WP-Safety

Order Tip & Donations for WooCommerce Security & Risk Analysis

wordpress.org/plugins/order-tip-for-woocommerce

Order Tip for WooCommerce adds an option for customer service tips, tips for waitresses, in WooCommerce.

80 active installs v1.0.37 PHP 7.2+ WP + Updated Mar 3, 2026
charitydelivery-tipdonationorder-tiptip
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Order Tip & Donations for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Order Tip & Donations for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The 'order-tip-for-woocommerce' plugin v1.0.37 exhibits a generally good security posture due to its strong adherence to secure coding practices. The static analysis indicates that all SQL queries are prepared, a significant majority of output is properly escaped, and there are no recorded known vulnerabilities. This suggests a development team that is mindful of common security pitfalls and prioritizes robust code. The plugin also utilizes nonce checks and capability checks, further strengthening its defense against common attack vectors.

However, there are specific areas of concern that warrant attention. The presence of an unprotected AJAX handler represents a potential entry point for attackers if not properly secured by the application layer. While the taint analysis did not reveal critical or high-severity issues, the single flow with an unsanitized path, even at a lower severity, is a flag. This could be exploited if user-controlled data is passed through this path without adequate sanitization, potentially leading to unexpected behavior or information disclosure.

In conclusion, 'order-tip-for-woocommerce' v1.0.37 is a plugin with a solid foundation of security best practices. Its lack of vulnerability history is a positive indicator. The primary risks lie in the single unprotected AJAX endpoint and the identified unsanitized path. Addressing these specific points would significantly enhance the plugin's overall security.

Key Concerns

  • AJAX handler without authentication check
  • Flow with unsanitized path identified
Vulnerabilities
None known

Order Tip & Donations for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Order Tip & Donations for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
8 prepared
Unescaped Output
7
388 escaped
Nonce Checks
6
Capability Checks
2
File Operations
0
External Requests
1
Bundled Libraries
0

SQL Query Safety

100% prepared8 total queries

Output Escaping

98% escaped395 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths
handle_tracker_action (admin\class-analytics.php:75)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Order Tip & Donations for WooCommerce Attack Surface

Entry Points3
Unprotected1

AJAX Handlers 2

authwp_ajax_save_tipadmin\class-tip.php:35
authwp_ajax_pisol_otw_toggle_tip_statusadmin\class-tips.php:38

Shortcodes 1

[pisol_otw] public\class-tipsdisplay.php:18
WordPress Hooks 40
actionadmin_enqueue_scriptsadmin\class-analytics.php:34
actionadmin_footer-plugins.phpadmin\class-analytics.php:35
actionadmin_noticesadmin\class-analytics.php:38
actionadmin_initadmin\class-design.php:33
actionadmin_footeradmin\class-formgenerator.php:414
actionadmin_menuadmin\class-menu.php:22
filtermanage_edit-shop_order_columnsadmin\class-ordertable.php:17
filtermanage_woocommerce_page_wc-orders_columnsadmin\class-ordertable.php:18
actionmanage_shop_order_posts_custom_columnadmin\class-ordertable.php:20
actionmanage_woocommerce_page_wc-orders_custom_columnadmin\class-ordertable.php:21
actionadmin_noticesadmin\class-review.php:109
actionadmin_initadmin\class-setting.php:32
actionadmin_post_delete_tipadmin\class-tip.php:37
actionadmin_enqueue_scriptsadmin\class-tip.php:39
actioninitblock\class-tipblock.php:31
actionwoocommerce_blocks_loadedblock\class-tipblock.php:33
actionwoocommerce_blocks_loadedblock\class-tipblock.php:35
actionwoocommerce_blocks_loadedblock\class-tipblock.php:37
actionwoocommerce_store_api_checkout_update_order_from_requestblock\class-tipblock.php:39
actionwoocommerce_blocks_checkout_block_registrationblock\class-tipblock.php:50
actionadmin_noticesorder-tip-for-woocommerce.php:38
actionbefore_woocommerce_initorder-tip-for-woocommerce.php:51
actionadmin_initorder-tip-for-woocommerce.php:85
actionwoocommerce_cart_calculate_feespublic\class-feemanager.php:19
actionwc_ajax_pisol_otw_add_tippublic\class-feemanager.php:20
actionwoocommerce_after_checkout_validationpublic\class-feemanager.php:21
filterwoocommerce_checkout_create_order_fee_itempublic\class-feemanager.php:26
actionwoocommerce_new_orderpublic\class-feemanager.php:32
actionwoocommerce_checkout_update_order_metapublic\class-feemanager.php:33
actionwoocommerce_before_cartpublic\class-position.php:25
actionwoocommerce_cart_couponpublic\class-position.php:28
actionwoocommerce_before_cart_totalspublic\class-position.php:31
actionwoocommerce_after_cartpublic\class-position.php:34
actionwoocommerce_before_checkout_formpublic\class-position.php:48
actionwoocommerce_before_order_notespublic\class-position.php:51
actionwoocommerce_checkout_after_customer_detailspublic\class-position.php:54
actionwoocommerce_checkout_before_order_review_headingpublic\class-position.php:57
actionwoocommerce_after_checkout_formpublic\class-position.php:60
actionwp_enqueue_scriptspublic\class-tipsdisplay.php:17
filterwoocommerce_update_order_review_fragmentspublic\class-tipsdisplay.php:19
Maintenance & Trust

