WP-Safety

Ni WooCommerce Custom Order Status Security & Risk Analysis

wordpress.org/plugins/ni-woocommerce-custom-order-status

WC requires at least: 4.0 WC tested up to: 9.7 Last Updated Date: 10-March-2026 WooCommerce Custom Order Status plug-in allows you to create and manag …

2K active installs v2.2.7 PHP 7.4+ WP 5.0+ Updated Mar 9, 2026
order-statusorder-status-reportorder-statusesstatuswoocommerce-custom-status
99
A · Safe
CVEs total1
Unpatched0
Last CVENov 22, 2021
Plugin page Download
Safety Verdict

Is Ni WooCommerce Custom Order Status Safe to Use in 2026?

Generally Safe

Score 99/100

Ni WooCommerce Custom Order Status has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Nov 22, 2021Updated 2mo ago
Risk Assessment

The ni-woocommerce-custom-order-status plugin v2.2.7 exhibits a mixed security posture. While it demonstrates good practices by utilizing prepared statements for all SQL queries and properly escaping a high percentage of its output, several critical weaknesses are present. The most significant concern is the presence of an unprotected AJAX handler, which represents a direct attack vector with no authentication or authorization checks. This significantly increases the risk of unauthorized actions being performed on the site.

The plugin's vulnerability history, specifically one high-severity SQL injection vulnerability (though currently patched), indicates a past struggle with secure coding practices related to data handling. The fact that this was a "high" severity vulnerability also raises a flag, even if it's not currently present in this version. The absence of nonce checks on the identified AJAX entry point is a notable omission, further exacerbating the risk associated with that handler. While the plugin has no known critical taint flows in static analysis, the unprotected AJAX handler is a direct and unmitigated entry point that could be leveraged for malicious purposes if it interacts with sensitive data or functionality.

In conclusion, the plugin has strengths in its SQL query preparation and output escaping. However, the unprotected AJAX handler is a glaring security flaw that overshadows these positives. The past high-severity vulnerability also suggests that careful auditing and security best practices are paramount for this plugin. The lack of nonce checks on the sole unprotected entry point is a critical omission that needs immediate attention.

Key Concerns

  • Unprotected AJAX handler detected
  • Missing nonce checks on AJAX handler
  • Past high severity vulnerability (SQLi)
Vulnerabilities
1 published

Ni WooCommerce Custom Order Status Security Vulnerabilities

CVEs by Year

1 CVE in 2021
2021
Patched Has unpatched

Severity Breakdown

High
1

1 total CVE

CVE-2021-24846high · 8.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Ni WooCommerce Custom Order Status <= 1.9.6 - SQL Injection

Nov 22, 2021 Patched in 1.9.7 (792d)
Version History

Ni WooCommerce Custom Order Status Release Timeline

v2.2.7Current
v2.2.6
v2.2.5
v1.3.51 CVE
CVE-2021-24846
v1.3.41 CVE
CVE-2021-24846
v1.3.31 CVE
CVE-2021-24846
v1.3.21 CVE
CVE-2021-24846
v1.3.11 CVE
CVE-2021-24846
v1.31 CVE
CVE-2021-24846
v1.21 CVE
CVE-2021-24846
v1.11 CVE
CVE-2021-24846
Code Analysis
Analyzed Mar 16, 2026

Ni WooCommerce Custom Order Status Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
39 prepared
Unescaped Output
16
154 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared39 total queries

Output Escaping

91% escaped170 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

2 flows
get_query_deprecated (include\ni-order-status-report.php:281)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Ni WooCommerce Custom Order Status Attack Surface

Entry Points1
Unprotected1

AJAX Handlers 1

authwp_ajax_niwoocos_ajaxinclude\ni-custom-order-status-init.php:37
WordPress Hooks 17
actionbulk_actions-edit-shop_orderinclude\ni-custom-order-status-bulk-action.php:8
filterhandle_bulk_actions-edit-shop_orderinclude\ni-custom-order-status-bulk-action.php:9
actionadmin_noticesinclude\ni-custom-order-status-bulk-action.php:10
actionwoocommerce_order_status_changedinclude\ni-custom-order-status-email.php:6
actionadmin_menuinclude\ni-custom-order-status-init.php:9
actionadmin_initinclude\ni-custom-order-status-init.php:10
filterinitinclude\ni-custom-order-status-init.php:13
filterwc_order_statusesinclude\ni-custom-order-status-init.php:16
actionsave_postinclude\ni-custom-order-status-init.php:20
actionadmin_enqueue_scriptsinclude\ni-custom-order-status-init.php:22
actionadmin_headinclude\ni-custom-order-status-init.php:25
filtermanage_edit-ni-order-status_columnsinclude\ni-custom-order-status-init.php:28
actionmanage_posts_custom_columninclude\ni-custom-order-status-init.php:31
actionwoocommerce_admin_order_actionsinclude\ni-custom-order-status-init.php:34
actionbefore_woocommerce_initni-woocommerce-custom-order-status.php:35
actionplugins_loadedni-woocommerce-custom-order-status.php:36
actionadmin_noticesni-woocommerce-custom-order-status.php:49
Maintenance & Trust

