WP-Safety

One Stop Shop for WooCommerce Security & Risk Analysis

wordpress.org/plugins/one-stop-shop-woocommerce

The One Stop Shop compliance helper allows you to easily monitor your One Stop Shop delivery threshold within WooCommerce and generate detailed tax re …

10K active installs v1.8.3 PHP 5.6+ WP 5.4+ Updated Jan 5, 2026
complianceeuone-stop-shoposswoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is One Stop Shop for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

One Stop Shop for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago
Risk Assessment

The "one-stop-shop-woocommerce" plugin v1.8.3 exhibits a generally strong security posture based on the provided static analysis. The absence of any known CVEs and a clean vulnerability history across all severity levels are highly positive indicators. The code also demonstrates good practices with 100% of SQL queries using prepared statements, a healthy number of nonce and capability checks, and no external HTTP requests. This suggests a development team that is attentive to security fundamentals.

However, there are areas for improvement. While the attack surface is currently zero, this could be due to the specific analysis scope. The fact that 18% of output is not properly escaped, while not resulting in a critical taint flow in this analysis, represents a potential risk for Cross-Site Scripting (XSS) vulnerabilities, especially if user-supplied data is involved in those unescaped outputs. Additionally, while the taint analysis found no critical or high severity issues, the limited number of flows analyzed (2) might not be exhaustive. The presence of file operations without specific context raises a minor flag, though this is not inherently insecure.

In conclusion, "one-stop-shop-woocommerce" v1.8.3 appears to be a relatively secure plugin, particularly given its clean vulnerability history. The primary area of concern is the unescaped output, which warrants further investigation. The development team's adherence to prepared statements and capability checks is commendable. Continuous monitoring and addressing the output escaping is recommended to maintain a robust security profile.

Key Concerns

  • Output escaping is not properly handled for 18% of outputs
Vulnerabilities
None known

One Stop Shop for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

One Stop Shop for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
8 prepared
Unescaped Output
39
176 escaped
Nonce Checks
9
Capability Checks
10
File Operations
2
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared8 total queries

Output Escaping

82% escaped215 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
render_report_details (src\Admin.php:660)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

One Stop Shop for WooCommerce Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 43
actionadmin_noticesone-stop-shop-woocommerce.php:53
actionplugins_loadedone-stop-shop-woocommerce.php:77
actionadmin_enqueue_scriptssrc\Admin.php:20
actionadmin_enqueue_scriptssrc\Admin.php:21
filterwoocommerce_get_settings_pagessrc\Admin.php:23
actionload-woocommerce_page_oss-reportssrc\Admin.php:25
actionadmin_menusrc\Admin.php:26
actionadmin_post_oss_create_reportsrc\Admin.php:28
actionadmin_post_oss_switch_proceduresrc\Admin.php:34
actionadmin_post_oss_init_observersrc\Admin.php:35
actionadmin_noticessrc\Admin.php:37
actionadmin_post_oss_hide_noticesrc\Admin.php:38
filterwoocommerce_screen_idssrc\Admin.php:40
filterset-screen-optionsrc\Admin.php:42
filterset_screen_option_woocommerce_page_wc_gzd_shipments_per_pagesrc\Admin.php:43
actionwoocommerce_admin_field_htmlsrc\Admin.php:46
filterwoocommerce_debug_toolssrc\Admin.php:49
actionadmin_noticessrc\Package.php:27
actioninitsrc\Package.php:43
actioninitsrc\Package.php:44
actioninitsrc\Package.php:69
actionoss_woocommerce_daily_cleanupsrc\Package.php:70
actionoss_woocommerce_daily_observersrc\Package.php:73
actionoss_woocommerce_updated_observersrc\Package.php:74
actionwoocommerce_email_classessrc\Package.php:76
actionwc_admin_dailysrc\Package.php:79
actionwoocommerce_note_updatedsrc\Package.php:80
filterwoocommerce_eu_tax_helper_oss_procedure_is_enabledsrc\Package.php:82
filterplugin_localesrc\Package.php:539
filterload_translation_filesrc\Package.php:540
filterremovable_query_argssrc\ReportTable.php:34
filterdefault_hidden_columnssrc\ReportTable.php:35
actionwoocommerce_product_options_taxsrc\Tax.php:13
actionwoocommerce_admin_process_product_objectsrc\Tax.php:14
actionwoocommerce_variation_options_taxsrc\Tax.php:16
actionwoocommerce_admin_process_variation_objectsrc\Tax.php:17
filterwoocommerce_product_get_tax_classsrc\Tax.php:19
filterwoocommerce_product_variation_get_tax_classsrc\Tax.php:20
actionwoocommerce_before_save_order_itemsrc\Tax.php:21
filterwoocommerce_adjust_non_base_location_pricessrc\Tax.php:23
filterwoocommerce_customer_taxable_addresssrc\Tax.php:24
filterwoocommerce_order_get_tax_locationsrc\Tax.php:25
actionwoocommerce_before_calculate_totalssrc\Tax.php:27
Maintenance & Trust

