WP-Safety

Order approval for WCFM Security & Risk Analysis

wordpress.org/plugins/order-approval-for-wcfm

The Order Approval for WCFM plugin enables vendors to review and either accept or reject customer orders before any payment is made.

30 active installs v1.0.3 PHP 7.0+ WP 3.0.1+ Updated Nov 1, 2023
order-approvalorder-approval-for-wcfmwcfm
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Order approval for WCFM Safe to Use in 2026?

Generally Safe

Score 85/100

Order approval for WCFM has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago
Risk Assessment

The "order-approval-for-wcfm" plugin v1.0.4 exhibits a concerning security posture primarily due to its unprotected AJAX endpoints. While the plugin demonstrates good practices like using prepared statements for SQL queries and a high rate of output escaping, the presence of two AJAX handlers without any authentication or authorization checks presents a significant attack surface. This means any unauthenticated user could potentially interact with these endpoints, leading to unintended actions or information disclosure if vulnerabilities exist within them. The absence of any recorded CVEs or past vulnerabilities is a positive sign, suggesting that the plugin's authors may be diligent in addressing security issues or that the plugin hasn't been a target. However, this should not be a substitute for robust security measures within the code itself. The lack of taint analysis results also makes it difficult to assess the risk of data being passed unsafely through the application.

Key Concerns

  • 2 AJAX handlers without auth checks
  • Limited output escaping (87% escaped)
Vulnerabilities
None known

Order approval for WCFM Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Order approval for WCFM Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
5
34 escaped
Nonce Checks
1
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

87% escaped39 total outputs
Attack Surface
2 unprotected

Order approval for WCFM Attack Surface

Entry Points2
Unprotected2

AJAX Handlers 2

noprivwp_ajax_owfm_get_order_updateincludes\class-order-approval-for-wcfm.php:151
authwp_ajax_owfm_get_order_updateincludes\class-order-approval-for-wcfm.php:152
WordPress Hooks 13
actionplugins_loadedincludes\class-order-approval-for-wcfm.php:131
actionadmin_enqueue_scriptsincludes\class-order-approval-for-wcfm.php:146
actionadmin_enqueue_scriptsincludes\class-order-approval-for-wcfm.php:147
actionwcfm_after_order_quick_actionsincludes\class-order-approval-for-wcfm.php:149
actionwcfm_orders_module_actionsincludes\class-order-approval-for-wcfm.php:150
filtersg_oawoo_additional_settingsincludes\class-order-approval-for-wcfm.php:154
actionadmin_noticesincludes\class-order-approval-for-wcfm.php:162
actionwp_footerincludes\class-order-approval-for-wcfm.php:164
actionwp_enqueue_scriptsincludes\class-order-approval-for-wcfm.php:180
actionwp_enqueue_scriptsincludes\class-order-approval-for-wcfm.php:181
filtersgits_deactivate_feedback_form_pluginsorder-approval-for-wcfm.php:81
actionadmin_enqueue_scriptsplugin-deactivation-survey\deactivate-feedback-form.php:17
filtersgits_deactivate_feedback_form_pluginsplugin-deactivation-survey\deactivate-feedback-form.php:79
Maintenance & Trust

Order approval for WCFM Maintenance & Trust

Maintenance Signals

WordPress version tested6.4.8
Last updatedNov 1, 2023
PHP min version7.0
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs30
Alternatives

Order approval for WCFM Alternatives

Order Approval for Woocommerce

Order Approval for Woocommerce

order-approval-woocommerce

A
100

Approve or reject WooCommerce orders before payment. Manual order approval, email notifications, payment link, all gateways supported.

1K No CVEs
WCFM – WCFM Marketplace integrate Elementor

WCFM – WCFM Marketplace integrate Elementor

wc-frontend-manager-elementor

A
92

Create your marketplace store page using Elementor with your own design. Easily and Beatifully.

1K No CVEs
WCFM – Direct PayPal Pay for WooCommerce Multivendor Marketplace

WCFM – Direct PayPal Pay for WooCommerce Multivendor Marketplace

wc-frontend-manager-direct-paypal

A
85

Direct pay in vendor's PayPal account from customer account.

400 No CVEs
WholesaleX WCFM B2B Multivendor Marketplace

WholesaleX WCFM B2B Multivendor Marketplace

wholesalex-wcfm-b2b-multivendor-marketplace

A
100

Turn WCFM multivendor marketplace into a B2B multivendor marketplace with WholesaleX - the simplest B2B wholesale solution for WooCommerce.

80 No CVEs
Dokan Order Approval

Dokan Order Approval

dokan-order-approval

A
100

Dokan Vendor needs to approve order before payment is processed.

50 No CVEs
Developer Profile

Order approval for WCFM Developer Profile

Sarankumar

12 plugins · 3K total installs

88
trust score
Avg Security Score
91/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Order approval for WCFM

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/order-approval-for-wcfm/admin/css/order-approval-for-wcfm-admin.css/wp-content/plugins/order-approval-for-wcfm/admin/js/order-approval-for-wcfm-admin.js
Version Parameters
order-approval-for-wcfm/admin/css/order-approval-for-wcfm-admin.css?ver=order-approval-for-wcfm/admin/js/order-approval-for-wcfm-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
sgits-oawcfmwcfmfa
Data Attributes
data-action="owfm_get_order_update"data-nonce="owfm-verify-nonce"data-updatedata-tip
JS Globals
owfm_get_order_update
FAQ

Frequently Asked Questions about Order approval for WCFM