WP-Safety

Order Tracking – WordPress Status Tracking Plugin Security & Risk Analysis

wordpress.org/plugins/order-tracking

Order tracking, status and project management plugin. Create tickets and tracking numbers. Send email updates. Works standalone and with WooCommerce.

3K active installs v3.4.3 PHP + WP 5.0+ Updated Dec 2, 2025
order-shortcodeorder-statusorder-trackingstatus-trackingwoocommerce-order-tracking
98
A · Safe
CVEs total3
Unpatched0
Last CVEAug 16, 2024
Plugin page Download
Safety Verdict

Is Order Tracking – WordPress Status Tracking Plugin Safe to Use in 2026?

Generally Safe

Score 98/100

Order Tracking – WordPress Status Tracking Plugin has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Aug 16, 2024Updated 4mo ago
Risk Assessment

The 'order-tracking' plugin v3.4.3 exhibits a generally strong security posture, with a comprehensive attack surface protected by authentication and capability checks. The code employs prepared statements for the vast majority of its SQL queries and properly escapes output in most cases. Nonce checks are also prevalent, indicating an awareness of common WordPress attack vectors. However, the presence of 6 flows with unsanitized paths, including 3 of high severity identified by taint analysis, represents a significant concern. These unsanitized flows suggest potential for attackers to manipulate the plugin's behavior by providing specially crafted input that is not adequately validated or neutralized before being used in sensitive operations, potentially leading to vulnerabilities like path traversal or arbitrary file read/write.

The plugin's vulnerability history, with 3 past medium-severity CVEs, further underscores the need for vigilance. The common vulnerability types noted (Missing Authorization and Cross-site Scripting) align with the potential risks identified by the taint analysis of unsanitized paths. While there are no currently unpatched vulnerabilities, the recurring nature of these issues suggests a pattern where certain input sanitization or authorization checks may be inconsistently implemented. The recent CVE in August 2024 is particularly noteworthy, implying that even with regular updates, new vulnerabilities can emerge, necessitating ongoing security review and prompt patching.

Key Concerns

  • High severity unsanitized taint flows
  • Unsanitized paths found
  • Past medium severity CVEs
Vulnerabilities
3

Order Tracking – WordPress Status Tracking Plugin Security Vulnerabilities

CVEs by Year

2 CVEs in 2023
2023
1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
3

3 total CVEs

CVE-2024-43343medium · 4.3Missing Authorization

Order Tracking <= 3.3.11 - Missing Authorization via send_test_email()

Aug 16, 2024 Patched in 3.3.12b (4d)
CVE-2023-4500medium · 4.7Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Order Tracking Pro <= 3.3.6 - Authenticated (Administrator+) Stored Cross-Site Scripting

Aug 28, 2023 Patched in 3.3.7 (148d)
CVE-2023-4471medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Order Tracking Pro <= 3.3.6 - Reflected Cross-Site Scripting

Aug 28, 2023 Patched in 3.3.7 (148d)
Code Analysis
Analyzed Mar 16, 2026

Order Tracking – WordPress Status Tracking Plugin Code Analysis

Dangerous Functions
0
Raw SQL Queries
3
72 prepared
Unescaped Output
121
807 escaped
Nonce Checks
24
Capability Checks
36
File Operations
3
External Requests
2
Bundled Libraries
0

SQL Query Safety

96% prepared75 total queries

Output Escaping

87% escaped928 total outputs
Data Flows
6 unsanitized

Data Flow Analysis

11 flows6 with unsanitized paths
validate_submission (includes\Order.class.php:251)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Order Tracking – WordPress Status Tracking Plugin Attack Surface

Entry Points26
Unprotected0

AJAX Handlers 21

authwp_ajax_ewd_otp_send_feature_suggestionincludes\AboutUs.class.php:14
authwp_ajax_ewd_otp_get_orderincludes\Ajax.class.php:14
noprivwp_ajax_ewd_otp_get_orderincludes\Ajax.class.php:15
authwp_ajax_ewd_otp_get_customer_ordersincludes\Ajax.class.php:17
noprivwp_ajax_ewd_otp_get_customer_ordersincludes\Ajax.class.php:18
authwp_ajax_ewd_otp_get_sales_rep_ordersincludes\Ajax.class.php:20
noprivwp_ajax_ewd_otp_get_sales_rep_ordersincludes\Ajax.class.php:21
authwp_ajax_ewd_otp_update_customer_noteincludes\Ajax.class.php:23
noprivwp_ajax_ewd_otp_update_customer_noteincludes\Ajax.class.php:24
authwp_ajax_ewd_otp_delete_orderincludes\Ajax.class.php:26
authwp_ajax_ewd_otp_hide_orderincludes\Ajax.class.php:27
authwp_ajax_ewd_otp_delete_customerincludes\Ajax.class.php:28
authwp_ajax_ewd_otp_delete_sales_repincludes\Ajax.class.php:29
authwp_ajax_ewd_otp_welcome_add_statusincludes\InstallationWalkthrough.class.php:20
authwp_ajax_ewd_otp_welcome_add_tracking_pageincludes\InstallationWalkthrough.class.php:21
authwp_ajax_ewd_otp_welcome_set_optionsincludes\InstallationWalkthrough.class.php:22
authwp_ajax_ewd_otp_welcome_add_orderincludes\InstallationWalkthrough.class.php:23
authwp_ajax_ewd_otp_hide_review_askincludes\ReviewAsk.class.php:16
authwp_ajax_ewd_otp_send_feedbackincludes\ReviewAsk.class.php:17
authwp_ajax_ewd_otp_hide_helper_noticeorder-tracking.php:182
authwp_ajax_ewd_otp_hide_new_plugin_noticeorder-tracking.php:183

