Does Custom Order Numbers for WooCommerce have any unpatched vulnerabilities?

No. All known vulnerabilities in Custom Order Numbers for WooCommerce have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Custom Order Numbers for WooCommerce compatible with WordPress 6.9.0?

According to WordPress.org data, Custom Order Numbers for WooCommerce 1.13.0 has been tested up to WordPress 6.9.0. Check the plugin's changelog for the latest compatibility information.

Is Custom Order Numbers for WooCommerce compatible with PHP 7.4+?

Custom Order Numbers for WooCommerce requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Custom Order Numbers for WooCommerce updated?

Custom Order Numbers for WooCommerce was last updated on Feb 16, 2026. Frequent updates are generally a positive security signal.

What is Custom Order Numbers for WooCommerce's security score?

Custom Order Numbers for WooCommerce has a WP-Safety security score of 96/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Custom Order Numbers for WooCommerce Security & Risk Analysis

wordpress.org/plugins/custom-order-numbers-for-woocommerce

Set Sequential order numbers in WooCommerce. Custom order number with prefixes can also be set for existing and new WooCommerce orders.

20K active installs v1.13.0 PHP 7.4+ WP 4.4+ Updated Feb 16, 2026

custom-order-numberssequential-order-numberswoocommerce

A · Safe

CVEs total3

Unpatched0

Last CVENov 22, 2025

Plugin page Download

Safety Verdict

Is Custom Order Numbers for WooCommerce Safe to Use in 2026?

Generally Safe

Score 96/100

Custom Order Numbers for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Nov 22, 2025Updated 1mo ago

Risk Assessment

The "custom-order-numbers-for-woocommerce" plugin, version 1.13.0, exhibits a generally good security posture based on static analysis. The complete absence of unprotected entry points (AJAX, REST API, shortcodes, cron) is a significant strength. Furthermore, all SQL queries utilize prepared statements, indicating a robust approach to preventing SQL injection. The high percentage of properly escaped output (86%) and the presence of ample nonce and capability checks further contribute to its security. Taint analysis revealed no critical or high-severity issues, with no unsanitized paths found.

Key Concerns

Vulnerability history includes medium severity CVEs
Vulnerability history indicates authorization and CSRF issues
External HTTP requests detected
Output escaping could be improved (14% not escaped)

Vulnerabilities

Custom Order Numbers for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

1 CVE in 2024

2024

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

3 total CVEs

CVE-2025-66071medium · 5.3Missing Authorization

Custom Order Numbers for WooCommerce <= 1.11.0 - Missing Authorization

Nov 22, 2025 Patched in 1.11.1 (4d)

WF-981908d3-e1e7-4093-a2ee-69aa50127731-custom-order-numbers-for-woocommercemedium · 4.3Cross-Site Request Forgery (CSRF)

Custom Order Numbers for WooCommerce <= 1.6.0 - Cross-Site Request Forgery to Notice Dismissal

Jan 30, 2024 Patched in 1.7.0 (78d)

CVE-2022-45367medium · 5.4Cross-Site Request Forgery (CSRF)

Custom Order Numbers for WooCommerce <= 1.4.0 - Cross-Site Request Forgery

Apr 14, 2023 Patched in 1.4.1 (284d)

Code Analysis

Analyzed Mar 16, 2026

Custom Order Numbers for WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

8 prepared

Unescaped Output

36 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared8 total queries

Output Escaping

86% escaped42 total outputs

Data Flows

All sanitized

Data Flow Analysis

3 flows

alg_custom_order_numbers_admin_notice_dismiss (includes\class-alg-wc-custom-order-numbers-core.php:560)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Custom Order Numbers for WooCommerce Attack Surface

Entry Points3

Unprotected0

AJAX Handlers 3

authwp_ajax_alg_custom_order_numbers_admin_notice_dismissincludes\class-alg-wc-custom-order-numbers-core.php:44

authwp_ajax_alg_custom_order_numbers_admin_meta_key_notice_dismissincludes\class-alg-wc-custom-order-numbers-core.php:71

authwp_ajax_tyche_plugin_deactivation_submit_actionincludes\component\plugin-deactivation\class-tyche-plugin-deactivation.php:93

