Does Order Picking App have any unpatched vulnerabilities?

No. All known vulnerabilities in Order Picking App have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Order Picking App compatible with WordPress 6.9.4?

According to WordPress.org data, Order Picking App 2.3.9 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Order Picking App compatible with PHP 8.0+?

Order Picking App requires PHP 8.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Order Picking App updated?

Order Picking App was last updated on Mar 5, 2026. Frequent updates are generally a positive security signal.

What is Order Picking App's security score?

Order Picking App has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Order Picking App Security & Risk Analysis

wordpress.org/plugins/order-picking-app

Speed up WooCommerce fulfillment with mobile order picking, barcode scanning and smart warehouse workflows.

30 active installs v2.3.9 PHP 8.0+ WP 6.0+ Updated Mar 5, 2026

barcode-scanninginventory-managementorder-pickingwarehouse-managementwoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Order Picking App Safe to Use in 2026?

Generally Safe

Score 100/100

Order Picking App has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 29d ago

Risk Assessment

The "order-picking-app" v2.3.9 plugin presents a mixed security posture. While it demonstrates strong practices in its handling of SQL queries, using prepared statements exclusively, and lacks any recorded historical vulnerabilities, significant concerns arise from its extensive attack surface exposed without proper authentication or authorization checks. A large number of AJAX handlers and REST API routes are implemented without any form of permission validation, creating a wide entry point for potential attackers.

Further analysis reveals a concerning trend in output escaping, with only 20% of outputs being properly escaped. This, combined with two identified taint flows with unsanitized paths, significantly increases the risk of cross-site scripting (XSS) and other injection vulnerabilities. The lack of nonces on numerous AJAX endpoints also contributes to the elevated risk profile, making it easier for attackers to perform unauthorized actions on behalf of logged-in users.

In conclusion, the plugin's lack of historical vulnerabilities is a positive indicator, suggesting a generally cautious development approach. However, the identified issues in the attack surface, output escaping, and taint analysis, if not addressed, create a substantial security risk. The absence of critical or high-severity issues in the historical data could be attributed to the limited scope of past audits or the fact that these newer vulnerabilities have not yet been exploited or discovered. It is crucial for users to be aware of these risks, and for developers to prioritize remediation efforts, particularly around access control for endpoints and proper output sanitization.

Key Concerns

AJAX handlers without auth checks
REST API routes without permission callbacks
Output escaping only 20% proper
Flows with unsanitized paths (critical)
Flows with unsanitized paths (high)
Nonce checks on AJAX
Capability checks

Vulnerabilities

None known

Order Picking App Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Order Picking App Code Analysis

Dangerous Functions

Raw SQL Queries

11 prepared

Unescaped Output

183

46 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared11 total queries

Output Escaping

20% escaped229 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths

opa_barcode_img_download (admin\class-orderpickingapp-admin.php:191)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

26 unprotected

Order Picking App Attack Surface

Entry Points28

Unprotected26

AJAX Handlers 10

authwp_ajax_get_stock_mutationsadmin\class-orderpickingapp-admin.php:40

authwp_ajax_export_stock_mutationsadmin\class-orderpickingapp-admin.php:41

authwp_ajax_download_picklistadmin\class-orderpickingapp-admin.php:42

authwp_ajax_opa_submit_uninstall_reasonincludes\class-feedback.php:6

authwp_ajax_save_app_settingsincludes\class-orderpickingapp.php:118

authwp_ajax_reset_api_keyincludes\class-orderpickingapp.php:119

authwp_ajax_reset_order_picking_dataincludes\class-orderpickingapp.php:120

authwp_ajax_create_user_accountincludes\class-orderpickingapp.php:121

authwp_ajax_load_analytics_htmlincludes\class-orderpickingapp.php:122

authwp_ajax_download_csv_exportincludes\class-orderpickingapp.php:123

REST API Routes 18

GET/wp-json/picking/v1/get-settingsincludes\class-orderpickingapp.php:149

GET/wp-json/picking/v1/get-order-productsincludes\class-orderpickingapp.php:155

GET/wp-json/picking/v1/pickinglistincludes\class-orderpickingapp.php:161

POST/wp-json/picking/v1/update-order-productsincludes\class-orderpickingapp.php:167