Shortcodes 5

[tracking-form] includes\template-functions.php:49
[customer-form] includes\template-functions.php:145
[sales-rep-form] includes\template-functions.php:224
[customer-order] includes\template-functions.php:287
[order-number-search] includes\template-functions.php:316
WordPress Hooks 94
actionadmin_menuincludes\AboutUs.class.php:16
actionadmin_menuincludes\AdminCustomers.class.php:27
actionadmin_headincludes\AdminCustomers.class.php:30
actionadmin_menuincludes\AdminCustomFields.class.php:15
actionadmin_menuincludes\AdminOrders.class.php:27
actionadmin_headincludes\AdminOrders.class.php:30
filterset-screen-optionincludes\AdminOrders.class.php:33
actionadmin_menuincludes\AdminSalesReps.class.php:29
actionadmin_headincludes\AdminSalesReps.class.php:32
actioninitincludes\Blocks.class.php:14
filterblock_categories_allincludes\Blocks.class.php:16
actioncurrent_screenincludes\Blocks.class.php:74
actionplugins_loadedincludes\CustomerManager.class.php:32
actionadmin_menuincludes\Dashboard.class.php:16
actioncurrent_screenincludes\DeactivationSurvey.class.php:13
actionadmin_enqueue_scriptsincludes\DeactivationSurvey.class.php:18
actionadmin_footerincludes\DeactivationSurvey.class.php:19
actionadmin_menuincludes\Export.class.php:33
actionadmin_menuincludes\Export.class.php:35
actionadmin_menuincludes\Import.class.php:18
actionadmin_initincludes\Import.class.php:20
actionadmin_initincludes\Import.class.php:21
actionadmin_initincludes\Import.class.php:22
actionadmin_noticesincludes\Import.class.php:111
actionadmin_noticesincludes\Import.class.php:272
actionadmin_noticesincludes\Import.class.php:299
actionadmin_noticesincludes\Import.class.php:422
actionadmin_noticesincludes\Import.class.php:449
actionadmin_noticesincludes\Import.class.php:572
actionadmin_menuincludes\InstallationWalkthrough.class.php:14
actionadmin_headincludes\InstallationWalkthrough.class.php:15
actionadmin_initincludes\InstallationWalkthrough.class.php:16
actionadmin_headincludes\InstallationWalkthrough.class.php:18
actionewd_otp_customer_note_updatedincludes\Notifications.class.php:15
actionewd_otp_insert_customer_orderincludes\Notifications.class.php:16
actionewd_otp_insert_customer_orderincludes\Notifications.class.php:17
actionewd_otp_admin_order_insertedincludes\Notifications.class.php:19
actionewd_otp_admin_order_updatedincludes\Notifications.class.php:20
actionewd_otp_status_updatedincludes\Notifications.class.php:21
actionewd_otp_insert_customer_orderincludes\Notifications.class.php:24
actionewd_otp_admin_order_updatedincludes\Notifications.class.php:25
actionplugins_loadedincludes\OrderManager.class.php:36
actionewd_otp_post_order_information_fieldsincludes\Phone.class.php:14
actionewd_otp_post_sales_rep_information_fieldsincludes\Phone.class.php:15
actionewd_otp_post_customer_order_information_fieldsincludes\Phone.class.php:16
actionewd_otp_validate_order_submissionincludes\Phone.class.php:18
actionewd_otp_validate_sales_rep_submissionincludes\Phone.class.php:19
actionadmin_noticesincludes\ReviewAsk.class.php:14
actionadmin_enqueue_scriptsincludes\ReviewAsk.class.php:19
actionplugins_loadedincludes\SalesRepManager.class.php:32
actioninitincludes\Settings.class.php:268
actioninitincludes\Settings.class.php:270
actioninitincludes\Settings.class.php:272
actioninitincludes\template-functions.php:370
actionshutdownincludes\template-functions.php:371
actioninitincludes\template-functions.php:374
filteruwpm_register_custom_element_sectionincludes\UltimateWPMail.class.php:14
actionuwpm_register_custom_elementincludes\UltimateWPMail.class.php:15
actioninitincludes\WooCommerce.class.php:14
actionsave_post_shop_orderincludes\WooCommerce.class.php:26
actionwoocommerce_checkout_order_processedincludes\WooCommerce.class.php:28
actionwoocommerce_order_status_changedincludes\WooCommerce.class.php:29
actionwc_order_statusesincludes\WooCommerce.class.php:33
filterbulk_actions-edit-shop_orderincludes\WooCommerce.class.php:35
filterwoocommerce_payment_complete_order_statusincludes\WooCommerce.class.php:37
filterwoocommerce_valid_order_statuses_for_order_againincludes\WooCommerce.class.php:38
filterwoocommerce_valid_order_statuses_for_cancelincludes\WooCommerce.class.php:39
filterwoocommerce_bacs_process_payment_order_statusincludes\WooCommerce.class.php:40
filterwoocommerce_default_order_statusincludes\WooCommerce.class.php:41
filterwoocommerce_valid_order_statuses_for_paymentincludes\WooCommerce.class.php:42
filterwoocommerce_valid_order_statuses_for_payment_completeincludes\WooCommerce.class.php:43
filterwoocommerce_valid_order_statuses_for_cancelincludes\WooCommerce.class.php:44
filterwoocommerce_reports_order_statusesincludes\WooCommerce.class.php:45
filterwoocommerce_reports_get_order_report_data_argsincludes\WooCommerce.class.php:47
actionwoocommerce_view_orderincludes\WooCommerce.class.php:52
actionwoocommerce_order_details_after_order_tableincludes\WooCommerce.class.php:57
actionwoocommerce_admin_order_data_after_order_detailsincludes\WooCommerce.class.php:62
actionsave_post_shop_orderincludes\WooCommerce.class.php:63
actionewd_otp_customers_table_topincludes\WP_List_Table.CustomersTable.class.php:432
actionewd_otp_orders_table_topincludes\WP_List_Table.OrdersTable.class.php:667
actionewd_otp_sales_reps_table_topincludes\WP_List_Table.SalesRepsTable.class.php:447
actioninitorder-tracking.php:166
actionplugins_loadedorder-tracking.php:168
actionadmin_noticesorder-tracking.php:170
actionadmin_noticesorder-tracking.php:171
actionadmin_noticesorder-tracking.php:172
actionadmin_enqueue_scriptsorder-tracking.php:174
actionadmin_enqueue_scriptsorder-tracking.php:175
actionwp_enqueue_scriptsorder-tracking.php:176
actionwp_headorder-tracking.php:177
actionwp_footerorder-tracking.php:178
filterplugin_action_linksorder-tracking.php:180
actionupgrader_process_completeorder-tracking.php:185
actionbefore_woocommerce_initorder-tracking.php:187
Maintenance & Trust

Order Tracking – WordPress Status Tracking Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 2, 2025
PHP min version
Downloads410K

Community Trust

Rating92/100
Number of ratings73
Active installs3K
Alternatives

Order Tracking – WordPress Status Tracking Plugin Alternatives

Orders Tracking for WooCommerce

Orders Tracking for WooCommerce

woo-orders-tracking

A
98

Easily import/manage your tracking numbers, add tracking numbers to PayPal and send email notifications to customers.

