WP-Safety

Product Feed PRO for WooCommerce by AdTribes – Product Feeds for WooCommerce Security & Risk Analysis

wordpress.org/plugins/woo-product-feed-pro

Most popular WooCommerce product feed plugin supporting Google shopping feed, meta/facebook feed, bing product feed & more.

80K active installs v13.5.2.2 PHP + WP 5.4+ Updated Mar 6, 2026
facebook-catalog-feedgoogle-shopping-feedmeta-feedproduct-feedwoocommerce-product-feed
97
A · Safe
CVEs total6
Unpatched0
Last CVEApr 15, 2024
Plugin page Download
Safety Verdict

Is Product Feed PRO for WooCommerce by AdTribes – Product Feeds for WooCommerce Safe to Use in 2026?

Generally Safe

Score 97/100

Product Feed PRO for WooCommerce by AdTribes – Product Feeds for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

6 known CVEsLast CVE: Apr 15, 2024Updated 28d ago
Risk Assessment

The "woo-product-feed-pro" plugin v13.5.2.2 exhibits a mixed security posture. While it demonstrates good practices like a high percentage of prepared SQL statements and properly escaped outputs, several areas raise concerns. The presence of three AJAX handlers without authentication checks creates a significant attack surface that could be exploited by unauthenticated users. The use of the `unserialize` function, even if only three times, is a known risk for deserialization vulnerabilities if the input is not strictly controlled and sanitized. Taint analysis showed flows with unsanitized paths, which, while not reaching a critical or high severity in this analysis, indicate potential for data leakage or manipulation if exploited. The plugin's history of six medium-severity CVEs, including Cross-Site Scripting and Cross-Site Request Forgery, and an insertion of sensitive information into log files, suggests a pattern of past vulnerabilities. The fact that all CVEs are currently patched is positive, but the types of past vulnerabilities are common and often exploitable. Overall, the plugin has strengths in code sanitization and prepared statements, but critical weaknesses exist in its handling of AJAX entry points and the inherent risk of unserialization, necessitating careful monitoring and prompt updates.

Key Concerns

  • Unprotected AJAX handlers
  • Use of dangerous unserialize function
  • Flows with unsanitized paths
  • Medium severity CVE history (6 total)
Vulnerabilities
6

Product Feed PRO for WooCommerce by AdTribes – Product Feeds for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2021
2021
1 CVE in 2022
2022
2 CVEs in 2023
2023
2 CVEs in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
6

6 total CVEs

CVE-2024-32513medium · 5.3Insertion of Sensitive Information into Log File

Product Feed PRO for WooCommerce by AdTribes – WooCommerce Product Feeds for Google, Facebook/Meta, Bing, & More <= 13.3.1 - Sensitive Information Exposure via Log Files

Apr 15, 2024 Patched in 13.3.2 (10d)
CVE-2024-24800medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product Feed PRO for WooCommerce by AdTribes – WooCommerce Product Feeds for Google, Facebook/Meta, Bing, & More <= 13.2.5 - Reflected Cross-Site Scripting

Mar 26, 2024 Patched in 13.2.6 (29d)
WF-c80833c3-8ffc-41a1-8d11-dafa962191fd-woo-product-feed-promedium · 4.3Cross-Site Request Forgery (CSRF)

Product Feed PRO for WooCommerce <= 12.4.4 - Cross-Site Request Forgery

Apr 5, 2023 Patched in 12.4.5 (293d)
CVE-2022-46793medium · 4.3Cross-Site Request Forgery (CSRF)

Product Feed PRO for WooCommerce <= 12.4.0 - Cross-Site Request Forgery via update_project

Mar 22, 2023 Patched in 12.4.1 (307d)
CVE-2022-0426medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product Feed PRO for WooCommerce <= 11.2.1 - Reflected Cross-Site Scripting

Feb 1, 2022 Patched in 11.2.3 (721d)
CVE-2021-24974medium · 5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product Feed PRO for WooCommerce <= 11.0.6 - Settings Update to Stored Cross-Site Scripting

Dec 23, 2021 Patched in 11.0.7 (761d)
Code Analysis
Analyzed Mar 16, 2026

Product Feed PRO for WooCommerce by AdTribes – Product Feeds for WooCommerce Code Analysis

Dangerous Functions
3
Raw SQL Queries
10
32 prepared
Unescaped Output
53
866 escaped
Nonce Checks
32
Capability Checks
16
File Operations
38
External Requests
3
Bundled Libraries
0

