WP-Safety

Revoker for WooCommerce Security & Risk Analysis

wordpress.org/plugins/revoker-for-woocommerce

EU-compliant withdrawal button for WooCommerce – enables customers to easily revoke orders in accordance with EU Directive 2023/2673.

30 active installs v1.0.4 PHP 7.4+ WP 6.0+ Updated Feb 17, 2026
consumer-rightseurevocationwithdrawalwoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Revoker for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Revoker for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago
Risk Assessment

The "revoker-for-woocommerce" plugin exhibits a generally strong security posture based on the provided static analysis. The plugin effectively utilizes WordPress's security mechanisms, with a high percentage of SQL queries using prepared statements and a significant majority of output being properly escaped. The presence of nonce and capability checks on its entry points is commendable, indicating an effort to prevent common attack vectors.

However, a significant concern arises from the taint analysis, which identified 4 flows with unsanitized paths. Although no critical or high severity vulnerabilities were explicitly detailed for these flows, the presence of unsanitized data entering the system is a potential risk. Furthermore, while the plugin has no recorded vulnerability history, this could be due to its relatively small attack surface or a lack of historical scrutiny. The sole file operation is also a point to monitor for potential vulnerabilities if not handled with extreme care.

In conclusion, "revoker-for-woocommerce" v1.0.4 demonstrates good development practices in several key areas, particularly in SQL query handling and output escaping. The absence of known CVEs is a positive sign. The primary area requiring attention is the taint analysis results, which indicate a potential for vulnerabilities related to unsanitized data. Addressing these specific flows and ensuring robust sanitization for the file operation is crucial for maintaining a secure plugin.

Key Concerns

  • Flows with unsanitized paths found in taint analysis
  • File operations present
Vulnerabilities
None known

Revoker for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Revoker for WooCommerce Release Timeline

v1.0.4Current
v1.0.3
Code Analysis
Analyzed Mar 16, 2026

Revoker for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
15 prepared
Unescaped Output
17
396 escaped
Nonce Checks
7
Capability Checks
4
File Operations
1
External Requests
0
Bundled Libraries
0

SQL Query Safety

88% prepared17 total queries

Output Escaping

96% escaped413 total outputs
Data Flows · Security
4 unsanitized

Data Flow Analysis

5 flows4 with unsanitized paths
<class-database> (includes\class-database.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Revoker for WooCommerce Attack Surface

Entry Points14
Unprotected0

AJAX Handlers 11

authwp_ajax_revoker_download_pdfincludes\class-pdf-generator.php:26
noprivwp_ajax_revoker_download_pdfincludes\class-pdf-generator.php:27
authwp_ajax_revoker_dismiss_pro_noticeincludes\class-pro-bridge.php:71
authwp_ajax_revoker_initiate_withdrawalrevoker-for-woocommerce.php:152
noprivwp_ajax_revoker_initiate_withdrawalrevoker-for-woocommerce.php:153
authwp_ajax_revoker_confirm_withdrawalrevoker-for-woocommerce.php:154
noprivwp_ajax_revoker_confirm_withdrawalrevoker-for-woocommerce.php:155
authwp_ajax_revoker_get_withdrawal_formrevoker-for-woocommerce.php:156
noprivwp_ajax_revoker_get_withdrawal_formrevoker-for-woocommerce.php:157
authwp_ajax_revoker_search_orderrevoker-for-woocommerce.php:158
noprivwp_ajax_revoker_search_orderrevoker-for-woocommerce.php:159

Shortcodes 3

[revoker_for_woocommerce] revoker-for-woocommerce.php:168
[revoker_widerrufsformular] revoker-for-woocommerce.php:169
[revoker_widerrufsbelehrung] revoker-for-woocommerce.php:170
WordPress Hooks 31
actionadmin_menuincludes\class-admin-settings.php:19
actionadmin_initincludes\class-admin-settings.php:20
actionadmin_enqueue_scriptsincludes\class-admin-settings.php:21
filtermanage_edit-shop_order_columnsincludes\class-admin-settings.php:27
actionmanage_shop_order_posts_custom_columnincludes\class-admin-settings.php:28
filtermanage_woocommerce_page_wc-orders_columnsincludes\class-admin-settings.php:31
actionmanage_woocommerce_page_wc-orders_custom_columnincludes\class-admin-settings.php:32
actioninitincludes\class-blocks.php:19
filterblock_categories_allincludes\class-blocks.php:20
actionadmin_noticesincludes\class-pro-bridge.php:62
filterrevoker_admin_tabsincludes\class-pro-bridge.php:65
actionadmin_enqueue_scriptsincludes\class-pro-bridge.php:74
filterrevoker_is_withdrawal_allowedincludes\class-pro-bridge.php:139
actionrevoker_withdrawal_processedincludes\class-pro-bridge.php:142
actionrevoker_withdrawal_completedincludes\class-pro-bridge.php:143
actionrevoker_withdrawal_cancelledincludes\class-pro-bridge.php:144
filterrevoker_confirmation_email_subjectincludes\class-pro-bridge.php:147
filterrevoker_confirmation_email_messageincludes\class-pro-bridge.php:148
filterrevoker_admin_notification_subjectincludes\class-pro-bridge.php:149
filterrevoker_admin_notification_messageincludes\class-pro-bridge.php:150
actionrevoker_admin_settings_afterincludes\class-pro-bridge.php:153
actionbefore_woocommerce_initrevoker-for-woocommerce.php:33
actionadmin_noticesrevoker-for-woocommerce.php:105
actioninitrevoker-for-woocommerce.php:143
actioninitrevoker-for-woocommerce.php:146
actionwp_enqueue_scriptsrevoker-for-woocommerce.php:149
actionwoocommerce_order_details_after_order_tablerevoker-for-woocommerce.php:162
actionwoocommerce_email_after_order_tablerevoker-for-woocommerce.php:165
actionwp_footerrevoker-for-woocommerce.php:173
filterwc_order_statusesrevoker-for-woocommerce.php:293
actionplugins_loadedrevoker-for-woocommerce.php:936
Maintenance & Trust

