WP-Safety

Pre-Orders for WooCommerce Security & Risk Analysis

wordpress.org/plugins/pre-orders-for-woocommerce

Ultimate Pre-Orders Plugin for WooCommerce.

7K active installs v2.3 PHP 7.4+ WP 5.0+ Updated Nov 30, 2025
pre-orderpre-orderspreorderpreorders
100
A · Safe
CVEs total1
Unpatched0
Last CVEOct 26, 2023
Plugin page Download
Safety Verdict

Is Pre-Orders for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Pre-Orders for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Oct 26, 2023Updated 4mo ago
Risk Assessment

The "pre-orders-for-woocommerce" plugin version 2.3 exhibits a generally strong security posture based on the provided static analysis. The plugin has a reasonable attack surface, with all identified entry points (AJAX handlers, shortcodes, cron events) appearing to have authentication checks. The code analysis reveals no dangerous functions, all SQL queries utilize prepared statements, and file operations and external HTTP requests are absent, which are all positive indicators. The presence of numerous nonce and capability checks further reinforces the security implementation. However, a concerning aspect is that only 69% of output is properly escaped, leaving a significant portion potentially vulnerable to cross-site scripting (XSS) if not handled carefully by other layers of defense. The vulnerability history indicates one past medium-severity XSS vulnerability, which was patched. While the lack of unpatched vulnerabilities and critical/high taint flows is reassuring, the recurring pattern of XSS suggests that output escaping remains a persistent area requiring careful development and review.

Key Concerns

  • Significant portion of output not properly escaped
  • Past medium severity XSS vulnerability
Vulnerabilities
1

Pre-Orders for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2023-46783medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Pre-Orders for WooCommerce <= 1.2.13 - Authenticated (Contributor+) Stored Cross-Site Scripting

Oct 26, 2023 Patched in 1.2.14 (89d)
Code Analysis
Analyzed Mar 16, 2026

Pre-Orders for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
2 prepared
Unescaped Output
255
580 escaped
Nonce Checks
12
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared2 total queries

Output Escaping

69% escaped835 total outputs
Data Flows
All sanitized

Data Flow Analysis

3 flows
csf_export (includes\codestar-framework\functions\actions.php:62)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Pre-Orders for WooCommerce Attack Surface

Entry Points6
Unprotected0

AJAX Handlers 5

authwp_ajax_csf-get-iconsincludes\codestar-framework\functions\actions.php:50
authwp_ajax_csf-exportincludes\codestar-framework\functions\actions.php:87
authwp_ajax_csf-importincludes\codestar-framework\functions\actions.php:123
authwp_ajax_csf-resetincludes\codestar-framework\functions\actions.php:150
authwp_ajax_csf-chosenincludes\codestar-framework\functions\actions.php:189

