WP-Safety

Sales Report for WooCommerce Security & Risk Analysis

wordpress.org/plugins/sales-report-for-woocommerce

Sales Report for WooCommerce generates daily, weekly and monthly sales report

1K active installs v3.6.2.5 PHP 7.0+ WP 5.0+ Updated Apr 15, 2026
analyticsemail-reportreportingsales-reportwoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Sales Report for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Sales Report for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The "sales-report-for-woocommerce" plugin exhibits a generally good security posture based on the provided static analysis and vulnerability history. The plugin demonstrates strong adherence to security best practices, with all identified entry points (AJAX handlers, REST API routes, shortcodes) appearing to have proper authorization checks. Furthermore, SQL queries are exclusively executed using prepared statements, and a robust number of nonce and capability checks are present, indicating a proactive approach to preventing common WordPress attacks.

However, there are specific areas of concern that warrant attention. The presence of the `unserialize` function is a significant risk, as it can lead to object injection vulnerabilities if used with untrusted input. While the taint analysis found no unsanitized paths, the inherent danger of `unserialize` remains. Additionally, the output escaping rate is only 42%, meaning a substantial portion of outputs are not properly escaped, which could lead to Cross-Site Scripting (XSS) vulnerabilities.

The absence of any recorded CVEs, especially over an extended period, suggests the plugin has been relatively secure in the past. However, this does not guarantee future security. The combination of the `unserialize` function and the low output escaping rate presents a latent risk that could be exploited if malicious data is introduced into the system. Overall, while the plugin has a solid foundation, these specific weaknesses require mitigation to ensure a truly secure user experience.

Key Concerns

  • Unescaped output detected (42% properly escaped)
  • Dangerous function: unserialize detected
Vulnerabilities
None known

Sales Report for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Sales Report for WooCommerce Release Timeline

v3.6.2.5Current
v3.6.2.4
v3.6.2.3
v3.6.2.2
v3.6.2.1
v3.6.1
v3.6
v3.5.9
v3.5.8
v3.5.7.8
v3.5.7.7
v3.5.7.6
v3.5.7.5
v3.5.7.4
v3.5.7.3
v3.5.7.2
v3.5.7.1
v3.5.7
v3.5.6
v3.5.5
Code Analysis
Analyzed Mar 16, 2026

Sales Report for WooCommerce Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
0 prepared
Unescaped Output
136
99 escaped
Nonce Checks
14
Capability Checks
23
File Operations
4
External Requests
5
Bundled Libraries
0

Dangerous Functions Found

unserialize$error_log = unserialize(preg_replace('/R:\d+/', 's:18:"RECURSION DETECTED"', serialize(self::$errorberocket\includes\updater.php:128

Output Escaping

42% escaped235 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

8 flows
<framework> (berocket\framework.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Sales Report for WooCommerce Attack Surface

Entry Points13
Unprotected0

AJAX Handlers 12

authwp_ajax_brfr_get_export_settingsberocket\includes\admin\import_export.php:5
authwp_ajax_brfr_set_import_settingsberocket\includes\admin\import_export.php:6
authwp_ajax_brfr_get_import_backupsberocket\includes\admin\import_export.php:7
authwp_ajax_brfr_restore_import_backupsberocket\includes\admin\import_export.php:8
authwp_ajax_berocket_admin_close_noticeberocket\includes\admin_notices.php:1199
authwp_ajax_berocket_subscribe_emailberocket\includes\admin_notices.php:1200
authwp_ajax_berocket_rate_stars_closeberocket\includes\admin_notices.php:1208
authwp_ajax_berocket_feature_request_sendberocket\includes\admin_notices.php:1209
authwp_ajax_berocket_error_notices_getberocket\includes\error_notices.php:5
authwp_ajax_berocket_information_close_noticeberocket\includes\information_notices.php:198
authwp_ajax_br_test_keyberocket\includes\updater.php:46
authwp_ajax_br_test_keysberocket\includes\updater.php:47

