WP-Safety

WC Shop Sync – Square Payment Gateway and Product Synchronization for WooCommerce Security & Risk Analysis

wordpress.org/plugins/woosquare

Want to add Square Payment Gateway for WooCommerce? Download WC Shop Sync plugin to add Square payments, inventory sync, customer data, orders, etc.

900 active installs v4.7.1 PHP 7.4+ WP 6.7+ Updated Jan 27, 2026
credit-cardinventory-syncsquaresquare-payment-gatewaywoocommerce-square
99
A · Safe
CVEs total2
Unpatched0
Last CVEMar 13, 2024
Plugin page Download
Safety Verdict

Is WC Shop Sync – Square Payment Gateway and Product Synchronization for WooCommerce Safe to Use in 2026?

Generally Safe

Score 99/100

WC Shop Sync – Square Payment Gateway and Product Synchronization for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Mar 13, 2024Updated 2mo ago
Risk Assessment

The Woosquare plugin v4.7.2 presents a mixed security posture. While it demonstrates good practices in output escaping (96% properly escaped) and a significant number of nonce checks (52), concerns arise from its substantial attack surface, particularly the 31 unprotected AJAX handlers. This represents a significant potential entry point for attackers to interact with the plugin without proper authentication. Although there are no critical or high severity vulnerabilities reported and the last known vulnerability (2024-03-13) is patched, the historical presence of medium severity vulnerabilities related to Cross-Site Scripting and Missing Authorization is a notable risk factor. The taint analysis shows 6 flows with unsanitized paths, which, while not classified as critical or high severity in this scan, could still lead to exploitable conditions, especially when combined with the unprotected AJAX handlers. The plugin also utilizes Freemius v1.0, which could be a concern if it's an outdated version with known vulnerabilities.

Overall, the plugin has strengths in its secure coding practices like prepared statements (51%) and output escaping. However, the high number of unprotected AJAX endpoints is a significant vulnerability that requires immediate attention. The historical pattern of vulnerabilities and the presence of unsanitized paths in taint analysis, even without current critical flags, suggest a need for continued vigilance and thorough security auditing to mitigate potential risks, especially in the context of the large, unprotected attack surface.

Key Concerns

  • Unprotected AJAX handlers present a large attack surface
  • Taint analysis shows unsanitized paths
  • Historical medium severity vulnerabilities (XSS, Missing Auth)
  • Bundled Freemius v1.0 library might be outdated
Vulnerabilities
2

WC Shop Sync – Square Payment Gateway and Product Synchronization for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2024-27959medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

APIExperts Square for WooCommerce <= 4.2.9 - Reflected Cross-Site Scripting

Mar 13, 2024 Patched in 4.3 (8d)
CVE-2022-47182medium · 5.3Missing Authorization

APIExperts Square for WooCommerce <= 4.4.1 - Missing Authorization

Jul 26, 2023 Patched in 4.4.2 (309d)
Code Analysis
Analyzed Mar 16, 2026

WC Shop Sync – Square Payment Gateway and Product Synchronization for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
39
41 prepared
Unescaped Output
37
943 escaped
Nonce Checks
52
Capability Checks
7
File Operations
6
External Requests
82
Bundled Libraries
1

Bundled Libraries

Freemius1.0

SQL Query Safety

51% prepared80 total queries

Output Escaping

96% escaped980 total outputs
Data Flows
6 unsanitized

Data Flow Analysis

25 flows6 with unsanitized paths
sync_square_products_to_woo (admin\modules\product-sync\_inc\class-squaretowoosynchronizer.php:44)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
31 unprotected

WC Shop Sync – Square Payment Gateway and Product Synchronization for WooCommerce Attack Surface

