WP-Safety

Smart Online Order for Clover Security & Risk Analysis

wordpress.org/plugins/clover-online-orders

Smart Online Order for Clover allows you to receive orders from your Wordpress website and have it sent directly to your Clover POS.

1K active installs v1.6.0 PHP 5.2.0+ WP 4.7.1+ Updated Aug 26, 2025
cloveronline-ordering-for-clover-posonline-orders-for-cloverwordpress-and-clover
97
A · Safe
CVEs total9
Unpatched0
Last CVEOct 15, 2024
Plugin page Download
Safety Verdict

Is Smart Online Order for Clover Safe to Use in 2026?

Generally Safe

Score 97/100

Smart Online Order for Clover has a strong security track record. Known vulnerabilities have been patched promptly.

9 known CVEsLast CVE: Oct 15, 2024Updated 7mo ago
Risk Assessment

The clover-online-orders plugin presents a significant security risk due to a large attack surface with a concerning number of unprotected AJAX handlers. While the code analysis shows no dangerous functions or critical taint flows, the presence of 64 unprotected AJAX handlers is a major concern, indicating a high likelihood of potential unauthorized actions or data manipulation. Furthermore, the static analysis reveals that a substantial portion of SQL queries (69%) are not using prepared statements, which, combined with 10 flows with unsanitized paths, increases the risk of SQL injection vulnerabilities.

The vulnerability history is particularly troubling. With 9 known medium-severity CVEs, even though none are currently unpatched, it suggests a pattern of recurring security flaws, specifically Cross-site Scripting (XSS) and Missing Authorization. This history points to potential systemic issues in the plugin's development and testing processes. While the plugin does have some strengths, such as a reasonable number of capability checks and moderately good output escaping, these are overshadowed by the significant risks posed by unprotected entry points and historical vulnerability patterns.

Key Concerns

  • Large attack surface without auth checks
  • SQL queries not using prepared statements
  • Flows with unsanitized paths
  • High severity taint flows found
  • Numerous medium CVEs in history
  • Output escaping not properly implemented
Vulnerabilities
9

Smart Online Order for Clover Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
8 CVEs in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
9

9 total CVEs

CVE-2024-8787medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Smart Online Order for Clover <= 1.5.7 - Reflected Cross-Site Scripting

Oct 15, 2024 Patched in 1.5.8 (1d)
CVE-2024-9895medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Smart Online Order for Clover <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via moo_receipt_link Shortcode

Oct 14, 2024 Patched in 1.5.8 (1d)
CVE-2024-7030medium · 4.3Missing Authorization

Smart Online Order for Clover <= 1.5.6 - Missing Authorization to Authenticated (Subscriber+) Plugin Data Update

Aug 20, 2024 Patched in 1.5.7 (8d)
CVE-2024-7032medium · 6.5Missing Authorization

Smart Online Order for Clover <= 1.5.6 - Missing Authorization to Plugin Deactivation and Data Deletion

Aug 20, 2024 Patched in 1.5.7 (8d)
CVE-2024-43253medium · 5.3Missing Authorization

Smart Online Order for Clover <= 1.5.6 - Missing Authorization

Aug 12, 2024 Patched in 1.5.7 (26d)
CVE-2024-43254medium · 4.3Missing Authorization

Smart Online Order for Clover <= 1.5.6 - Missing Authorization

Aug 12, 2024 Patched in 1.5.7 (19d)
CVE-2024-31238medium · 4.3Cross-Site Request Forgery (CSRF)

Smart Online Order for Clover <= 1.5.4 - Cross-Site Request Forgery

Apr 5, 2024 Patched in 1.5.5 (7d)
CVE-2024-29115medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Smart Online Order for Clover <= 1.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

Mar 16, 2024 Patched in 1.5.6 (5d)
CVE-2023-46312medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Smart Online Order for Clover <= 1.5.4 - Reflected Cross-Site Scripting