Shortcodes 1

[br_sales_report_part] main.php:66
WordPress Hooks 108
filterplugins_listberocket\framework.php:84
filterBeRocket_updater_add_pluginberocket\framework.php:105
filterberocket_admin_notices_rate_stars_pluginsberocket\framework.php:106
actioninitberocket\framework.php:107
actioninitberocket\framework.php:110
actionwp_headberocket\framework.php:111
actionwp_footerberocket\framework.php:112
actionadmin_initberocket\framework.php:113
actionadmin_menuberocket\framework.php:114
actionadmin_enqueue_scriptsberocket\framework.php:115
actionberocket_enqueue_mediaberocket\framework.php:116
filterplugin_row_metaberocket\framework.php:122
filteris_berocket_settings_pageberocket\framework.php:123
actionplugins_loadedberocket\framework.php:128
actionsanitize_comment_cookiesberocket\framework.php:129
actioninstall_plugins_pre_plugin-informationberocket\framework.php:130
filterberocket_admin_notices_subscribe_pluginsberocket\framework.php:132
filterBeRocket_admin_init_user_capabilitiesberocket\framework.php:135
filterberocket_sanitize_array_predefineberocket\framework.php:136
filterberocket_sanitize_array_ksesberocket\framework.php:137
filterberocket_sanitize_array_ksesberocket\framework.php:140
actionbefore_woocommerce_initberocket\framework.php:150
filterloop_shop_per_pageberocket\framework.php:391
actionupgrader_process_completeberocket\framework.php:499
actionadmin_footerberocket\framework.php:1158
actionwp_footerberocket\framework.php:1159
actionadmin_initberocket\framework.php:1273
actionadmin_bar_menuberocket\includes\admin\admin_bar.php:8
actionwp_footerberocket\includes\admin\admin_bar.php:9
filterberocket_admin_bar_plugins_databerocket\includes\admin\admin_bar.php:149
actionBeRocket_framework_updater_account_form_afterberocket\includes\admin\import_export.php:4
filterberocket_admin_notice_is_display_noticeberocket\includes\admin_notices.php:75
filterberocket_admin_notice_is_display_notice_priorityberocket\includes\admin_notices.php:76
actionadmin_noticesberocket\includes\admin_notices.php:1198
actionadmin_noticesberocket\includes\admin_notices.php:1207
actionberocket_rate_plugin_windowberocket\includes\admin_notices.php:1210
actionberocket_related_plugins_windowberocket\includes\admin_notices.php:1211
actionberocket_above_admin_settingsberocket\includes\admin_notices.php:1212
actionberocket_feature_request_windowberocket\includes\admin_notices.php:1213
actionadmin_footerberocket\includes\admin_notices.php:1285
actionadmin_footerberocket\includes\admin_notices.php:1493
actionadmin_footerberocket\includes\admin_notices.php:1922
actionadmin_footerberocket\includes\admin_notices.php:2079
actioninitberocket\includes\custom_post\enable_disable.php:9
actionadmin_initberocket\includes\custom_post\enable_disable.php:10
actionpost_action_enableberocket\includes\custom_post\enable_disable.php:13
actionpost_action_disableberocket\includes\custom_post\enable_disable.php:14
filterpost_classberocket\includes\custom_post\enable_disable.php:16
filterpre_get_postsberocket\includes\custom_post\enable_disable.php:18
actionpre_get_postsberocket\includes\custom_post\sortable.php:22
actionin_admin_footerberocket\includes\custom_post\sortable.php:117
actioninitberocket\includes\custom_post.php:58
filterinitberocket\includes\custom_post.php:59
filteradmin_initberocket\includes\custom_post.php:60
filterwp_insert_post_databerocket\includes\custom_post.php:61
filterBeRocket_admin_init_user_capabilitiesberocket\includes\custom_post.php:71
actionadd_meta_boxesberocket\includes\custom_post.php:128
actionsave_postberocket\includes\custom_post.php:129
filterpost_row_actionsberocket\includes\custom_post.php:130
filterlist_table_primary_columnberocket\includes\custom_post.php:131
actionadmin_enqueue_scriptsberocket\includes\custom_post.php:133
filteris_berocket_settings_pageberocket\includes\custom_post.php:135
actionadmin_footerberocket\includes\custom_post.php:162
actionadmin_noticesberocket\includes\information_notices.php:197
actionadmin_initberocket\includes\updater.php:18
filterwoocommerce_addons_sectionsberocket\includes\updater.php:27
filteris_berocket_settings_pageberocket\includes\updater.php:28
actionadmin_footerberocket\includes\updater.php:30
actionadmin_headberocket\includes\updater.php:39
actionadmin_menuberocket\includes\updater.php:40
actionadmin_menuberocket\includes\updater.php:41
actionnetwork_admin_menuberocket\includes\updater.php:42
actionadmin_initberocket\includes\updater.php:43
filterpre_set_site_transient_update_pluginsberocket\includes\updater.php:44
filterplugins_api_resultberocket\includes\updater.php:45
filterhttp_request_host_is_externalberocket\includes\updater.php:48
actionadmin_footerberocket\includes\updater.php:51
actionwp_footerberocket\includes\updater.php:52
filterberocket_display_additional_noticesberocket\includes\updater.php:92
filtercustom_menu_orderberocket\includes\updater.php:98
filterberocket_admin_notice_is_display_noticeberocket\includes\updater.php:102
filterberocket_admin_notice_is_display_notice_priorityberocket\includes\updater.php:103
filterplugins_api_resultberocket\includes\updater.php:109
actioninitberocket\includes\updater.php:1413
actionadmin_enqueue_scriptsberocket\sale\sale.php:4
filterdefault_contentincludes\custom_post.php:64
actionsales_report_framework_constructincludes\custom_post.php:65
filterberocket_sales_report_start_data_dateincludes\custom_post.php:66
filterberocket_sales_report_end_data_dateincludes\custom_post.php:67
actionplugins_loadedincludes\custom_post.php:68
filterbrfr_data_berocket_sales_report_custom_postincludes\paid.php:7
filterberocket_sales_report_start_data_dateincludes\paid.php:8
filterberocket_sales_report_end_data_dateincludes\paid.php:9
filterberocket_sales_report_do_not_sendincludes\paid.php:10
filterbr_sales_report_part_daysincludes\paid.php:11
filterberocket_sales_report_send_emailsincludes\paid.php:12
filterberocket_sales_report_send_subjectincludes\paid.php:13
actionberocket_sales_report_tiny_mce_dataincludes\paid.php:14
filterberocket_custom_post_br_sale_report_default_settingsincludes\paid.php:15
filterdefault_contentincludes\paid.php:16
filterBeRocket_updater_menu_order_custom_postmain.php:65
filterberocket_sales_report_send_date_typesmain.php:67
filterberocket_report_start_end_data_datemain.php:68
filterwp_mail_content_typemain.php:551
filterwp_mail_content_typemain.php:554
filtermce_buttonsmain.php:571
filtermce_external_pluginsmain.php:572
filterallowed_block_types_allmain.php:578
Maintenance & Trust

