WP-Safety

WPMR Google Feed Manager for WooCommerce – Sell on Google Merchant Center & Shopping Security & Risk Analysis

wordpress.org/plugins/wp-product-feed-manager

The WooCommerce product feed plugin built for Google. Create a Google Merchant feed in 5 minutes—no coding, no errors. Start selling on Google Shoppin …

10K active installs v2.22.0 PHP 7.4+ WP 6.5+ Updated Mar 31, 2026
google-merchant-centergoogle-shoppingproduct-feed-managertags-google-product-feedwoocommerce-google-shopping
96
A · Safe
CVEs total3
Unpatched0
Last CVEAug 22, 2024
Plugin page Download
Safety Verdict

Is WPMR Google Feed Manager for WooCommerce – Sell on Google Merchant Center & Shopping Safe to Use in 2026?

Generally Safe

Score 96/100

WPMR Google Feed Manager for WooCommerce – Sell on Google Merchant Center & Shopping has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

3 known CVEsLast CVE: Aug 22, 2024Updated 1mo ago
Risk Assessment

The "wp-product-feed-manager" plugin, in version 2.20.1, presents a significant security concern primarily due to its extensive attack surface lacking proper authorization checks. With 38 AJAX handlers, 37 of which are unprotected, an attacker has a large number of potential entry points to exploit. While the plugin shows some good practices, such as a high percentage of SQL queries using prepared statements and a good proportion of output escaping, these are overshadowed by the critical flaw of exposed AJAX endpoints.

The vulnerability history reinforces these concerns. The plugin has a past of critical and high-severity vulnerabilities, including missing authorization, SQL injection, and XSS. While there are currently no unpatched vulnerabilities, the recurring nature of these common vulnerability types indicates systemic weaknesses in how user input and actions are handled and secured. The recent high-severity vulnerability further emphasizes the need for vigilance.

In conclusion, despite some positive code hygiene signals like prepared statements and output escaping, the plugin's security posture is weakened by its numerous unprotected AJAX endpoints and its history of severe vulnerabilities. The potential for attackers to leverage these unprotected entry points for malicious activities is high. Users should exercise caution and ensure this plugin is updated to the latest version, with a strong recommendation for developers to prioritize authorization checks on all AJAX handlers.

Key Concerns

  • Large attack surface without auth checks
  • History of high severity vulnerabilities
  • History of medium severity vulnerabilities
  • High percentage of AJAX handlers without auth
  • Bundled library (Select2) might be outdated
Vulnerabilities
3 published

WPMR Google Feed Manager for WooCommerce – Sell on Google Merchant Center & Shopping Security Vulnerabilities

CVEs by Year

3 CVEs in 2024
2024
Patched Has unpatched

Severity Breakdown

High
2
Medium
1

3 total CVEs

CVE-2024-7258high · 8.8Missing Authorization

WooCommerce Google Feed Manager <= 2.8.0 - Missing Authorization to Authenticated (Contributor+) Arbitrary File Deletion

Aug 22, 2024 Patched in 2.9.0 (1d)
CVE-2024-3067high · 7.2Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

WooCommerce Google Feed Manager <= 2.4.2 - Authenticated (Admin+) SQL Injection to Reflected Cross-Site Scripting

Apr 15, 2024 Patched in 2.6.0 (2d)
CVE-2024-29112medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WooCommerce Google Feed Manager <= 2.2.0 - Authenticated (Shop manager+) Stored Cross-Site Scripting

Mar 16, 2024 Patched in 2.3.0 (5d)
Version History

WPMR Google Feed Manager for WooCommerce – Sell on Google Merchant Center & Shopping Release Timeline

v2.22.0Current
v2.21.0
v2.20.1
v2.20.0
v2.19.0
v2.18.0
v2.17.0
v2.16.3
v2.16.2
v2.16.1
v2.16.0
v2.15.2
v2.15.1
v2.15.0
v2.14.0
v2.13.0
v2.12.0
v2.11.2
v2.11.1
v2.11.0
Code Analysis
Analyzed Mar 16, 2026

