WP-Safety

Shop as Client for WooCommerce – Manual, Phone & Email Orders Security & Risk Analysis

wordpress.org/plugins/shop-as-client

Create manual, phone, POS, or email orders in WooCommerce. Shop admins and staff can place customer orders directly from the frontend checkout.

700 active installs v7.5 PHP 7.4+ WP 5.8+ Updated Apr 9, 2026
checkoutcustomerecommercemail-orderphone-order
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Shop as Client for WooCommerce – Manual, Phone & Email Orders Safe to Use in 2026?

Generally Safe

Score 100/100

Shop as Client for WooCommerce – Manual, Phone & Email Orders has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The 'shop-as-client' v7.3 plugin exhibits a mixed security posture. On the positive side, the code demonstrates good practices in several key areas. All SQL queries are properly prepared, and all output is correctly escaped, indicating a strong defense against common injection and cross-site scripting vulnerabilities. The absence of file operations and external HTTP requests further reduces the potential attack surface. The plugin also has a clean vulnerability history, with no recorded CVEs, suggesting a history of reasonably secure development.

However, a significant concern is the presence of an unprotected AJAX handler. This represents a critical entry point that lacks any authentication or capability checks. While no critical or high severity taint flows were identified, and dangerous functions are not used, this single unprotected AJAX endpoint could be exploited by an unauthenticated user to perform unintended actions, depending on what that handler does. The absence of nonce checks on this AJAX handler further exacerbates this risk, making it susceptible to Cross-Site Request Forgery (CSRF) attacks if the AJAX action is sensitive.

In conclusion, while the plugin benefits from secure coding practices in SQL and output handling and a lack of past vulnerabilities, the single unprotected AJAX endpoint is a notable weakness. This oversight introduces a tangible risk of unauthorized access and potential exploitation. Mitigation efforts should focus on securing this entry point immediately.

Key Concerns

  • AJAX handler without authentication/capability checks
  • AJAX handler without nonce check
Vulnerabilities
None known

Shop as Client for WooCommerce – Manual, Phone & Email Orders Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Shop as Client for WooCommerce – Manual, Phone & Email Orders Release Timeline

v7.5Current
v7.4
v7.3
v7.2
v7.0
v6.8.2
v6.8.1
v6.7
v6.6
v6.5
v6.4
v6.3
v6.2
v6.1
v6.0
v5.1
v5.0
v4.0
v3.7
v3.6.1
Code Analysis
Analyzed Mar 16, 2026

Shop as Client for WooCommerce – Manual, Phone & Email Orders Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
1 prepared
Unescaped Output
0
35 escaped
Nonce Checks
0
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared1 total queries

Output Escaping

100% escaped35 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

1 flows
<shop-as-client> (shop-as-client.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Shop as Client for WooCommerce – Manual, Phone & Email Orders Attack Surface

Entry Points1
Unprotected1

AJAX Handlers 1

authwp_ajax_dismiss_ptwoo_simple_order_approval_nagsimple_order_approval_nag\simple_order_approval_nag.php:63
WordPress Hooks 24
actionwp_enqueue_scriptsincludes\class-shop-as-client-checkout-blocks.php:26
actionenqueue_block_editor_assetsincludes\class-shop-as-client-checkout-blocks.php:27
actionwoocommerce_store_api_checkout_order_processedincludes\class-shop-as-client-extend-store-endpoint.php:72
actionplugins_loadedshop-as-client.php:37
actionwp_enqueue_scriptsshop-as-client.php:56
actionplugins_loadedshop-as-client.php:58
filterwoocommerce_account_settingsshop-as-client.php:198
filterwoocommerce_checkout_fieldsshop-as-client.php:259
filterdefault_checkout_billing_shop_as_clientshop-as-client.php:293
filterdefault_checkout_billing_shop_as_client_create_usershop-as-client.php:301
filterwoocommerce_checkout_customer_idshop-as-client.php:384
filteroption_woocommerce_registration_generate_passwordshop-as-client.php:402
filterwoocommerce_checkout_update_customer_datashop-as-client.php:440
actionwoocommerce_checkout_processshop-as-client.php:445
actionwoocommerce_checkout_update_order_metashop-as-client.php:469
actionwoocommerce_admin_order_data_after_order_detailsshop-as-client.php:529
filterdo_shortcode_tagshop-as-client.php:560
actionplugins_loadedshop-as-client.php:589
actionwoocommerce_blocks_loadedshop-as-client.php:606
actionwoocommerce_blocks_checkout_block_registrationshop-as-client.php:611
actionwoocommerce_blocks_loadedshop-as-client.php:621
actionadmin_initshop-as-client.php:633
actionbefore_woocommerce_initshop-as-client.php:658
actionadmin_noticessimple_order_approval_nag\simple_order_approval_nag.php:52
Maintenance & Trust

Shop as Client for WooCommerce – Manual, Phone & Email Orders Maintenance & Trust

Maintenance Signals

WordPress version tested7.0
Last updatedApr 9, 2026
PHP min version7.4
Downloads38K

Community Trust

Rating100/100
Number of ratings9
Active installs700
Alternatives

Shop as Client for WooCommerce – Manual, Phone & Email Orders Alternatives

iyzico for WooCommerce

iyzico for WooCommerce

iyzico-woocommerce

A
100

iyzico latest payment processing solution. Accept credit/debit cards, alternative digital wallets and bank accounts.

10K No CVEs
Kustom Checkout for WooCommerce

Kustom Checkout for WooCommerce

klarna-checkout-for-woocommerce

A
99

The leading checkout in the Nordics, built for higher conversion and returning shoppers. Easy to integrate, supports Klarna and all popular payment me &hellip;

10K 2 CVEs
FluentCart A New Era of eCommerce – Faster, Lighter, and Simpler

FluentCart A New Era of eCommerce – Faster, Lighter, and Simpler

fluent-cart

A
96

Sell Subscriptions, Physical Products, Digital Downloads easier than ever. Built for performance, scalability, and flexibility.

5K 2 CVEs
Payment Button for PayPal

Payment Button for PayPal

wp-paypal

A
96

Easily accept payment in WordPress by adding a PayPal button to your website. Add PayPal Buy Now, Add to Cart, Subscription or Donation button.

4K 3 CVEs
GoDaddy Payments for WooCommerce

GoDaddy Payments for WooCommerce

godaddy-payments

A
100

A payment gateway plugin that enables your U.S. or Canadian business to accept credit card payments directly on your WooCommerce site.

2K No CVEs
Developer Profile

Shop as Client for WooCommerce – Manual, Phone & Email Orders Developer Profile

Naked Cat Plugins

9 plugins · 12K total installs

100
trust score
Avg Security Score
100/100
Avg Patch Time
5 days
View full developer profile
Detection Fingerprints

How We Detect Shop as Client for WooCommerce – Manual, Phone & Email Orders

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/shop-as-client/assets/css/shop-as-client.css/wp-content/plugins/shop-as-client/assets/js/shop-as-client.js
Script Paths
/wp-content/plugins/shop-as-client/assets/js/shop-as-client.js
Version Parameters
shop-as-client/assets/css/shop-as-client.css?ver=shop-as-client/assets/js/shop-as-client.js?ver=

HTML / DOM Fingerprints

CSS Classes
shop-as-client-pro-settingsshop_as_client_pro_license_key
Data Attributes
id="shop_as_client_options"
FAQ

Frequently Asked Questions about Shop as Client for WooCommerce – Manual, Phone & Email Orders