One Stop Shop for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 5, 2026
PHP min version5.6
Downloads337K

Community Trust

Rating100/100
Number of ratings5
Active installs10K
Alternatives

One Stop Shop for WooCommerce Alternatives

European VAT Compliance Assistant for WooCommerce

European VAT Compliance Assistant for WooCommerce

woocommerce-eu-vat-compliance

A
100

Assists with EU/UK/Norway/Switzerland VAT compliance for WooCommerce, for the VAT regimes that began in 2015 and were extended in 2021), including the …

3K No CVEs
Connect WooCommerce Shop to ERP/CRM, Verifactu and EU/VAT Compliance

Connect WooCommerce Shop to ERP/CRM, Verifactu and EU/VAT Compliance

woocommerce-es

A
100

Add VAT Fields, Import European Taxes and check VAT compliance. Connect WooCommerce with ERPs and CRMs. Products, Clients and Orders with ERP/CRM.

1K No CVEs
EAS EU compliance

EAS EU compliance

eas-eu-compliance

A
100

EAS solution automates the complicated EU VAT and UK VAT compliance. With the comprehensive solution and full automation, you focus only on sales.

200 No CVEs
Teamwant VIES VAT for WooCommerce

Teamwant VIES VAT for WooCommerce

teamwanteuvatvies

A
100

Validate EU VAT numbers with VIES during checkout. Automatically apply tax exemptions for B2B transactions and ensure compliance with OSS EU VAT.

50 No CVEs
Euverify- GPSR, CE & UKCA for WooCommerce

Euverify- GPSR, CE & UKCA for WooCommerce

gpsr-ce-ukca-for-woocommerce

A
100

This plugin adds fields for manufacturer, importer, and certifications to ensure compliance with EU GPSR, CE, and UKCA regulations.

20 No CVEs
Developer Profile

One Stop Shop for WooCommerce Developer Profile

vendidero

6 plugins · 104K total installs

79
trust score
Avg Security Score
100/100
Avg Patch Time
602 days
View full developer profile
Detection Fingerprints

How We Detect One Stop Shop for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/one-stop-shop-woocommerce/assets/css/admin.css/wp-content/plugins/one-stop-shop-woocommerce/assets/js/admin.js
Script Paths
/wp-content/plugins/one-stop-shop-woocommerce/assets/js/admin.js
Version Parameters
one-stop-shop-woocommerce/assets/css/admin.css?ver=one-stop-shop-woocommerce/assets/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
oss-admin-notice
HTML Comments
<!-- OSS Admin Notice --><!-- OSS Report Table -->
Data Attributes
data-oss-actiondata-oss-report-id
JS Globals
window.ossAdminSettings
FAQ

Frequently Asked Questions about One Stop Shop for WooCommerce