WPMR Google Feed Manager for WooCommerce – Sell on Google Merchant Center & Shopping Code Analysis

Dangerous Functions
0
Raw SQL Queries
37
60 prepared
Unescaped Output
126
447 escaped
Nonce Checks
9
Capability Checks
6
File Operations
5
External Requests
6
Bundled Libraries
1

Bundled Libraries

Select2

SQL Query Safety

62% prepared97 total queries

Output Escaping

78% escaped573 total outputs
Attack Surface
37 unprotected

WPMR Google Feed Manager for WooCommerce – Sell on Google Merchant Center & Shopping Attack Surface

Entry Points38
Unprotected37

AJAX Handlers 38

authwp_ajax_wppfm_reverse_older_version_of_pluginincludes\application\wppfm-plugin-reversion-functions.php:96
authwp_ajax_wppfm-ajax-get-list-of-feedsincludes\data\class-wppfm-ajax-data.php:26
authwp_ajax_wppfm-ajax-get-list-of-backupsincludes\data\class-wppfm-ajax-data.php:27
authwp_ajax_wppfm-ajax-get-settings-optionsincludes\data\class-wppfm-ajax-data.php:28
authwp_ajax_wppfm-ajax-get-output-fieldsincludes\data\class-wppfm-ajax-data.php:29
authwp_ajax_wppfm-ajax-get-input-fieldsincludes\data\class-wppfm-ajax-data.php:30
authwp_ajax_wppfm-ajax-get-feed-statusincludes\data\class-wppfm-ajax-data.php:31
authwp_ajax_wppfm-ajax-get-main-feed-filtersincludes\data\class-wppfm-ajax-data.php:32
authwp_ajax_wppfm-ajax-switch-feed-statusincludes\data\class-wppfm-ajax-data.php:33
authwp_ajax_wppfm-ajax-duplicate-existing-feedincludes\data\class-wppfm-ajax-data.php:34
authwp_ajax_wppfm-ajax-update-feed-dataincludes\data\class-wppfm-ajax-data.php:35
authwp_ajax_wppfm-ajax-delete-feedincludes\data\class-wppfm-ajax-data.php:36
authwp_ajax_wppfm-ajax-backup-current-dataincludes\data\class-wppfm-ajax-data.php:37
authwp_ajax_wppfm-ajax-delete-backup-fileincludes\data\class-wppfm-ajax-data.php:38
authwp_ajax_wppfm-ajax-restore-backup-fileincludes\data\class-wppfm-ajax-data.php:39
authwp_ajax_wppfm-ajax-duplicate-backup-fileincludes\data\class-wppfm-ajax-data.php:40
authwp_ajax_wppfm-ajax-get-next-feed-in-queueincludes\data\class-wppfm-ajax-data.php:41
authwp_ajax_wppfm-ajax-register-notice-dismissionincludes\data\class-wppfm-ajax-data.php:42
authwp_ajax_wppfm-ajax-cancel-promotion-noticeincludes\data\class-wppfm-ajax-data.php:43
authwp_ajax_wppfm-ajax-get-next-categoriesincludes\data\class-wppfm-ajax-file.php:27
authwp_ajax_wppfm-ajax-get-category-listsincludes\data\class-wppfm-ajax-file.php:28
authwp_ajax_wppfm-ajax-delete-feed-fileincludes\data\class-wppfm-ajax-file.php:29
authwp_ajax_wppfm-ajax-update-feed-fileincludes\data\class-wppfm-ajax-file.php:30
authwp_ajax_wppfm-ajax-log-messageincludes\data\class-wppfm-ajax-file.php:31
authwp_ajax_wppfm-ajax-auto-feed-fix-mode-selectionincludes\data\class-wppfm-ajax-file.php:32
authwp_ajax_wppfm-ajax-background-processing-mode-selectionincludes\data\class-wppfm-ajax-file.php:33
authwp_ajax_wppfm-ajax-feed-logger-status-selectionincludes\data\class-wppfm-ajax-file.php:34
authwp_ajax_wppfm-ajax-show-product-identifiers-selectionincludes\data\class-wppfm-ajax-file.php:35
authwp_ajax_wppfm-ajax-switch-to-manual-channel-update-selectionincludes\data\class-wppfm-ajax-file.php:36
authwp_ajax_wppfm-ajax-wpml-use-full-url-resolution-selectionincludes\data\class-wppfm-ajax-file.php:37
authwp_ajax_wppfm-ajax-omit-price-filters-selectionincludes\data\class-wppfm-ajax-file.php:38
authwp_ajax_wppfm-ajax-third-party-attribute-keywordsincludes\data\class-wppfm-ajax-file.php:39
authwp_ajax_wppfm-ajax-set-notice-mailaddressincludes\data\class-wppfm-ajax-file.php:40
authwp_ajax_wppfm-ajax-clear-feed-process-dataincludes\data\class-wppfm-ajax-file.php:41
authwp_ajax_wppfm-ajax-reinitiate-pluginincludes\data\class-wppfm-ajax-file.php:42
authwp_ajax_wppfm-rf-ajax-get-product-review-feed-attributesincludes\packages\review-feed-manager\classes\class-wpprfm-ajax-data.php:22
authwp_ajax_wppfm-rf-ajax-get-review-dataincludes\packages\review-feed-manager\classes\class-wpprfm-ajax-data.php:23
authwp_ajax_wppfm_dismiss_admin_noticewp-product-feed-manager.php:128
