Does Tax Exemption for WooCommerce have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Tax Exemption for WooCommerce compatible with WordPress 6.9.4?

According to WordPress.org data, Tax Exemption for WooCommerce 2.5.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Tax Exemption for WooCommerce updated?

Tax Exemption for WooCommerce was last updated on Feb 16, 2026. Frequent updates are generally a positive security signal.

What is Tax Exemption for WooCommerce's security score?

Tax Exemption for WooCommerce has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Tax Exemption for WooCommerce Security & Risk Analysis

wordpress.org/plugins/tax-exemption-woo

Tax Exemption plugin for WooCommerce. Allow customers to declare tax / VAT exemption eligibility, and provide tax exemption details.

600 active installs v2.5.1 PHP + WP 4.7+ Updated Feb 16, 2026

taxtax-exemptionvatvat-exemptionwoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Tax Exemption for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Tax Exemption for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago

Risk Assessment

The "tax-exemption-woo" v2.5.1 plugin exhibits a mixed security posture. On the positive side, it demonstrates strong practices in SQL query handling by using prepared statements exclusively and includes a substantial number of nonce and capability checks, indicating an awareness of security principles. The absence of any recorded vulnerabilities or CVEs in its history further suggests a generally stable and well-maintained codebase. However, there are significant areas of concern that warrant attention. The plugin exposes a considerable attack surface with 15 AJAX handlers, and alarmingly, 6 of these lack any authentication checks, creating a direct pathway for unauthorized actions. Additionally, the taint analysis revealed 2 flows with unsanitized paths, even though they are not flagged as critical or high severity, these represent potential vulnerabilities that could be exploited if the input data is not properly handled, especially given the lack of authentication on some entry points. The relatively low percentage of properly escaped outputs (56%) also poses a risk of Cross-Site Scripting (XSS) vulnerabilities.

Key Concerns

Unprotected AJAX handlers
Flows with unsanitized paths
Low percentage of properly escaped output
Bundled library (Freemius v1.0) could be outdated

Vulnerabilities

None known

Tax Exemption for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Tax Exemption for WooCommerce Release Timeline

v2.5.1Current

v2.5.0

v2.4.0

v2.3.5

v2.3.4

v2.3.3

v2.3.2

v2.3.1

v2.3.0

v2.1.4

v2.1.3

v2.1.1

v2.1.0

v2.0.1

v2.0.0

v1.6.1

v1.6.0

v1.5.2

v1.5.1

v1.4.3

Code Analysis

Analyzed Mar 16, 2026

Tax Exemption for WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

276

349 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Freemius1.0

SQL Query Safety

100% prepared2 total queries

Output Escaping

56% escaped625 total outputs

Data Flows · Security

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

tefw_exempt_customers_page (inc\admin-users.php:10)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

6 unprotected

Tax Exemption for WooCommerce Attack Surface

Entry Points16

Unprotected6

AJAX Handlers 15

authwp_ajax_delete_tax_exemption_fileinc\functions-account.php:368

noprivwp_ajax_delete_tax_exemption_fileinc\functions-account.php:369

authwp_ajax_tefw_get_current_user_infoinc\functions-account.php:391

noprivwp_ajax_tefw_get_current_user_infoinc\functions-account.php:392

authwp_ajax_tefw_cart_toggle_exemptioninc\functions-cart.php:227

noprivwp_ajax_tefw_cart_toggle_exemptioninc\functions-cart.php:228

authwp_ajax_tefw_update_cart_exemption_fieldsinc\functions-cart.php:400

noprivwp_ajax_tefw_update_cart_exemption_fieldsinc\functions-cart.php:401

authwp_ajax_custom_get_tax_exempt_statusinc\functions-edit-order.php:187

authwp_ajax_get_tefw_exempt_ordersinc\functions-exempt-orders.php:145

authwp_ajax_get_tefw_exempt_usersinc\functions-users.php:229

authwp_ajax_add_new_exempt_userinc\functions-users.php:247

authwp_ajax_tefw_export_exempt_usersinc\functions-users.php:300

authwp_ajax_tefw_set_exemption_sessioninc\integrations\flux\flux-checkout.php:59

noprivwp_ajax_tefw_set_exemption_sessioninc\integrations\flux\flux-checkout.php:60