Oct 22, 2023 Patched in 1.5.5 (93d)
Code Analysis
Analyzed Mar 16, 2026

Smart Online Order for Clover Code Analysis

Dangerous Functions
0
Raw SQL Queries
189
84 prepared
Unescaped Output
325
475 escaped
Nonce Checks
10
Capability Checks
35
File Operations
19
External Requests
12
Bundled Libraries
0

SQL Query Safety

31% prepared273 total queries

Output Escaping

59% escaped800 total outputs
Data Flows
10 unsanitized

Data Flow Analysis

12 flows10 with unsanitized paths
search_box (admin\includes\class-wp-list-table-moo.php:324)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
64 unprotected

Smart Online Order for Clover Attack Surface

Entry Points73
Unprotected64

AJAX Handlers 64

authwp_ajax_moo_deleteItemFromcartincludes\moo-OnlineOrders.php:245
noprivwp_ajax_moo_deleteItemFromcartincludes\moo-OnlineOrders.php:246
authwp_ajax_moo_emptycartincludes\moo-OnlineOrders.php:249
noprivwp_ajax_moo_emptycartincludes\moo-OnlineOrders.php:250
authwp_ajax_moo_cart_getTotalincludes\moo-OnlineOrders.php:253
noprivwp_ajax_moo_cart_getTotalincludes\moo-OnlineOrders.php:254
authwp_ajax_moo_checkoutincludes\moo-OnlineOrders.php:257
noprivwp_ajax_moo_checkoutincludes\moo-OnlineOrders.php:258
authwp_ajax_moo_send_smsincludes\moo-OnlineOrders.php:261
noprivwp_ajax_moo_send_smsincludes\moo-OnlineOrders.php:262
authwp_ajax_moo_check_verification_codeincludes\moo-OnlineOrders.php:263
noprivwp_ajax_moo_check_verification_codeincludes\moo-OnlineOrders.php:264
authwp_ajax_moo_import_categoriesincludes\moo-OnlineOrders.php:272
authwp_ajax_moo_import_labelsincludes\moo-OnlineOrders.php:274
authwp_ajax_moo_import_taxesincludes\moo-OnlineOrders.php:276
authwp_ajax_moo_import_items_v2includes\moo-OnlineOrders.php:278
authwp_ajax_moo_import_ordertypesincludes\moo-OnlineOrders.php:280
authwp_ajax_moo_update_itemsincludes\moo-OnlineOrders.php:284
authwp_ajax_moo_update_categoriesincludes\moo-OnlineOrders.php:285
authwp_ajax_moo_update_modifiers_groupsincludes\moo-OnlineOrders.php:286
authwp_ajax_moo_update_modifiersincludes\moo-OnlineOrders.php:287
authwp_ajax_moo_update_order_typesincludes\moo-OnlineOrders.php:288
authwp_ajax_moo_update_taxesincludes\moo-OnlineOrders.php:289
authwp_ajax_moo_get_statsincludes\moo-OnlineOrders.php:292
authwp_ajax_moo_getAllOrderTypesincludes\moo-OnlineOrders.php:295
authwp_ajax_moo_add_otincludes\moo-OnlineOrders.php:298
authwp_ajax_moo_delete_otincludes\moo-OnlineOrders.php:301
authwp_ajax_moo_reorder_ordertypesincludes\moo-OnlineOrders.php:304
authwp_ajax_moo_update_ordertypeincludes\moo-OnlineOrders.php:307
authwp_ajax_moo_change_modifier_nameincludes\moo-OnlineOrders.php:312
authwp_ajax_moo_update_modifiergroup_statusincludes\moo-OnlineOrders.php:315
authwp_ajax_moo_update_modifier_statusincludes\moo-OnlineOrders.php:318
authwp_ajax_moo_update_category_statusincludes\moo-OnlineOrders.php:321
authwp_ajax_moo_send_feedbackincludes\moo-OnlineOrders.php:324
authwp_ajax_moo_update_qteincludes\moo-OnlineOrders.php:328
noprivwp_ajax_moo_update_qteincludes\moo-OnlineOrders.php:329
authwp_ajax_moo_update_visiblite_categoryincludes\moo-OnlineOrders.php:335
authwp_ajax_moo_save_category_imageincludes\moo-OnlineOrders.php:340
authwp_ajax_moo_new_order_categoriesincludes\moo-OnlineOrders.php:345
authwp_ajax_moo_delete_img_categoryincludes\moo-OnlineOrders.php:350
authwp_ajax_moo_new_order_group_modifierincludes\moo-OnlineOrders.php:353
authwp_ajax_moo_new_order_modifierincludes\moo-OnlineOrders.php:356
authwp_ajax_moo_reorder_itemsincludes\moo-OnlineOrders.php:361
authwp_ajax_moo_get_items_with_imagesincludes\moo-OnlineOrders.php:367
authwp_ajax_moo_save_items_with_imagesincludes\moo-OnlineOrders.php:368
authwp_ajax_moo_save_items_descriptionincludes\moo-OnlineOrders.php:369
authwp_ajax_moo_customer_loginincludes\moo-OnlineOrders.php:376
noprivwp_ajax_moo_customer_loginincludes\moo-OnlineOrders.php:377
authwp_ajax_moo_customer_fbloginincludes\moo-OnlineOrders.php:379
noprivwp_ajax_moo_customer_fbloginincludes\moo-OnlineOrders.php:380
authwp_ajax_moo_customer_signupincludes\moo-OnlineOrders.php:382
noprivwp_ajax_moo_customer_signupincludes\moo-OnlineOrders.php:383
authwp_ajax_moo_customer_resetpasswordincludes\moo-OnlineOrders.php:385
noprivwp_ajax_moo_customer_resetpasswordincludes\moo-OnlineOrders.php:386
authwp_ajax_moo_customer_getAddressesincludes\moo-OnlineOrders.php:388
noprivwp_ajax_moo_customer_getAddressesincludes\moo-OnlineOrders.php:389
authwp_ajax_moo_customer_addAddressincludes\moo-OnlineOrders.php:391
noprivwp_ajax_moo_customer_addAddressincludes\moo-OnlineOrders.php:392
authwp_ajax_moo_customer_deleteAddressesincludes\moo-OnlineOrders.php:394
noprivwp_ajax_moo_customer_deleteAddressesincludes\moo-OnlineOrders.php:395
authwp_ajax_moo_coupon_applyincludes\moo-OnlineOrders.php:401
noprivwp_ajax_moo_coupon_applyincludes\moo-OnlineOrders.php:402
authwp_ajax_moo_coupon_removeincludes\moo-OnlineOrders.php:404
noprivwp_ajax_moo_coupon_removeincludes\moo-OnlineOrders.php:405

