WP-Safety

Custom Order Status Manager for WooCommerce Security & Risk Analysis

wordpress.org/plugins/bp-custom-order-status-for-woocommerce

Custom Order Status Manager for WooCommerce plugin allows you to create, delete and edit order statuses to better control the flow of your orders.

30K active installs v2.0 PHP 7.4+ WP 4.9+ Updated Feb 17, 2026
custom-order-statuscustom-statusorder-statusstatuses
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Custom Order Status Manager for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Custom Order Status Manager for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The "bp-custom-order-status-for-woocommerce" plugin version 2.0 exhibits a generally good security posture based on the provided static analysis. The absence of critical or high-severity taint flows, along with the use of prepared statements for all SQL queries, are significant strengths. The plugin also demonstrates a strong emphasis on security by implementing nonce checks on 12 occasions and capability checks where appropriate, indicating an awareness of common WordPress vulnerabilities. The limited attack surface, consisting solely of AJAX handlers with all of them apparently protected, further contributes to its positive security profile.

However, a notable concern arises from the output escaping. With 824 total outputs, only 69% are properly escaped. This leaves approximately 285 output points potentially vulnerable to Cross-Site Scripting (XSS) attacks if the data originates from untrusted sources. While the vulnerability history is clean, suggesting a well-maintained codebase to date, this high percentage of unescaped output represents a tangible risk that should be addressed. The lack of any recorded vulnerabilities in its history is a positive indicator, but it doesn't negate the risks identified in the current static analysis.

Key Concerns

  • Percentage of unescaped output is concerning
Vulnerabilities
None known

Custom Order Status Manager for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Custom Order Status Manager for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
2 prepared
Unescaped Output
254
570 escaped
Nonce Checks
12
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared2 total queries

Output Escaping

69% escaped824 total outputs
Data Flows
All sanitized

Data Flow Analysis

3 flows
csf_export (include\codestar\functions\actions.php:62)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Custom Order Status Manager for WooCommerce Attack Surface