10K 3 CVEs
WPCargo Track & Trace

WPCargo Track & Trace

wpcargo

D
37

WPCargo is a track & trace system for courier, courier script, parcel, balikbayan system, shipment and transportation management system, ideal sol &hellip;

10K 3 unpatched
pd Woo Tracking Order

pd Woo Tracking Order

pd-woo-tracking-order

A
85

You can set the custom Woocommerce Order Status and can able to add a Tracking ID of your carrier service provider with a nice front end user interfac &hellip;

70 No CVEs
Order Tracker by Phone Number

Order Tracker by Phone Number

order-tracker-by-phone-number

A
100

Allow customers to track their WooCommerce orders using just their phone number with a sleek popup display.

50 No CVEs
JCWT Order Timeline for WooCommerce

JCWT Order Timeline for WooCommerce

jcwt-order-timeline-for-woocommerce

A
100

A lightweight, HPOS-compatible order tracking timeline for WooCommerce with caching and mobile-responsive design.

0 No CVEs
Developer Profile

Order Tracking – WordPress Status Tracking Plugin Developer Profile

Rustaurius

21 plugins · 66K total installs

72
trust score
Avg Security Score
90/100
Avg Patch Time
716 days
View full developer profile
Detection Fingerprints

How We Detect Order Tracking – WordPress Status Tracking Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/order-tracking/css/AdminOrderItems.css/wp-content/plugins/order-tracking/css/AdminOrders.css/wp-content/plugins/order-tracking/css/AdminSalesReps.css/wp-content/plugins/order-tracking/css/Customers.css/wp-content/plugins/order-tracking/css/Dashboard.css/wp-content/plugins/order-tracking/css/EwdOTP.css/wp-content/plugins/order-tracking/css/InstallWalkthrough.css/wp-content/plugins/order-tracking/css/OrderTrackingList.css+16 more
Script Paths
/wp-content/plugins/order-tracking/js/AdminOrderItems.js/wp-content/plugins/order-tracking/js/AdminOrders.js/wp-content/plugins/order-tracking/js/AdminSalesReps.js/wp-content/plugins/order-tracking/js/Customers.js/wp-content/plugins/order-tracking/js/Dashboard.js/wp-content/plugins/order-tracking/js/EwdOTP.js+7 more
Version Parameters
order-tracking/css/AdminOrderItems.css?ver=order-tracking/css/AdminOrders.css?ver=order-tracking/css/AdminSalesReps.css?ver=order-tracking/css/Customers.css?ver=order-tracking/css/Dashboard.css?ver=order-tracking/css/EwdOTP.css?ver=order-tracking/css/InstallWalkthrough.css?ver=order-tracking/css/OrderTrackingList.css?ver=order-tracking/css/Reviews.css?ver=order-tracking/css/Settings.css?ver=order-tracking/css/WooCommerce.css?ver=order-tracking/js/AdminOrderItems.js?ver=order-tracking/js/AdminOrders.js?ver=order-tracking/js/AdminSalesReps.js?ver=order-tracking/js/Customers.js?ver=order-tracking/js/Dashboard.js?ver=order-tracking/js/EwdOTP.js?ver=order-tracking/js/InstallWalkthrough.js?ver=order-tracking/js/OrderTrackingList.js?ver=order-tracking/js/OrderTrackingView.js?ver=order-tracking/js/Reviews.js?ver=order-tracking/js/Settings.js?ver=order-tracking/js/WooCommerce.js?ver=order-tracking/js/ Zendesk.js?ver=

HTML / DOM Fingerprints

CSS Classes
ewd-otp-admin-ordersewd-otp-customers-listewd-otp-order-tracking-listewd-otp-sales-reps-list
HTML Comments
<!-- EWD Order Tracking Plugin -->
Data Attributes
data-ewd-otp-order-iddata-ewd-otp-customer-iddata-ewd-otp-tracking-numberdata-ewd-otp-order-status
JS Globals
ewd_otp_tracking_dataewd_otp_ajax_urlewd_otp_admin_order_data
REST Endpoints
/wp-json/ewd-otp/v1/get_order_details/wp-json/ewd-otp/v1/update_order_status/wp-json/ewd-otp/v1/add_order_note
Shortcode Output
[order_tracking][tracking_details][order_list]
FAQ

Frequently Asked Questions about Order Tracking – WordPress Status Tracking Plugin