WP-Safety

pd Woo Tracking Order Security & Risk Analysis

wordpress.org/plugins/pd-woo-tracking-order

You can set the custom Woocommerce Order Status and can able to add a Tracking ID of your carrier service provider with a nice front end user interfac …

70 active installs v2.0.4 PHP 5.6+ WP 4.0+ Updated Oct 8, 2021
order-trackingtrackingwoocommercewoocommerce-order-tracking
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is pd Woo Tracking Order Safe to Use in 2026?

Generally Safe

Score 85/100

pd Woo Tracking Order has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago
Risk Assessment

The "pd-woo-tracking-order" plugin version 2.0.4 exhibits a concerning security posture due to a significant number of unprotected entry points. All 6 identified AJAX handlers lack authentication checks, exposing them to potential unauthorized access and manipulation. While the plugin demonstrates good practices in its handling of SQL queries (100% prepared statements) and does not appear to have any known past vulnerabilities, the lack of authorization on AJAX endpoints is a critical oversight that severely weakens its security.

Taint analysis did reveal 4 flows with unsanitized paths, though they were not flagged as critical or high severity. This indicates a potential, albeit unexploited or low-impact, risk of path traversal or manipulation. Coupled with the 63% proper output escaping, there's a moderate chance of cross-site scripting (XSS) vulnerabilities, although the severity is not explicitly stated. The presence of nonce checks and capability checks (though limited) is positive, but their absence on the majority of AJAX handlers negates much of this benefit.

Overall, the plugin's clean vulnerability history is a strong positive, suggesting a lack of historically exploitable flaws. However, the current static analysis reveals significant immediate risks that outweigh the absence of past issues. The primary weakness lies in its unprotected attack surface, making it a potential target for attackers to exploit the AJAX endpoints.

Key Concerns

  • AJAX handlers without authentication checks
  • Flows with unsanitized paths
  • Output escaping not properly implemented for all outputs
Vulnerabilities
None known

pd Woo Tracking Order Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

pd Woo Tracking Order Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
26
45 escaped
Nonce Checks
4
Capability Checks
3
File Operations
2
External Requests
0
Bundled Libraries
0

Output Escaping

63% escaped71 total outputs
Data Flows
4 unsanitized

Data Flow Analysis

6 flows4 with unsanitized paths
pd_woo_order_metabox_save_cb (ajax\save-order-metabox.php:6)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
6 unprotected

pd Woo Tracking Order Attack Surface

Entry Points6
Unprotected6

AJAX Handlers 6

authwp_ajax_pd_woo_order_status_menu_orderajax\change-status-order.php:3
noprivwp_ajax_pd_woo_order_status_menu_orderajax\change-status-order.php:4
authwp_ajax_pd_woo_order_metabox_saveajax\save-order-metabox.php:3
noprivwp_ajax_pd_woo_order_metabox_saveajax\save-order-metabox.php:4
authwp_ajax_pd_woo_order_change_visibilityajax\status-visibility.php:3
noprivwp_ajax_pd_woo_order_change_visibilityajax\status-visibility.php:4
WordPress Hooks 24
filtermanage_pd_tracking_order_posts_columnsadmin\custom-column\order-status.php:4
actionmanage_pd_tracking_order_posts_custom_columnadmin\custom-column\order-status.php:25
actionadmin_enqueue_scriptsclass\class-admin.php:25
actioninitclass\class-admin.php:27
actionadmin_menuclass\class-admin.php:28
actionadd_meta_boxesclass\class-admin.php:30
actionsave_postclass\class-admin.php:31
actionsave_postclass\class-admin.php:32
filtergettextclass\class-admin.php:34
filterthe_titleclass\class-admin.php:35
actionadmin_menuclass\class-admin.php:37
actionpost_row_actionsclass\class-admin.php:40
filterpost_updated_messagesclass\class-admin.php:45
actionwoocommerce_thankyouclass\class-email.php:18
actionwp_enqueue_scriptsclass\class-front.php:19
actionwp_headclass\class-front.php:20
actionwoocommerce_view_orderclass\class-front.php:25
actionwoocommerce_thankyouclass\class-front.php:29
actionadmin_initpd-woo-tracking-order.php:70
actionplugins_loadedpd-woo-tracking-order.php:71
actionpre_get_postspd-woo-tracking-order.php:74
actionadmin_noticespd-woo-tracking-order.php:105
actionadmin_initpd-woo-tracking-order.php:126
filterplugin_action_linkspd-woo-tracking-order.php:127
Maintenance & Trust

pd Woo Tracking Order Maintenance & Trust

Maintenance Signals

WordPress version tested5.8.13
Last updatedOct 8, 2021
PHP min version5.6
Downloads73K

Community Trust

Rating100/100
Number of ratings3
Active installs70
Alternatives

pd Woo Tracking Order Alternatives

Orders Tracking for WooCommerce

Orders Tracking for WooCommerce

woo-orders-tracking

A
98

Easily import/manage your tracking numbers, add tracking numbers to PayPal and send email notifications to customers.

10K 3 CVEs
Order Tracking – WordPress Status Tracking Plugin

Order Tracking – WordPress Status Tracking Plugin

order-tracking

A
98

Order tracking, status and project management plugin. Create tickets and tracking numbers. Send email updates. Works standalone and with WooCommerce.

3K 3 CVEs
Advanced Shipment Tracking for WooCommerce

Advanced Shipment Tracking for WooCommerce

woo-advanced-shipment-tracking

A
98

Add shipment tracking info to WooCommerce orders, send tracking numbers to customers via email, and let them track deliveries from My Account.

60K 2 CVEs
AfterShip Tracking – All-In-One WooCommerce Order Tracking (Free plan available)

AfterShip Tracking – All-In-One WooCommerce Order Tracking (Free plan available)

aftership-woocommerce-tracking

A
99

Track orders in one place. shipment tracking, automated notifications, order lookup, branded tracking page, delivery day prediction

8K 1 CVE
ParcelWILL (Formerly ParcelPanel) – Shipment Tracking, Tracking & Order Tracking for WooCommerce

ParcelWILL (Formerly ParcelPanel) – Shipment Tracking, Tracking & Order Tracking for WooCommerce

parcelpanel

A
96

Free Plan Available. Order Tracking, Shipment Tracking. The best WooCommerce Order Tracker for Track Order Status & Delivery Notifications

8K 2 CVEs
Developer Profile

pd Woo Tracking Order Developer Profile

Proficient Designers

2 plugins · 90 total installs

89
trust score
Avg Security Score
93/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect pd Woo Tracking Order

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/pd-woo-tracking-order/admin/assets/css/custom-admin.css/wp-content/plugins/pd-woo-tracking-order/admin/assets/js/custom-admin.js/wp-content/plugins/pd-woo-tracking-order/assets/css/style.css/wp-content/plugins/pd-woo-tracking-order/assets/js/script.js
Version Parameters
pd-woo-tracking-order/admin/assets/css/custom-admin.css?ver=pd-woo-tracking-order/admin/assets/js/custom-admin.js?ver=pd-woo-tracking-order/assets/css/style.css?ver=pd-woo-tracking-order/assets/js/script.js?ver=

HTML / DOM Fingerprints

CSS Classes
pd-tracking-order-tracking-detailspd-tracking-order-tracking-formpd-tracking-order-input-fieldpd-tracking-order-buttonpd-tracking-order-status-update
Data Attributes
data-pd-tracking-order-id
JS Globals
pd_woo_tracking_order_ajax_object
FAQ

Frequently Asked Questions about pd Woo Tracking Order