Customer Statistics for WooCommerce Security & Risk Analysis
wordpress.org/plugins/customer-statistics-for-woocommerceThis plugin adds useful Customer Statistics to WooCommerce Orders List
Is Customer Statistics for WooCommerce Safe to Use in 2026?
Generally Safe
Score 85/100Customer Statistics for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "customer-statistics-for-woocommerce" plugin v1.1 exhibits a mixed security posture. While it demonstrates strengths such as using prepared statements for all SQL queries and having no known critical vulnerability history, significant concerns arise from its attack surface and output sanitization practices. The presence of one AJAX handler without any authentication or authorization checks is a major weakness, as it presents a direct entry point for unauthenticated users. Furthermore, the complete lack of proper output escaping for all detected output points means that any data processed or displayed by this handler could potentially be vulnerable to cross-site scripting (XSS) attacks.
The taint analysis, while not revealing critical or high severity flows, indicates "unsanitized paths," which is concerning in conjunction with the unprotected AJAX endpoint. The absence of nonce checks and capability checks further exacerbates these risks, providing no additional layer of defense. The plugin's vulnerability history is clean, which is a positive indicator, but it does not negate the immediate risks identified in the static analysis. Overall, the plugin has a solid foundation with its SQL practices, but the glaring lack of security on its primary entry point and the pervasive output escaping deficiencies make it a significant risk.
Key Concerns
- Unprotected AJAX handler
- No proper output escaping
- Missing nonce checks
- Missing capability checks
- Taint flows with unsanitized paths
Customer Statistics for WooCommerce Security Vulnerabilities
Customer Statistics for WooCommerce Code Analysis
Output Escaping
Data Flow Analysis
Customer Statistics for WooCommerce Attack Surface
AJAX Handlers 1
WordPress Hooks 6
Maintenance & Trust
Customer Statistics for WooCommerce Maintenance & Trust
Maintenance Signals
Community Trust
Customer Statistics for WooCommerce Alternatives
Customer Order History for WooCommerce
woohistory
Customer Order History Plugin for WooCommerce. View Previous Orders from the same customer, even if order as guest.
PureDevs Customer History for WooCommerce
puredevs-customer-history-for-woocommerce
Track your WooCommerce customers' order history, spending, and behaviour from a clean admin dashboard.
Order Status History for WooCommerce
order-status-history-for-woocommerce
Speed up your daily processing of orders by getting to know more about who's ordering. Themed order status color swatches, Reports, CSV, free.
Export Customers Data
export-customers-data
Easily export WooCommerce customers' data to CSV or XLSX with advanced filters and smart field support.
Track Order History for WooCommerce
wc-past-orders
Woocommerce supportive plugin for easy customer history and previously placed orders.
Customer Statistics for WooCommerce Developer Profile
1 plugin · 10 total installs
How We Detect Customer Statistics for WooCommerce
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/customer-statistics-for-woocommerce/admin-styles.csshttps://code.jquery.com/ui/1.12.1/jquery-ui.jsHTML / DOM Fingerprints
repeat-detailsheadline-statsdata-action="cs_stats_details"window.customer_statistics_wc_ajax_object/wp-json/customer-statistics-wc/v1/statistics<ul class="repeat-details"><li>First Order</li></ul><ul class="repeat-details"><li>Orders: Products: Spent: