WP-Safety

Oxygen MyData for WooCommerce Security & Risk Analysis

wordpress.org/plugins/oxygen-mydata

Automate your WooCommerce store and accounting by syncing orders and more between WooCommerce and Oxygen Suite.

200 active installs v2.0.40 PHP 7.4+ WP 5.5+ Updated Feb 9, 2026
invoicesinvoices-greecemydataoxygenwoocommerce-invoices
95
A · Safe
CVEs total1
Unpatched0
Last CVEApr 9, 2025
Plugin page Download
Safety Verdict

Is Oxygen MyData for WooCommerce Safe to Use in 2026?

Generally Safe

Score 95/100

Oxygen MyData for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Apr 9, 2025Updated 1mo ago
Risk Assessment

The "oxygen-mydata" plugin v2.0.40 presents a mixed security posture. While it demonstrates strong practices in areas like SQL query sanitization (100% prepared statements) and output escaping (95%), significant concerns arise from its attack surface. With 10 AJAX handlers, 7 of which lack authentication checks, a substantial portion of the plugin's functionality is exposed to unauthenticated users. The taint analysis did not reveal critical or high-severity unsanitized flows, which is a positive indicator, but the presence of 3 flows with unsanitized paths warrants attention, even if their severity wasn't classified as critical.

The plugin's vulnerability history is a major red flag. A past critical vulnerability, specifically a 'Path Traversal' issue, even if currently patched, indicates a potential for severe security flaws. The fact that a critical vulnerability existed in the past suggests that developers should maintain a heightened awareness of such issues and implement robust security controls to prevent recurrence.

In conclusion, "oxygen-mydata" v2.0.40 has strengths in data handling and output sanitization. However, the significant number of unprotected AJAX endpoints and the historical presence of a critical path traversal vulnerability significantly elevate its risk profile. Users should be aware of the potential for privilege escalation or unauthorized actions due to the exposed AJAX handlers. Continued vigilance and thorough security reviews are recommended.

Key Concerns

  • Unprotected AJAX handlers
  • Flows with unsanitized paths
  • Past critical vulnerability
Vulnerabilities
1

Oxygen MyData for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Critical
1

1 total CVE

CVE-2025-32631critical · 9.1Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Oxygen MyData for WooCommerce <= 1.0.64 - Unauthenticated Arbitrary File Deletion

Apr 9, 2025 Patched in 1.0.65 (13d)
Code Analysis
Analyzed Mar 16, 2026

Oxygen MyData for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
1 prepared
Unescaped Output
10
194 escaped
Nonce Checks
9
Capability Checks
4
File Operations
4
External Requests
17
Bundled Libraries
0

SQL Query Safety

100% prepared1 total queries

Output Escaping

95% escaped204 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

6 flows3 with unsanitized paths
download_pdf_action (inc\class-oxygenorder.php:2654)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
7 unprotected

Oxygen MyData for WooCommerce Attack Surface

Entry Points10
Unprotected7

AJAX Handlers 10

authwp_ajax_check_vat_actioninc\class-oxygenorder.php:2612
noprivwp_ajax_check_vat_actioninc\class-oxygenorder.php:2613
authwp_ajax_download_pdf_actioninc\class-oxygenorder.php:2711
authwp_ajax_delete_pdf_after_downloadinginc\class-oxygenorder.php:2780
authwp_ajax_send_invoice_email_on_click_actioninc\class-oxygenorder.php:2828
noprivwp_ajax_send_invoice_email_on_click_actioninc\class-oxygenorder.php:2829
authwp_ajax_change_price_per_vat_actioninc\class-oxygenorder.php:2862
authwp_ajax_restore_price_with_tax_actioninc\class-oxygenorder.php:2943
authwp_ajax_oxygen_copy_shipping_metainc\class-oxygenorder.php:2956
authwp_ajax_download_wc_loginc\class-oxygenwoosettings.php:74
WordPress Hooks 65
actioninitinc\class-oxygen.php:74
actionwp_enqueue_scriptsinc\class-oxygen.php:77
actionadmin_enqueue_scriptsinc\class-oxygen.php:80
actionadd_meta_boxesinc\class-oxygenorder.php:65
actionadmin_initinc\class-oxygenorder.php:66
actionwoocommerce_new_orderinc\class-oxygenorder.php:68
actionwoocommerce_thankyouinc\class-oxygenorder.php:69
actionwoocommerce_order_status_changedinc\class-oxygenorder.php:70
filtermanage_edit-shop_order_columnsinc\class-oxygenorder.php:73
filterwoocommerce_shop_order_list_table_columnsinc\class-oxygenorder.php:74
actionmanage_shop_order_posts_custom_columninc\class-oxygenorder.php:75
actionwoocommerce_shop_order_list_table_custom_columninc\class-oxygenorder.php:76
actionwoocommerce_process_shop_order_metainc\class-oxygenorder.php:79
actionwoocommerce_admin_order_data_after_order_detailsinc\class-oxygenorder.php:80
filterwoocommerce_my_account_my_orders_actionsinc\class-oxygenorder.php:85
filterwoocommerce_checkout_fieldsinc\class-oxygenorder.php:91
filterwoocommerce_checkout_processinc\class-oxygenorder.php:92
filterwoocommerce_address_to_editinc\class-oxygenorder.php:93
filterwoocommerce_order_formatted_billing_addressinc\class-oxygenorder.php:94
filterwoocommerce_my_account_my_address_formatted_addressinc\class-oxygenorder.php:95
filterwoocommerce_formatted_address_replacementsinc\class-oxygenorder.php:96
filterwoocommerce_admin_billing_fieldsinc\class-oxygenorder.php:97
filterwoocommerce_ajax_get_customer_detailsinc\class-oxygenorder.php:98
filterwoocommerce_customer_meta_fieldsinc\class-oxygenorder.php:99
actionwoocommerce_after_order_object_saveinc\class-oxygenorder.php:459
actionwoocommerce_after_order_object_saveinc\class-oxygenorder.php:531
actionwoocommerce_after_order_object_saveinc\class-oxygenorder.php:837
actionwoocommerce_after_order_object_saveinc\class-oxygenorder.php:888
filterwoocommerce_email_attachmentsinc\class-oxygenorder.php:990
actionoxygen_fill_order_shipping_meta_from_optionsinc\class-oxygenorder.php:1926
actionwoocommerce_checkout_update_order_metainc\class-oxygenorder.php:2519
actionwp_enqueue_scriptsinc\class-oxygenorder.php:2642
actionadmin_enqueue_scriptsinc\class-oxygenorder.php:2741
actionwp_enqueue_scriptsinc\class-oxygenorder.php:2742
filterwoocommerce_customer_taxable_addressinc\class-oxygenorder.php:2864
filterwoocommerce_is_vat_exemptinc\class-oxygenorder.php:2875
actionwoocommerce_before_calculate_totalsinc\class-oxygenorder.php:2887
actionwoocommerce_thankyouinc\class-oxygenorder.php:2908
actionwoocommerce_update_options_oxygeninc\class-oxygenwoosettings.php:51
filterwoocommerce_settings_tabs_arrayinc\class-oxygenwoosettings.php:52
actionwoocommerce_admin_field_htmlinc\class-oxygenwoosettings.php:55
actionwoocommerce_admin_field_toggleinc\class-oxygenwoosettings.php:56
actionwoocommerce_update_option_toggleinc\class-oxygenwoosettings.php:57
actionproduct_cat_edit_form_fieldsinc\class-oxygenwoosettings.php:60
actionedited_product_catinc\class-oxygenwoosettings.php:63
actionwoocommerce_product_data_tabsinc\class-oxygenwoosettings.php:66
actionwoocommerce_product_data_panelsinc\class-oxygenwoosettings.php:67
actionwoocommerce_update_productinc\class-oxygenwoosettings.php:70
actionadmin_initinc\class-oxygenwoosettings.php:73
actionwoocommerce_product_options_inventory_product_datainc\class-oxygenwoosettings.php:76
actionwoocommerce_process_product_metainc\class-oxygenwoosettings.php:77
actionplugins_loadedinc\class-wc-oxygenpayment-gateway.php:24
filterwoocommerce_payment_gatewaysinc\class-wc-oxygenpayment-gateway.php:309
filterquery_varsinc\class-wc-oxygenpayment-gateway.php:526
actionwp_enqueue_scriptsinc\class-wc-oxygenpayment-gateway.php:535
actionwp_enqueue_scriptsinc\class-wc-oxygenpayment-gateway.php:551
actionwp_footerinc\class-wc-oxygenpayment-gateway.php:665
actionadmin_enqueue_scriptsinc\class-wc-oxygenpayment-gateway.php:668
actionupdate_option_woocommerce_oxygen_payment_settingsinc\class-wc-oxygenpayment-gateway.php:681
actionadmin_initoxygen-mydata.php:47
actionadmin_noticesoxygen-mydata.php:51
actionwoocommerce_loadedoxygen-mydata.php:59
actionbefore_woocommerce_initoxygen-mydata.php:69
filterwoocommerce_email_classesoxygen-mydata.php:82
filterhttp_request_timeoutoxygen-mydata.php:89
Maintenance & Trust

