WP-Safety

Supplier Order Email Security & Risk Analysis

wordpress.org/plugins/supplier-order-email

Sends an automatic order emails to the suppliers to send the corresponding products to the customer.

400 active installs v3.6.15 PHP 7.0+ WP 4.6+ Updated Dec 3, 2025
emailsorderorder-emailorder-suppliersuppliers
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Supplier Order Email Safe to Use in 2026?

Generally Safe

Score 100/100

Supplier Order Email has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago
Risk Assessment

The "supplier-order-email" plugin v3.6.15 exhibits a mixed security posture. On the positive side, the plugin has a remarkably small attack surface with zero identified entry points that lack authentication or permission checks. This suggests a good understanding of WordPress security best practices regarding direct user interaction vectors. The plugin also demonstrates a relatively strong output escaping rate and includes nonce and capability checks in its code.

However, significant concerns arise from the handling of SQL queries. With 12 total SQL queries and 0% utilizing prepared statements, the plugin is highly susceptible to SQL injection vulnerabilities. Furthermore, the taint analysis reveals two flows with unsanitized paths, indicating potential risks even if no critical or high-severity issues were flagged in this specific analysis. The presence of the "dompdf" library is also noted; while not inherently a vulnerability, bundled libraries can become a risk if not actively maintained and updated, as they can contain their own vulnerabilities.

Critically, the plugin's vulnerability history is spotless, with zero known CVEs. This is a very positive sign, suggesting a history of stable and secure development. However, this lack of history does not negate the clear risks identified in the static and taint analysis. The absence of vulnerabilities could be due to a lack of past targeted analysis or simply good luck, rather than inherent security. Therefore, while the plugin benefits from a clean history and a protected attack surface, the widespread lack of prepared statements in SQL queries and the identified unsanitized paths present a substantial risk that requires immediate attention.

Key Concerns

  • Raw SQL queries without prepared statements
  • Taint flows with unsanitized paths
  • Bundled library (dompdf)
Vulnerabilities
None known

Supplier Order Email Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Supplier Order Email Code Analysis

Dangerous Functions
0
Raw SQL Queries
12
0 prepared
Unescaped Output
25
201 escaped
Nonce Checks
3
Capability Checks
2
File Operations
6
External Requests
8
Bundled Libraries
1

