WP-Safety

All Woocommerce Export Security & Risk Analysis

wordpress.org/plugins/all-woocommerce-export

Export WooCommerce Orders, products and Customers into Excel. Supports all Excel format XLS, XLSX & Mac)

100 active installs v1.1 PHP + WP 4.0.0+ Updated Apr 17, 2025
exportexport-customersexport-ordersexport-productswoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is All Woocommerce Export Safe to Use in 2026?

Generally Safe

Score 100/100

All Woocommerce Export has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11mo ago
Risk Assessment

The 'all-woocommerce-export' plugin version 1.1 presents a mixed security posture. On the positive side, it demonstrates good practices regarding SQL queries, utilizing prepared statements exclusively, and a high percentage of properly escaped output. It also shows no history of known vulnerabilities, which is a strong indicator of diligent development and patching in the past. However, significant concerns arise from the attack surface analysis. The plugin exposes two AJAX handlers, both of which lack any authentication checks, creating direct entry points for potentially malicious actions.

The code analysis also flags the presence of the `unserialize` function, which, if used with untrusted data, can lead to remote code execution vulnerabilities. Although no taint flows with unsanitized paths were identified in this specific analysis, the presence of `unserialize` coupled with unprotected AJAX endpoints significantly elevates the risk. The absence of nonce checks on these AJAX handlers further exacerbates the security gap, leaving them vulnerable to Cross-Site Request Forgery (CSRF) attacks. While the plugin's history is clean, the current static analysis reveals critical weaknesses that require immediate attention to secure the application.

Key Concerns

  • AJAX handlers without auth checks
  • Dangerous function 'unserialize' present
  • Missing nonce checks on AJAX handlers
  • Bundled outdated libraries (dompdf, TCPDF)
Vulnerabilities
None known

All Woocommerce Export Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

All Woocommerce Export Code Analysis

Dangerous Functions
11
Raw SQL Queries
0
7 prepared
Unescaped Output
8
76 escaped
Nonce Checks
0
Capability Checks
0
File Operations
180
External Requests
0
Bundled Libraries
2

Dangerous Functions Found

unserialize$this->_currentObject = unserialize($obj);PHPExcel\CachedObjectStorage\APC.php:156
unserialize$this->_currentObject = unserialize(fread($this->_fileHandle,$this->_cellCache[$pCoord]['sz']));PHPExcel\CachedObjectStorage\DiscISAM.php:126
unserialize$this->_currentObject = unserialize($obj);PHPExcel\CachedObjectStorage\Memcache.php:160
unserialize$this->_currentObject = unserialize(gzinflate($this->_cellCache[$pCoord]));PHPExcel\CachedObjectStorage\MemoryGZip.php:98
unserialize$this->_currentObject = unserialize($this->_cellCache[$pCoord]);PHPExcel\CachedObjectStorage\MemorySerialized.php:98
unserialize$this->_currentObject = unserialize(fread($this->_fileHandle,$this->_cellCache[$pCoord]['sz']));PHPExcel\CachedObjectStorage\PHPTemp.php:118
unserialize$this->_currentObject = unserialize($cellResult);PHPExcel\CachedObjectStorage\SQLite.php:118
unserialize$this->_currentObject = unserialize($cellData['value']);PHPExcel\CachedObjectStorage\SQLite3.php:150
unserialize$this->_currentObject = unserialize($obj);PHPExcel\CachedObjectStorage\Wincache.php:160
unserialize$this->{$key} = unserialize(serialize($val));PHPExcel\Worksheet.php:2839
unserialize$this->{$key} = unserialize(serialize($val));PHPExcel.php:866

Bundled Libraries

dompdfTCPDF

SQL Query Safety

100% prepared7 total queries

Output Escaping

90% escaped84 total outputs
Attack Surface
2 unprotected

All Woocommerce Export Attack Surface

Entry Points2
Unprotected2

AJAX Handlers 2

authwp_ajax_awe_orderdetailsall-woocommerce-export.php:89
noprivwp_ajax_awe_orderdetailsall-woocommerce-export.php:90
WordPress Hooks 3
actionadmin_menuall-woocommerce-export.php:37
actionadmin_print_scriptsall-woocommerce-export.php:81
actionadmin_print_stylesall-woocommerce-export.php:218
Maintenance & Trust

All Woocommerce Export Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedApr 17, 2025
PHP min version
Downloads5K

Community Trust

Rating20/100
Number of ratings1
Active installs100
Alternatives

All Woocommerce Export Alternatives

Store Exporter – Export WooCommerce Products, Orders, Subscriptions, Customers

Store Exporter – Export WooCommerce Products, Orders, Subscriptions, Customers

woocommerce-exporter

A
89

Export WooCommerce products, orders, customers, categories, tags, subscriptions & more into formatted files like CSV, XML, Excel 2007, XLS, XLSX.

7K 9 CVEs
Order Export for WooCommerce

Order Export for WooCommerce

order-export-and-more-for-woocommerce

A
99

Export WooCommerce orders & export products with advanced filtering. Supports CSV & all Excel formats.

2K 2 CVEs
Advanced Order Export For WooCommerce

Advanced Order Export For WooCommerce

woo-order-export-lite

A
90

Export WooCommerce orders to Excel, CSV, XML, JSON, PDF and HTML. Best free order export plugin for WooCommerce.

100K 8 CVEs
Order Export & Order Import for WooCommerce

Order Export & Order Import for WooCommerce

order-import-export-for-woocommerce

A
90

The best order export import plugin for WooCommerce. Easily import and export WooCommerce orders and WooCommerce coupons using CSV.

60K 7 CVEs
WP All Export – Product Export Add-On for WooCommerce

WP All Export – Product Export Add-On for WooCommerce

product-export-for-woocommerce

A
100

Drag & drop to export products to CSV, Excel, or XML files of any format. Supports variations, images, attributes, brands, and more with powerful …

10K No CVEs
Developer Profile

All Woocommerce Export Developer Profile

Vishit Shah

6 plugins · 920 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect All Woocommerce Export

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/all-woocommerce-export/css/allwoocommerceexport.css/wp-content/plugins/all-woocommerce-export/js/ajax-script.js
Script Paths
/wp-content/plugins/all-woocommerce-export/js/ajax-script.js
Version Parameters
all-woocommerce-export/style.css?ver=all-woocommerce-export/js/ajax-script.js?ver=

HTML / DOM Fingerprints

CSS Classes
wrapmain-titledescriptionradio_wrapperstv-radio-tablinksall-fields
HTML Comments
<!-- Main Wrapper Start --><!-- Order Form Start --><!-- Order Form End --><!-- Main Wrapper End -->
Data Attributes
rel="<?php echo $val['placeholder']; ?>"
JS Globals
MyAjaxawe
FAQ

Frequently Asked Questions about All Woocommerce Export