GET/wp-json/picking/v1/reset-order-productsincludes\class-orderpickingapp.php:173

GET/wp-json/picking/v1/get-packing-ordersincludes\class-orderpickingapp.php:179

GET/wp-json/picking/v1/get-pickup-ordersincludes\class-orderpickingapp.php:185

POST/wp-json/picking/v1/update-order-statusincludes\class-orderpickingapp.php:191

POST/wp-json/picking/v1/create-order-noteincludes\class-orderpickingapp.php:197

GET/wp-json/picking/v1/get-categoriesincludes\class-orderpickingapp.php:203

GET/wp-json/picking/v1/get-productincludes\class-orderpickingapp.php:209

POST/wp-json/picking/v1/update-productincludes\class-orderpickingapp.php:214

GET/wp-json/picking/v1/reset-picking-ordersincludes\class-orderpickingapp.php:220

GET/wp-json/picking/v1/get-customersincludes\class-orderpickingapp.php:226

POST/wp-json/picking/v1/create-orderincludes\class-orderpickingapp.php:231

GET/wp-json/picking/v1/get-orderincludes\class-orderpickingapp.php:236

POST/wp-json/picking/v1/unclaim-orderincludes\class-orderpickingapp.php:241

POST/wp-json/picking/v1/create-batchincludes\class-orderpickingapp.php:246

WordPress Hooks 39

actionmanage_edit-shop_order_columnsadmin\class-orderpickingapp-admin.php:11

actionmanage_shop_order_posts_custom_columnadmin\class-orderpickingapp-admin.php:12

filterhandle_bulk_actions-edit-shop_orderadmin\class-orderpickingapp-admin.php:13

actionwoocommerce_update_orderadmin\class-orderpickingapp-admin.php:14

filtermanage_woocommerce_page_wc-orders_columnsadmin\class-orderpickingapp-admin.php:17

actionmanage_woocommerce_page_wc-orders_custom_columnadmin\class-orderpickingapp-admin.php:18

filterbulk_actions-woocommerce_page_wc-ordersadmin\class-orderpickingapp-admin.php:19

filterhandle_bulk_actions-woocommerce_page_wc-ordersadmin\class-orderpickingapp-admin.php:20

filterbulk_actions-edit-shop_orderadmin\class-orderpickingapp-admin.php:21

actionadd_meta_boxesadmin\class-orderpickingapp-admin.php:23

actionsave_post_shop_orderadmin\class-orderpickingapp-admin.php:24

actionwoocommerce_product_after_variable_attributesadmin\class-orderpickingapp-admin.php:26

actionwoocommerce_save_product_variationadmin\class-orderpickingapp-admin.php:27

actionwoocommerce_product_options_general_product_dataadmin\class-orderpickingapp-admin.php:32

actionwoocommerce_product_options_inventory_product_dataadmin\class-orderpickingapp-admin.php:33

actionwoocommerce_admin_process_product_objectadmin\class-orderpickingapp-admin.php:34

actionwoocommerce_product_after_variable_attributesadmin\class-orderpickingapp-admin.php:36

actionwoocommerce_save_product_variationadmin\class-orderpickingapp-admin.php:37

actionwoocommerce_single_product_summaryadmin\class-orderpickingapp-admin.php:38

actionwp_dashboard_setupadmin\class-orderpickingapp-admin.php:44

filtermanage_edit-product_columnsadmin\class-orderpickingapp-admin.php:46

actionmanage_product_posts_custom_columnadmin\class-orderpickingapp-admin.php:47

filterbulk_actions-edit-productadmin\class-orderpickingapp-admin.php:48

filterhandle_bulk_actions-edit-productadmin\class-orderpickingapp-admin.php:49

actionadmin_post_opa_barcode_img_downloadadmin\class-orderpickingapp-admin.php:51

