WP-Safety

WooMS Security & Risk Analysis

wordpress.org/plugins/wooms

MoySklad (moysklad.ru) and WooCommerce - sync, integration, connection

500 active installs v9.12 PHP 8.0+ WP 6.0+ Updated Jul 20, 2024
integrationmoyskladsyncwoocommerce
37
D · High Risk
CVEs total3
Unpatched3
Last CVESep 22, 2025
Plugin page Download
Safety Verdict

Is WooMS Safe to Use in 2026?

High Risk

Score 37/100

WooMS carries significant security risk with 3 known CVEs, 3 still unpatched. Consider switching to a maintained alternative.

3 known CVEs 3 unpatched Last CVE: Sep 22, 2025Updated 1yr ago
Risk Assessment

The "wooms" v9.12 plugin presents a mixed security posture. While it demonstrates good practices by avoiding dangerous functions, using prepared statements for all SQL queries, and having no critical or high severity taint flows, significant concerns arise from its unprotected entry points. With 3 out of 4 identified entry points (AJAX handlers and REST API routes) lacking proper authentication or permission checks, this plugin exposes itself to potential unauthorized access and manipulation. The plugin also has a history of medium severity vulnerabilities, specifically related to missing authorization and cross-site scripting, with three currently unpatched CVEs. This suggests recurring security weaknesses in how user input and actions are handled.

Despite the absence of critical code-level flaws in the static analysis, the combination of a large unprotected attack surface and a history of unpatched vulnerabilities indicates a moderate to high risk. The unpatched CVEs, in particular, are a pressing concern, as they represent known and exploitable weaknesses. While the plugin benefits from proper SQL handling and output escaping in a majority of cases, these strengths are overshadowed by the critical need for robust authorization checks on its exposed entry points and the urgency of addressing the existing, unpatched vulnerabilities.

Key Concerns

  • Unpatched CVEs
  • AJAX handlers without auth checks
  • REST API routes without permission callbacks
  • Low output escaping coverage
Vulnerabilities
3

WooMS Security Vulnerabilities

CVEs by Year

3 CVEs in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
3

3 total CVEs

CVE-2025-57956medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WooMS <= 9.12 - Authenticated (Administrator+) Stored Cross-Site Scripting

Sep 22, 2025Unpatched
CVE-2025-57957medium · 6.5Missing Authorization

WooMS <= 9.12 - Missing Authorization

Sep 22, 2025Unpatched
CVE-2025-32602medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WooMS <= 9.12 - Reflected Cross-Site Scripting

Apr 15, 2025Unpatched
Code Analysis
Analyzed Mar 16, 2026

WooMS Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
11
23 escaped
Nonce Checks
1
Capability Checks
2
File Operations
0
External Requests
6
Bundled Libraries
0

Output Escaping

68% escaped34 total outputs
Attack Surface
3 unprotected

WooMS Attack Surface

Entry Points4
Unprotected3

AJAX Handlers 2

authwp_ajax_health-check-wooms-check_login_passwordincludes\SiteHealth.php:14
authwp_ajax_health-check-check-webhooksincludes\SiteHealthWebHooks.php:25