Shortcodes 9

[moo_all_items] moo_OnlineOrders.php:162
[moo_cart] moo_OnlineOrders.php:163
[moo_checkout] moo_OnlineOrders.php:164
[moo_my_account] moo_OnlineOrders.php:165
[moo_buy_button] moo_OnlineOrders.php:167
[moo_category_msg] moo_OnlineOrders.php:168
[moo_search] moo_OnlineOrders.php:169
[moo_receipt_link] moo_OnlineOrders.php:170
[moo_giftcards_balance] moo_OnlineOrders.php:173
WordPress Hooks 26
actionadmin_footeradmin\includes\class-wp-list-table-moo.php:137
actioninitincludes\moo-OnlineOrders.php:179
actionadmin_enqueue_scriptsincludes\moo-OnlineOrders.php:207
actionadmin_enqueue_scriptsincludes\moo-OnlineOrders.php:208
actionadmin_menuincludes\moo-OnlineOrders.php:210
actionadmin_initincludes\moo-OnlineOrders.php:211
actionadmin_bar_menuincludes\moo-OnlineOrders.php:212
actionwpmu_new_blogincludes\moo-OnlineOrders.php:213
actiondelete_blogincludes\moo-OnlineOrders.php:214
actionadmin_noticesincludes\moo-OnlineOrders.php:215
actioninitincludes\moo-OnlineOrders.php:230
actionwp_enqueue_scriptsincludes\moo-OnlineOrders.php:232
actionwp_enqueue_scriptsincludes\moo-OnlineOrders.php:233
actioninitincludes\moo-OnlineOrders.php:236
actionsmart_online_order_import_inventoryincludes\moo-OnlineOrders.php:239
actionsmart_online_order_update_jwttokenincludes\moo-OnlineOrders.php:242
filtermoo_filter_order_creation_responseincludes\moo-OnlineOrders.php:409
filtermoo_filter_order_creation_responseincludes\moo-OnlineOrders.php:410
filtermoo_filter_business_settings_responseincludes\moo-OnlineOrders.php:411
actionwidgets_initmoo_OnlineOrders.php:176
actionwidgets_initmoo_OnlineOrders.php:177
actionwidgets_initmoo_OnlineOrders.php:178
actionrest_api_initmoo_OnlineOrders.php:181
actionadmin_initmoo_OnlineOrders.php:213
actionplugins_loadedmoo_OnlineOrders.php:216
actionplugins_loadedmoo_OnlineOrders.php:217
Maintenance & Trust

