WPMR Google Feed Manager for WooCommerce – Sell on Google Merchant Center & Shopping Security & Risk Analysis

wordpress.org/plugins/wp-product-feed-manager

Easily create high-quality product feeds for Google Shopping and Google Merchant Center in your WooCommerce store. Increase sales on Google now!

10K active installs v2.20.1 PHP 7.4+ WP 6.5+ Updated Mar 2, 2026

google-merchant-centergoogle-shoppingproduct-feed-managertags-google-product-feedwoocommerce-google-shopping

A · Safe

CVEs total3

Unpatched0

Last CVEAug 22, 2024

Plugin page Download

Safety Verdict

Is WPMR Google Feed Manager for WooCommerce – Sell on Google Merchant Center & Shopping Safe to Use in 2026?

Generally Safe

Score 96/100

WPMR Google Feed Manager for WooCommerce – Sell on Google Merchant Center & Shopping has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Aug 22, 2024Updated 1mo ago

Risk Assessment

The "wp-product-feed-manager" plugin, in version 2.20.1, presents a significant security concern primarily due to its extensive attack surface lacking proper authorization checks. With 38 AJAX handlers, 37 of which are unprotected, an attacker has a large number of potential entry points to exploit. While the plugin shows some good practices, such as a high percentage of SQL queries using prepared statements and a good proportion of output escaping, these are overshadowed by the critical flaw of exposed AJAX endpoints.

The vulnerability history reinforces these concerns. The plugin has a past of critical and high-severity vulnerabilities, including missing authorization, SQL injection, and XSS. While there are currently no unpatched vulnerabilities, the recurring nature of these common vulnerability types indicates systemic weaknesses in how user input and actions are handled and secured. The recent high-severity vulnerability further emphasizes the need for vigilance.

In conclusion, despite some positive code hygiene signals like prepared statements and output escaping, the plugin's security posture is weakened by its numerous unprotected AJAX endpoints and its history of severe vulnerabilities. The potential for attackers to leverage these unprotected entry points for malicious activities is high. Users should exercise caution and ensure this plugin is updated to the latest version, with a strong recommendation for developers to prioritize authorization checks on all AJAX handlers.

Key Concerns

Large attack surface without auth checks
History of high severity vulnerabilities
History of medium severity vulnerabilities
High percentage of AJAX handlers without auth
Bundled library (Select2) might be outdated

Vulnerabilities

WPMR Google Feed Manager for WooCommerce – Sell on Google Merchant Center & Shopping Security Vulnerabilities

CVEs by Year

3 CVEs in 2024

2024

Patched Has unpatched

Severity Breakdown

High

Medium

3 total CVEs

CVE-2024-7258high · 8.8Missing Authorization

WooCommerce Google Feed Manager <= 2.8.0 - Missing Authorization to Authenticated (Contributor+) Arbitrary File Deletion

Aug 22, 2024 Patched in 2.9.0 (1d)

CVE-2024-3067high · 7.2Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

WooCommerce Google Feed Manager <= 2.4.2 - Authenticated (Admin+) SQL Injection to Reflected Cross-Site Scripting

Apr 15, 2024 Patched in 2.6.0 (2d)

CVE-2024-29112medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WooCommerce Google Feed Manager <= 2.2.0 - Authenticated (Shop manager+) Stored Cross-Site Scripting

Mar 16, 2024 Patched in 2.3.0 (5d)

Code Analysis

Analyzed Mar 16, 2026

WPMR Google Feed Manager for WooCommerce – Sell on Google Merchant Center & Shopping Code Analysis

Dangerous Functions

Raw SQL Queries

60 prepared

Unescaped Output

126

447 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2

SQL Query Safety

62% prepared97 total queries

Output Escaping

78% escaped573 total outputs

Attack Surface

37 unprotected

WPMR Google Feed Manager for WooCommerce – Sell on Google Merchant Center & Shopping Attack Surface

Entry Points38

Unprotected37

AJAX Handlers 38

authwp_ajax_wppfm_reverse_older_version_of_pluginincludes\application\wppfm-plugin-reversion-functions.php:96

authwp_ajax_wppfm-ajax-get-list-of-feedsincludes\data\class-wppfm-ajax-data.php:26

authwp_ajax_wppfm-ajax-get-list-of-backupsincludes\data\class-wppfm-ajax-data.php:27

authwp_ajax_wppfm-ajax-get-settings-optionsincludes\data\class-wppfm-ajax-data.php:28

authwp_ajax_wppfm-ajax-get-output-fieldsincludes\data\class-wppfm-ajax-data.php:29