Shortcodes 1

[tefw_exemption_form] inc\functions-account.php:99

WordPress Hooks 83

actionadmin_menuinc\admin-options.php:9

actionadmin_initinc\admin-options.php:44

actioninitinc\functions-account.php:10

filterquery_varsinc\functions-account.php:11

filterwoocommerce_account_menu_itemsinc\functions-account.php:12

filterwoocommerce_account_menu_itemsinc\functions-account.php:13

actionwoocommerce_account_tax-exemption_endpointinc\functions-account.php:14

actiontemplate_redirectinc\functions-account.php:257

actiontefw_save_account_form_submitinc\functions-account.php:263

actionafter_tefw_save_form_submitinc\functions-account.php:297

actiontefw_hook_account_custom_fieldsinc\functions-account.php:378

actionwp_enqueue_scriptsinc\functions-block-checkout.php:49

actionwp_footerinc\functions-block-checkout.php:105

actionwoocommerce_store_api_checkout_update_order_from_requestinc\functions-block-checkout.php:128

actionwoocommerce_checkout_create_orderinc\functions-block-checkout.php:165

actionwoocommerce_before_calculate_totalsinc\functions-block-checkout.php:285

actionwoocommerce_checkout_initinc\functions-block-checkout.php:346

actionwoocommerce_cart_loaded_from_sessioninc\functions-block-checkout.php:353

actionwpinc\functions-block-checkout.php:381

actionwoocommerce_customer_save_addressinc\functions-block-checkout.php:404

actiontemplate_redirectinc\functions-block-checkout.php:432

filterwoocommerce_customer_is_vat_exemptinc\functions-block-checkout.php:445

filterwoocommerce_is_customer_tax_exemptinc\functions-block-checkout.php:471

actionwoocommerce_store_api_cart_update_customer_from_requestinc\functions-block-checkout.php:495

actionwoocommerce_store_api_checkout_update_order_from_requestinc\functions-block-checkout.php:531

actionwoocommerce_store_api_cart_calculate_totalsinc\functions-block-checkout.php:567

actionwoocommerce_store_api_checkout_update_order_from_requestinc\functions-block-checkout.php:601

actionwoocommerce_cart_loaded_from_sessioninc\functions-cart.php:12

actionwoocommerce_before_calculate_totalsinc\functions-cart.php:38

actionwoocommerce_cart_totals_before_shippinginc\functions-cart.php:75

actionwoocommerce_cart_totals_after_shippinginc\functions-cart.php:77

actionwoocommerce_cart_totals_before_order_totalinc\functions-cart.php:79

actionwoocommerce_cart_totals_after_order_totalinc\functions-cart.php:81

actionwoocommerce_after_cart_tableinc\functions-cart.php:83

actionwoocommerce_after_cartinc\functions-cart.php:85

actionwoocommerce_cart_totals_before_shippinginc\functions-cart.php:87

actionwp_footerinc\functions-checkout.php:8

actionwoocommerce_checkout_update_order_reviewinc\functions-checkout.php:31

actionwoocommerce_loadedinc\functions-checkout.php:103

filterwoocommerce_product_get_tax_classinc\functions-checkout.php:105

filterwoocommerce_product_variation_get_tax_classinc\functions-checkout.php:111

actionwoocommerce_thankyouinc\functions-checkout.php:154

filterwoocommerce_package_ratesinc\functions-checkout.php:168

actionwoocommerce_checkout_create_order_line_iteminc\functions-checkout.php:232

actionwoocommerce_after_checkout_billing_forminc\functions-checkout.php:335

actionwoocommerce_before_checkout_billing_forminc\functions-checkout.php:337

actionwoocommerce_after_order_notesinc\functions-checkout.php:339

actionwoocommerce_before_order_notesinc\functions-checkout.php:341

filterwoocommerce_checkout_processinc\functions-checkout.php:468

actionwoocommerce_checkout_create_orderinc\functions-checkout.php:481

actionwoocommerce_checkout_create_orderinc\functions-checkout.php:496

actionwoocommerce_store_api_checkout_order_processedinc\functions-checkout.php:502

actionwoocommerce_new_orderinc\functions-checkout.php:572

actionwp_insert_postinc\functions-checkout.php:594

actionwoocommerce_admin_order_data_after_order_detailsinc\functions-checkout.php:706