Entry Points56
Unprotected31

AJAX Handlers 56

authwp_ajax_clear_woosquare_logsadmin\class-woosquare-plus-admin.php:55
authwp_ajax_save_woosquare_alertsadmin\class-woosquare-plus-admin.php:56
authwp_ajax_manual_syncadmin\modules\product-sync\product-sync.php:112
authwp_ajax_save_woosquare_alertsadmin\modules\square-connection\square-connection.php:75
authwp_ajax_verify_apple_domainadmin\modules\square-payments\class-woosquare-payments.php:50
authwp_ajax_saved_card_chargeadmin\modules\square-payments\class-woosquare-payments.php:51
noprivwp_ajax_saved_card_chargeadmin\modules\square-payments\class-woosquare-payments.php:52
authwp_ajax_get_saved_token_card_idadmin\modules\square-payments\class-woosquare-payments.php:53
authwp_ajax_my_ajax_get_pos_actionadmin\modules\square-payments\class-woosquare-payments.php:55
noprivwp_ajax_terminal_pay_processadmin\modules\square-payments\class-woosquare-payments.php:56
authwp_ajax_terminal_pay_processadmin\modules\square-payments\class-woosquare-payments.php:57
noprivwp_ajax_terminal_pay_process_checkoutadmin\modules\square-payments\class-woosquare-payments.php:58
authwp_ajax_terminal_pay_process_checkoutadmin\modules\square-payments\class-woosquare-payments.php:59
authwp_ajax_terminal_pay_process_cancel_checkoutadmin\modules\square-payments\class-woosquare-payments.php:60
authwp_ajax_terminal_pay_process_cancel_checkoutadmin\modules\square-payments\class-woosquare-payments.php:61
authwp_ajax_create_order_and_process_paymentadmin\modules\square-payments\class-woosquare-payments.php:85
noprivwp_ajax_create_order_and_process_paymentadmin\modules\square-payments\class-woosquare-payments.php:86
authwp_ajax_sqaure_redeem_coupen_codeadmin\modules\square-payments\squareplusgiftcardcoupen-class.php:26
noprivwp_ajax_sqaure_redeem_coupen_codeadmin\modules\square-payments\squareplusgiftcardcoupen-class.php:27
authwp_ajax_sqaure_redeem_coupen_code_cancel_paymentadmin\modules\square-payments\squareplusgiftcardcoupen-class.php:29
noprivwp_ajax_sqaure_redeem_coupen_code_cancel_paymentadmin\modules\square-payments\squareplusgiftcardcoupen-class.php:30
authwp_ajax_delete_sync_logadmin\modules\square-sync-logs\class-woosquare-sync-logs.php:26
authwp_ajax_delete_all_sync_logadmin\modules\square-sync-logs\class-woosquare-sync-logs.php:27
authwp_ajax_get_sync_log_detailadmin\modules\square-sync-logs\class-woosquare-sync-logs.php:28
authwp_ajax_get_filter_sync_logadmin\modules\square-sync-logs\class-woosquare-sync-logs.php:29
authwp_ajax_reset_filter_sync_logadmin\modules\square-sync-logs\class-woosquare-sync-logs.php:30
authwp_ajax_woosquare_fetch_loyalty_programsincludes\class-woosquare-plus.php:210
noprivwp_ajax_woosquare_fetch_loyalty_programsincludes\class-woosquare-plus.php:211
authwp_ajax_wcs_loyalty_handle_settingsincludes\class-woosquare-plus.php:224
noprivwp_ajax_wcs_loyalty_handle_settingsincludes\class-woosquare-plus.php:225
authwp_ajax_apply_loyalty_ajaxincludes\class-woosquare-plus.php:231
noprivwp_ajax_apply_loyalty_ajaxincludes\class-woosquare-plus.php:232
authwp_ajax_remove_loyalty_discountincludes\class-woosquare-plus.php:234
noprivwp_ajax_remove_loyalty_discountincludes\class-woosquare-plus.php:235
authwp_ajax_en_pluginincludes\class-woosquare-plus.php:240
noprivwp_ajax_en_pluginincludes\class-woosquare-plus.php:241
noprivwp_ajax_en_pluginincludes\class-woosquare-plus.php:242
authwp_ajax_get_non_sync_woo_dataincludes\class-woosquare-plus.php:268
authwp_ajax_start_manual_woo_to_square_syncincludes\class-woosquare-plus.php:269
authwp_ajax_listsavedincludes\class-woosquare-plus.php:270