REST API Routes 1

GET/wp-json/wooms/v1/order-update/includes\OrderUpdateFromMoySklad.php:718

Shortcodes 1

[wooms_loader_icon] includes\LoaderIcon.php:19
WordPress Hooks 178
actionadmin_initincludes\CategoriesFilter.php:19
filterwooms_url_get_products_filtersincludes\CategoriesFilter.php:31
filterwooms_url_get_bundle_filterincludes\CategoriesFilter.php:32
filterwooms_url_get_service_filterincludes\CategoriesFilter.php:33
filterwooms_productfolderincludes\CategoriesFilter.php:34
filterwooms_product_priceincludes\CurrencyConverter.php:19
filterwooms_sale_priceincludes\CurrencyConverter.php:20
actionwooms_main_walker_startedincludes\CurrencyConverter.php:22
actionadmin_initincludes\CurrencyConverter.php:24
actionadmin_headincludes\LoaderIcon.php:24
actionadmin_initincludes\Logger.php:18
actionwooms_loggerincludes\Logger.php:19
actionwooms_logger_errorincludes\Logger.php:20
filterwooms_logger_enableincludes\Logger.php:23
actionadmin_menuincludes\Logger.php:27
filterwoocommerce_status_log_items_per_pageincludes\Logger.php:36
actionwoocommerce_update_productincludes\LoggerProductSave.php:19
actionadmin_menuincludes\MenuTools.php:22
filtermanage_product_posts_columnsincludes\MetaColumn.php:21
actionmanage_product_posts_custom_columnincludes\MetaColumn.php:23
filterwooms_order_sender_notesincludes\OrderNotes.php:12
actionadmin_initincludes\OrderNotes.php:14
filterwooms_order_dataincludes\OrderNumber.php:16
filterwoocommerce_order_numberincludes\OrderNumber.php:17
filterwooms_order_updateincludes\OrderNumber.php:18
filterwooms_update_order_from_moyskladincludes\OrderNumber.php:19
actionadmin_initincludes\OrderNumber.php:21
actionpre_get_postsincludes\OrderNumber.php:22
actionwooms_send_order_in_moyskladincludes\Orders.php:27
actionwooms_check_orders_for_update_to_moyskladincludes\Orders.php:40
actioninitincludes\Orders.php:42
actionsave_post_shop_orderincludes\Orders.php:44
actionwoocommerce_new_orderincludes\Orders.php:46
filterwooms_order_dataincludes\Orders.php:49
filterwooms_order_dataincludes\Orders.php:50
filterwooms_order_dataincludes\Orders.php:51
filterwooms_order_dataincludes\Orders.php:52
filterwooms_order_dataincludes\Orders.php:53
filterwooms_order_dataincludes\Orders.php:54
filterwooms_order_dataincludes\Orders.php:55
actionadd_meta_boxesincludes\Orders.php:57
actionwooms_order_metabox_controlsincludes\Orders.php:61
actionadmin_initincludes\Orders.php:63
actionwoocommerce_order_item_meta_startincludes\Orders.php:65
filterwoocommerce_order_item_get_formatted_meta_dataincludes\Orders.php:67
filterwooms_order_dataincludes\OrderShipment.php:17
filterwooms_skip_serviceincludes\OrderShipment.php:19
actionadmin_initincludes\OrderShipment.php:21
filterwooms_order_dataincludes\OrderStatusesFromSite.php:21
actionadmin_initincludes\OrderStatusesFromSite.php:23
actionwooms_order_update_from_moyskladincludes\OrderUpdateFromMoySklad.php:37
actionrest_api_initincludes\OrderUpdateFromMoySklad.php:45
actioninitincludes\OrderUpdateFromMoySklad.php:47
actionwooms_check_orders_for_sync_from_moyskladincludes\OrderUpdateFromMoySklad.php:49
actionadmin_initincludes\OrderUpdateFromMoySklad.php:52
filterwooms_update_order_from_moyskladincludes\OrderUpdateFromMoySklad.php:54
filterwooms_update_order_from_moyskladincludes\OrderUpdateFromMoySklad.php:55
filterwooms_skip_order_updateincludes\OrderUpdateFromMoySklad.php:57
actionsave_post_shop_orderincludes\OrderUpdateFromMoySklad.php:59
filterwooms_product_updateincludes\ProductAttributes.php:22
filterwooms_attributesincludes\ProductAttributes.php:24
filterwooms_attributesincludes\ProductAttributes.php:25
filterwooms_allow_data_types_for_attributesincludes\ProductAttributes.php:26
actionadmin_initincludes\ProductAttributes.php:27
actiongallery_images_download_scheduleincludes\ProductGallery.php:26
filterwooms_product_updateincludes\ProductGallery.php:28
actionadmin_initincludes\ProductGallery.php:30
actioninitincludes\ProductGallery.php:32
actionwooms_main_walker_finishincludes\ProductGallery.php:34
actionwooms_product_images_infoincludes\ProductGallery.php:36
actionwooms_bundle_walker_batchincludes\ProductGrouped.php:36
filterwooms_product_updateincludes\ProductGrouped.php:38
actionwooms_main_walker_finishincludes\ProductGrouped.php:40
actionwooms_wakler_variations_finishincludes\ProductGrouped.php:41
actioninitincludes\ProductGrouped.php:43
actionwooms_tools_sectionsincludes\ProductGrouped.php:44
actionadmin_initincludes\ProductGrouped.php:45
actionadmin_initincludes\Products.php:15
actionwooms_tools_sectionsincludes\Products.php:17
actionwoomss_tool_actions_wooms_products_start_importincludes\Products.php:18
actionwoomss_tool_actions_wooms_products_stop_importincludes\Products.php:19
actionadd_meta_boxesincludes\Products.php:21
actionadmin_initincludes\ProductsCategories.php:15
actionproduct_cat_edit_form_fieldsincludes\ProductsCategories.php:16
actionwooms_main_walker_startedincludes\ProductsCategories.php:22
filterwooms_product_updateincludes\ProductsCategories.php:24
filterwooms_product_updateincludes\ProductsCategories.php:25