actionwoocommerce_thankyouinc\functions-checkout.php:814

actionwoocommerce_email_after_order_tableinc\functions-checkout.php:886

actionwoocommerce_order_before_calculate_taxesinc\functions-checkout.php:954

actionwoocommerce_process_shop_order_metainc\functions-checkout.php:1045

filterwc_stripe_tax_requestinc\functions-checkout.php:1103

filterwoocommerce_find_ratesinc\functions-checkout.php:1111

filterwoocommerce_order_is_vat_exemptinc\functions-checkout.php:1170

actionadd_meta_boxesinc\functions-edit-order.php:8

actionwoocommerce_process_shop_order_metainc\functions-edit-order.php:98

actionwoocommerce_admin_order_data_after_order_detailsinc\functions-edit-order.php:144

filtermanage_edit-shop_order_columnsinc\functions-orders-list.php:8

filtermanage_woocommerce_page_wc-orders_columnsinc\functions-orders-list.php:9

actionmanage_shop_order_posts_custom_columninc\functions-orders-list.php:21

actionmanage_woocommerce_page_wc-orders_custom_columninc\functions-orders-list.php:27

actionuser_edit_form_taginc\functions.php:8

actionshow_user_profileinc\functions.php:12

actionedit_user_profileinc\functions.php:13

actionpersonal_options_updateinc\functions.php:88

actionedit_user_profile_updateinc\functions.php:89

actionwoocommerce_checkout_processinc\integrations\flux\flux-checkout.php:5

actionwoocommerce_before_calculate_totalsinc\integrations\flux\flux-checkout.php:35

actionplugins_loadedtax-exemption-woo.php:27

actionbefore_woocommerce_inittax-exemption-woo.php:95

actionadmin_enqueue_scriptstax-exemption-woo.php:101

actionadmin_enqueue_scriptstax-exemption-woo.php:174

actionwp_enqueue_scriptstax-exemption-woo.php:212

actionwp_footertax-exemption-woo.php:214

actionbefore_woocommerce_inittax-exemption-woo.php:281

Maintenance & Trust

Tax Exemption for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 16, 2026

PHP min version

Downloads17K

Community Trust

Rating90/100

Number of ratings4

Active installs600

Alternatives

Tax Exemption for WooCommerce Alternatives

WooCommerce Tax (formerly WooCommerce Shipping & Tax)

woocommerce-services

100

We’re here to help with tax rates: collect accurate sales tax, automatically.

600K 1 CVE

EU VAT Assistant for WooCommerce

woocommerce-eu-vat-assistant

100

Extends the standard WooCommerce sale process and assists in achieving compliance with the new EU VAT regime starting on the 1st of January 2015.

5K No CVEs

Tax Switch for WooCommerce

tax-switch-for-woocommerce

Let customers toggle between inclusive and exclusive VAT pricing in your WooCommerce store.

800 1 CVE

RD Order Modifier for WooCommerce

rd-wc-order-modifier

100

Allows editing order items pricing inclusive of tax or VAT and using unit cost instead of items totals.

300 1 CVE

Rename VAT to GST for WooCommerce

rename-vat-to-gst-for-woocommerce

100

Replaces VAT and Tax terminology with GST throughout WooCommerce (emails, cart, checkout, admin, order pages).

200 No CVEs

Developer Profile

Tax Exemption for WooCommerce Developer Profile

Elliot Sowersby / RelyWP

8 plugins · 146K total installs

trust score

Avg Security Score

97/100

Avg Patch Time

206 days

View full developer profile

Detection Fingerprints

How We Detect Tax Exemption for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/tax-exemption-woo/css/admin.css/wp-content/plugins/tax-exemption-woo/js/admin.js/wp-content/plugins/tax-exemption-woo/js/admin-users.js/wp-content/plugins/tax-exemption-woo/js/admin-orders.js/wp-content/plugins/tax-exemption-woo/js/tefw-admin-tax-exempt.js

Version Parameters

tax-exemption-woo/css/admin.css?ver=tax-exemption-woo/js/admin.js?ver=tax-exemption-woo/js/admin-users.js?ver=tax-exemption-woo/js/admin-orders.js?ver=tax-exemption-woo/js/tefw-admin-tax-exempt.js?ver=

HTML / DOM Fingerprints

CSS Classes

tefw-admin-tax-exempt-field

HTML Comments

Data Attributes

data-tefw-tax-exempt-statusdata-tefw-tax-exempt-id

JS Globals

tefw_ajax_objecttefw_orders_ajax_objecttefw_manual_order_params

FAQ