Oxygen MyData for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedFeb 9, 2026
PHP min version7.4
Downloads21K

Community Trust

Rating0/100
Number of ratings0
Active installs200
Alternatives

Oxygen MyData for WooCommerce Alternatives

Flexible PDF Invoices for WooCommerce & WordPress

Flexible PDF Invoices for WooCommerce & WordPress

flexible-invoices

A
99

WooCommerce PDF invoices made simple. EU VAT validation, reverse charge invoice, proforma invoices, MOSS / OSS support, invoices in bulk and more.

7K 1 CVE
Invoice Gateway for WooCommerce – Invoice Payment Gateway

Invoice Gateway for WooCommerce – Invoice Payment Gateway

invoice-gateway-for-woocommerce

A
100

Add a WooCommerce invoice gateway to your store. An easy invoicing payment gateway solution for WooCommerce.

2K No CVEs
Primer MyData for Woocommerce

Primer MyData for Woocommerce

primer-mydata

A
95

Issue legal receipts automatically directly from your wordpress using MyData provider Services.

100 4 CVEs
Invoice Manager for WooCommerce

Invoice Manager for WooCommerce

wc-invoice-manager

A
100

Manage WooCommerce invoices with the first Gutenberg-based editor; it's user-friendly, and ensures professional, accurate billing.

30 No CVEs
PDF Invoices and Packing Slips for Woocommerce

PDF Invoices and Packing Slips for Woocommerce

webplanex-invoices

A
100

Generate PDF Invoices, Shipping Labels, Packing Slips, Delivery Notes and Credit notes for your WooCommerce store.

30 No CVEs
Developer Profile

Oxygen MyData for WooCommerce Developer Profile

oxygensuite

1 plugin · 200 total installs

91
trust score
Avg Security Score
95/100
Avg Patch Time
13 days
View full developer profile
Detection Fingerprints

How We Detect Oxygen MyData for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/oxygen-mydata/assets/css/oxygen_styles.css/wp-content/plugins/oxygen-mydata/assets/css/my_styles.css/wp-content/plugins/oxygen-mydata/assets/css/oxygen.css/wp-content/plugins/oxygen-mydata/js/oxygen.js/wp-content/plugins/oxygen-mydata/js/oxygen_settings.js/wp-content/plugins/oxygen-mydata/js/create_document_meta_box.js
Script Paths
/wp-content/plugins/oxygen-mydata/js/oxygen.js/wp-content/plugins/oxygen-mydata/js/oxygen_settings.js/wp-content/plugins/oxygen-mydata/js/create_document_meta_box.js
Version Parameters
oxygen-mydata/assets/css/oxygen_styles.css?ver=oxygen-mydata/assets/css/my_styles.css?ver=oxygen-mydata/assets/css/oxygen.css?ver=oxygen-mydata/js/oxygen.js?ver=oxygen-mydata/js/oxygen_settings.js?ver=oxygen-mydata/js/create_document_meta_box.js?ver=

HTML / DOM Fingerprints

CSS Classes
oxygen-order-meta-box
HTML Comments
<!-- Oxygen MyData for WooCommerce is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY. See the GNU General Public License for more details. --><!-- You should have received a copy of the GNU General Public License along with Oxygen MyData for WooCommerce. If not, see https://www.gnu.org/licenses/gpl-2.0.html --><!-- Oxygen MyData Class File --><!-- Oxygen MyData Class -->+9 more
Data Attributes
data-oxygen-ajax-urldata-oxygen-noncedata-my-data-invoice-id
JS Globals
change_price_per_vat_actionrestore_price_with_tax_actionMyLocalizedText
FAQ

Frequently Asked Questions about Oxygen MyData for WooCommerce