filterwooms_main_walker_finishincludes\ProductsCategories.php:26
actionplugins_loadedincludes\ProductsExclusion.php:14
actionadmin_initincludes\ProductsExclusion.php:15
filterwooms_url_get_products_filtersincludes\ProductsExclusion.php:17
actioninitincludes\ProductsHiding.php:9
actionwooms_main_walker_finishincludes\ProductsHiding.php:11
actionwooms_main_walker_startedincludes\ProductsHiding.php:12
actionadmin_initincludes\ProductsHiding.php:13
actionwooms_tools_sectionsincludes\ProductsHiding.php:14
actioninitincludes\ProductsImage.php:11
actionwooms_product_image_syncincludes\ProductsImage.php:12
filterwooms_product_updateincludes\ProductsImage.php:13
actionwooms_tools_sectionsincludes\ProductsImage.php:14
actionadmin_initincludes\ProductsImage.php:15
actionwooms_main_walker_finishincludes\ProductsImage.php:16
actionwooms_display_product_metaboxincludes\ProductSingleSync.php:24
actionwoocommerce_update_productincludes\ProductSingleSync.php:25
actionwooms_product_single_update_scheduleincludes\ProductSingleSync.php:27
actioninitincludes\ProductSingleSync.php:29
actionwoocommerce_update_productincludes\ProductSingleSync.php:229
filterwooms_product_updateincludes\ProductsPrices.php:9
filterwooms_variation_saveincludes\ProductsPrices.php:10
actionadmin_initincludes\ProductsPrices.php:11
actionwooms_monitoringincludes\ProductsScheduler.php:11
actionadmin_initincludes\ProductsScheduler.php:13
actionadmin_initincludes\ProductsScheduler.php:19
actionwooms_services_walker_batchincludes\ProductsServices.php:39
filterwooms_product_updateincludes\ProductsServices.php:41
actionwooms_main_walker_startedincludes\ProductsServices.php:43
actioninitincludes\ProductsServices.php:45
actionwooms_tools_sectionsincludes\ProductsServices.php:46
actionadmin_initincludes\ProductsServices.php:47
actionadmin_initincludes\ProductsSkipIfSkuEmpty.php:14
filterwooms_skip_product_importincludes\ProductsSkipIfSkuEmpty.php:16
filterwooms_stock_product_saveincludes\ProductStocks.php:55
actionwooms_assortment_syncincludes\ProductStocks.php:57
filterwooms_product_updateincludes\ProductStocks.php:59
filterwooms_variation_saveincludes\ProductStocks.php:60
filterwooms_assortment_sync_filtersincludes\ProductStocks.php:62
filterwooms_stock_log_dataincludes\ProductStocks.php:63
actionwooms_variations_batch_endincludes\ProductStocks.php:65
actionwooms_products_batch_endincludes\ProductStocks.php:66
actionadmin_initincludes\ProductStocks.php:68
actionwooms_tools_sectionsincludes\ProductStocks.php:69
actionwooms_variables_walker_batchincludes\ProductVariable.php:33
filterwooms_product_updateincludes\ProductVariable.php:35
filterwooms_variation_saveincludes\ProductVariable.php:37
actionadmin_initincludes\ProductVariable.php:40
actionwoomss_tool_actions_wooms_import_variations_manual_startincludes\ProductVariable.php:41
actionwoomss_tool_actions_wooms_import_variations_manual_stopincludes\ProductVariable.php:42
actionwooms_main_walker_finishincludes\ProductVariable.php:43
actionwooms_main_walker_startedincludes\ProductVariable.php:44
actionwooms_tools_sectionsincludes\ProductVariable.php:46
actionwoocommerce_variation_headerincludes\ProductVariable.php:48
actionwooms_variaion_image_syncincludes\ProductVariableImage.php:21
filterwooms_variation_saveincludes\ProductVariableImage.php:23
actioninitincludes\ProductVariableImage.php:24
actionwooms_wakler_variations_finishincludes\ProductVariableImage.php:25
filterwooms_product_updateincludes\SalePrices.php:17
filterwooms_variation_saveincludes\SalePrices.php:18
actionadmin_initincludes\SalePrices.php:20
actionadmin_initincludes\SendWarehouse.php:16
filterwooms_order_send_dataincludes\SendWarehouse.php:18
actionadmin_menuincludes\Settings.php:45
actionadmin_initincludes\Settings.php:68
actionadmin_initincludes\Settings.php:69
actionwooms_settings_after_headerincludes\Settings.php:71
actionplugins_loadedincludes\SiteHealth.php:12
filtersite_status_testsincludes\SiteHealth.php:13
filteradd_wooms_plugin_debugincludes\SiteHealth.php:15
filterdebug_informationincludes\SiteHealthDebugSection.php:26
filteradd_wooms_plugin_debugincludes\SiteHealthDebugSection.php:28
filteradd_wooms_plugin_debugincludes\SiteHealthDebugSection.php:31
filtersite_status_testsincludes\SiteHealthWebHooks.php:16
filteradd_wooms_plugin_debugincludes\SiteHealthWebHooks.php:27
filterwooms_order_sender_positionincludes\TaxSupport.php:13
filterwooms_product_updateincludes\TaxSupport.php:15
actionadmin_initincludes\TaxSupport.php:17
filterwooms_get_product_idincludes\UseCodeAsArticle.php:18
filterwooms_product_updateincludes\UseCodeAsArticle.php:19
actionadmin_initincludes\UseCodeAsArticle.php:20
actionwooms_cron_variations_hidingincludes\VariationsHider.php:18
actionwooms_wakler_variations_finishincludes\VariationsHider.php:20
actioninitincludes\VariationsHider.php:22
actionplugins_loadedwooms.php:44
actionadmin_enqueue_scriptswooms.php:53
actionsave_postwooms.php:54
filterplugin_row_metawooms.php:57
actionafter_plugin_row_wooms-extra/wooms-extra.phpwooms.php:72
filterwooms_xt_loadwooms.php:87
actionbefore_woocommerce_initwooms.php:218