Dangerous Functions Found

unserialize$product_attr = unserialize( $value->type );classes\class-get-products.php:295
unserialize$product_attr = unserialize( $value->type );classes\class-get-products.php:4100
unserialize$product_attr = unserialize( $value->type );classes\class-get-products.php:4498

SQL Query Safety

76% prepared42 total queries

Output Escaping

94% escaped919 total outputs
Data Flows
9 unsanitized

Data Flow Analysis

24 flows9 with unsanitized paths
<bootstrap-old> (bootstrap-old.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

Product Feed PRO for WooCommerce by AdTribes – Product Feeds for WooCommerce Attack Surface

Entry Points33
Unprotected3

AJAX Handlers 33

authwp_ajax_woosea_categories_dropdownbootstrap-old.php:738
authwp_ajax_woosea_shipping_zonesbootstrap-old.php:810
authwp_ajax_woosea_fieldmapping_dialog_helptextbootstrap-old.php:881
authwp_ajax_check_temp_feed_required_fieldsincludes\Classes\Admin_Pages\Edit_Feed_Page.php:1436
authwp_ajax_adt_export_import_toolsincludes\Classes\Export_Import_Tools.php:330
authwp_ajax_adt_get_feed_processing_statusincludes\Classes\Heartbeat.php:221
authwp_ajax_adt_pfp_generate_product_feedincludes\Classes\Heartbeat.php:223
authwp_ajax_woosea_ajax_add_filterincludes\Classes\Legacy\Filters_Legacy.php:343
authwp_ajax_woosea_ajax_add_ruleincludes\Classes\Legacy\Rules_Legacy.php:279
authwp_ajax_pfp_close_marketing_pageincludes\Classes\Marketing.php:266
authwp_ajax_adt_pfp_dismiss_admin_noticeincludes\Classes\Notices.php:846
authwp_ajax_adt_pfp_mark_notice_readincludes\Classes\Notices.php:847
authwp_ajax_adt_pfp_mark_all_readincludes\Classes\Notices.php:848
authwp_ajax_adt_install_activate_pluginincludes\Classes\Plugin_Installer.php:288
authwp_ajax_adt_feed_action_cloneincludes\Classes\Product_Feed_Admin.php:697
authwp_ajax_adt_feed_action_deleteincludes\Classes\Product_Feed_Admin.php:698
authwp_ajax_adt_feed_action_refreshincludes\Classes\Product_Feed_Admin.php:699
authwp_ajax_adt_feed_action_cancelincludes\Classes\Product_Feed_Admin.php:700
authwp_ajax_adt_feed_action_activateincludes\Classes\Product_Feed_Admin.php:701
authwp_ajax_adt_feed_action_deactivateincludes\Classes\Product_Feed_Admin.php:702
authwp_ajax_adt_process_bulk_feed_actionsincludes\Classes\Product_Feed_Admin.php:703
authwp_ajax_woosea_project_statusincludes\Classes\Product_Feed_Admin.php:705
authwp_ajax_woosea_print_channelsincludes\Classes\Product_Feed_Admin.php:706
authwp_ajax_woosea_ajax_get_attributesincludes\Classes\Product_Feed_Attributes.php:655
authwp_ajax_adt_pfp_anonymous_dataincludes\Classes\Usage.php:831
authwp_ajax_adt_pfp_allow_tracking_notice_actionincludes\Classes\Usage.php:832
authwp_ajax_adt_pfp_update_settingsincludes\Classes\WP_Admin.php:711
authwp_ajax_woosea_getelite_notificationincludes\Classes\WP_Admin.php:712
authwp_ajax_adt_migrate_to_custom_post_typeincludes\Classes\WP_Admin.php:713
authwp_ajax_adt_clear_custom_attributes_product_meta_keysincludes\Classes\WP_Admin.php:714
authwp_ajax_adt_update_file_url_to_lower_caseincludes\Classes\WP_Admin.php:715
authwp_ajax_adt_use_legacy_filters_and_rulesincludes\Classes\WP_Admin.php:716
authwp_ajax_adt_fix_duplicate_feedincludes\Classes\WP_Admin.php:717
WordPress Hooks 72
actionbefore_woocommerce_initbootstrap\app.php:66
actionadmin_noticesbootstrap\app.php:73
actioninitbootstrap\app.php:80
actionsetup_themebootstrap\app.php:90
actionwp_footerbootstrap-old.php:459
actionwp_footerbootstrap-old.php:646
actionwp_headbootstrap-old.php:659
actionwoocommerce_thankyoubootstrap-old.php:673
actionpre_post_updatebootstrap-old.php:931
actionwoocommerce_update_productbootstrap-old.php:994
actionrest_api_initincludes\Abstracts\Abstract_REST.php:90
actionadmin_menuincludes\Abstracts\Admin_Page.php:269
actionadmin_enqueue_scriptsincludes\Abstracts\Admin_Page.php:270