authwp_ajax_wppfm-ajax-get-input-fieldsincludes\data\class-wppfm-ajax-data.php:30

authwp_ajax_wppfm-ajax-get-feed-statusincludes\data\class-wppfm-ajax-data.php:31

authwp_ajax_wppfm-ajax-get-main-feed-filtersincludes\data\class-wppfm-ajax-data.php:32

authwp_ajax_wppfm-ajax-switch-feed-statusincludes\data\class-wppfm-ajax-data.php:33

authwp_ajax_wppfm-ajax-duplicate-existing-feedincludes\data\class-wppfm-ajax-data.php:34

authwp_ajax_wppfm-ajax-update-feed-dataincludes\data\class-wppfm-ajax-data.php:35

authwp_ajax_wppfm-ajax-delete-feedincludes\data\class-wppfm-ajax-data.php:36

authwp_ajax_wppfm-ajax-backup-current-dataincludes\data\class-wppfm-ajax-data.php:37

authwp_ajax_wppfm-ajax-delete-backup-fileincludes\data\class-wppfm-ajax-data.php:38

authwp_ajax_wppfm-ajax-restore-backup-fileincludes\data\class-wppfm-ajax-data.php:39

authwp_ajax_wppfm-ajax-duplicate-backup-fileincludes\data\class-wppfm-ajax-data.php:40

authwp_ajax_wppfm-ajax-get-next-feed-in-queueincludes\data\class-wppfm-ajax-data.php:41

authwp_ajax_wppfm-ajax-register-notice-dismissionincludes\data\class-wppfm-ajax-data.php:42

authwp_ajax_wppfm-ajax-cancel-promotion-noticeincludes\data\class-wppfm-ajax-data.php:43

authwp_ajax_wppfm-ajax-get-next-categoriesincludes\data\class-wppfm-ajax-file.php:27

authwp_ajax_wppfm-ajax-get-category-listsincludes\data\class-wppfm-ajax-file.php:28

authwp_ajax_wppfm-ajax-delete-feed-fileincludes\data\class-wppfm-ajax-file.php:29

authwp_ajax_wppfm-ajax-update-feed-fileincludes\data\class-wppfm-ajax-file.php:30

authwp_ajax_wppfm-ajax-log-messageincludes\data\class-wppfm-ajax-file.php:31

authwp_ajax_wppfm-ajax-auto-feed-fix-mode-selectionincludes\data\class-wppfm-ajax-file.php:32

authwp_ajax_wppfm-ajax-background-processing-mode-selectionincludes\data\class-wppfm-ajax-file.php:33

authwp_ajax_wppfm-ajax-feed-logger-status-selectionincludes\data\class-wppfm-ajax-file.php:34

authwp_ajax_wppfm-ajax-show-product-identifiers-selectionincludes\data\class-wppfm-ajax-file.php:35

authwp_ajax_wppfm-ajax-switch-to-manual-channel-update-selectionincludes\data\class-wppfm-ajax-file.php:36

authwp_ajax_wppfm-ajax-wpml-use-full-url-resolution-selectionincludes\data\class-wppfm-ajax-file.php:37

authwp_ajax_wppfm-ajax-omit-price-filters-selectionincludes\data\class-wppfm-ajax-file.php:38

authwp_ajax_wppfm-ajax-third-party-attribute-keywordsincludes\data\class-wppfm-ajax-file.php:39

authwp_ajax_wppfm-ajax-set-notice-mailaddressincludes\data\class-wppfm-ajax-file.php:40

authwp_ajax_wppfm-ajax-clear-feed-process-dataincludes\data\class-wppfm-ajax-file.php:41

authwp_ajax_wppfm-ajax-reinitiate-pluginincludes\data\class-wppfm-ajax-file.php:42

authwp_ajax_wppfm-rf-ajax-get-product-review-feed-attributesincludes\packages\review-feed-manager\classes\class-wpprfm-ajax-data.php:22

authwp_ajax_wppfm-rf-ajax-get-review-dataincludes\packages\review-feed-manager\classes\class-wpprfm-ajax-data.php:23

authwp_ajax_wppfm_dismiss_admin_noticewp-product-feed-manager.php:128

WordPress Hooks 90

actionwppfm_feed_generation_preparingincludes\application\class-wppfm-feed-performance-monitor.php:102

actionwppfm_feed_generation_ready_to_startincludes\application\class-wppfm-feed-performance-monitor.php:103

actionwppfm_feed_generation_completeincludes\application\class-wppfm-feed-performance-monitor.php:104

actionwppfm_add_product_to_feedincludes\application\class-wppfm-feed-performance-monitor.php:107