authwp_ajax_sync_woo_category_to_squareincludes\class-woosquare-plus.php:271
authwp_ajax_sync_woo_product_to_squareincludes\class-woosquare-plus.php:272
authwp_ajax_terminate_manual_woo_syncincludes\class-woosquare-plus.php:273
authwp_ajax_get_data_by_categoryincludes\class-woosquare-plus.php:274
authwp_ajax_get_non_sync_square_dataincludes\class-woosquare-plus.php:277
authwp_ajax_start_manual_square_to_woo_syncincludes\class-woosquare-plus.php:278
authwp_ajax_sync_square_category_to_wooincludes\class-woosquare-plus.php:279
authwp_ajax_sync_square_product_to_wooincludes\class-woosquare-plus.php:280
authwp_ajax_update_square_to_wooincludes\class-woosquare-plus.php:281
authwp_ajax_terminate_manual_square_syncincludes\class-woosquare-plus.php:282
authwp_ajax_delete_manual_woo_sync_transientsincludes\class-woosquare-plus.php:283
authwp_ajax_delete_manual_square_sync_transientsincludes\class-woosquare-plus.php:284
noprivwp_ajax_square_sync_remoteincludes\class-woosquare-plus.php:286
authwp_ajax_square_sync_remoteincludes\class-woosquare-plus.php:287
authwp_ajax_enable_mode_checkerincludes\class-woosquare-plus.php:365
noprivwp_ajax_enable_mode_checkerincludes\class-woosquare-plus.php:366
WordPress Hooks 109
actionadmin_noticesadmin\class-woosquare-plus-admin.php:149
actionadmin_enqueue_scriptsadmin\modules\product-sync\product-sync.php:92
actionadmin_noticesadmin\modules\product-sync\product-sync.php:98
actionplugins_loadedadmin\modules\product-sync\product-sync.php:116
actionsave_postadmin\modules\product-sync\product-sync.php:119
actionbefore_delete_postadmin\modules\product-sync\product-sync.php:123
actioncreate_product_catadmin\modules\product-sync\product-sync.php:125
actionedited_product_catadmin\modules\product-sync\product-sync.php:126
actiondelete_product_catadmin\modules\product-sync\product-sync.php:127
actionwoocommerce_order_refundedadmin\modules\product-sync\product-sync.php:128
actionwoocommerce_order_status_processingadmin\modules\product-sync\product-sync.php:130
actionwp_loadedadmin\modules\product-sync\product-sync.php:133
filterhttp_request_timeoutadmin\modules\product-sync\product-sync.php:150
actionadmin_initadmin\modules\product-sync\product-sync.php:177
actionwoocommerce_product_duplicate_before_saveadmin\modules\product-sync\product-sync.php:196
filtercron_schedulesadmin\modules\product-sync\product-sync.php:1000
actionadmin_noticesadmin\modules\product-sync\product-sync.php:1052
filterwoocommerce_available_payment_gatewaysadmin\modules\product-sync\product-sync.php:1282
actionedited_product_catadmin\modules\product-sync\_inc\class-squaretowoosynchronizer.php:300
actioncreate_product_catadmin\modules\product-sync\_inc\class-squaretowoosynchronizer.php:301
actionedited_product_catadmin\modules\product-sync\_inc\class-squaretowoosynchronizer.php:346
actioncreate_product_catadmin\modules\product-sync\_inc\class-squaretowoosynchronizer.php:347
actionsave_postadmin\modules\product-sync\_inc\class-squaretowoosynchronizer.php:703
actionsave_postadmin\modules\product-sync\_inc\class-squaretowoosynchronizer.php:1209
actionsave_postadmin\modules\product-sync\_inc\class-squaretowoosynchronizer.php:1657
actionbefore_delete_postadmin\modules\product-sync\_inc\class-squaretowoosynchronizer.php:2129
actionatum/ajax/after_update_list_dataadmin\modules\product-sync\_inc\class-woosquare-atum-compatibility.php:34
actionatum/purchase_orders_pro/delivery/after_stock_changeadmin\modules\product-sync\_inc\class-woosquare-atum-compatibility.php:37
actionatum/ajax/increase_atum_order_stockadmin\modules\product-sync\_inc\class-woosquare-atum-compatibility.php:40
