WP-Safety

Order Minimum/Maximum Amount Limits for WooCommerce Security & Risk Analysis

wordpress.org/plugins/order-minimum-amount-for-woocommerce

Implement minimum/maximum order amounts, regulate quantity, weight, volume, dimensions, and apply user-role-specific conditions with Order Minimum/Max …

10K active installs v4.7.2 PHP + WP 6.1+ Updated Feb 26, 2026
order-maximum-amountorder-minimum-amountwoocommerce
99
A · Safe
CVEs total1
Unpatched0
Last CVEJan 27, 2026
Plugin page Download
Safety Verdict

Is Order Minimum/Maximum Amount Limits for WooCommerce Safe to Use in 2026?

Generally Safe

Score 99/100

Order Minimum/Maximum Amount Limits for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Jan 27, 2026Updated 2mo ago
Risk Assessment

The plugin "order-minimum-amount-for-woocommerce" v4.7.2 exhibits a mixed security posture. On the positive side, it demonstrates strong practices regarding SQL queries, exclusively using prepared statements, and avoids file operations and external HTTP requests, which are common vectors for vulnerabilities. The absence of dangerous functions and the limited number of critical/high severity taint flows are also encouraging signs. However, significant concerns arise from the attack surface analysis. Two AJAX handlers lack authentication checks, creating a direct entry point for potentially malicious actions. Furthermore, a concerning taint flow with unsanitized paths has been identified, posing a risk for vulnerabilities like Cross-Site Scripting. The plugin's history of a medium severity vulnerability, specifically Cross-Site Scripting, reinforces the need for careful input validation and output sanitization in its handling of user-provided data. While the absence of unpatched CVEs is positive, the identified code signals and vulnerability history suggest that further scrutiny of input sanitization and access control for AJAX handlers is warranted to improve its overall security.

Key Concerns

  • 2 AJAX handlers without auth checks
  • 1 Taint flow with unsanitized paths
  • Medium severity XSS vulnerability in history
  • 0 Nonce checks on AJAX
  • 0 Capability checks
  • 26% of outputs are not properly escaped
Vulnerabilities
1 published

Order Minimum/Maximum Amount Limits for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2026-1381medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Order Minimum/Maximum Amount Limits for WooCommerce <= 4.6.8 - Authenticated (Shop Manager+) Stored Cross-Site Scripting via Hide Add to Cart Content Fields

Jan 27, 2026 Patched in 4.6.9 (1d)
Version History

Order Minimum/Maximum Amount Limits for WooCommerce Release Timeline

v4.7.2Current
v4.7.1
v4.7.0
v4.6.9
v4.6.81 CVE
CVE-2026-1381
v4.6.71 CVE
CVE-2026-1381
v4.6.61 CVE
CVE-2026-1381
v4.6.51 CVE
CVE-2026-1381
v4.6.41 CVE
CVE-2026-1381
v4.6.31 CVE
CVE-2026-1381
v4.6.21 CVE
CVE-2026-1381
v4.6.11 CVE
CVE-2026-1381
v4.6.01 CVE
CVE-2026-1381
v4.5.91 CVE
CVE-2026-1381
v4.5.81 CVE
CVE-2026-1381
v4.5.71 CVE
CVE-2026-1381
v4.5.61 CVE
CVE-2026-1381
v4.5.51 CVE
CVE-2026-1381
v4.5.41 CVE
CVE-2026-1381
v4.5.31 CVE
CVE-2026-1381
Code Analysis
Analyzed Mar 16, 2026

Order Minimum/Maximum Amount Limits for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
5
14 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

74% escaped19 total outputs
Data Flows · Security
1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths
<class-alg-wc-oma-messages> (includes\class-alg-wc-oma-messages.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Order Minimum/Maximum Amount Limits for WooCommerce Attack Surface

Entry Points3
Unprotected2

AJAX Handlers 2

authwp_ajax_alg_wc_oma_get_block_cart_noticesincludes\class-alg-wc-oma-messages.php:51
noprivwp_ajax_alg_wc_oma_get_block_cart_noticesincludes\class-alg-wc-oma-messages.php:52