Shortcodes 1

[preorder_products] src\Bootstrap.php:41
WordPress Hooks 100
filterpreorder_avaiable_date_textelementor\widgets\available-date.php:149
actionwp_enqueue_scriptsincludes\codestar-framework\classes\abstract.class.php:21
actionadmin_menuincludes\codestar-framework\classes\admin-options.class.php:107
actionadmin_bar_menuincludes\codestar-framework\classes\admin-options.class.php:108
actionnetwork_admin_menuincludes\codestar-framework\classes\admin-options.class.php:112
filteradmin_footer_textincludes\codestar-framework\classes\admin-options.class.php:432
actionadd_meta_boxes_commentincludes\codestar-framework\classes\comment-options.class.php:38
actionedit_commentincludes\codestar-framework\classes\comment-options.class.php:39
actioncustomize_registerincludes\codestar-framework\classes\customize-options.class.php:44
actioncustomize_save_afterincludes\codestar-framework\classes\customize-options.class.php:45
actionwp_enqueue_scriptsincludes\codestar-framework\classes\customize-options.class.php:49
actionadd_meta_boxesincludes\codestar-framework\classes\metabox-options.class.php:50
actionsave_postincludes\codestar-framework\classes\metabox-options.class.php:51
actionedit_attachmentincludes\codestar-framework\classes\metabox-options.class.php:52
actionwp_nav_menu_item_custom_fieldsincludes\codestar-framework\classes\nav-menu-options.class.php:32
actionwp_update_nav_menu_itemincludes\codestar-framework\classes\nav-menu-options.class.php:33
filterwp_edit_nav_menu_walkerincludes\codestar-framework\classes\nav-menu-options.class.php:35
actionadmin_initincludes\codestar-framework\classes\profile-options.class.php:32
actionshow_user_profileincludes\codestar-framework\classes\profile-options.class.php:44
actionedit_user_profileincludes\codestar-framework\classes\profile-options.class.php:45
actionpersonal_options_updateincludes\codestar-framework\classes\profile-options.class.php:47
actionedit_user_profile_updateincludes\codestar-framework\classes\profile-options.class.php:48
actionafter_setup_themeincludes\codestar-framework\classes\setup.class.php:73
actioninitincludes\codestar-framework\classes\setup.class.php:74
actionswitch_themeincludes\codestar-framework\classes\setup.class.php:75
actionadmin_enqueue_scriptsincludes\codestar-framework\classes\setup.class.php:76
actionwp_enqueue_scriptsincludes\codestar-framework\classes\setup.class.php:77
actionwp_headincludes\codestar-framework\classes\setup.class.php:78
filteradmin_body_classincludes\codestar-framework\classes\setup.class.php:79
actionadmin_footerincludes\codestar-framework\classes\shortcode-options.class.php:47
actioncustomize_controls_print_footer_scriptsincludes\codestar-framework\classes\shortcode-options.class.php:48
actionelementor/editor/before_enqueue_scriptsincludes\codestar-framework\classes\shortcode-options.class.php:59
actionelementor/editor/footerincludes\codestar-framework\classes\shortcode-options.class.php:60
actionelementor/editor/footerincludes\codestar-framework\classes\shortcode-options.class.php:61
actionenqueue_block_editor_assetsincludes\codestar-framework\classes\shortcode-options.class.php:258
actionmedia_buttonsincludes\codestar-framework\classes\shortcode-options.class.php:262
actionadmin_initincludes\codestar-framework\classes\taxonomy-options.class.php:41
actionadmin_footerincludes\codestar-framework\fields\icon\icon.php:41
actioncustomize_controls_print_footer_scriptsincludes\codestar-framework\fields\icon\icon.php:42
actionadmin_print_footer_scriptsincludes\codestar-framework\fields\link\link.php:65
actionprint_default_editor_scriptsincludes\codestar-framework\fields\wp_editor\wp_editor.php:62
actionadmin_menuincludes\codestar-framework\views\welcome.php:19
filterplugin_action_linksincludes\codestar-framework\views\welcome.php:20
filterplugin_row_metaincludes\codestar-framework\views\welcome.php:21
filterpreorder_avaiable_date_textincludes\elementor\widgets\available-date.php:149
actionbefore_woocommerce_initmain.php:37
actionadmin_noticesmain.php:126
actionplugins_loadedmain.php:156
actionwp_enqueue_scriptssrc\Blocks\Checkout\CheckoutBlocks.php:22
actionwoocommerce_blocks_loadedsrc\Blocks\Checkout\CheckoutBlocks.php:24
actionwoocommerce_store_api_checkout_update_order_from_requestsrc\Blocks\Checkout\CheckoutBlocks.php:26
actionadmin_initsrc\Bootstrap.php:30
actionadmin_enqueue_scriptssrc\Bootstrap.php:31
actionadmin_enqueue_scriptssrc\Bootstrap.php:32
actionwp_enqueue_scriptssrc\Bootstrap.php:33
actionwp_enqueue_scriptssrc\Bootstrap.php:34
actionadmin_noticessrc\Bootstrap.php:36
filterwoocommerce_email_classessrc\Bootstrap.php:37
actionadmin_noticessrc\Bootstrap.php:38
actionadmin_initsrc\Bootstrap.php:39
filterplugin_row_metasrc\Bootstrap.php:40
filterwoocommerce_add_to_cart_validationsrc\Checkout.php:24
actionwoocommerce_checkout_update_order_metasrc\Checkout.php:27
actionwoocommerce_order_status_changedsrc\Checkout.php:28
filterwoocommerce_payment_complete_order_statussrc\Checkout.php:29
filterwoocommerce_billing_fieldssrc\Checkout.php:30
actionwoocommerce_payment_completesrc\Checkout.php:32
filterwoocommerce_cod_process_payment_order_statussrc\Checkout.php:33
actionelementor/widgets/registersrc\Elementor.php:9
actionwoocommerce_order_status_pending_to_pre-ordered_notificationsrc\emails\class-wc-email-customer-preorder.php:42
actionwoocommerce_order_status_failed_to_pre-ordered_notificationsrc\emails\class-wc-email-customer-preorder.php:43
actionwoocommerce_order_status_cancelled_to_pre-ordered_notificationsrc\emails\class-wc-email-customer-preorder.php:44
actionwoocommerce_after_cart_item_namesrc\Notices.php:10
filterwoocommerce_widget_cart_item_quantitysrc\Notices.php:11
actionwoocommerce_before_cartsrc\Notices.php:16
filtermanage_edit-shop_order_columnssrc\Order.php:8
actionmanage_shop_order_posts_custom_columnsrc\Order.php:9
filtermanage_woocommerce_page_wc-orders_columnssrc\Order.php:10
actionmanage_woocommerce_page_wc-orders_custom_columnsrc\Order.php:11
actionwoocommerce_order_item_meta_endsrc\Order.php:12
filterwoocommerce_get_availability_textsrc\Pages\ProductPage.php:19
actionadmin_menusrc\Settings.php:13
actionadmin_menusrc\Settings.php:14
actioninitsrc\Settings.php:17
actioncsf_bp_preorder_save_aftersrc\Settings.php:20
filtercosmbp_advertising_placesrc\Settings.php:390
filterwoocommerce_product_add_to_cart_textsrc\Shop.php:16
filterwoocommerce_product_single_add_to_cart_textsrc\Shop.php:17
filterwoocommerce_available_variationsrc\Shop.php:18
actionwoocommerce_before_add_to_cart_formsrc\Shop.php:19
actionpreorder_product_loop_wrappersrc\Shop.php:20
actionwoocommerce_after_shop_loop_itemsrc\Shop.php:21
actionwoocommerce_before_single_product_summarysrc\Shop.php:25
filterinitsrc\StatusManager.php:194
filterwc_order_statusessrc\StatusManager.php:195
actioncheck_for_released_preorderssrc\Sync.php:11
actionwoocommerce_product_after_variable_attributessrc\Tabs.php:9
actionwoocommerce_product_options_stock_statussrc\Tabs.php:12
actionwoocommerce_save_product_variationsrc\Tabs.php:14
actionwoocommerce_process_product_metasrc\Tabs.php:15

