Does Additional Order Filters for WooCommerce have any unpatched vulnerabilities?

No. All known vulnerabilities in Additional Order Filters for WooCommerce have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Additional Order Filters for WooCommerce compatible with WordPress 6.9.4?

According to WordPress.org data, Additional Order Filters for WooCommerce 1.24 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Additional Order Filters for WooCommerce compatible with PHP 7.0+?

Additional Order Filters for WooCommerce requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Additional Order Filters for WooCommerce updated?

Additional Order Filters for WooCommerce was last updated on Dec 9, 2025. Frequent updates are generally a positive security signal.

What is Additional Order Filters for WooCommerce's security score?

Additional Order Filters for WooCommerce has a WP-Safety security score of 97/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Additional Order Filters for WooCommerce Security Review

Safety Verdict

Is Additional Order Filters for WooCommerce Safe to Use in 2026?

Generally Safe

Score 97/100

Additional Order Filters for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Jun 27, 2025Updated 3mo ago

Risk Assessment

The plugin "additional-order-filters-for-woocommerce" v1.24 exhibits a mixed security posture. While it boasts zero identified AJAX handlers, REST API routes, shortcodes, or cron events, contributing to a small attack surface, several concerning code signals are present. The use of `unserialize` is a significant risk, especially when dealing with user-supplied data, as it can lead to object injection vulnerabilities. The fact that 100% of SQL queries are not using prepared statements is a critical flaw, opening the door for SQL injection attacks. Despite a high percentage of properly escaped output, the presence of unsanitized paths in taint analysis indicates potential for vulnerabilities if these paths are exposed to user input. The plugin's vulnerability history, with 3 medium-severity CVEs related to CSRF and XSS, suggests a recurring pattern of input sanitization and authorization weaknesses. Although no CVEs are currently unpatched, the past issues combined with the static analysis findings warrant caution.

Key Concerns

Use of unserialize function
SQL queries without prepared statements
Flows with unsanitized paths
Medium severity CVEs in history

Vulnerabilities

3

Additional Order Filters for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

1 CVE in 2024

2024

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

3

3 total CVEs

CVE-2025-53271medium · 4.3Cross-Site Request Forgery (CSRF)

Additional Order Filters for WooCommerce <= 1.22 - Cross-Site Request Forgery

Jun 27, 2025 Patched in 1.23 (117d)

CVE-2024-11418medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Additional Order Filters for WooCommerce <= 1.21 - Reflected Cross-Site Scripting

Nov 25, 2024 Patched in 1.22 (1d)

CVE-2023-47690medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Additional Order Filters for WooCommerce <= 1.11 - Reflected Cross-Site Scripting

Nov 9, 2023 Patched in 1.12 (76d)

Code Analysis

Analyzed Mar 16, 2026

Additional Order Filters for WooCommerce Code Analysis

Dangerous Functions

1

Raw SQL Queries

1

0 prepared

Unescaped Output

7

41 escaped

Nonce Checks

2

Capability Checks

0

File Operations

0

External Requests

0

Bundled Libraries

0

Dangerous Functions Found

unserialize$enabled_filters = unserialize( $enabled_filters );includes\class-waof-admin-options.php:314

SQL Query Safety

0% prepared1 total queries

Output Escaping

85% escaped48 total outputs

Data Flows

6 unsanitized

Data Flow Analysis

9 flows6 with unsanitized paths

woaf_show_default_filters_settings (includes\class-waof-admin-options.php:67)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Additional Order Filters for WooCommerce Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 15

actionadmin_noticesadditionalorderfilters.php:51

actionadmin_menuincludes\class-waof-admin-options.php:17

actionadmin_menuincludes\class-waof-admin-options.php:18

actionadmin_menuincludes\class-waof-default-filters-hpos-storage.php:24

actionwoocommerce_order_list_table_extra_tablenavincludes\class-waof-default-filters-hpos-storage.php:39

filterwoocommerce_order_list_table_prepare_items_query_argsincludes\class-waof-default-filters-hpos-storage.php:40

filterwoocommerce_orders_table_query_clausesincludes\class-waof-default-filters-hpos-storage.php:42

actionadmin_menuincludes\class-waof-default-filters.php:26

actionadmin_noticesincludes\class-waof-default-filters.php:41

actionviews_edit-shop_orderincludes\class-waof-default-filters.php:42

actionrestrict_manage_postsincludes\class-waof-default-filters.php:43

actionposts_whereincludes\class-waof-default-filters.php:44

filterpre_get_postsincludes\class-waof-default-filters.php:45

actionplugins_loadedincludes\class-waof.php:17

actionadmin_enqueue_scriptsincludes\class-waof.php:18

Maintenance & Trust

Additional Order Filters for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 9, 2025

PHP min version7.0

Downloads22K

Community Trust

Rating100/100

Number of ratings5

Active installs2K

Alternatives

Additional Order Filters for WooCommerce Alternatives

Order Export & Order Import for WooCommerce

order-import-export-for-woocommerce

A

90

The best order export import plugin for WooCommerce. Easily import and export WooCommerce orders and WooCommerce coupons using CSV.

60K 7 CVEs

Advanced AJAX Product Filters

woocommerce-ajax-filters

A

92

Fast and flexible AJAX product filters for WooCommerce. Filter by categories, attributes, price, tags, rating, and more. No page reloads.

50K 4 CVEs

Customizer for WooCommerce

woocommerce-customizer

A

100

Helps you customize WooCommerce without writing any code!

30K No CVEs

Smart Manager – Advanced WooCommerce Bulk Edit & Inventory Management

smart-manager-for-wp-e-commerce

A

94

WooCommerce Advanced Bulk Edit products, orders, & posts in an Excel-like sheet editor. Get advanced WooCommerce stock, pricing, & order management.

10K 4 CVEs

Orders Tracking for WooCommerce

woo-orders-tracking

A

98

Easily import/manage your tracking numbers, add tracking numbers to PayPal and send email notifications to customers.

10K 3 CVEs

Developer Profile

Additional Order Filters for WooCommerce Developer Profile

Anton Bond

1 plugin · 2K total installs

86

trust score

Avg Security Score

97/100

Avg Patch Time

65 days

View full developer profile

Detection Fingerprints

How We Detect Additional Order Filters for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/additional-order-filters-for-woocommerce/assets/css/woaf-admin.css/wp-content/plugins/additional-order-filters-for-woocommerce/assets/js/woaf-admin-filters.js/wp-content/plugins/additional-order-filters-for-woocommerce/assets/js/woaf-admin-options.js

Script Paths

https://cdn.jsdelivr.net/npm/select2@4.1.0-rc.0/dist/js/select2.min.js

HTML / DOM Fingerprints

CSS Classes

woaf_show_filters_button_wrapperwoaf_show_filterswoaf_special_order_filter_wrapperwoaf_special_order_filterinline_block

JS Globals

woaf_admin_scriptswoaf_admin_options_scriptswoaf_select2_script

FAQ

Additional Order Filters for WooCommerce Security & Risk Analysis