Revoker for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 17, 2026
PHP min version7.4
Downloads313

Community Trust

Rating0/100
Number of ratings0
Active installs30
Alternatives

Revoker for WooCommerce Alternatives

EU Order Withdrawal Button for WooCommerce

EU Order Withdrawal Button for WooCommerce

eu-order-withdrawal-button-for-woocommerce

A
100

This plugin helps to comply with the latest EU directive 2023/2673 by embedding a withdrawal button within your WooCommerce store.

30 No CVEs
nnax Withdrawal

nnax Withdrawal

nnax-withdrawal

A
100

Two-step withdrawal form flow for WordPress and WooCommerce with email confirmations and backend tracking.

0 No CVEs
Germanized for WooCommerce

Germanized for WooCommerce

woocommerce-germanized

A
98

Germanized extends WooCommerce to become a legally compliant shop for the german market. Must Have for every german WooCommerce shop owner.

70K 2 CVEs
One Stop Shop for WooCommerce

One Stop Shop for WooCommerce

one-stop-shop-woocommerce

A
100

The One Stop Shop compliance helper allows you to easily monitor your One Stop Shop delivery threshold within WooCommerce and generate detailed tax re &hellip;

10K No CVEs
MyCryptoCheckout – Bitcoin, Ethereum, and 100+ altcoins for WooCommerce

MyCryptoCheckout – Bitcoin, Ethereum, and 100+ altcoins for WooCommerce

mycryptocheckout

A
99

Cryptocurrency payment gateway for WooCommerce and Easy Digital Downloads. Accept 100+ coins: Bitcoin, Ethereum, BNB, Solana. Peer2Peer transactions.

8K 2 CVEs
Developer Profile

Revoker for WooCommerce Developer Profile

KOMMERS GmbH

1 plugin · 30 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Revoker for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/revoker-for-woocommerce/assets/css/admin.css/wp-content/plugins/revoker-for-woocommerce/assets/css/frontend.css/wp-content/plugins/revoker-for-woocommerce/assets/js/admin.js/wp-content/plugins/revoker-for-woocommerce/assets/js/frontend.js/wp-content/plugins/revoker-for-woocommerce/assets/js/script.js/wp-content/plugins/revoker-for-woocommerce/assets/js/vendors/vue.js
Script Paths
/wp-content/plugins/revoker-for-woocommerce/assets/js/admin.js/wp-content/plugins/revoker-for-woocommerce/assets/js/frontend.js/wp-content/plugins/revoker-for-woocommerce/assets/js/script.js/wp-content/plugins/revoker-for-woocommerce/assets/js/vendors/vue.js
Version Parameters
revoker-for-woocommerce/assets/css/admin.css?ver=revoker-for-woocommerce/assets/css/frontend.css?ver=revoker-for-woocommerce/assets/js/admin.js?ver=revoker-for-woocommerce/assets/js/frontend.js?ver=revoker-for-woocommerce/assets/js/script.js?ver=revoker-for-woocommerce/assets/js/vendors/vue.js?ver=

HTML / DOM Fingerprints

CSS Classes
revoker-withdrawal-buttonrevoker-modal-overlayrevoker-modal-contentrevoker-modal-headerrevoker-modal-bodyrevoker-modal-footerrevoker-order-history-withdrawalrevoker-withdrawal-form+1 more
HTML Comments
Revoker for WooCommerce - Withdrawal ButtonRevoker for WooCommerce - Withdrawal FormRevoker for WooCommerce - Withdrawal Policy
Data Attributes
data-revoker-order-iddata-revoker-ajax-url
JS Globals
RevokerFrontendRevokerAdminRevokerApp
REST Endpoints
/wp-json/revoker/v1/initiate-withdrawal/wp-json/revoker/v1/confirm-withdrawal/wp-json/revoker/v1/get-withdrawal-form/wp-json/revoker/v1/search-order
Shortcode Output
[revoker_for_woocommerce][revoker_widerrufsformular][revoker_widerrufsbelehrung]
FAQ

Frequently Asked Questions about Revoker for WooCommerce