Does WC Cancel Order have any unpatched vulnerabilities?

No. All known vulnerabilities in WC Cancel Order have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WC Cancel Order compatible with WordPress 6.8.5?

According to WordPress.org data, WC Cancel Order 3.5.1 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is WC Cancel Order compatible with PHP 7.4+?

WC Cancel Order requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WC Cancel Order updated?

WC Cancel Order was last updated on Oct 30, 2025. Frequent updates are generally a positive security signal.

What is WC Cancel Order's security score?

WC Cancel Order has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WC Cancel Order Security & Risk Analysis

wordpress.org/plugins/wc-cancel-order

Add order cancellation request functionality to your woocommerce powered store.

5K active installs v3.5.1 PHP 7.4+ WP 6.7+ Updated Oct 30, 2025

cancel-orderwoocommerce-cancel-order

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WC Cancel Order Safe to Use in 2026?

Generally Safe

Score 100/100

WC Cancel Order has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5mo ago

Risk Assessment

The "wc-cancel-order" plugin v3.5.1 demonstrates a generally good security posture with a focus on input validation and secure coding practices. The absence of known CVEs and the presence of nonce and capability checks on its entry points are positive indicators. However, the static analysis reveals specific areas of concern that warrant attention. The taint analysis highlights three flows with unsanitized paths, which, despite being categorized as non-critical, represent a potential risk for data manipulation or unintended behavior if exploited.

Key Concerns

Taint flows with unsanitized paths (High severity)
SQL queries with prepared statements at 57%
Output escaping at 61%

Vulnerabilities

None known

WC Cancel Order Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

WC Cancel Order Code Analysis

Dangerous Functions

Raw SQL Queries

8 prepared

Unescaped Output

38 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

57% prepared14 total queries

Output Escaping

61% escaped62 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths

wc_cancel_request (wc-cancel-order.php:400)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

WC Cancel Order Attack Surface

Entry Points4

Unprotected0

AJAX Handlers 3

authwp_ajax_wc_cancel_requestwc-cancel-order.php:61

noprivwp_ajax_wc_cancel_requestwc-cancel-order.php:62

authwp_ajax_wc-cancel-requestwc-cancel-order.php:63

Shortcodes 1

[wc_cancel_order_details] wc-cancel-order.php:75

WordPress Hooks 24

actionwoocommerce_after_order_detailsclasses\class-wc-cancel-order-details.php:17

filterwoocommerce_settings_tabs_arrayincludes\settings.php:13

actionwoocommerce_settings_tabs_wc_cancel_settingsincludes\settings.php:14

actionwoocommerce_update_options_wc_cancel_settingsincludes\settings.php:15

actioninitwc-cancel-order.php:48

actionwoocommerce_loadedwc-cancel-order.php:50

actionwoocommerce_admin_field_wc_cancel_settingwc-cancel-order.php:51

actionadmin_enqueue_scriptswc-cancel-order.php:52

filterwoocommerce_screen_idswc-cancel-order.php:53

actionwoocommerce_update_optionswc-cancel-order.php:54

filterwoocommerce_my_account_my_orders_actionswc-cancel-order.php:56

actionwp_enqueue_scriptswc-cancel-order.php:58

actionwp_enqueue_scriptswc-cancel-order.php:59

actioninitwc-cancel-order.php:65

filterwc_order_statuseswc-cancel-order.php:66

actionadmin_menuwc-cancel-order.php:67

filterwoocommerce_email_classeswc-cancel-order.php:68

actionwoocommerce_email_wc_cancel_reasonwc-cancel-order.php:69

actionwoocommerce_order_status_changedwc-cancel-order.php:70

actionwoocommerce_checkout_update_order_metawc-cancel-order.php:71

actionwoocommerce_store_api_checkout_order_processedwc-cancel-order.php:72

filterthe_postswc-cancel-order.php:74

actionwoocommerce_email_customer_detailswc-cancel-order.php:76

actionbefore_woocommerce_initwc-cancel-order.php:77

Maintenance & Trust

WC Cancel Order Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedOct 30, 2025

PHP min version7.4

Downloads132K

Community Trust

Rating98/100

Number of ratings23

Active installs5K

Alternatives

WC Cancel Order Alternatives

Return Refund and Exchange For WooCommerce

woo-refund-and-exchange-lite

Provide an easy refund service and increase customer satisfaction with WooCommerce Return Refund, and Exchange Warranty Management Plugin.

5K 5 CVEs

PiWeb Cancel order / Refund request for WooCommerce

cancel-order-request-woocommerce

100

Order cancellation request / Refund request / Return order request. Repeat order option to customer for WooCommerce

2K 1 CVE

Flexible Refund and Return Order for WooCommerce

flexible-refund-and-return-order-for-woocommerce

WooCommerce refund and returns process made simple. Let your customers request a refund and return products directly from the My Account page.

1K 2 CVEs

Prevent Customers To Cancel WooCommerce Orders

woo-prevent-cancel-order

This plugin prevents customers from cancelling a WooCommerce order. It will hide the Cancel button on My Account page for all user roles, except admin …

400 No CVEs

Order Cancellation & Returns for WooCommerce

wc-order-cancellation-return

Empower your customers with the ability to cancel and return their orders seamlessly on your WooCommerce site.

100 1 unpatched

Developer Profile

WC Cancel Order Developer Profile

WpExperts Hub

5 plugins · 7K total installs

trust score

Avg Security Score

94/100

Avg Patch Time

15 days

View full developer profile

Detection Fingerprints

How We Detect WC Cancel Order

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wc-cancel-order/assets/css/cancel-order.css/wp-content/plugins/wc-cancel-order/assets/js/cancel-order.js/wp-content/plugins/wc-cancel-order/assets/js/wco-cancel-admin-script.js/wp-content/plugins/wc-cancel-order/assets/js/wco-cancel-front-script.js

Script Paths

/wp-content/plugins/wc-cancel-order/assets/js/cancel-order.js/wp-content/plugins/wc-cancel-order/assets/js/wco-cancel-admin-script.js/wp-content/plugins/wc-cancel-order/assets/js/wco-cancel-front-script.js

Version Parameters

wc-cancel-order/assets/css/cancel-order.css?ver=wc-cancel-order/assets/js/cancel-order.js?ver=wc-cancel-order/assets/js/wco-cancel-admin-script.js?ver=wc-cancel-order/assets/js/wco-cancel-front-script.js?ver=

HTML / DOM Fingerprints

CSS Classes

wc-cancel-order-details-wrapwc-cancel-order-detailswc-cancel-order-button

HTML Comments

+2 more

Data Attributes

data-order-iddata-cancel-request-nonce

JS Globals

wcCancelOrderAJAX

REST Endpoints

/wp-json/wc-cancel-order/v1/request/wp-json/wc-cancel-order/v1/guest-request

Shortcode Output

[wc_cancel_order_details]

FAQ