actionadmin_post_opa_barcode_img_printadmin\class-orderpickingapp-admin.php:52

actionadmin_headadmin\class-orderpickingapp-admin.php:54

actionadmin_footerincludes\class-feedback.php:5

actionwoocommerce_admin_order_item_headersincludes\class-orderpickingapp.php:48

actionwoocommerce_admin_order_item_valuesincludes\class-orderpickingapp.php:49

filterwoocommerce_get_wp_query_argsincludes\class-orderpickingapp.php:51

filterwoocommerce_order_data_store_cpt_get_orders_queryincludes\class-orderpickingapp.php:59

actionadmin_enqueue_scriptsincludes\class-orderpickingapp.php:114

actionadmin_menuincludes\class-orderpickingapp.php:115

actionadmin_initincludes\class-orderpickingapp.php:116

actionadmin_noticesincludes\class-orderpickingapp.php:117

actioninitincludes\class-orderpickingapp.php:124

actionplugins_loadedincludes\class-orderpickingapp.php:126

actionrest_api_initincludes\class-orderpickingapp.php:127

Maintenance & Trust

Order Picking App Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 5, 2026

PHP min version8.0

Downloads11K

Community Trust

Rating92/100

Number of ratings8

Active installs30

Alternatives

Order Picking App Alternatives

Stock Manager for WooCommerce

woocommerce-stock-manager

WooCommerce stock management plugin to manage and edit product stock and their variables from a single dashboard. Stock log, import/export, filters!

20K 4 CVEs

Smart Manager – Advanced WooCommerce Bulk Edit & Inventory Management

smart-manager-for-wp-e-commerce

WooCommerce Advanced Bulk Edit products, orders, & posts in an Excel-like sheet editor. Get advanced WooCommerce stock, pricing, & order management.

10K 4 CVEs

FlexStock – Stock Sync with Google Sheets for WooCommerce

stock-sync-with-google-sheet-for-woocommerce

WooCommerce inventory and stock management plugin with real-time Google Sheets sync. Track, manage, and bulk edit products instantly.

800 1 CVE

Veeqo for WooCommerce

veeqo-for-woocommerce

Veeqo integrates with your WooCommerce stock with other online marketplaces and allows you to print shipping labels in one click.

700 No CVEs

Billbee – Auftragsabwicklung, Warenwirtschaft, Automatisierung

billbee-auftragsabwicklung-warenwirtschaft-automatisierung

Requires at least: 3.0.1 Tested up to: 5.9 Stable tag: 1.3 License: GPLv2 or later License URI: http://www.gnu.org/licenses/gpl-2.0.

500 No CVEs

Developer Profile

Order Picking App Developer Profile

Arture B.V.

2 plugins · 90 total installs

trust score

Avg Security Score

99/100

Avg Patch Time

5 days

View full developer profile

Detection Fingerprints

How We Detect Order Picking App

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/order-picking-app/admin/css/orderpickingapp.css/wp-content/plugins/order-picking-app/admin/js/bootstrap.min.js/wp-content/plugins/order-picking-app/admin/js/bootstrap-toggle.min.js/wp-content/plugins/order-picking-app/admin/js/admin.js

Script Paths

https://code.jquery.com/ui/1.13.2/jquery-ui.min.js

Version Parameters

order-picking-app/admin/css/orderpickingapp.css?ver=order-picking-app/admin/js/bootstrap.min.js?ver=order-picking-app/admin/js/bootstrap-toggle.min.js?ver=order-picking-app/admin/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

orderpickingapp-settingscta-with-featurerounded-customfeature-tab-list

Data Attributes

data-bs-toggledata-bs-target

JS Globals

bootstrap

FAQ