Does WP All Export – Order Export for WooCommerce have any unpatched vulnerabilities?

No. All known vulnerabilities in WP All Export – Order Export for WooCommerce have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP All Export – Order Export for WooCommerce compatible with WordPress 6.9.4?

According to WordPress.org data, WP All Export – Order Export for WooCommerce 1.0.5 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is WP All Export – Order Export for WooCommerce compatible with PHP 7.4+?

WP All Export – Order Export for WooCommerce requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WP All Export – Order Export for WooCommerce updated?

WP All Export – Order Export for WooCommerce was last updated on Jan 30, 2026. Frequent updates are generally a positive security signal.

What is WP All Export – Order Export for WooCommerce's security score?

WP All Export – Order Export for WooCommerce has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP All Export – Order Export for WooCommerce Security & Risk Analysis

wordpress.org/plugins/order-export-for-woocommerce

Drag & drop to export orders to CSV, Excel, or XML files of any format. Supports customer data, line items, date range filtering, and more with po …

3K active installs v1.0.5 PHP 7.4+ WP + Updated Jan 30, 2026

csvexportorderwoocommercexml

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP All Export – Order Export for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

WP All Export – Order Export for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago

Risk Assessment

The "order-export-for-woocommerce" plugin, at version 1.0.5, exhibits a mixed security posture. On the positive side, it demonstrates good practices regarding output escaping, with all identified outputs being properly escaped. The plugin also avoids making external HTTP requests and doesn't appear to have vulnerabilities recorded in its history, which is a strong indicator of a stable and well-maintained codebase. The absence of shortcodes, cron events, and REST API routes also limits the potential attack surface in these common areas. However, the presence of two instances of the `unserialize` function is a significant concern. When an attacker can control the serialized data passed to `unserialize`, it can lead to remote code execution vulnerabilities. While the static analysis didn't flag critical taint flows, the mere presence of `unserialize` without clear evidence of input sanitization or authentication checks for its input points to a potential risk that requires further scrutiny. Furthermore, the lack of any nonce checks or capability checks, combined with zero unprotected entry points, suggests that any potential exploitation of `unserialize` might not be immediately mitigated by standard WordPress security mechanisms.

Despite the lack of known CVEs and the generally clean code signals in other areas, the `unserialize` function represents a notable security weakness. The fact that 100% of outputs are escaped is commendable, but it does not negate the inherent dangers of deserializing untrusted data. The absence of historical vulnerabilities could mean that this specific vector hasn't been exploited or discovered yet, or that the data passed to `unserialize` is implicitly trusted within the plugin's context. However, as a security analyst, the principle of least privilege and input validation dictates caution. The plugin's strength lies in its clean output handling and lack of external dependencies, but its weakness is the potential for deserialization vulnerabilities, making its overall security posture moderately concerning.

Key Concerns

Dangerous function: unserialize detected
No nonce checks on entry points
No capability checks on entry points
Flows with unsanitized paths detected

Vulnerabilities

None known

WP All Export – Order Export for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

WP All Export – Order Export for WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

11 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$result[$i][$k] = unserialize($v);models\model\list.php:87

unserialize$result[$k] = unserialize($v);models\model\record.php:33

SQL Query Safety

80% prepared5 total queries

Output Escaping

100% escaped11 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

force_ssl (controllers\controller.php:43)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

WP All Export – Order Export for WooCommerce Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 1

actioninitwpae-woocommerce-order-add-on.php:144

Maintenance & Trust

WP All Export – Order Export for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 30, 2026

PHP min version7.4

Downloads50K

Community Trust

Rating78/100

Number of ratings8

Active installs3K

Alternatives

WP All Export – Order Export for WooCommerce Alternatives

WP All Export – Drag & Drop Export to Any Custom CSV, XML & Excel

wp-all-export

Easily export data from any post type, custom field, or taxonomy to a CSV, XML, or Excel file of any custom format. Supports WooCommerce products, ord …

100K 7 CVEs

WP Ultimate CSV Importer – Import CSV, XML & Excel into WordPress

wp-ultimate-csv-importer

Effortlessly import, export, and migrate your WordPress data with WP Ultimate CSV Importer. This all-in-one solution supports CSV, XML, and Excel file …

20K 26 CVEs

Export All Posts, Products, Orders, Refunds & Users

wp-ultimate-exporter

Export any WordPress website including WooCommerce data seamlessly with our powerful export plugin. Save records as CSV, XML, or Excel file for secure …

9K 9 CVEs

Store Exporter – Export WooCommerce Products, Orders, Subscriptions, Customers

woocommerce-exporter

Export WooCommerce products, orders, customers, categories, tags, subscriptions & more into formatted files like CSV, XML, Excel 2007, XLS, XLSX.