Shortcodes 1

[alg_wc_oma_translate] includes\class-alg-wc-oma-shortcodes.php:27
WordPress Hooks 44
actioninitincludes\class-alg-wc-oma-core.php:30
filteralg_wc_oma_get_min_max_amount_dataincludes\class-alg-wc-oma-core.php:57
actionwoocommerce_checkout_processincludes\class-alg-wc-oma-core.php:60
actionwoocommerce_after_checkout_validationincludes\class-alg-wc-oma-core.php:61
actionwoocommerce_review_order_after_shippingincludes\class-alg-wc-oma-core.php:62
actionwoocommerce_before_checkout_formincludes\class-alg-wc-oma-core.php:63
actionwoocommerce_store_api_checkout_order_processedincludes\class-alg-wc-oma-core.php:65
filterwoocommerce_rest_pre_insert_shop_order_objectincludes\class-alg-wc-oma-core.php:66
actionwpincludes\class-alg-wc-oma-core.php:70
actionwp_footerincludes\class-alg-wc-oma-core.php:73
actionwp_footerincludes\class-alg-wc-oma-core.php:76
filterwoocommerce_add_to_cart_validationincludes\class-alg-wc-oma-core.php:81
filterwoocommerce_loop_add_to_cart_linkincludes\class-alg-wc-oma-core.php:85
actionwoocommerce_single_product_summaryincludes\class-alg-wc-oma-core.php:89
actionwoocommerce_available_variationincludes\class-alg-wc-oma-core.php:90
actionwp_footerincludes\class-alg-wc-oma-core.php:91
filteralg_wc_oma_get_noticesincludes\class-alg-wc-oma-core.php:95
filterwpincludes\class-alg-wc-oma-core.php:96
filterwoocommerce_update_cart_action_cart_updatedincludes\class-alg-wc-oma-core.php:99
actionwpincludes\class-alg-wc-oma-core.php:100
actionwp_footerincludes\class-alg-wc-oma-core.php:101
actionalg_wc_oma_check_notices_on_block_cart_changeincludes\class-alg-wc-oma-core.php:102
filteralg_wc_oma_get_cart_total_do_count_productincludes\class-alg-wc-oma-core.php:105
actionwoocommerce_store_api_cart_errorsincludes\class-alg-wc-oma-core.php:108
actionalg_wc_oma_version_updatedincludes\class-alg-wc-oma-deprecated.php:28
actionalg_wc_oma_before_settings_user_rolesincludes\class-alg-wc-oma-deprecated.php:29
filtershortcode_atts_alg_wc_oma_amount_msgincludes\class-alg-wc-oma-deprecated.php:30
filtershortcode_atts_alg_wc_order_min_max_amountincludes\class-alg-wc-oma-deprecated.php:31
filteralg_wc_oma_placeholdersincludes\class-alg-wc-oma-deprecated.php:32
actionwoocommerce_review_order_after_order_totalincludes\class-alg-wc-oma-messages.php:45
actionwoocommerce_review_order_before_submitincludes\class-alg-wc-oma-messages.php:46
filterwoocommerce_checkout_fieldsincludes\class-alg-wc-oma-messages.php:47
actionwp_footerincludes\class-alg-wc-oma-messages.php:53
actionwp_footerincludes\class-alg-wc-oma-messages.php:54
actionadmin_headincludes\settings\class-alg-wc-oma-settings-section.php:42
filterwoocommerce_admin_settings_sanitize_optionincludes\settings\class-alg-wc-settings-oma.php:31
actionadmin_initincludes\settings\class-alg-wc-settings-oma.php:51
actionadmin_noticesincludes\settings\class-alg-wc-settings-oma.php:176
actioninitorder-minimum-amount-for-woocommerce.php:148
actioninitorder-minimum-amount-for-woocommerce.php:151
actionbefore_woocommerce_initorder-minimum-amount-for-woocommerce.php:154
filterwoocommerce_get_settings_pagesorder-minimum-amount-for-woocommerce.php:284
actionadmin_initorder-minimum-amount-for-woocommerce.php:287
actionplugins_loadedorder-minimum-amount-for-woocommerce.php:423
Maintenance & Trust

Order Minimum/Maximum Amount Limits for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 26, 2026
PHP min version
Downloads419K

Community Trust

Rating90/100
Number of ratings40
Active installs10K
Alternatives

Order Minimum/Maximum Amount Limits for WooCommerce Alternatives

Essential Addons for Elementor – Popular Elementor Templates & Widgets

Essential Addons for Elementor – Popular Elementor Templates & Widgets

essential-addons-for-elementor-lite

B
76

Elementor addon offering 110+ widgets and templates — Elementor Gallery, Slider, Form, Post Grid, Menu, Accordion, WooCommerce & more.

2.0M 59 CVEs
Limit Login Attempts Reloaded – Login Security, 2FA, Brute Force Protection & Firewall

Limit Login Attempts Reloaded – Login Security, 2FA, Brute Force Protection & Firewall

limit-login-attempts-reloaded

A
98

Stop password guessing attacks, secure WooCommerce, block bad IPs, block by countries (Pro), and add email 2FA. Lightweight with better performance.

2.0M 4 CVEs
Google for WooCommerce

Google for WooCommerce

google-listings-and-ads

A
99

Native integration with Google that allows merchants to easily display their products across Google’s network.

900K 1 CVE
WooPayments: Integrated WooCommerce Payments

WooPayments: Integrated WooCommerce Payments

woocommerce-payments

A
89

Securely accept credit and debit cards on your WooCommerce store. Manage payments without leaving your WordPress dashboard. Only with WooPayments.

900K 7 CVEs
WooCommerce PayPal Payments

WooCommerce PayPal Payments

woocommerce-paypal-payments

A
100

PayPal's latest payment processing solution. Accept PayPal, Pay Later, credit/debit cards, alternative digital wallets and bank accounts.

800K 1 CVE
Developer Profile

Order Minimum/Maximum Amount Limits for WooCommerce Developer Profile

WPFactory

64 plugins · 137K total installs

77
trust score
Avg Security Score
97/100
Avg Patch Time
94 days
View full developer profile
Detection Fingerprints

How We Detect Order Minimum/Maximum Amount Limits for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/order-minimum-amount-for-woocommerce/assets/css/frontend.css/wp-content/plugins/order-minimum-amount-for-woocommerce/assets/js/frontend.js
Script Paths
/wp-content/plugins/order-minimum-amount-for-woocommerce/assets/js/frontend.js
Version Parameters
order-minimum-amount-for-woocommerce/assets/css/frontend.css?ver=order-minimum-amount-for-woocommerce/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
alg-wc-oma-message
HTML Comments
<!-- The main WooCommerce Order Minimum/Maximum Amount plugin --><!-- alg_wc_oma_maybe_show_message --><!-- alg_wc_oma_admin_notice_message -->
Data Attributes
data-alg-wc-oma-message
JS Globals
alg_wc_oma_params
FAQ

Frequently Asked Questions about Order Minimum/Maximum Amount Limits for WooCommerce