actionwoocommerce_product_set_stockadmin\modules\product-sync\_inc\class-woosquare-atum-compatibility.php:43
actionwoocommerce_variation_set_stockadmin\modules\product-sync\_inc\class-woosquare-atum-compatibility.php:44
actionadmin_initadmin\modules\product-sync\_inc\class-woosquare-install.php:35
actionWooSquare_loadedadmin\modules\product-sync\_inc\class-woosquare-sync-to-square-wordpress-hooks.php:84
actionWooSquare_save_post_eventadmin\modules\product-sync\_inc\class-woosquare-sync-to-square-wordpress-hooks.php:85
actionsave_postadmin\modules\product-sync\_inc\class-woosquare-sync-to-square-wordpress-hooks.php:111
actioncreated_product_catadmin\modules\product-sync\_inc\class-woosquare-sync-to-square-wordpress-hooks.php:117
actionedited_product_catadmin\modules\product-sync\_inc\class-woosquare-sync-to-square-wordpress-hooks.php:119
actionwoocommerce_product_set_stockadmin\modules\product-sync\_inc\class-woosquare-sync-to-square-wordpress-hooks.php:128
actionwoocommerce_variation_set_stockadmin\modules\product-sync\_inc\class-woosquare-sync-to-square-wordpress-hooks.php:130
filterwoocommerce_duplicate_product_exclude_metaadmin\modules\product-sync\_inc\class-woosquare-sync-to-square.php:34
actionadmin_enqueue_scriptsadmin\modules\square-connection\square-connection.php:35
actionwoocommerce_blocks_loadedadmin\modules\square-payments\class-woosquare-giftcard-blocks.php:26
actionwoocommerce_blocks_checkout_block_registrationadmin\modules\square-payments\class-woosquare-giftcard-blocks.php:37
actionwoocommerce_rest_checkout_process_payment_with_contextadmin\modules\square-payments\class-woosquare-payment-block.php:49
filterwoocommerce_payment_gatewaysadmin\modules\square-payments\class-woosquare-payments.php:44
actionwoocommerce_order_status_on-hold_to_processingadmin\modules\square-payments\class-woosquare-payments.php:46
actionwoocommerce_order_status_on-hold_to_completedadmin\modules\square-payments\class-woosquare-payments.php:47
actionwoocommerce_order_status_on-hold_to_cancelledadmin\modules\square-payments\class-woosquare-payments.php:48
actionwoocommerce_order_status_on-hold_to_refundedadmin\modules\square-payments\class-woosquare-payments.php:49
actioncancelled_orphened_orderadmin\modules\square-payments\class-woosquare-payments.php:54
filterwoocommerce_order_actionsadmin\modules\square-payments\class-woosquare-payments.php:64
actionwoocommerce_order_action_square_capture_chargeadmin\modules\square-payments\class-woosquare-payments.php:65
actionadmin_post_add_foobaradmin\modules\square-payments\class-woosquare-payments.php:66
actionadmin_post_nopriv_add_foobaradmin\modules\square-payments\class-woosquare-payments.php:67
actionwoocommerce_after_add_to_cart_buttonadmin\modules\square-payments\class-woosquare-payments.php:82
filterrender_blockadmin\modules\square-payments\class-woosquare-payments.php:83
actionbbloomer_before_woocommerce/proceed-to-checkout-blockadmin\modules\square-payments\class-woosquare-payments.php:84
actionwp_enqueue_scriptsadmin\modules\square-payments\class-woosquare-plus-gateway.php:136
actionwp_enqueue_scriptsadmin\modules\square-payments\class-woosquareachpayment-gateway.php:99
actionwp_enqueue_scriptsadmin\modules\square-payments\class-woosquareafterpay-gateway.php:97
actionwp_enqueue_scriptsadmin\modules\square-payments\class-woosquareapplepay-gateway.php:97
actionadmin_noticesadmin\modules\square-payments\class-woosquareapplepay-gateway.php:106
actionwp_enqueue_scriptsadmin\modules\square-payments\class-woosquarecashapp-gateway.php:96
actionwp_enqueue_scriptsadmin\modules\square-payments\class-woosquaregooglepay-gateway.php:99
actionwp_enqueue_scriptsadmin\modules\square-payments\class-woosquarepos-gateway.php:88
actionadmin_enqueue_scriptsadmin\modules\square-payments\class-woosquarepos-gateway.php:89
actionwp_enqueue_scriptsadmin\modules\square-payments\squareplusgiftcardcoupen-class.php:16
actionwoocommerce_review_order_before_paymentadmin\modules\square-payments\squareplusgiftcardcoupen-class.php:21
actioncfw_checkout_cart_summaryadmin\modules\square-payments\squareplusgiftcardcoupen-class.php:22
actionwoocommerce_order_status_on-hold_to_cancelledadmin\modules\square-payments\squareplusgiftcardcoupen-class.php:32
actionwoocommerce_order_status_processing_to_cancelledadmin\modules\square-payments\squareplusgiftcardcoupen-class.php:33
actionwoocommerce_order_status_on-hold_to_refundedadmin\modules\square-payments\squareplusgiftcardcoupen-class.php:34
actionwoocommerce_order_status_processing_to_refundedadmin\modules\square-payments\squareplusgiftcardcoupen-class.php:35
actionwoocommerce_checkout_order_processedadmin\modules\square-payments\squareplusgiftcardcoupen-class.php:36
actionwoocommerce_store_api_checkout_order_processedadmin\modules\square-payments\squareplusgiftcardcoupen-class.php:37
actionwp_footeradmin\modules\square-payments\squareplusgiftcardcoupen-class.php:250
actionwoocommerce_cart_calculate_feesadmin\modules\square-payments\squareplusgiftcardcoupen-class.php:331
actionadmin_enqueue_scriptsadmin\modules\square-sync-logs\class-woosquare-sync-logs.php:25
actioninitincludes\class-woosquare-plus.php:175
actionadmin_enqueue_scriptsincludes\class-woosquare-plus.php:196
actionadmin_enqueue_scriptsincludes\class-woosquare-plus.php:197
actionadmin_enqueue_scriptsincludes\class-woosquare-plus.php:202
actionadmin_enqueue_scriptsincludes\class-woosquare-plus.php:208
actionwoocommerce_order_status_changedincludes\class-woosquare-plus.php:213
filterwoocommerce_account_menu_itemsincludes\class-woosquare-plus.php:215
filterdocument_title_partsincludes\class-woosquare-plus.php:216
actioninitincludes\class-woosquare-plus.php:217
actionwoocommerce_account_loyalty-program_endpointincludes\class-woosquare-plus.php:218
actioninitincludes\class-woosquare-plus.php:222
actionwp_enqueue_scriptsincludes\class-woosquare-plus.php:227
actionwoocommerce_cart_calculate_feesincludes\class-woosquare-plus.php:229
actionadmin_menuincludes\class-woosquare-plus.php:239
actionadmin_noticesincludes\class-woosquare-plus.php:257
actionadmin_noticesincludes\class-woosquare-plus.php:259
actionauto_sync_cron_job_hookincludes\class-woosquare-plus.php:285
actionadmin_initincludes\class-woosquare-plus.php:288
actionadmin_initincludes\class-woosquare-plus.php:292
actionauto_sync_customer_cron_job_hookincludes\class-woosquare-plus.php:307
actionauto_sync_customer_cron_job_hookincludes\class-woosquare-plus.php:310
actionwoocommerce_api_square_order_syncincludes\class-woosquare-plus.php:317
filterwoosquare_payment_order_noteincludes\class-woosquare-plus.php:322
actionwoocommerce_api_square_stock_syncincludes\class-woosquare-plus.php:368
actionwp_enqueue_scriptsincludes\class-woosquare-plus.php:385
actionwp_enqueue_scriptsincludes\class-woosquare-plus.php:386
actioninitwoocommerce-square-integration.php:167
actioninitwoocommerce-square-integration.php:168
actionplugins_loadedwoocommerce-square-integration.php:193
actionwoocommerce_blocks_loadedwoocommerce-square-integration.php:198
actionwoocommerce_blocks_payment_method_type_registrationwoocommerce-square-integration.php:211