actionwppfm_activated_next_batchincludes\application\class-wppfm-feed-performance-monitor.php:110

actionwppfm_before_file_writeincludes\application\class-wppfm-feed-performance-monitor.php:113

actionadmin_menuincludes\application\class-wppfm-feed-performance-monitor.php:116

actionplugins_loadedincludes\application\class-wppfm-feed-performance-monitor.php:772

filterwppfm_feed_price_decimal_separatorincludes\application\google\class-feed.php:26

filterwppfm_feed_price_thousands_separatorincludes\application\google\class-feed.php:27

filterwppfm_feed_price_decimalsincludes\application\google\class-feed.php:28

filtercron_schedulesincludes\application\wppfm-cron-functions.php:281

actioninitincludes\application\wppfm-cron-functions.php:282

actionwppfm_feed_watchdog_cronincludes\application\wppfm-cron-functions.php:283

actionwppfm_batch_memory_limit_exceededincludes\application\wppfm-feed-health-monitor.php:35

actionadmin_initincludes\application\wppfm-feed-health-monitor.php:66

actionadmin_noticesincludes\application\wppfm-feed-health-monitor.php:185

filterwoocommerce_customer_taxable_addressincludes\application\wppfm-feed-processing-support.php:2110

filterwoocommerce_customer_taxable_addressincludes\application\wppfm-feed-processing-support.php:2142

filterwcml_client_currencyincludes\application\wppfm-feed-processing-support.php:2188

filterupgrader_package_optionsincludes\application\wppfm-plugin-reversion-functions.php:57

actionadmin_headincludes\application\wppfm-plugin-reversion-functions.php:139

actionadmin_footerincludes\application\wppfm-plugin-reversion-functions.php:180

actionwppfm_remove_old_folder_eventincludes\application\wppfm-plugin-reversion-functions.php:196

actionadmin_enqueue_scriptsincludes\class-wppfm-register-scripts.php:32

actionadmin_enqueue_scriptsincludes\class-wppfm-register-scripts.php:33

actionadmin_enqueue_scriptsincludes\class-wppfm-register-scripts.php:38

actionadmin_enqueue_scriptsincludes\class-wppfm-register-scripts.php:45

actionadmin_enqueue_scriptsincludes\class-wppfm-register-scripts.php:46

actionadmin_enqueue_scriptsincludes\class-wppfm-register-scripts.php:50

actionadmin_enqueue_scriptsincludes\class-wppfm-register-scripts.php:51

actionadmin_enqueue_scriptsincludes\class-wppfm-register-scripts.php:56

actionadmin_enqueue_scriptsincludes\class-wppfm-register-scripts.php:58

actionwppfm_feed_process_preparedincludes\packages\logger\includes\wppfm-logger-actions.php:20

actionwppfm_feed_generation_messageincludes\packages\logger\includes\wppfm-logger-actions.php:36

actionwppfm_feed_queue_filledincludes\packages\logger\includes\wppfm-logger-actions.php:44

actionwppfm_feed_processing_batch_activatedincludes\packages\logger\includes\wppfm-logger-actions.php:52

actionwppfm_started_product_processingincludes\packages\logger\includes\wppfm-logger-actions.php:60

actionwppfm_add_product_to_feedincludes\packages\logger\includes\wppfm-logger-actions.php:68

actionwppfm_activated_next_batchincludes\packages\logger\includes\wppfm-logger-actions.php:76

actionwppfm_complete_a_feedincludes\packages\logger\includes\wppfm-logger-actions.php:84

actionwppfm_feed_processing_failed_file_size_stopped_increasingincludes\packages\logger\includes\wppfm-logger-actions.php:92

actionwppfm_feed_generation_warningincludes\packages\logger\includes\wppfm-logger-actions.php:105

actionwppfm_register_feed_urlincludes\packages\logger\includes\wppfm-logger-actions.php:123

actionwppfm_register_remote_post_argsincludes\packages\logger\includes\wppfm-logger-actions.php:163

actionwppfm_batch_memory_limit_exceededincludes\packages\logger\includes\wppfm-logger-actions.php:184

actionwppfm_batch_time_limit_exceededincludes\packages\logger\includes\wppfm-logger-actions.php:204

actionwppfm_wp_remote_post_responseincludes\packages\logger\includes\wppfm-logger-actions.php:255

actionadmin_noticesincludes\packages\logger\wp-product-feed-manager-logger.php:92

actionadmin_enqueue_scriptsincludes\packages\promotions-feed-manager\classes\class-wpppfm-register-scripts.php:29

actionadmin_enqueue_scriptsincludes\packages\promotions-feed-manager\classes\class-wpppfm-register-scripts.php:30