Order Tip & Donations for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 3, 2026
PHP min version7.2
Downloads3K

Community Trust

Rating100/100
Number of ratings1
Active installs80
Alternatives

Order Tip & Donations for WooCommerce Alternatives

Accept Donations with PayPal & Stripe

Accept Donations with PayPal & Stripe

easy-paypal-donation

A
92

Add a PayPal or Stripe Donation Button to your website and start collecting donations today. No Coding Required. Official PayPal & Stripe Partner.

10K 8 CVEs
Donation Platform for WooCommerce: Fundraising & Donation Management

Donation Platform for WooCommerce: Fundraising & Donation Management

wc-donation-platform

A
100

Open source donation system for your fundraising that supports recurring donations and more

7K 1 CVE
Order Tip for WooCommerce

Order Tip for WooCommerce

order-tip-woo

A
97

Order Tip for WooCommerce adds a form to your cart and checkout pages where your customers will be able to add tips or donations

2K 2 CVEs
Charity Addon for Elementor

Charity Addon for Elementor

charity-addon-for-elementor

C
69

Charity Addon for Elementor is an Elementor Addons for Charity Websites.

1K 1 unpatched
WPC Order Tip for WooCommerce

WPC Order Tip for WooCommerce

wpc-order-tip

A
100

WPC Order Tip is a plugin that enables customers to add extra amounts to their order as a tip or donation to the seller or specified recipients.

1K No CVEs
Developer Profile

Order Tip & Donations for WooCommerce Developer Profile

PI Web Solution

30 plugins · 93K total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
235 days
View full developer profile
Detection Fingerprints

How We Detect Order Tip & Donations for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/order-tip-for-woocommerce/assets/css/style.css/wp-content/plugins/order-tip-for-woocommerce/assets/js/main.js/wp-content/plugins/order-tip-for-woocommerce/assets/js/admin.js
Script Paths
/wp-content/plugins/order-tip-for-woocommerce/assets/js/main.js/wp-content/plugins/order-tip-for-woocommerce/assets/js/admin.js
Version Parameters
order-tip-for-woocommerce/assets/css/style.css?ver=order-tip-for-woocommerce/assets/js/main.js?ver=order-tip-for-woocommerce/assets/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
pisol-otw-admin-noticepisol-otw-settings-tabspisol-otw-field-wrapperpisol-otw-form-generatorpisol-otw-submit-button
HTML Comments
<!-- PISOL_OTW_Main instance -->
Data Attributes
data-pisol-otw-field-typedata-pisol-otw-field-name
JS Globals
pisol_otw_main_objectpisol_otw_admin_params
FAQ

Frequently Asked Questions about Order Tip & Donations for WooCommerce