Sales Report for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 15, 2026
PHP min version7.0
Downloads59K

Community Trust

Rating96/100
Number of ratings12
Active installs1K
Alternatives

Sales Report for WooCommerce Alternatives

Ninjalytics: Sales Reports & Order Export for WooCommerce and EDD

Ninjalytics: Sales Reports & Order Export for WooCommerce and EDD

product-sales-report-for-woocommerce

A
100

Create sales reports and order exports for WooCommerce with product analytics, order fulfillment data, filtering, charts, and 15+ templates.

6K No CVEs
REPORTiT – Advanced Reporting for WooCommerce

REPORTiT – Advanced Reporting for WooCommerce

ithemelandco-woo-report

A
98

Stop guessing. Grow your sales with powerful, easy-to-understand reports and analytics for WooCommerce.

800 2 CVEs
Advanced Reporting & Statistics for WooCommerce – Orders, Products & Customers Reporting

Advanced Reporting & Statistics for WooCommerce – Orders, Products & Customers Reporting

webd-woocommerce-advanced-reporting-statistics

A
93

A comprehensive WordPress Plugin for Advanced WooCommerce Reporting, Product Sales Report, Statistics, Analytics & Forecasting Tool for Orders, Pr &hellip;

400 3 CVEs
WooReports — Advanced Reporting for WooCommerce

WooReports — Advanced Reporting for WooCommerce

wc-reports-lite

A
99

Free sales reports for WooCommerce — 11 report modules including orders, products, stock, tax, coupons and payment gateways. No API key needed.

60 1 CVE
Metrilo – WooCommerce Growth Platform

Metrilo – WooCommerce Growth Platform

metrilo-woocommerce-integration

A
85

Ecommerce Analytics and behaviour-driven customer engagement tools for ecommerce brands.

300 No CVEs
Developer Profile

Sales Report for WooCommerce Developer Profile

BeRocket

23 plugins · 139K total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
384 days
View full developer profile
Detection Fingerprints

How We Detect Sales Report for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/sales-report-for-woocommerce/sale-report-for-woocommerce.css/wp-content/plugins/sales-report-for-woocommerce/sale-report-for-woocommerce.js/wp-content/plugins/sales-report-for-woocommerce/sale-report-for-woocommerce.css
Script Paths
/wp-content/plugins/sales-report-for-woocommerce/sale-report-for-woocommerce.js
Version Parameters
sales-report-for-woocommerce/sale-report-for-woocommerce.css?ver=sales-report-for-woocommerce/sale-report-for-woocommerce.js?ver=

HTML / DOM Fingerprints

CSS Classes
brsfw_report_table
Data Attributes
data-brsfw-order-id
Shortcode Output
[sales_report]
FAQ

Frequently Asked Questions about Sales Report for WooCommerce