Scheduled Events 1

check_for_released_preorders
Maintenance & Trust

Pre-Orders for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedNov 30, 2025
PHP min version7.4
Downloads163K

Community Trust

Rating88/100
Number of ratings65
Active installs7K
Alternatives

Pre-Orders for WooCommerce Alternatives

Pre-Orders – Extended Stock Status for WooCommerce

Pre-Orders – Extended Stock Status for WooCommerce

pre-orders-wc

A
100

Just another product stock status for your WooCommerce store.

30 No CVEs
Pre-Orders for WooCommerce – PreCart

Pre-Orders for WooCommerce – PreCart

precart

A
100

Easily enable preorders for your WooCommerce store. Allow customers to pre-order products, set release dates, accept payments, and manage everything f &hellip;

10 No CVEs
Bizzorder – Pre Order for WooCommerce

Bizzorder – Pre Order for WooCommerce

bizzorder

A
100

Simple and lightweight Pre-Order plugin for WooCommerce. Allow customers to pre-order products before they are available.

0 No CVEs
Pre-Orders, Product Labels, Buy Now, Quick View, Discount Rules and More for WooCommerce – Merchant

Pre-Orders, Product Labels, Buy Now, Quick View, Discount Rules and More for WooCommerce – Merchant

merchant

A
100

Enhance your WooCommerce store with 40+ modules including Pre-Orders, Product Labels, Buy Now, Quick View & more

10K No CVEs
YITH Pre-Order for WooCommerce

YITH Pre-Order for WooCommerce

yith-pre-order-for-woocommerce

A
99

Let your customers buy products before they are released and generate cash flow in advance to cover costs.

6K 1 CVE
Developer Profile

Pre-Orders for WooCommerce Developer Profile

brightvesseldev

15 plugins · 49K total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
277 days
View full developer profile
Detection Fingerprints

How We Detect Pre-Orders for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/pre-orders-for-woocommerce/assets/css/admin-order-list.css/wp-content/plugins/pre-orders-for-woocommerce/assets/css/admin-product-list.css/wp-content/plugins/pre-orders-for-woocommerce/assets/css/backend.css/wp-content/plugins/pre-orders-for-woocommerce/assets/css/frontend.css/wp-content/plugins/pre-orders-for-woocommerce/assets/css/frontend.css.map/wp-content/plugins/pre-orders-for-woocommerce/assets/js/admin-product-list.js/wp-content/plugins/pre-orders-for-woocommerce/assets/js/backend.js/wp-content/plugins/pre-orders-for-woocommerce/assets/js/frontend.js+1 more
Script Paths
/wp-content/plugins/pre-orders-for-woocommerce/assets/js/admin-product-list.js/wp-content/plugins/pre-orders-for-woocommerce/assets/js/backend.js/wp-content/plugins/pre-orders-for-woocommerce/assets/js/frontend.js
Version Parameters
/wp-content/plugins/pre-orders-for-woocommerce/assets/css/admin-order-list.css?ver=/wp-content/plugins/pre-orders-for-woocommerce/assets/css/admin-product-list.css?ver=/wp-content/plugins/pre-orders-for-woocommerce/assets/css/backend.css?ver=/wp-content/plugins/pre-orders-for-woocommerce/assets/css/frontend.css?ver=/wp-content/plugins/pre-orders-for-woocommerce/assets/js/admin-product-list.js?ver=/wp-content/plugins/pre-orders-for-woocommerce/assets/js/backend.js?ver=/wp-content/plugins/pre-orders-for-woocommerce/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
pf-preorderpf-preorder-product-statuspf-preorder-product-messagepf-preorder-product-availabilitypf-preorder-product-release-datepf-preorder-product-backorders-messagepf-preorder-order-statuspf-preorder-order-date+4 more
HTML Comments
<!-- Pre-Orders for WooCommerce: Frontend Scripts --><!-- Pre-Orders for WooCommerce: Backend Scripts --><!-- Pre-Orders for WooCommerce: Admin Product List Scripts -->
Data Attributes
data-product-iddata-backorders-statusdata-preorder-statusdata-backorder-messagedata-release-datedata-shipping-date+2 more
JS Globals
WCPO_FrontEndWCPO_BackEndWCPO_ProductList
FAQ

Frequently Asked Questions about Pre-Orders for WooCommerce