Entry Points5
Unprotected0

AJAX Handlers 5

authwp_ajax_csf-get-iconsinclude\codestar\functions\actions.php:50
authwp_ajax_csf-exportinclude\codestar\functions\actions.php:87
authwp_ajax_csf-importinclude\codestar\functions\actions.php:123
authwp_ajax_csf-resetinclude\codestar\functions\actions.php:150
authwp_ajax_csf-choseninclude\codestar\functions\actions.php:189
WordPress Hooks 88
actionwp_enqueue_scriptsinclude\codestar\classes\abstract.class.php:21
actionadmin_menuinclude\codestar\classes\admin-options.class.php:107
actionadmin_bar_menuinclude\codestar\classes\admin-options.class.php:108
actionnetwork_admin_menuinclude\codestar\classes\admin-options.class.php:112
filteradmin_footer_textinclude\codestar\classes\admin-options.class.php:432
actionadd_meta_boxes_commentinclude\codestar\classes\comment-options.class.php:38
actionedit_commentinclude\codestar\classes\comment-options.class.php:39
actioncustomize_registerinclude\codestar\classes\customize-options.class.php:44
actioncustomize_save_afterinclude\codestar\classes\customize-options.class.php:45
actionwp_enqueue_scriptsinclude\codestar\classes\customize-options.class.php:49
actionadd_meta_boxesinclude\codestar\classes\metabox-options.class.php:50
actionsave_postinclude\codestar\classes\metabox-options.class.php:51
actionedit_attachmentinclude\codestar\classes\metabox-options.class.php:52
actionwp_nav_menu_item_custom_fieldsinclude\codestar\classes\nav-menu-options.class.php:32
actionwp_update_nav_menu_iteminclude\codestar\classes\nav-menu-options.class.php:33
filterwp_edit_nav_menu_walkerinclude\codestar\classes\nav-menu-options.class.php:35
actionadmin_initinclude\codestar\classes\profile-options.class.php:32
actionshow_user_profileinclude\codestar\classes\profile-options.class.php:44
actionedit_user_profileinclude\codestar\classes\profile-options.class.php:45
actionpersonal_options_updateinclude\codestar\classes\profile-options.class.php:47
actionedit_user_profile_updateinclude\codestar\classes\profile-options.class.php:48
actionafter_setup_themeinclude\codestar\classes\setup.class.php:73
actioninitinclude\codestar\classes\setup.class.php:74
actionswitch_themeinclude\codestar\classes\setup.class.php:75
actionadmin_enqueue_scriptsinclude\codestar\classes\setup.class.php:76
actionwp_enqueue_scriptsinclude\codestar\classes\setup.class.php:77
actionwp_headinclude\codestar\classes\setup.class.php:78
filteradmin_body_classinclude\codestar\classes\setup.class.php:79
actionadmin_footerinclude\codestar\classes\shortcode-options.class.php:47
actioncustomize_controls_print_footer_scriptsinclude\codestar\classes\shortcode-options.class.php:48
actionelementor/editor/before_enqueue_scriptsinclude\codestar\classes\shortcode-options.class.php:59
actionelementor/editor/footerinclude\codestar\classes\shortcode-options.class.php:60
actionelementor/editor/footerinclude\codestar\classes\shortcode-options.class.php:61
actionenqueue_block_editor_assetsinclude\codestar\classes\shortcode-options.class.php:258
actionmedia_buttonsinclude\codestar\classes\shortcode-options.class.php:262
actionadmin_initinclude\codestar\classes\taxonomy-options.class.php:41
actionadmin_footerinclude\codestar\fields\icon\icon.php:41
actioncustomize_controls_print_footer_scriptsinclude\codestar\fields\icon\icon.php:42
actionadmin_print_footer_scriptsinclude\codestar\fields\link\link.php:65
actionprint_default_editor_scriptsinclude\codestar\fields\wp_editor\wp_editor.php:62
actionadmin_menuinclude\codestar\views\welcome.php:19
filterplugin_action_linksinclude\codestar\views\welcome.php:20
filterplugin_row_metainclude\codestar\views\welcome.php:21
filterdokan_get_order_status_classinclude\dokan.php:3
filterdokan_get_order_status_translatedinclude\dokan.php:13
filterchange_order_status_on_preorder_dateinclude\functions.php:17
actionbefore_woocommerce_initmain.php:85
actionwoocommerce_loadedmain.php:91
actionadmin_noticesmain.php:97
actionadmin_noticessrc\Bootstrap.php:27
actionadmin_initsrc\Bootstrap.php:28
filtercosm_upsale_noticesrc\Bootstrap.php:29
actionupgrader_process_completesrc\Bootstrap.php:31
actionadmin_noticessrc\Bootstrap.php:59
filteractive_pluginssrc\Bootstrap.php:226
filterwoocommerce_cod_process_payment_order_statussrc\Checkout.php:8
filterwoocommerce_bacs_process_payment_order_statussrc\Checkout.php:9
filterwoocommerce_cheque_process_payment_order_statussrc\Checkout.php:10
actionwoocommerce_payment_complete_order_statussrc\Checkout.php:11
actionwoocommerce_payment_completesrc\Checkout.php:12
actioninitsrc\Cpt.php:7
actionadmin_menusrc\Cpt.php:8
actionparent_filesrc\Cpt.php:9
filterenter_title_heresrc\Cpt.php:10
actionafter_setup_themesrc\Cpt.php:12
actionwoocommerce_order_status_changedsrc\Email.php:7
filterwoocommerce_email_classessrc\Email.php:8
filterwoocommerce_order_is_download_permittedsrc\Email.php:9
filterwoocommerce_prepare_email_for_previewsrc\Email.php:12
actionadmin_menusrc\Settings.php:12
filterplugin_row_metasrc\Settings.php:13
actioninitsrc\Settings.php:15
actionadmin_noticessrc\Settings.php:22
filtercosmbp_advertising_placesrc\Settings.php:332
actionadmin_footersrc\Status.php:8
actioninitsrc\Status.php:9
filterwc_order_statusessrc\Status.php:10
filterwoocommerce_order_is_paid_statusessrc\Status.php:11
filterbulk_actions-edit-shop_ordersrc\Status.php:12
filterbulk_actions-woocommerce_page_wc-orderssrc\Status.php:14
actionadmin_enqueue_scriptssrc\Status.php:15
actionwp_enqueue_scriptssrc\Status.php:16
actionwoocommerce_admin_order_totals_after_totalsrc\Status.php:17
filterwoocommerce_admin_order_actionssrc\Status.php:20
filterwc_order_is_editablesrc\Status.php:21
actionwoocommerce_order_status_changedsrc\Status.php:23
actionmanage_order_status_posts_custom_columnsrc\StatusColums.php:7
filtermanage_order_status_posts_columnssrc\StatusColums.php:8
Maintenance & Trust