Scheduled Events 1

wooms_monitoring
Maintenance & Trust

WooMS Maintenance & Trust

Maintenance Signals

WordPress version tested6.4.8
Last updatedJul 20, 2024
PHP min version8.0
Downloads25K

Community Trust

Rating84/100
Number of ratings22
Active installs500
Alternatives

WooMS Alternatives

Data Sync for Xero by Wbsync

Data Sync for Xero by Wbsync

data-sync-x-by-wbsync

A
85

Automatically sync your data, like orders and inventory, from WooCommerce to Xero.

100 No CVEs
WooAmoConnector

WooAmoConnector

wooamoconnector

A
85

amoCRM (https://www.amocrm.com/) and WooCommerce - sync, integration, connection

100 No CVEs
W2S Sync – WooCommerce to Shopify Sync

W2S Sync – WooCommerce to Shopify Sync

w2s-sync

A
100

Sync WooCommerce and Shopify products, orders, and customers with real-time and bidirectional sync with our WooCommerce to Shopify Sync Plugin.

90 No CVEs
Meliconnect

Meliconnect

meliconnect

A
100

Seamless WooCommerce and Mercado Libre integration with real-time sync of products, stock, and prices.

50 No CVEs
ContactSync : Integration of Google Contacts for WooCommerce

ContactSync : Integration of Google Contacts for WooCommerce

contactsync-integration-of-google-contacts-for-woocommerce

A
100

The ContactSync Plugin syncs WooCommerce customer contacts with Google Contacts for streamlined customer management.

30 No CVEs
Developer Profile

WooMS Developer Profile

wpcraft

7 plugins · 700 total installs

79
trust score
Avg Security Score
78/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect WooMS

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wooms/css/admin.css

HTML / DOM Fingerprints

HTML Comments
<!-- Этот плагин следует удалить. Теперь все работает на базе 9й версии и в одном плагине -->
Data Attributes
data-action="wooms-update-order"
JS Globals
wooms_product_sync_datawooms_order_sync_datawooms_admin_ajax_url
REST Endpoints
/wp-json/wooms/v1/update_order/wp-json/wooms/v1/update_product/wp-json/wooms/v1/get_product_id/wp-json/wooms/v1/get_product_sku/wp-json/wooms/v1/sync_product_from_moysklad/wp-json/wooms/v1/sync_order_from_moysklad
FAQ

Frequently Asked Questions about WooMS