actionwppfm_includesincludes\packages\promotions-feed-manager\wp-merchant-promotions-feed-manager.php:106

filterwppfm_feed_typesincludes\packages\promotions-feed-manager\wpppfm-setup-feed-manager.php:25

actionadmin_enqueue_scriptsincludes\packages\review-feed-manager\classes\class-wpprfm-register-scripts.php:28

actionadmin_enqueue_scriptsincludes\packages\review-feed-manager\classes\class-wpprfm-register-scripts.php:29

actionwppfm_includesincludes\packages\review-feed-manager\wp-product-review-feed-manager.php:98

filterwppfm_get_feed_attributesincludes\packages\review-feed-manager\wpprfm-feed-generation-functions.php:44

filterwppfm_advised_inputsincludes\packages\review-feed-manager\wpprfm-feed-generation-functions.php:64

filterwppfm_background_classincludes\packages\review-feed-manager\wpprfm-feed-generation-functions.php:84

filterwppfm_all_source_fieldsincludes\packages\review-feed-manager\wpprfm-review-feed-form-functions.php:31

filterwppfm_header_stringincludes\packages\review-feed-manager\wpprfm-review-feed-form-functions.php:46

filterwppfm_footer_stringincludes\packages\review-feed-manager\wpprfm-review-feed-form-functions.php:61

filterwppfm_feed_typesincludes\packages\review-feed-manager\wpprfm-setup-feed-manager.php:25

actionadmin_menuincludes\user-interface\wppfm-admin-actions.php:60

actionwppfm_daily_eventincludes\user-interface\wppfm-admin-actions.php:77

actionwp_loadedincludes\user-interface\wppfm-admin-actions.php:130

actionwp_loadedincludes\user-interface\wppfm-admin-actions.php:143

actionadmin_menuincludes\user-interface\wppfm-admin-actions.php:154

actionadmin_noticesincludes\user-interface\wppfm-admin-actions.php:193

actionadmin_footerincludes\user-interface\wppfm-admin-actions.php:220

actionmanage_product_posts_custom_columnincludes\user-interface\wppfm-admin-actions.php:238

actionwppfm_daily_eventincludes\user-interface\wppfm-admin-actions.php:290

filterwppfm_product_query_limitincludes\user-interface\wppfm-admin-filters.php:45

filterplugin_row_metaincludes\user-interface\wppfm-admin-filters.php:63

filterhttp_responseincludes\user-interface\wppfm-messaging-functions.php:194

actionwppfm_woocommerce_product_feed_panelincludes\user-interface\wppfm-product-identifiers.php:50

actionwoocommerce_process_product_metaincludes\user-interface\wppfm-product-identifiers.php:75

actionwoocommerce_variation_optionsincludes\user-interface\wppfm-product-identifiers.php:114

actionwoocommerce_save_product_variationincludes\user-interface\wppfm-product-identifiers.php:145

actionwoocommerce_product_quick_edit_startincludes\user-interface\wppfm-product-identifiers.php:185

actionwoocommerce_product_quick_edit_saveincludes\user-interface\wppfm-product-identifiers.php:210

filterwoocommerce_product_data_tabsincludes\user-interface\wppfm-woocommerce-actions.php:25

actionwoocommerce_product_data_panelsincludes\user-interface\wppfm-woocommerce-actions.php:57

actionwoocommerce_process_product_metaincludes\user-interface\wppfm-woocommerce-actions.php:73

actionwoocommerce_variation_optionsincludes\user-interface\wppfm-woocommerce-actions.php:94

actionwoocommerce_save_product_variationincludes\user-interface\wppfm-woocommerce-actions.php:111

actionwppfm_feed_update_schedulewp-product-feed-manager.php:127

actionafter_setup_themewp-product-feed-manager.php:132

filterload_textdomain_mofilewp-product-feed-manager.php:134

actionbefore_woocommerce_initwp-product-feed-manager.php:137

Scheduled Events 6

wppfm_feed_watchdog_cron

wppfm_remove_old_folder_event

wppfm_feed_update_schedule

wppfm_daily_event

wppfm_feed_update_schedule

wppfm_feed_watchdog_cron

Maintenance & Trust

WPMR Google Feed Manager for WooCommerce – Sell on Google Merchant Center & Shopping Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 2, 2026

PHP min version7.4

Downloads910K

Community Trust

Rating90/100

Number of ratings125

Active installs10K

Alternatives

WPMR Google Feed Manager for WooCommerce – Sell on Google Merchant Center & Shopping Alternatives