actionadmin_noticesincludes\autoload.php:53
actionwp_footerincludes\autoload.php:73
actioncurrent_screenincludes\Classes\Admin_Pages\Edit_Feed_Page.php:1428
filteradmin_footer_textincludes\Classes\Admin_Pages\Edit_Feed_Page.php:1430
actionadmin_post_edit_feed_form_processincludes\Classes\Admin_Pages\Edit_Feed_Page.php:1433
actionadmin_noticesincludes\Classes\Admin_Pages\Edit_Feed_Page.php:1439
actionadt_manage_feeds_table_row_actionsincludes\Classes\Admin_Pages\Manage_Feeds_Page.php:227
filteradmin_footer_textincludes\Classes\Admin_Pages\Settings_Page.php:413
actionadmin_enqueue_scriptsincludes\Classes\Export_Import_Tools.php:327
filteradt_pfp_get_filters_rules_attributesincludes\Classes\Feeds\Google_Product_Review.php:503
filteradt_pfp_maybe_skip_filterincludes\Classes\Feeds\Google_Product_Review.php:504
filteradt_pfp_filter_product_feed_dataincludes\Classes\Feeds\Google_Product_Review.php:505
filteradt_product_feed_xml_attribute_handlingincludes\Classes\Feeds\OpenAI_Product_Feed.php:323
filteradt_product_data_availability_formatincludes\Classes\Feeds\OpenAI_Product_Feed.php:324
filteradt_product_feed_jsonl_productincludes\Classes\Feeds\OpenAI_Product_Feed.php:325
filteradt_product_feed_platform_requires_pure_plain_text_fieldsincludes\Classes\Feeds\OpenAI_Product_Feed.php:326
filteradt_product_feed_csv_row_dataincludes\Classes\Feeds\OpenAI_Product_Feed.php:327
actioninitincludes\Classes\Marketing.php:251
actionadmin_menuincludes\Classes\Marketing.php:254
filterpfp_is_pfp_pageincludes\Classes\Marketing.php:257
filterpfp_show_notice_bar_liteincludes\Classes\Marketing.php:260
actionadmin_enqueue_scriptsincludes\Classes\Marketing.php:263
actionadmin_enqueue_scriptsincludes\Classes\Notices.php:838
actionadt_pfp_cron_noticesincludes\Classes\Notices.php:841
actionadmin_noticesincludes\Classes\Notices.php:843
actionadmin_footerincludes\Classes\Notices.php:844
actionadt_pfp_notice_updatedincludes\Classes\Notices.php:849
actionadmin_initincludes\Classes\Notices.php:852
actionwoocommerce_order_status_changedincludes\Classes\Orders.php:442
actionwoocommerce_delete_orderincludes\Classes\Orders.php:443
actionwp_trash_postincludes\Classes\Orders.php:444
actionadmin_enqueue_scriptsincludes\Classes\Plugin_Installer.php:285
filterposts_whereincludes\Classes\Product_Data.php:99
filteradt_feed_get_attributesincludes\Classes\Shipping_Data.php:824
actionadmin_enqueue_scriptsincludes\Classes\Upsell.php:225
filteradt_product_feed_refresh_interval_optionsincludes\Classes\Upsell.php:228
filteradt_product_feed_refresh_interval_labelsincludes\Classes\Upsell.php:229
actionadt_general_feed_settings_after_refresh_intervalincludes\Classes\Upsell.php:232
filteradt_settings_other_settings_argsincludes\Classes\Usage.php:817
actionadmin_noticesincludes\Classes\Usage.php:820
actionadmin_enqueue_scriptsincludes\Classes\Usage.php:821
filterinitincludes\Classes\Usage.php:826
filtercron_schedulesincludes\Classes\Usage.php:827
actionadmin_enqueue_scriptsincludes\Classes\WP_Admin.php:693
actioninitincludes\Classes\WP_Admin.php:696
actionin_admin_headerincludes\Classes\WP_Admin.php:699
filterplugin_action_linksincludes\Classes\WP_Admin.php:702
actionadt_after_manage_settings_tableincludes\Classes\WP_Admin.php:705
actionadmin_menuincludes\Classes\WP_Admin.php:708
actionadmin_noticesincludes\Factories\Admin_Notice.php:120
actionwp_headincludes\Factories\Vite_App.php:375
actionadmin_headincludes\Factories\Vite_App.php:376
actionwp_headincludes\Factories\Vite_App.php:380
filterscript_loader_tagincludes\Factories\Vite_App.php:505
filterstyle_loader_tagincludes\Factories\Vite_App.php:506
filterrocket_preload_exclude_urlsincludes\Integrations\WP_Rocket.php:53
filteradt_get_product_dataincludes\Integrations\WWPP.php:88
actioninitincludes\Post_Types\Product_Feed_Post_Type.php:95
actioninitwoocommerce-sea.php:159