Smart Online Order for Clover Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedAug 26, 2025
PHP min version5.2.0
Downloads76K

Community Trust

Rating98/100
Number of ratings34
Active installs1K
Alternatives

Smart Online Order for Clover Alternatives

Online Ordering Plus Custom Branded Apps For Clover Merchants

Online Ordering Plus Custom Branded Apps For Clover Merchants

orderem-online-ordering-for-clover

A
85

OrderEm Online Orders for Clover allows you to receive orders from your Wordpress website and have it sent directly to your Clover POS

10 No CVEs
Clover Payments for WooCommerce

Clover Payments for WooCommerce

clover-payments-for-woocommerce

A
100

The Clover Payments plugin enables merchants that use WooCommerce to process online card payments using Clover.

3K No CVEs
WeeConnectPay – Clover Payment Gateway for WooCommerce

WeeConnectPay – Clover Payment Gateway for WooCommerce

weeconnectpay

A
100

Accept payments easily and quickly with the Clover online Payment gateway by WeeConnectPay.

600 No CVEs
Clover Payment Gateway by Zaytech for WooCommerce

Clover Payment Gateway by Zaytech for WooCommerce

woo-clover-gateway-by-zaytech

A
100

Accept Clover POS payments from WooCommerce and auto-print orders to your Clover devices in minutes.

600 1 CVE
Developer Profile

Smart Online Order for Clover Developer Profile

ZAYTECH

2 plugins · 2K total installs

93
trust score
Avg Security Score
99/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Smart Online Order for Clover

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/clover-online-orders/build/moo-online-orders.css/wp-content/plugins/clover-online-orders/build/frontend.js/wp-content/plugins/clover-online-orders/build/frontend.css/wp-content/plugins/clover-online-orders/build/backend.js/wp-content/plugins/clover-online-orders/build/backend.css
Script Paths
/wp-content/plugins/clover-online-orders/build/frontend.js
Version Parameters
clover-online-orders/build/moo-online-orders.css?ver=clover-online-orders/build/frontend.js?ver=clover-online-orders/build/frontend.css?ver=clover-online-orders/build/backend.js?ver=clover-online-orders/build/backend.css?ver=

HTML / DOM Fingerprints

CSS Classes
moo-main-sectionmoo-cart-items-listmoo-product-itemmoo-add-to-cart-buttonmoo-checkout-formmoo-cart-totalmoo-order-summarymoo-customer-account
HTML Comments
<!-- Moo_OnlineOrders_Widgets_Opening_hours --><!-- Moo_OnlineOrders_Widgets_best_selling --><!-- Moo_OnlineOrders_Widgets_categories -->
Data Attributes
data-product-iddata-cart-item-iddata-clover-order-id
JS Globals
MooOnlineOrdersmoo_data
REST Endpoints
/wp-json/moo-online-orders/v1/products/wp-json/moo-online-orders/v1/cart/wp-json/moo-online-orders/v1/orders/wp-json/moo-online-orders/v1/settings
Shortcode Output
[moo_all_items][moo_cart][moo_checkout][moo_my_account]
FAQ

Frequently Asked Questions about Smart Online Order for Clover