ELEX WooCommerce Google Shopping (Google Product Feed)

elex-woocommerce-google-product-feed-plugin-basic

The ELEX WooCommerce Google Shopping (Google Product Feed) plugin is a free WooCommerce plugin that serves in feeding your WooCommerce products to Goo …

1K 2 CVEs

WebToffee WooCommerce Product Feeds – Google Shopping, Pinterest, TikTok Ads, & More

webtoffee-product-feed

Create WooCommerce product feeds containing unlimited number of products. Supports Google Product feed, Facebook catalog feed, Instagram, Bing & m …

2K 3 CVEs

Product Feed PRO for WooCommerce by AdTribes – Product Feeds for WooCommerce

woo-product-feed-pro

Most popular WooCommerce product feed plugin supporting Google shopping feed, meta/facebook feed, bing product feed & more.

80K 6 CVEs

Product Feed Manager for WooCommerce – CTX Feed – Support 220+ Shopping & Social Channels

webappick-product-feed-for-woocommerce

Create WooCommerce product feeds for Google Shopping, Facebook, TikTok & 220+ channels. 2026 compliant. 6 formats. Trusted by 70,000+ stores.

70K 4 CVEs

Product Feed Manager For WooCommerce – Sell on 200+ Online Marketplaces

best-woocommerce-feed

Generate WooCommerce product feeds for 200+ marketplaces. Sell on Google Shopping, Facebook, Instagram, Amazon, eBay, TikTok and more.

10K 2 CVEs

Developer Profile

WPMR Google Feed Manager for WooCommerce – Sell on Google Merchant Center & Shopping Developer Profile

AukeJomm

1 plugin · 10K total installs

trust score

Avg Security Score

96/100

Avg Patch Time

3 days

View full developer profile

Detection Fingerprints

How We Detect WPMR Google Feed Manager for WooCommerce – Sell on Google Merchant Center & Shopping

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-product-feed-manager/css/main.css/wp-content/plugins/wp-product-feed-manager/css/wppfm-wizard.css/wp-content/plugins/wp-product-feed-manager/css/wppfm-modal.css/wp-content/plugins/wp-product-feed-manager/css/wppfm-settings.css/wp-content/plugins/wp-product-feed-manager/css/wppfm-product-feed-list.css/wp-content/plugins/wp-product-feed-manager/js/wppfm-vue-components.js/wp-content/plugins/wp-product-feed-manager/js/wppfm-modal-vue.js/wp-content/plugins/wp-product-feed-manager/js/wppfm-product-feed-list.js+2 more

Script Paths

/wp-content/plugins/wp-product-feed-manager/js/wppfm-vue-components.js/wp-content/plugins/wp-product-feed-manager/js/wppfm-modal-vue.js/wp-content/plugins/wp-product-feed-manager/js/wppfm-product-feed-list.js/wp-content/plugins/wp-product-feed-manager/js/wppfm-wizard.js/wp-content/plugins/wp-product-feed-manager/js/wppfm-main.js

Version Parameters

wp-product-feed-manager/css/main.css?ver=wp-product-feed-manager/css/wppfm-wizard.css?ver=wp-product-feed-manager/css/wppfm-modal.css?ver=wp-product-feed-manager/css/wppfm-settings.css?ver=wp-product-feed-manager/css/wppfm-product-feed-list.css?ver=wp-product-feed-manager/js/wppfm-vue-components.js?ver=wp-product-feed-manager/js/wppfm-modal-vue.js?ver=wp-product-feed-manager/js/wppfm-product-feed-list.js?ver=wp-product-feed-manager/js/wppfm-wizard.js?ver=wp-product-feed-manager/js/wppfm-main.js?ver=

HTML / DOM Fingerprints

CSS Classes

wppfm-main-containerwppfm-feed-listwppfm-feed-list-contentwppfm-product-feed-tablewppfm-feed-list-rowwppfm-modal-backdropwppfm-modal-contentwppfm-modal-header+16 more

HTML Comments

<!-- Main WP_Product_Feed_Manager Class.<!-- Cloning is not allowed<!-- Unserializing instances of this class is not allowed<!-- WP_Product_Feed_Manager Constructor.+26 more

Data Attributes

data-wppfm-vue-appdata-wppfm-modal-targetdata-wppfm-modal-closedata-wppfm-wizard-stepdata-wppfm-ajax-action

JS Globals

wppfm_configwppfm_vue_apps

REST Endpoints

/wp-json/wppfm/v1/products/wp-json/wppfm/v1/feeds/wp-json/wppfm/v1/attributes/wp-json/wppfm/v1/channels/wp-json/wppfm/v1/settings/wp-json/wppfm/v1/logs

FAQ