Bundled Libraries

dompdf

SQL Query Safety

0% prepared12 total queries

Output Escaping

89% escaped226 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths
activate (includes\check_premium\mcisoe_check_lemon.php:53)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Supplier Order Email Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 39
actionadmin_noticesadmin\mcisoe_admin.php:14
actionadmin_enqueue_scriptsadmin\mcisoe_admin.php:97
actionadmin_enqueue_scriptsadmin\mcisoe_admin.php:98
actionadmin_menuadmin\mcisoe_admin.php:99
actionadmin_menuadmin\mcisoe_admin.php:100
actionadmin_initadmin\mcisoe_admin.php:101
actionadmin_noticesadmin\mcisoe_admin.php:102
actionadmin_initadmin\mcisoe_admin.php:103
actionadmin_initadmin\mcisoe_admin.php:104
actionadmin_initadmin\mcisoe_admin.php:105
filterwoocommerce_admin_order_actionsadmin\partials\mcisoe_btn_order_list.php:15
actionadmin_headadmin\partials\mcisoe_btn_order_list.php:59
actionrestrict_manage_postsadmin\partials\mcisoe_product_list_filter.php:33
filterwoocommerce_csv_product_import_mapping_optionsadmin\partials\mcisoe_wc_import_export.php:90
filterwoocommerce_csv_product_import_mapping_default_columnsadmin\partials\mcisoe_wc_import_export.php:91
filterwoocommerce_product_import_inserted_product_objectadmin\partials\mcisoe_wc_import_export.php:92
filterwoocommerce_product_export_column_namesadmin\partials\mcisoe_wc_import_export.php:94
filterwoocommerce_product_export_product_default_columnsadmin\partials\mcisoe_wc_import_export.php:95
filterwoocommerce_product_export_product_column_supplieradmin\partials\mcisoe_wc_import_export.php:96
actionwoocommerce_admin_order_item_headersadmin\partials\mcisoe_wp_order.php:11
actionwoocommerce_admin_order_item_valuesadmin\partials\mcisoe_wp_order.php:12
actionadmin_initincludes\check_premium\mcisoe_check_premium.php:99
actionwoocommerce_process_shop_order_metaincludes\email\mcisoe_master_email.php:178
actionadmin_noticesincludes\mcisoe_convert_old_db.php:23
actionadmin_noticesincludes\mcisoe_convert_old_db.php:29
actioninitincludes\mcisoe_convert_old_db.php:74
actionadmin_noticesincludes\mcisoe_convert_old_db.php:82
actionadmin_noticesincludes\mcisoe_convert_old_db.php:88
actioninitincludes\mcisoe_load_textdomain.php:33
actioninitincludes\mcisoe_load_textdomain.php:34
actioninitpublic\mcisoe_public.php:20
actionsupplier_add_form_fieldspublic\partials\mcisoe_wp_taxonomy.php:128
actionsupplier_add_form_fieldspublic\partials\mcisoe_wp_taxonomy.php:129
actionsupplier_edit_form_fieldspublic\partials\mcisoe_wp_taxonomy.php:130
actionadmin_enqueue_scriptspublic\partials\mcisoe_wp_taxonomy.php:133
actioncreated_supplierpublic\partials\mcisoe_wp_taxonomy.php:136
actionedited_supplierpublic\partials\mcisoe_wp_taxonomy.php:137
filtermanage_edit-supplier_columnspublic\partials\mcisoe_wp_taxonomy.php:140
filtermanage_supplier_custom_columnpublic\partials\mcisoe_wp_taxonomy.php:141
Maintenance & Trust

Supplier Order Email Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 3, 2025
PHP min version7.0
Downloads24K

Community Trust

Rating98/100
Number of ratings14
Active installs400
Alternatives

Supplier Order Email Alternatives

Email Orders Digest

Email Orders Digest

woo-email-orders

A
100

Sends out a daily email digest of all orders made the previous day in WooCommerce

60 No CVEs
CC Email Manager for WooCommerce

CC Email Manager for WooCommerce

aisp-cc-email-manager

A
100

Add CC (carbon copy) emails per customer and automatically send WooCommerce notifications to additional recipients based on selected order statuses.

0 No CVEs
Email Design Studio

Email Design Studio

email-design-studio

A
85

create and customize powerful email design and templates for your customers.

0 No CVEs
HoneyBadger.IT

HoneyBadger.IT

honeybadger-it

A
85

WC Order Management System including custom order statuses, emails, attachments, split orders, combine orders, variant image gallery, PDF Invoices, ma …

0 No CVEs
ATUM WooCommerce Inventory Management and Stock Tracking

ATUM WooCommerce Inventory Management and Stock Tracking

atum-stock-manager-for-woocommerce

A
100

WooCommerce Full Inventory Management, Purchase Orders, Suppliers, Inbound Stock, Inventory Logs, WooCommerce Sales Statistics, and More.

10K No CVEs
Developer Profile

Supplier Order Email Developer Profile

MCI Desarrollo

4 plugins · 500 total installs

90
trust score
Avg Security Score
94/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Supplier Order Email

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/supplier-order-email/admin/css/mcisoe_style.css/wp-content/plugins/supplier-order-email/admin/css/mcisoe_help.css/wp-content/plugins/supplier-order-email/admin/js/mcisoe_script.js
Script Paths
/wp-content/plugins/supplier-order-email/admin/js/mcisoe_script.js
Version Parameters
supplier-order-email/admin/js/mcisoe_script.js?ver=

HTML / DOM Fingerprints

CSS Classes
mcisoe_notice_btn
FAQ

Frequently Asked Questions about Supplier Order Email