIN Barcode Generator/Importer Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedOct 12, 2025
PHP min version5.8.1
Downloads9K

Community Trust

Rating100/100
Number of ratings2
Active installs500
Alternatives

UPC/EAN/GTIN Barcode Generator/Importer Alternatives

EAN Barcode Generator for WooCommerce: UPC, ISBN & GTIN Inventory

EAN Barcode Generator for WooCommerce: UPC, ISBN & GTIN Inventory

ean-for-woocommerce

A
96

Manage GTINs (EAN, UPC, ISBN, etc.) effortlessly in WooCommerce! Create, save, search, and display EANs easily, with tools for bulk actions, etc.

10K 6 CVEs
Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce

Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce

a4-barcode-generator

A
97

Generate & print barcode labels for WooCommerce products and orders. Put various data on labels like price, SKU, name, attributes, customer data, etc

1K 4 CVEs
Barcode Generator for WooCommerce – Show barcodes on products, orders, invoices and other pages

Barcode Generator for WooCommerce – Show barcodes on products, orders, invoices and other pages

embedding-barcodes-into-product-pages-and-orders

A
97

Embed product and order barcodes into web-pages, emails, invoices or any other places on your website.

300 3 CVEs
Flexible EAN for WooCommerce

Flexible EAN for WooCommerce

flexible-ean-for-woocommerce

A
100

The Flexible EAN for WooCommerce plugin can save the EAN barcode for simple and variable products.

100 No CVEs
Carmo Product GTIN for WooCommerce

Carmo Product GTIN for WooCommerce

carmo-woo-product-gtin

A
92

This plugin will add a numeric GTIN field to Simple Products and Product Variation if they exist. This field can be used via shortcode [carmogtin] on &hellip;

20 No CVEs
Developer Profile

UPC/EAN/GTIN Barcode Generator/Importer Developer Profile

Dmitry V. (CEO of "UKR Solution")

5 plugins · 3K total installs

89
trust score
Avg Security Score
93/100
Avg Patch Time
18 days
View full developer profile
Detection Fingerprints

How We Detect UPC/EAN/GTIN Barcode Generator/Importer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/upc-ean-barcode-generator/assets/js/index-2.0.4-basic-1760274808903.js/wp-content/plugins/upc-ean-barcode-generator/assets/css/index-2.0.4-basic-1760274808903.css
Script Paths
/wp-content/plugins/upc-ean-barcode-generator/assets/js/index-2.0.4-basic-1760274808903.js
Version Parameters
upc-ean-barcode-generator/assets/js/index-2.0.4-basic-1760274808903.js?ver=upc-ean-barcode-generator/assets/css/index-2.0.4-basic-1760274808903.css?ver=

HTML / DOM Fingerprints

CSS Classes
upc-ean-generator-supportupc-ean-generator-faq
JS Globals
uegen
REST Endpoints
/wp-json/uegen/
FAQ

Frequently Asked Questions about UPC/EAN/GTIN Barcode Generator/Importer