Scheduled Events 1

adt_pfp_cron_notices
Maintenance & Trust

Product Feed PRO for WooCommerce by AdTribes – Product Feeds for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 6, 2026
PHP min version
Downloads11.0M

Community Trust

Rating94/100
Number of ratings1,046
Active installs80K
Alternatives

Product Feed PRO for WooCommerce by AdTribes – Product Feeds for WooCommerce Alternatives

Product Feed Manager For WooCommerce – Sell on 200+ Online Marketplaces

Product Feed Manager For WooCommerce – Sell on 200+ Online Marketplaces

best-woocommerce-feed

A
99

Generate WooCommerce product feeds for 200+ marketplaces. Sell on Google Shopping, Facebook, Instagram, Amazon, eBay, TikTok and more.

10K 2 CVEs
Products Feed Generator

Products Feed Generator

products-feed-generator

A
92

Generates an XML Products Feed for Google Merchant Center in RSS 2.0 format.

30 No CVEs
Product Feed for Google Shopping, Microsoft Advertising and 40+ Channels for WooCommerce Merchant

Product Feed for Google Shopping, Microsoft Advertising and 40+ Channels for WooCommerce Merchant

shopping-feed-for-google

A
100

Automate real-time product syncing to Google, Microsoft & Facebook from WooCommerce. Launch campaigns and track interactions with Google Analytics 4.

2K No CVEs
WebToffee WooCommerce Product Feeds – Google Shopping, Pinterest, TikTok Ads, & More

WebToffee WooCommerce Product Feeds – Google Shopping, Pinterest, TikTok Ads, & More

webtoffee-product-feed

A
96

Create WooCommerce product feeds containing unlimited number of products. Supports Google Product feed, Facebook catalog feed, Instagram, Bing & m &hellip;

2K 3 CVEs
GG Woo Feed for WooCommerce Shopping Feed on Google and Other Channels

GG Woo Feed for WooCommerce Shopping Feed on Google and Other Channels

gg-woo-feed

A
99

No #1 WooCommerce Feed Generator Creates product feed for marketing channel Google Shopping Merchant, Meta Remarketing, Printerest and Others Channels

1K 2 CVEs
Developer Profile

Product Feed PRO for WooCommerce by AdTribes – Product Feeds for WooCommerce Developer Profile

Josh Kohlbach

9 plugins · 140K total installs

75
trust score
Avg Security Score
94/100
Avg Patch Time
849 days
View full developer profile
Detection Fingerprints

How We Detect Product Feed PRO for WooCommerce by AdTribes – Product Feeds for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/woo-product-feed-pro/static/images//wp-content/plugins/woo-product-feed-pro/static/js//wp-content/plugins/woo-product-feed-pro/static/css/
Script Paths
wp-content/plugins/woo-product-feed-pro/bootstrap/app.php
Version Parameters
woo-product-feed-pro

HTML / DOM Fingerprints

CSS Classes
adt-pfp-custom-attribute
Data Attributes
data-feed-iddata-feed-title
JS Globals
adt_pfp_vars
REST Endpoints
/wp-json/adt-pfp/v1/
FAQ

Frequently Asked Questions about Product Feed PRO for WooCommerce by AdTribes – Product Feeds for WooCommerce