WordPress Hooks 42

actioninitclass-alg-wc-custom-order-numbers.php:95

actionbefore_woocommerce_initclass-alg-wc-custom-order-numbers.php:102

filterwoocommerce_get_settings_pagesclass-alg-wc-custom-order-numbers.php:103

actionadmin_noticescustom-order-numbers-for-woocommerce.php:39

actionadmin_headincludes\admin\class-alg-wc-custom-order-numbers-settings-general.php:46

filterwoocommerce_get_sections_alg_wc_custom_order_numbersincludes\admin\class-alg-wc-custom-order-numbers-settings-section.php:29

actioninitincludes\admin\class-alg-wc-custom-order-numbers-settings-section.php:31

filterwoocommerce_update_orderincludes\class-alg-wc-custom-order-numbers-core.php:33

actionwoocommerce_new_orderincludes\class-alg-wc-custom-order-numbers-core.php:34

filterwoocommerce_order_numberincludes\class-alg-wc-custom-order-numbers-core.php:35

actionadmin_noticesincludes\class-alg-wc-custom-order-numbers-core.php:36

actionadmin_noticesincludes\class-alg-wc-custom-order-numbers-core.php:37

actionadmin_initincludes\class-alg-wc-custom-order-numbers-core.php:39

actionadmin_initincludes\class-alg-wc-custom-order-numbers-core.php:40

actionalg_custom_order_numbers_update_old_custom_order_numbersincludes\class-alg-wc-custom-order-numbers-core.php:41

actionadmin_enqueue_scriptsincludes\class-alg-wc-custom-order-numbers-core.php:43

actionwoocommerce_settings_save_alg_wc_custom_order_numbersincludes\class-alg-wc-custom-order-numbers-core.php:45

actioninitincludes\class-alg-wc-custom-order-numbers-core.php:47

filterwoocommerce_shortcode_order_tracking_order_idincludes\class-alg-wc-custom-order-numbers-core.php:48

filterpre_update_option_alg_wc_custom_order_numbers_settings_to_applyincludes\class-alg-wc-custom-order-numbers-core.php:50

actionwoocommerce_shop_order_search_fieldsincludes\class-alg-wc-custom-order-numbers-core.php:51

filterwoocommerce_order_table_search_query_meta_keysincludes\class-alg-wc-custom-order-numbers-core.php:52

actionadmin_menuincludes\class-alg-wc-custom-order-numbers-core.php:53

actionadd_meta_boxesincludes\class-alg-wc-custom-order-numbers-core.php:55

actionsave_post_shop_orderincludes\class-alg-wc-custom-order-numbers-core.php:56

actionwoocommerce_checkout_subscription_createdincludes\class-alg-wc-custom-order-numbers-core.php:61

filterwcs_renewal_order_createdincludes\class-alg-wc-custom-order-numbers-core.php:62

filterwcs_renewal_order_metaincludes\class-alg-wc-custom-order-numbers-core.php:64

filterpre_update_option_alg_wc_custom_order_numbers_prefixincludes\class-alg-wc-custom-order-numbers-core.php:66

filterpre_update_option_alg_wc_custom_order_numbers_date_prefixincludes\class-alg-wc-custom-order-numbers-core.php:67

actionadmin_initincludes\class-alg-wc-custom-order-numbers-core.php:68

actionadmin_initincludes\class-alg-wc-custom-order-numbers-core.php:69

actionalg_custom_order_numbers_update_meta_key_in_old_conincludes\class-alg-wc-custom-order-numbers-core.php:70

actionalg_wc_update_orders_prefix_conincludes\class-alg-wc-custom-order-numbers-core.php:72