WordPress Hooks 90
actionwppfm_feed_generation_preparingincludes\application\class-wppfm-feed-performance-monitor.php:102
actionwppfm_feed_generation_ready_to_startincludes\application\class-wppfm-feed-performance-monitor.php:103
actionwppfm_feed_generation_completeincludes\application\class-wppfm-feed-performance-monitor.php:104
actionwppfm_add_product_to_feedincludes\application\class-wppfm-feed-performance-monitor.php:107
actionwppfm_activated_next_batchincludes\application\class-wppfm-feed-performance-monitor.php:110
actionwppfm_before_file_writeincludes\application\class-wppfm-feed-performance-monitor.php:113
actionadmin_menuincludes\application\class-wppfm-feed-performance-monitor.php:116
actionplugins_loadedincludes\application\class-wppfm-feed-performance-monitor.php:772
filterwppfm_feed_price_decimal_separatorincludes\application\google\class-feed.php:26
filterwppfm_feed_price_thousands_separatorincludes\application\google\class-feed.php:27
filterwppfm_feed_price_decimalsincludes\application\google\class-feed.php:28
filtercron_schedulesincludes\application\wppfm-cron-functions.php:281
actioninitincludes\application\wppfm-cron-functions.php:282
actionwppfm_feed_watchdog_cronincludes\application\wppfm-cron-functions.php:283
actionwppfm_batch_memory_limit_exceededincludes\application\wppfm-feed-health-monitor.php:35
actionadmin_initincludes\application\wppfm-feed-health-monitor.php:66
actionadmin_noticesincludes\application\wppfm-feed-health-monitor.php:185
filterwoocommerce_customer_taxable_addressincludes\application\wppfm-feed-processing-support.php:2110
filterwoocommerce_customer_taxable_addressincludes\application\wppfm-feed-processing-support.php:2142
filterwcml_client_currencyincludes\application\wppfm-feed-processing-support.php:2188
filterupgrader_package_optionsincludes\application\wppfm-plugin-reversion-functions.php:57
actionadmin_headincludes\application\wppfm-plugin-reversion-functions.php:139
actionadmin_footerincludes\application\wppfm-plugin-reversion-functions.php:180
actionwppfm_remove_old_folder_eventincludes\application\wppfm-plugin-reversion-functions.php:196
actionadmin_enqueue_scriptsincludes\class-wppfm-register-scripts.php:32
actionadmin_enqueue_scriptsincludes\class-wppfm-register-scripts.php:33
actionadmin_enqueue_scriptsincludes\class-wppfm-register-scripts.php:38
actionadmin_enqueue_scriptsincludes\class-wppfm-register-scripts.php:45
actionadmin_enqueue_scriptsincludes\class-wppfm-register-scripts.php:46
actionadmin_enqueue_scriptsincludes\class-wppfm-register-scripts.php:50
actionadmin_enqueue_scriptsincludes\class-wppfm-register-scripts.php:51
actionadmin_enqueue_scriptsincludes\class-wppfm-register-scripts.php:56
actionadmin_enqueue_scriptsincludes\class-wppfm-register-scripts.php:58
actionwppfm_feed_process_preparedincludes\packages\logger\includes\wppfm-logger-actions.php:20
actionwppfm_feed_generation_messageincludes\packages\logger\includes\wppfm-logger-actions.php:36
actionwppfm_feed_queue_filledincludes\packages\logger\includes\wppfm-logger-actions.php:44
actionwppfm_feed_processing_batch_activatedincludes\packages\logger\includes\wppfm-logger-actions.php:52
actionwppfm_started_product_processingincludes\packages\logger\includes\wppfm-logger-actions.php:60
actionwppfm_add_product_to_feedincludes\packages\logger\includes\wppfm-logger-actions.php:68
actionwppfm_activated_next_batchincludes\packages\logger\includes\wppfm-logger-actions.php:76
actionwppfm_complete_a_feedincludes\packages\logger\includes\wppfm-logger-actions.php:84
actionwppfm_feed_processing_failed_file_size_stopped_increasingincludes\packages\logger\includes\wppfm-logger-actions.php:92
actionwppfm_feed_generation_warningincludes\packages\logger\includes\wppfm-logger-actions.php:105
actionwppfm_register_feed_urlincludes\packages\logger\includes\wppfm-logger-actions.php:123
actionwppfm_register_remote_post_argsincludes\packages\logger\includes\wppfm-logger-actions.php:163