Custom Order Status Manager for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 17, 2026
PHP min version7.4
Downloads235K

Community Trust

Rating94/100
Number of ratings109
Active installs30K
Alternatives

Custom Order Status Manager for WooCommerce Alternatives

Advanced Custom Order Status for WooCommerce

Advanced Custom Order Status for WooCommerce

advanced-custom-order-status-for-woocommerce

A
100

Easily create, edit, and delete custom order status in WooCommerce. Add icon, color and action to enhance the visual representation of order statuses.

500 No CVEs
SDP Custom Order Status for WooCommerce

SDP Custom Order Status for WooCommerce

sdp-custom-order-status-for-woocommerce

A
100

Create unlimited WooCommerce custom order statuses, send automated email notifications to customers and admins, and manage your order workflow easily

10 No CVEs
Ni WooCommerce Custom Order Status

Ni WooCommerce Custom Order Status

ni-woocommerce-custom-order-status

A
99

WC requires at least: 4.0 WC tested up to: 9.7 Last Updated Date: 10-March-2026 WooCommerce Custom Order Status plug-in allows you to create and manag …

2K 1 CVE
Advanced Order Status For WooCommerce – Custom Status Management & Workflow Automation

Advanced Order Status For WooCommerce – Custom Status Management & Workflow Automation

advanced-order-status-for-woocommerce

A
100

Create and manage custom WooCommerce order statuses with icons, colors, and bulk actions. Streamline your fulfillment workflow.

10 No CVEs
AgMg order statuses & mails for Woo

AgMg order statuses & mails for Woo

agmg-order-statuses-mails-for-woo

A
100

Create unlimited custom order statuses and automate email notifications for each status. Improve your workflow and keep customers informed with ease.

0 No CVEs
Developer Profile

Custom Order Status Manager for WooCommerce Developer Profile

brightvesseldev

15 plugins · 49K total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
277 days
View full developer profile
Detection Fingerprints

How We Detect Custom Order Status Manager for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/bp-custom-order-status-for-woocommerce/assets/css/frontend.css/wp-content/plugins/bp-custom-order-status-for-woocommerce/assets/css/backend.css/wp-content/plugins/bp-custom-order-status-for-woocommerce/assets/js/frontend.js/wp-content/plugins/bp-custom-order-status-for-woocommerce/assets/js/backend.js
Version Parameters
bp-custom-order-status-for-woocommerce/assets/css/frontend.css?ver=bp-custom-order-status-for-woocommerce/assets/css/backend.css?ver=bp-custom-order-status-for-woocommerce/assets/js/frontend.js?ver=bp-custom-order-status-for-woocommerce/assets/js/backend.js?ver=

HTML / DOM Fingerprints

CSS Classes
bcosm-custom-order-status-fieldbcosm-add-new-status-buttonbcosm-status-actionsbcosm-status-list-table
Data Attributes
data-cosm-status-iddata-nonce-fielddata-nonce-action
JS Globals
bcosm_ajax_object
REST Endpoints
/wp-json/bp-custom-order-status/v1/statuses
FAQ

Frequently Asked Questions about Custom Order Status Manager for WooCommerce