filtercon_lite_ts_tracker_dataincludes\class-con-lite-data-tracking.php:30

actionadmin_footerincludes\class-con-lite-data-tracking.php:31

actioncon_lite_init_tracker_completedincludes\class-con-lite-data-tracking.php:33

filtercon_lite_ts_tracker_display_noticeincludes\class-con-lite-data-tracking.php:34

actionadmin_print_scripts-plugins.phpincludes\component\plugin-deactivation\class-tyche-plugin-deactivation.php:92

actionadmin_noticesincludes\component\plugin-tracking\class-tyche-plugin-tracking.php:81

filtercron_schedulesincludes\component\plugin-tracking\class-tyche-plugin-tracking.php:82

actionadmin_initincludes\component\plugin-tracking\class-tyche-plugin-tracking.php:83

Maintenance & Trust

Custom Order Numbers for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.0

Last updatedFeb 16, 2026

PHP min version7.4

Downloads437K

Community Trust

Rating84/100

Number of ratings25

Active installs20K

Alternatives

Custom Order Numbers for WooCommerce Alternatives

Sequential Order Number for WooCommerce

wt-woocommerce-sequential-order-numbers

100

Sequential order number for WooCommerce is the best plugin to generate sequential or custom order numbers for existing and new WooCommerce orders.

40K No CVEs

Essential Addons for Elementor – Popular Elementor Templates & Widgets

essential-addons-for-elementor-lite

Elementor addon offering 110+ widgets and templates — Elementor Gallery, Slider, Form, Post Grid, Menu, Accordion, WooCommerce & more.

2.0M 56 CVEs

Google for WooCommerce

google-listings-and-ads

Native integration with Google that allows merchants to easily display their products across Google’s network.

900K 1 CVE

WooPayments: Integrated WooCommerce Payments

woocommerce-payments

Securely accept credit and debit cards on your WooCommerce store. Manage payments without leaving your WordPress dashboard. Only with WooPayments.

900K 6 CVEs

WooCommerce PayPal Payments

woocommerce-paypal-payments

100

PayPal's latest payment processing solution. Accept PayPal, Pay Later, credit/debit cards, alternative digital wallets and bank accounts.

800K 1 CVE

Developer Profile

Custom Order Numbers for WooCommerce Developer Profile

tychesoftwares

20 plugins · 160K total installs

trust score

Avg Security Score

91/100

Avg Patch Time

232 days

View full developer profile

Detection Fingerprints

How We Detect Custom Order Numbers for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/custom-order-numbers-for-woocommerce/assets/css/alg-wc-con.css/wp-content/plugins/custom-order-numbers-for-woocommerce/assets/js/alg-wc-con.js/wp-content/plugins/custom-order-numbers-for-woocommerce/assets/js/alg-wc-con-admin-notice.js/wp-content/plugins/custom-order-numbers-for-woocommerce/assets/js/alg-wc-con-admin-meta-key-notice.js

Script Paths

/wp-content/plugins/custom-order-numbers-for-woocommerce/assets/js/alg-wc-con.js/wp-content/plugins/custom-order-numbers-for-woocommerce/assets/js/alg-wc-con-admin-notice.js/wp-content/plugins/custom-order-numbers-for-woocommerce/assets/js/alg-wc-con-admin-meta-key-notice.js

Version Parameters

custom-order-numbers-for-woocommerce/assets/css/alg-wc-con.css?ver=custom-order-numbers-for-woocommerce/assets/js/alg-wc-con.js?ver=custom-order-numbers-for-woocommerce/assets/js/alg-wc-con-admin-notice.js?ver=custom-order-numbers-for-woocommerce/assets/js/alg-wc-con-admin-meta-key-notice.js?ver=

HTML / DOM Fingerprints

CSS Classes

alg-wc-con-admin-noticealg-wc-con-admin-meta-key-notice

Data Attributes

data-dismiss-url

JS Globals

alg_wc_con_admin_notice_paramsalg_wc_con_admin_meta_key_notice_params

FAQ