actionwppfm_batch_memory_limit_exceededincludes\packages\logger\includes\wppfm-logger-actions.php:184
actionwppfm_batch_time_limit_exceededincludes\packages\logger\includes\wppfm-logger-actions.php:204
actionwppfm_wp_remote_post_responseincludes\packages\logger\includes\wppfm-logger-actions.php:255
actionadmin_noticesincludes\packages\logger\wp-product-feed-manager-logger.php:92
actionadmin_enqueue_scriptsincludes\packages\promotions-feed-manager\classes\class-wpppfm-register-scripts.php:29
actionadmin_enqueue_scriptsincludes\packages\promotions-feed-manager\classes\class-wpppfm-register-scripts.php:30
actionwppfm_includesincludes\packages\promotions-feed-manager\wp-merchant-promotions-feed-manager.php:106
filterwppfm_feed_typesincludes\packages\promotions-feed-manager\wpppfm-setup-feed-manager.php:25
actionadmin_enqueue_scriptsincludes\packages\review-feed-manager\classes\class-wpprfm-register-scripts.php:28
actionadmin_enqueue_scriptsincludes\packages\review-feed-manager\classes\class-wpprfm-register-scripts.php:29
actionwppfm_includesincludes\packages\review-feed-manager\wp-product-review-feed-manager.php:98
filterwppfm_get_feed_attributesincludes\packages\review-feed-manager\wpprfm-feed-generation-functions.php:44
filterwppfm_advised_inputsincludes\packages\review-feed-manager\wpprfm-feed-generation-functions.php:64
filterwppfm_background_classincludes\packages\review-feed-manager\wpprfm-feed-generation-functions.php:84
filterwppfm_all_source_fieldsincludes\packages\review-feed-manager\wpprfm-review-feed-form-functions.php:31
filterwppfm_header_stringincludes\packages\review-feed-manager\wpprfm-review-feed-form-functions.php:46
filterwppfm_footer_stringincludes\packages\review-feed-manager\wpprfm-review-feed-form-functions.php:61
filterwppfm_feed_typesincludes\packages\review-feed-manager\wpprfm-setup-feed-manager.php:25
actionadmin_menuincludes\user-interface\wppfm-admin-actions.php:60
actionwppfm_daily_eventincludes\user-interface\wppfm-admin-actions.php:77
actionwp_loadedincludes\user-interface\wppfm-admin-actions.php:130
actionwp_loadedincludes\user-interface\wppfm-admin-actions.php:143
actionadmin_menuincludes\user-interface\wppfm-admin-actions.php:154
actionadmin_noticesincludes\user-interface\wppfm-admin-actions.php:193
actionadmin_footerincludes\user-interface\wppfm-admin-actions.php:220
actionmanage_product_posts_custom_columnincludes\user-interface\wppfm-admin-actions.php:238
actionwppfm_daily_eventincludes\user-interface\wppfm-admin-actions.php:290
filterwppfm_product_query_limitincludes\user-interface\wppfm-admin-filters.php:45
filterplugin_row_metaincludes\user-interface\wppfm-admin-filters.php:63
filterhttp_responseincludes\user-interface\wppfm-messaging-functions.php:194
actionwppfm_woocommerce_product_feed_panelincludes\user-interface\wppfm-product-identifiers.php:50
actionwoocommerce_process_product_metaincludes\user-interface\wppfm-product-identifiers.php:75
actionwoocommerce_variation_optionsincludes\user-interface\wppfm-product-identifiers.php:114
actionwoocommerce_save_product_variationincludes\user-interface\wppfm-product-identifiers.php:145
actionwoocommerce_product_quick_edit_startincludes\user-interface\wppfm-product-identifiers.php:185
actionwoocommerce_product_quick_edit_saveincludes\user-interface\wppfm-product-identifiers.php:210
filterwoocommerce_product_data_tabsincludes\user-interface\wppfm-woocommerce-actions.php:25
actionwoocommerce_product_data_panelsincludes\user-interface\wppfm-woocommerce-actions.php:57
actionwoocommerce_process_product_metaincludes\user-interface\wppfm-woocommerce-actions.php:73
actionwoocommerce_variation_optionsincludes\user-interface\wppfm-woocommerce-actions.php:94
actionwoocommerce_save_product_variationincludes\user-interface\wppfm-woocommerce-actions.php:111
actionwppfm_feed_update_schedulewp-product-feed-manager.php:127
actionafter_setup_themewp-product-feed-manager.php:132
filterload_textdomain_mofilewp-product-feed-manager.php:134
actionbefore_woocommerce_initwp-product-feed-manager.php:137