7K 9 CVEs

Import WooCommerce Suite

import-woocommerce

100

Use the WooCommerce Import Suite to import Products, Orders, Coupons, Customers, and Reviews with ease. Requires the WP Ultimate CSV Importer Free plu …

4K 1 CVE

Developer Profile

WP All Export – Order Export for WooCommerce Developer Profile

WP All Import

22 plugins · 207K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

1036 days

View full developer profile

Detection Fingerprints

How We Detect WP All Export – Order Export for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/order-export-for-woocommerce/vendor/wp-ali/wp-ali-core/assets/css/vendors/select2.css/wp-content/plugins/order-export-for-woocommerce/vendor/wp-ali/wp-ali-core/assets/js/vendors/select2.js/wp-content/plugins/order-export-for-woocommerce/assets/css/vendors/jquery-ui.css/wp-content/plugins/order-export-for-woocommerce/assets/js/vendors/jquery-ui.js/wp-content/plugins/order-export-for-woocommerce/assets/css/pmwoe-admin-page.css/wp-content/plugins/order-export-for-woocommerce/assets/js/pmwoe-admin-page.js/wp-content/plugins/order-export-for-woocommerce/assets/js/pmwoe-export-settings.js/wp-content/plugins/order-export-for-woocommerce/assets/js/pmwoe-order-fields.js+2 more

Script Paths

/wp-content/plugins/order-export-for-woocommerce/vendor/wp-ali/wp-ali-core/assets/js/vendors/select2.js/wp-content/plugins/order-export-for-woocommerce/assets/js/vendors/jquery-ui.js/wp-content/plugins/order-export-for-woocommerce/assets/js/pmwoe-admin-page.js/wp-content/plugins/order-export-for-woocommerce/assets/js/pmwoe-export-settings.js/wp-content/plugins/order-export-for-woocommerce/assets/js/pmwoe-order-fields.js/wp-content/plugins/order-export-for-woocommerce/assets/js/pmwoe-plugin-settings.js+1 more

Version Parameters

order-export-for-woocommerce/vendor/wp-ali/wp-ali-core/assets/css/vendors/select2.css?ver=order-export-for-woocommerce/vendor/wp-ali/wp-ali-core/assets/js/vendors/select2.js?ver=order-export-for-woocommerce/assets/css/vendors/jquery-ui.css?ver=order-export-for-woocommerce/assets/js/vendors/jquery-ui.js?ver=order-export-for-woocommerce/assets/css/pmwoe-admin-page.css?ver=order-export-for-woocommerce/assets/js/pmwoe-admin-page.js?ver=order-export-for-woocommerce/assets/js/pmwoe-export-settings.js?ver=order-export-for-woocommerce/assets/js/pmwoe-order-fields.js?ver=order-export-for-woocommerce/assets/js/pmwoe-plugin-settings.js?ver=order-export-for-woocommerce/assets/js/pmwoe-users.js?ver=

HTML / DOM Fingerprints

CSS Classes

pmwoe-admin-pagepmwoe-export-settingspmwoe-order-fieldspmwoe-plugin-settingspmwoe-users

HTML Comments

<!-- Plugin prefix for making names unique (be aware that this variable is used in conjuction with naming convention, -->
 * i.e. in order to change it one must not only modify this constant but also rename all constants, classes and functions which
 * names composed using this prefix) -->

+12 more

Data Attributes

data-prefix="pmwoe_"

JS Globals

PMWOE_ROOT_DIRPMWOE_ROOT_URLPMWOE_PREFIXPMWOE_VERSIONPMWOE_EDITIONpmwoe_admin_page+5 more

FAQ