WP-Safety

Order Role Manager for WooCommerce Security & Risk Analysis

wordpress.org/plugins/order-role-manager-for-woocommerce

Restrict WooCommerce order editing by user role and username. Limit order status changes and order status overview visibility.

0 active installs v8.1.0 PHP 7.4+ WP 5.8+ Updated Nov 3, 2025
order-permissionsorder-restrictionrestrict-order-statususer-rolewoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Order Role Manager for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Order Role Manager for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5mo ago
Risk Assessment

The 'order-role-manager-for-woocommerce' plugin v8.1.0 demonstrates a generally good security posture with several strong security practices observed. The absence of known CVEs, coupled with a low percentage of SQL queries not using prepared statements and a high percentage of properly escaped output, indicates a commitment to secure coding. Furthermore, the presence of nonce and capability checks on entry points suggests a robust approach to access control and data integrity.

However, the static analysis revealed two taint flows with unsanitized paths, classified as high severity. While these don't directly translate to immediate exploitable vulnerabilities without further context or user interaction, they represent potential risks that require careful consideration and remediation. The plugin's attack surface is small and currently shows no unprotected entry points, which is a positive sign. The vulnerability history being entirely clear is also a strong indicator of past security diligence.

In conclusion, the plugin is well-maintained with a strong foundation of security best practices. The main area of concern stems from the identified high-severity taint flows, which, despite the plugin's otherwise secure design and clean history, warrant attention to ensure no privilege escalation or data leakage can occur under specific, albeit potentially complex, attack vectors. The strengths in code hygiene and access control significantly outweigh the potential risks, but vigilance regarding the taint flows is recommended.

Key Concerns

  • High severity taint flows with unsanitized paths
Vulnerabilities
None known

Order Role Manager for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Order Role Manager for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
13 prepared
Unescaped Output
5
109 escaped
Nonce Checks
8
Capability Checks
9
File Operations
0
External Requests
0
Bundled Libraries
2

Bundled Libraries

Select2Freemius1.0

SQL Query Safety

87% prepared15 total queries

Output Escaping

96% escaped114 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths
<class-wosr-order-status-overview> (includes\restrictions\class-wosr-order-status-overview.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Order Role Manager for WooCommerce Attack Surface

Entry Points2
Unprotected0

AJAX Handlers 2

authwp_ajax_wosr_toggle_rule_status_overviewincludes\restrictions\class-wosr-order-status-overview.php:31
authwp_ajax_wosr_toggle_rule_statusincludes\restrictions\class-wosr-order-status.php:36
WordPress Hooks 21
actionadmin_menuincludes\class-wosr-admin.php:42
actionadmin_enqueue_scriptsincludes\class-wosr-admin.php:43
filterwc_order_statusesincludes\functions\class-wosr-order-status.php:22
filterwoocommerce_admin_order_actionsincludes\functions\class-wosr-order-status.php:25
actionadmin_initincludes\functions\class-wosr-order-status.php:28
filterviews_woocommerce_page_wc-ordersincludes\functions\class-wosr-order-status.php:31
filterviews_edit-shop_orderincludes\functions\class-wosr-order-status.php:32
actionafter_uninstallincludes\functions\class-wosr-uninstall-cleanup.php:30
actionwosr_render_tab_delete_wosr_settings_on_uninstallincludes\restrictions\class-wosr-delete-data.php:25
actionadmin_initincludes\restrictions\class-wosr-delete-data.php:28
actionwosr_render_tab_order_status_overviewincludes\restrictions\class-wosr-order-status-overview.php:23
actionadmin_post_wosr_save_rule_overviewincludes\restrictions\class-wosr-order-status-overview.php:26
actionadmin_post_wosr_update_rule_overviewincludes\restrictions\class-wosr-order-status-overview.php:27
actionadmin_post_wosr_delete_rule_overviewincludes\restrictions\class-wosr-order-status-overview.php:28
actionwosr_render_tab_order_statusincludes\restrictions\class-wosr-order-status.php:28
actionadmin_post_wosr_save_ruleincludes\restrictions\class-wosr-order-status.php:31
actionadmin_post_wosr_update_ruleincludes\restrictions\class-wosr-order-status.php:32
actionadmin_post_wosr_delete_ruleincludes\restrictions\class-wosr-order-status.php:33
actionwosr_render_tab_upgradeincludes\restrictions\class-wosr-upgrade.php:24
actiondeactivated_pluginorder-role-manager-for-woocommerce.php:102
actionshutdownorder-role-manager-for-woocommerce.php:106
Maintenance & Trust

Order Role Manager for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedNov 3, 2025
PHP min version7.4
Downloads144

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Order Role Manager for WooCommerce Alternatives

Product Visibility by User Role for WooCommerce

Product Visibility by User Role for WooCommerce

product-visibility-by-user-role-for-woocommerce

A
100

Display WooCommerce products by customer's user role.

7K No CVEs
Payment Gateways by User Roles for WooCommerce

Payment Gateways by User Roles for WooCommerce

payment-gateways-by-user-roles-for-woocommerce

A
100

Set user roles to include/exclude for WooCommerce payment gateways to show up.

3K No CVEs
Role Based Pricing for Woo by Meow Crew

Role Based Pricing for Woo by Meow Crew

role-and-customer-based-pricing-for-woocommerce

A
100

Create individual pricing for customers based on their role or account. Works with all types of products along with Import-Export tools

2K No CVEs
Maximum Products per User for WooCommerce

Maximum Products per User for WooCommerce

maximum-products-per-user-for-woocommerce

A
98

Limit number of items your WooCommerce customers can buy (lifetime or in selected date range).

1K 2 CVEs
Product Prices by User Roles for WooCommerce

Product Prices by User Roles for WooCommerce

price-by-user-role-for-woocommerce

A
100

Set user role based product prices in WooCommerce. Set Role based pricing globally or per product, hide prices for selected roles and more.

1K No CVEs
Developer Profile

Order Role Manager for WooCommerce Developer Profile

JAD Plugins

1 plugin · 0 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Order Role Manager for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/order-role-manager-for-woocommerce/assets/select2/select2.min.js/wp-content/plugins/order-role-manager-for-woocommerce/assets/select2/select2.min.css/wp-content/plugins/order-role-manager-for-woocommerce/assets/css/wosr-admin-styles.css/wp-content/plugins/order-role-manager-for-woocommerce/assets/js/wosr-admin-scripts.js/wp-content/plugins/order-role-manager-for-woocommerce/assets/js/wosr-admin-scripts.js.map
Version Parameters
order-role-manager-for-woocommerce/assets/select2/select2.min.js?ver=order-role-manager-for-woocommerce/assets/select2/select2.min.css?ver=order-role-manager-for-woocommerce/assets/css/wosr-admin-styles.css?ver=order-role-manager-for-woocommerce/assets/js/wosr-admin-scripts.js?ver=

HTML / DOM Fingerprints

CSS Classes
wosr-admin-settings-pagewosr-tab-content
JS Globals
wosr_admin_params
FAQ

Frequently Asked Questions about Order Role Manager for WooCommerce