Ni WooCommerce Custom Order Status Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 9, 2026
PHP min version7.4
Downloads78K

Community Trust

Rating80/100
Number of ratings15
Active installs2K
Alternatives

Ni WooCommerce Custom Order Status Alternatives

Advanced Custom Order Status for WooCommerce

Advanced Custom Order Status for WooCommerce

advanced-custom-order-status-for-woocommerce

A
100

Easily create, edit, and delete custom order status in WooCommerce. Add icon, color and action to enhance the visual representation of order statuses.

500 No CVEs
Ni WooCommerce Dashboard Sales Report

Ni WooCommerce Dashboard Sales Report

ni-woocommerce-dashboard-report

A
92

Enhance your WooCommerce store with the "Ni WooCommerce Dashboard Report" plugin. Gain insights, track sales, and optimize your business.

50 No CVEs
SDP Custom Order Status for WooCommerce

SDP Custom Order Status for WooCommerce

sdp-custom-order-status-for-woocommerce

A
100

Create unlimited WooCommerce custom order statuses, send automated email notifications to customers and admins, and manage your order workflow easily

10 No CVEs
HoneyBadger.IT

HoneyBadger.IT

honeybadger-it

A
85

WC Order Management System including custom order statuses, emails, attachments, split orders, combine orders, variant image gallery, PDF Invoices, ma &hellip;

0 No CVEs
Custom Order Status Manager for WooCommerce

Custom Order Status Manager for WooCommerce

bp-custom-order-status-for-woocommerce

A
100

Custom Order Status Manager for WooCommerce plugin allows you to create, delete and edit order statuses to better control the flow of your orders.

30K No CVEs
Developer Profile

Ni WooCommerce Custom Order Status Developer Profile

Anzar Ahmed

26 plugins · 5K total installs

69
trust score
Avg Security Score
86/100
Avg Patch Time
228 days
View full developer profile
Detection Fingerprints

How We Detect Ni WooCommerce Custom Order Status

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/ni-woocommerce-custom-order-status/assets/css/font-awesome.css/wp-content/plugins/ni-woocommerce-custom-order-status/assets/css/ni-custom-order-status-style.css/wp-content/plugins/ni-woocommerce-custom-order-status/assets/css/ni-sales-report-summary.css/wp-content/plugins/ni-woocommerce-custom-order-status/assets/css/lib/bootstrap.min.css/wp-content/plugins/ni-woocommerce-custom-order-status/assets/js/lib/bootstrap.min.js/wp-content/plugins/ni-woocommerce-custom-order-status/assets/js/lib/popper.min.js/wp-content/plugins/ni-woocommerce-custom-order-status/js/ni-custom-color-script.js/wp-content/plugins/ni-woocommerce-custom-order-status/js/ni-order-status-report.js+1 more
Version Parameters
ni-woocommerce-custom-order-status/assets/css/ni-custom-order-status-style.css?ver=ni-woocommerce-custom-order-status/js/ni-custom-color-script.js?ver=ni-woocommerce-custom-order-status/assets/css/ni-sales-report-summary.css?ver=ni-woocommerce-custom-order-status/assets/css/font-awesome.css?ver=ni-woocommerce-custom-order-status/assets/css/lib/bootstrap.min.css?ver=ni-woocommerce-custom-order-status/assets/js/lib/bootstrap.min.js?ver=ni-woocommerce-custom-order-status/assets/js/lib/popper.min.js?ver=ni-woocommerce-custom-order-status/js/ni-order-status-report.js?ver=ni-woocommerce-custom-order-status/js/script.js?ver=

HTML / DOM Fingerprints

CSS Classes
mark.status-ni-custom-order-status-styleni-sales-report-summary-cssnicos-bootstrap-cssni-font-awesome-css
JS Globals
niwoocos_ajax_object
FAQ

Frequently Asked Questions about Ni WooCommerce Custom Order Status