Scheduled Events 6

wppfm_feed_watchdog_cron
wppfm_remove_old_folder_event
wppfm_feed_update_schedule
wppfm_daily_event
wppfm_feed_update_schedule
wppfm_feed_watchdog_cron
Maintenance & Trust

WPMR Google Feed Manager for WooCommerce – Sell on Google Merchant Center & Shopping Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 31, 2026
PHP min version7.4
Downloads921K

Community Trust

Rating90/100
Number of ratings126
Active installs10K
Alternatives

WPMR Google Feed Manager for WooCommerce – Sell on Google Merchant Center & Shopping Alternatives

ELEX WooCommerce Google Shopping (Google Product Feed)

ELEX WooCommerce Google Shopping (Google Product Feed)

elex-woocommerce-google-product-feed-plugin-basic

A
98

The ELEX WooCommerce Google Shopping (Google Product Feed) plugin is a free WooCommerce plugin that serves in feeding your WooCommerce products to Goo &hellip;

1K 2 CVEs
WebToffee WooCommerce Product Feeds – Google Shopping, Pinterest, TikTok Ads, & More

WebToffee WooCommerce Product Feeds – Google Shopping, Pinterest, TikTok Ads, & More

webtoffee-product-feed

A
96

Create WooCommerce product feeds containing unlimited number of products. Supports Google Product feed, Facebook catalog feed, Instagram, Bing & m &hellip;

2K 3 CVEs
Listing & Smart Shopping Campaign for Google

Listing & Smart Shopping Campaign for Google

listing-smart-shopping-campaign-for-google

A
85

Expand your online retailing arena by showcasing your WooCommerce products on the Google Shopping platform.

