WP-Safety

SDP Custom Order Status for WooCommerce Security & Risk Analysis

wordpress.org/plugins/sdp-custom-order-status-for-woocommerce

Create unlimited WooCommerce custom order statuses, send automated email notifications to customers and admins, and manage your order workflow easily

10 active installs v6.0.0 PHP 7.3+ WP 6.0+ Updated Apr 2, 2026
custom-order-statuscustom-statusorder-statusorder-statuseswoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is SDP Custom Order Status for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

SDP Custom Order Status for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The "sdp-custom-order-status-for-woocommerce" plugin version 5.8.3 exhibits a generally good security posture with several positive indicators. The complete absence of critical or high-severity vulnerabilities in its history, coupled with 100% of SQL queries utilizing prepared statements and all output being properly escaped, suggests a proactive approach to secure coding. The plugin also demonstrates good practice by including nonce and capability checks where appropriate.

However, the presence of one unprotected AJAX handler represents a notable concern. While the total attack surface is small, this single unprotected entry point could potentially be exploited if it processes user-supplied data without sufficient validation or authorization. The lack of any recorded historical vulnerabilities, while positive, could also indicate limited historical security auditing or a lack of publicly disclosed issues, rather than guaranteed long-term security.

In conclusion, the plugin is built on a foundation of secure practices, especially regarding data handling and output sanitization. The primary weakness lies in the unprotected AJAX endpoint. Addressing this single point of failure would significantly strengthen the plugin's security profile.

Key Concerns

  • Unprotected AJAX handler
Vulnerabilities
None known

SDP Custom Order Status for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

SDP Custom Order Status for WooCommerce Release Timeline

v6.0.0Current
v5.9.1
v5.9.0
v5.8.3
v5.8.2
v5.8.1
v5.8.0
v5.7.6
v5.7.5
v5.7.4
v5.7.3
v5.7.2
v5.7.1
Code Analysis
Analyzed Mar 17, 2026

SDP Custom Order Status for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
4 prepared
Unescaped Output
0
167 escaped
Nonce Checks
1
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
1

Bundled Libraries

Select2

SQL Query Safety

100% prepared4 total queries

Output Escaping

100% escaped167 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

2 flows
aviso_acciones_lote (src\estados.php:386)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

SDP Custom Order Status for WooCommerce Attack Surface

Entry Points2
Unprotected1

AJAX Handlers 2

authwp_ajax_scos_importa_estadossrc\cpt.php:39
authwp_ajax_scos_actualiza_orden_cptsrc\cpt.php:40
WordPress Hooks 34
actioninitsdp-custom-order-status-for-woocommerce.php:65
actionadmin_noticessdp-custom-order-status-for-woocommerce.php:66
actionbefore_woocommerce_initsdp-custom-order-status-for-woocommerce.php:67
filterplugin_action_linkssdp-custom-order-status-for-woocommerce.php:69
filterplugin_row_metasdp-custom-order-status-for-woocommerce.php:70
actionafter_setup_themesdp-custom-order-status-for-woocommerce.php:93
actionadmin_noticessrc\campos.php:25
filteracf/settings/remove_wp_meta_boxsrc\campos.php:31
actionsave_postsrc\cpt.php:27
filterpost_updated_messagessrc\cpt.php:29
filterbulk_post_updated_messagessrc\cpt.php:30
actionmanage_posts_extra_tablenavsrc\cpt.php:31
filterpost_row_actionssrc\cpt.php:36
filterpre_get_postssrc\cpt.php:37
actionadmin_footersrc\cpt.php:42
actionadmin_enqueue_scriptssrc\cpt.php:43
actionadmin_footersrc\desactivacion.php:22
actionadmin_enqueue_scriptssrc\desactivacion.php:23
filterwoocommerce_email_classessrc\email.php:22
filterwc_order_statusessrc\estados.php:55
filterwoocommerce_payment_complete_order_statussrc\estados.php:58
filterwc_order_is_editablesrc\estados.php:61
actionwoocommerce_order_item_add_action_buttonssrc\estados.php:64
filterwoocommerce_order_is_download_permittedsrc\estados.php:67
filterwoocommerce_admin_order_actionssrc\estados.php:70
filterwoocommerce_order_actionssrc\estados.php:73
actionadmin_enqueue_scriptssrc\estados.php:76
filterbulk_actions-edit-shop_ordersrc\estados.php:79
filterbulk_actions-woocommerce_page_wc-orderssrc\estados.php:80
filterhandle_bulk_actions-edit-shop_ordersrc\estados.php:83
filterhandle_bulk_actions-woocommerce_page_wc-orderssrc\estados.php:84
actionadmin_noticessrc\estados.php:87
actionwoocommerce_order_status_changedsrc\estados.php:95
filterwoocommerce_reports_order_statusessrc\estados.php:98
Maintenance & Trust

SDP Custom Order Status for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested7.0
Last updatedApr 2, 2026
PHP min version7.3
Downloads1K

Community Trust

Rating100/100
Number of ratings1
Active installs10
Alternatives

SDP Custom Order Status for WooCommerce Alternatives

Advanced Custom Order Status for WooCommerce

Advanced Custom Order Status for WooCommerce

advanced-custom-order-status-for-woocommerce

A
100

Easily create, edit, and delete custom order status in WooCommerce. Add icon, color and action to enhance the visual representation of order statuses.

500 No CVEs
Ni WooCommerce Custom Order Status

Ni WooCommerce Custom Order Status

ni-woocommerce-custom-order-status

A
99

WC requires at least: 4.0 WC tested up to: 9.7 Last Updated Date: 10-March-2026 WooCommerce Custom Order Status plug-in allows you to create and manag …

2K 1 CVE
Advanced Order Status For WooCommerce – Custom Status Management & Workflow Automation

Advanced Order Status For WooCommerce – Custom Status Management & Workflow Automation

advanced-order-status-for-woocommerce

A
100

Create and manage custom WooCommerce order statuses with icons, colors, and bulk actions. Streamline your fulfillment workflow.

10 No CVEs
Custom Order Status Manager for WooCommerce

Custom Order Status Manager for WooCommerce

bp-custom-order-status-for-woocommerce

A
100

Custom Order Status Manager for WooCommerce plugin allows you to create, delete and edit order statuses to better control the flow of your orders.

30K No CVEs
Custom Order Status for WooCommerce

Custom Order Status for WooCommerce

custom-order-statuses-woocommerce

A
100

Custom Order Status for WooCommerce allows you to create and manage order statuses. It improves order management & overall order workflow.

10K 1 CVE
Developer Profile

SDP Custom Order Status for WooCommerce Developer Profile

Simple Direct Plugins

4 plugins · 10 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect SDP Custom Order Status for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/sdp-custom-order-status-for-woocommerce/vendor/acf/acf.css/wp-content/plugins/sdp-custom-order-status-for-woocommerce/vendor/acf/acf.js
Script Paths
/wp-content/plugins/sdp-custom-order-status-for-woocommerce/vendor/acf/acf.js

HTML / DOM Fingerprints

CSS Classes
sdp-cos-pro-wrappersdp-cos-pro-linksdp-cos-manage-statusessdp-cos-user-guidesdp-cos-helpsdp-cos-rate-usscos-custom-order-status-pro
HTML Comments
ACF is distributed under the GPL-2.0-or-later license. Source: https://wordpress.org/plugins/advanced-custom-fields/To disable the ACF_LITE constant:add_filter ('sdp_acf_lite', '__return_false');+6 more
FAQ

Frequently Asked Questions about SDP Custom Order Status for WooCommerce