Scheduled Events 10

woocommerce_flush_rewrite_rules
auto_sync_cron_job_hook
auto_sync_cron_job_hook
auto_sync_cron_job_hook
auto_sync_cron_job_hook
auto_sync_customer_cron_job_hook
auto_sync_customer_cron_job_hook
auto_sync_customer_cron_job_hook
auto_sync_customer_cron_job_hook
WooSquare_save_post_event
Maintenance & Trust

WC Shop Sync – Square Payment Gateway and Product Synchronization for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 27, 2026
PHP min version7.4
Downloads100K

Community Trust

Rating90/100
Number of ratings42
Active installs900
Alternatives

WC Shop Sync – Square Payment Gateway and Product Synchronization for WooCommerce Alternatives

WooCommerce Square

WooCommerce Square

woocommerce-square

A
96

Securely accept payments, synchronize sales, and seamlessly manage inventory and product data between WooCommerce and Square POS.

80K 2 CVEs
FooSales – Point of Sale (POS) for WooCommerce

FooSales – Point of Sale (POS) for WooCommerce

foosales

A
100

FooSales POS is a point of sale (POS) system for WooCommerce that turns any computer, iPad or Android tablet into a retail checkout.

700 No CVEs
Square Sync for WooCommerce | Comprehensive Data Sync Between Square and WooCommerce

Square Sync for WooCommerce | Comprehensive Data Sync Between Square and WooCommerce

squarewoosync

A
100

Square sync for WooCommerce — connect your Square POS to sync Square products, inventory, orders, customers and more with WooCommerce in real-time.

200 No CVEs
MyPayKit – Payment Forms for Square

MyPayKit – Payment Forms for Square

mypaykit-payment-forms-for-square

A
100

Create professional payment forms and accept Square payments in minutes. Simple setup, secure processing.

60 No CVEs
WooPayments: Integrated WooCommerce Payments

WooPayments: Integrated WooCommerce Payments

woocommerce-payments

A
97

Securely accept credit and debit cards on your WooCommerce store. Manage payments without leaving your WordPress dashboard. Only with WooPayments.

900K 6 CVEs
Developer Profile

WC Shop Sync – Square Payment Gateway and Product Synchronization for WooCommerce Developer Profile

Saad Iqbal

84 plugins · 1.4M total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
287 days
View full developer profile
Detection Fingerprints

How We Detect WC Shop Sync – Square Payment Gateway and Product Synchronization for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/woosquare/admin/css/product-sync.css/wp-content/plugins/woosquare/admin/css/product-sync-v2.css/wp-content/plugins/woosquare/admin/js/product-sync.js/wp-content/plugins/woosquare/admin/js/product-sync-v2.js/wp-content/plugins/woosquare/admin/modules/square-payments/js/square-payment-block.js/wp-content/plugins/woosquare/admin/modules/square-payments/css/square-payment-block.css
Script Paths
/wp-content/plugins/woosquare/admin/js/product-sync.js/wp-content/plugins/woosquare/admin/js/product-sync-v2.js/wp-content/plugins/woosquare/admin/modules/square-payments/js/square-payment-block.js

HTML / DOM Fingerprints

CSS Classes
woosquare-payment-gatewaywoosquare-payment-gateway-wrapperwoosquare_payment_block
Data Attributes
data-woosquare-payment-gateway-id
JS Globals
woosquare_payment_block_params
FAQ

Frequently Asked Questions about WC Shop Sync – Square Payment Gateway and Product Synchronization for WooCommerce