10 No CVEs
Product Reviews XML for Google Merchant Center

Product Reviews XML for Google Merchant Center

product-reviews-xml-for-google

A
100

Generate a compliant XML Feed of your WooCommerce product reviews for Google Merchant Center. Display stars on Google Shopping ads.

10 No CVEs
GTIN Product Feed for Google Shopping

GTIN Product Feed for Google Shopping

gtin-product-feed-for-google-shopping

A
100

Generate Google Shopping product feeds for WooCommerce. Add GTIN, Brand, MPN fields. Google Merchant Center compliant XML feeds. Free & lightweight.

0 No CVEs
Developer Profile

WPMR Google Feed Manager for WooCommerce – Sell on Google Merchant Center & Shopping Developer Profile

AukeJomm

1 plugin · 10K total installs

97
trust score
Avg Security Score
96/100
Avg Patch Time
3 days
View full developer profile
Detection Fingerprints

How We Detect WPMR Google Feed Manager for WooCommerce – Sell on Google Merchant Center & Shopping

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-product-feed-manager/css/main.css/wp-content/plugins/wp-product-feed-manager/css/wppfm-wizard.css/wp-content/plugins/wp-product-feed-manager/css/wppfm-modal.css/wp-content/plugins/wp-product-feed-manager/css/wppfm-settings.css/wp-content/plugins/wp-product-feed-manager/css/wppfm-product-feed-list.css/wp-content/plugins/wp-product-feed-manager/js/wppfm-vue-components.js/wp-content/plugins/wp-product-feed-manager/js/wppfm-modal-vue.js/wp-content/plugins/wp-product-feed-manager/js/wppfm-product-feed-list.js+2 more
Script Paths
/wp-content/plugins/wp-product-feed-manager/js/wppfm-vue-components.js/wp-content/plugins/wp-product-feed-manager/js/wppfm-modal-vue.js/wp-content/plugins/wp-product-feed-manager/js/wppfm-product-feed-list.js/wp-content/plugins/wp-product-feed-manager/js/wppfm-wizard.js/wp-content/plugins/wp-product-feed-manager/js/wppfm-main.js
Version Parameters
wp-product-feed-manager/css/main.css?ver=wp-product-feed-manager/css/wppfm-wizard.css?ver=wp-product-feed-manager/css/wppfm-modal.css?ver=wp-product-feed-manager/css/wppfm-settings.css?ver=wp-product-feed-manager/css/wppfm-product-feed-list.css?ver=wp-product-feed-manager/js/wppfm-vue-components.js?ver=wp-product-feed-manager/js/wppfm-modal-vue.js?ver=wp-product-feed-manager/js/wppfm-product-feed-list.js?ver=wp-product-feed-manager/js/wppfm-wizard.js?ver=wp-product-feed-manager/js/wppfm-main.js?ver=

HTML / DOM Fingerprints

CSS Classes
wppfm-main-containerwppfm-feed-listwppfm-feed-list-contentwppfm-product-feed-tablewppfm-feed-list-rowwppfm-modal-backdropwppfm-modal-contentwppfm-modal-header+16 more
HTML Comments
<!-- Main WP_Product_Feed_Manager Class.<!-- Cloning is not allowed<!-- Unserializing instances of this class is not allowed<!-- WP_Product_Feed_Manager Constructor.+26 more
Data Attributes
data-wppfm-vue-appdata-wppfm-modal-targetdata-wppfm-modal-closedata-wppfm-wizard-stepdata-wppfm-ajax-action
JS Globals
wppfm_configwppfm_vue_apps
REST Endpoints
/wp-json/wppfm/v1/products/wp-json/wppfm/v1/feeds/wp-json/wppfm/v1/attributes/wp-json/wppfm/v1/channels/wp-json/wppfm/v1/settings/wp-json/wppfm/v1/logs
FAQ

Frequently Asked Questions about WPMR Google Feed Manager for WooCommerce – Sell on Google Merchant Center & Shopping