WP-Safety

Order Cancellation & Returns for WooCommerce Security & Risk Analysis

wordpress.org/plugins/wc-order-cancellation-return

Empower your customers with the ability to cancel and return their orders seamlessly on your WooCommerce site.

100 active installs v1.1.11 PHP 7.4+ WP 6.3+ Updated Feb 13, 2026
cancel-orderorder-returnre-orderreturnwoocommerce-cancel-order
78
B · Generally Safe
CVEs total1
Unpatched1
Last CVEDec 31, 2025
Plugin page Download
Safety Verdict

Is Order Cancellation & Returns for WooCommerce Safe to Use in 2026?

Mostly Safe

Score 78/100

Order Cancellation & Returns for WooCommerce is generally safe to use. 1 past CVE were resolved. Keep it updated.

1 known CVE 1 unpatched Last CVE: Dec 31, 2025Updated 1mo ago
Risk Assessment

The "wc-order-cancellation-return" plugin exhibits a generally good security posture, with all identified entry points protected by either nonce or capability checks. The static analysis reveals no dangerous functions and all SQL queries are properly prepared, which are strong indicators of secure coding practices. Furthermore, the plugin demonstrates a commendable 83% rate of output escaping, minimizing the risk of cross-site scripting vulnerabilities.

However, a significant concern arises from the taint analysis, which identified one flow with unsanitized paths. While no critical or high severity taint issues were found, this single instance indicates a potential weakness where user-supplied data might not be adequately validated before being used in a sensitive operation, potentially leading to unexpected behavior or exploits.

The plugin's vulnerability history, while showing only one past medium-severity CVE related to "Authorization Bypass Through User-Controlled Key," is concerning due to the existence of one currently unpatched vulnerability. This suggests that a known security flaw has not been addressed, leaving users exposed. The pattern of past vulnerabilities, even if medium severity, combined with an unpatched issue, warrants careful attention.

Key Concerns

  • Unpatched CVE detected
  • Taint flow with unsanitized paths
  • Lower output escaping percentage (83%)
Vulnerabilities
1

Order Cancellation & Returns for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-49352medium · 4.3Authorization Bypass Through User-Controlled Key

Order Cancellation & Returns for WooCommerce <= 1.1.10 - Authenticated (Subscriber+) Insecure Direct Object Reference

Dec 31, 2025Unpatched
Code Analysis
Analyzed Mar 16, 2026

Order Cancellation & Returns for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
46
218 escaped
Nonce Checks
8
Capability Checks
9
File Operations
2
External Requests
2
Bundled Libraries
0

Output Escaping

83% escaped264 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths
save_available_time_field (inc\backend\settings.php:448)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Order Cancellation & Returns for WooCommerce Attack Surface

Entry Points9
Unprotected0

AJAX Handlers 8

authwp_ajax_yoocr_wc_order_cancellation_return_handle_order_cancellation_rejectioninc\backend\actions\handle-cancellation-approval.php:11
authwp_ajax_handle_order_cancellationinc\backend\actions\handle-order-cancellation.php:10
noprivwp_ajax_handle_order_cancellationinc\backend\actions\handle-order-cancellation.php:11
authwp_ajax_handle_order_returninc\backend\actions\handle-order-return.php:10
noprivwp_ajax_handle_order_returninc\backend\actions\handle-order-return.php:11
authwp_ajax_yoocr_wc_order_cancellation_return_handle_order_rejectioninc\backend\actions\handle-return-approval.php:11
authwp_ajax_yoocr_order_cancel_return_never_show_noticeinc\cores\notices.php:10
authwp_ajax_yoocr_dismiss_cancel_return_noticeinc\cores\notices.php:12

REST API Routes 1

POST/wp-json/yoohw/v1/noticeinc\backend\yoohw-news.php:109
WordPress Hooks 50
actionadmin_initinc\backend\actions\handle-cancellation-approval.php:10
actionadmin_noticesinc\backend\actions\handle-cancellation-approval.php:40
actionadmin_noticesinc\backend\actions\handle-cancellation-approval.php:62
actionadmin_initinc\backend\actions\handle-return-approval.php:10
actionadmin_noticesinc\backend\actions\handle-return-approval.php:49
actionadmin_noticesinc\backend\actions\handle-return-approval.php:63
actionupdate_option_order_cancel_cancellation_approvalinc\backend\actions\option-automate-update.php:10
actioninitinc\backend\actions\order-status.php:10
actioninitinc\backend\actions\order-status.php:11
filterwc_order_statusesinc\backend\actions\order-status.php:12
filterwc_order_statusesinc\backend\actions\order-status.php:13
filterwoocommerce_can_order_status_be_changedinc\backend\actions\order-status.php:14
filterwoocommerce_can_order_status_be_changedinc\backend\actions\order-status.php:15
actionwoocommerce_order_status_changedinc\backend\actions\store-order-status-change-date.php:10
actionwoocommerce_admin_order_data_after_shipping_addressinc\backend\edit-order-cancellation-approval.php:10
actionadmin_footerinc\backend\edit-order-cancellation-approval.php:11
actionwoocommerce_admin_order_data_after_shipping_addressinc\backend\edit-order-return-approval.php:10
actionadmin_footerinc\backend\edit-order-return-approval.php:11
filterwoocommerce_settings_tabs_arrayinc\backend\settings.php:16
actionwoocommerce_settings_tabs_ordersinc\backend\settings.php:17
actionwoocommerce_settings_tabs_ordersinc\backend\settings.php:18
actionwoocommerce_update_options_ordersinc\backend\settings.php:19
actionwoocommerce_settings_tabs_ordersinc\backend\settings.php:20
actionwoocommerce_update_options_ordersinc\backend\settings.php:21
actionwoocommerce_admin_field_available_timeinc\backend\settings.php:22
actionwoocommerce_settings_tabs_ordersinc\backend\settings.php:23
actionadmin_footerinc\backend\settings.php:599
actionadmin_menuinc\backend\yoohw-dashboard.php:19
actionadmin_menuinc\backend\yoohw-news.php:25
actionrest_api_initinc\backend\yoohw-news.php:26
actionadmin_noticesinc\backend\yoohw-news.php:27
actionadmin_initinc\backend\yoohw-news.php:28
actionadmin_initinc\backend\yoohw-news.php:29
filterwoocommerce_settings_tabs_arrayinc\backend\yoohw-woo-settings-tabs-reorder.php:9
actionadmin_enqueue_scriptsinc\cores\backend.php:13
filterwoocommerce_email_classesinc\cores\backend.php:14
actionadmin_initinc\cores\backend.php:15
actionwp_enqueue_scriptsinc\cores\frontend.php:9
filterwoocommerce_locate_templateinc\cores\frontend.php:10
actionadmin_noticesinc\cores\notices.php:9
actionadmin_enqueue_scriptsinc\cores\notices.php:11
actionwoocommerce_email_before_order_tableinc\emails\admin-email-cancelled-order.php:10
actionwoocommerce_email_before_order_tableinc\emails\admin-email-order-cancel-request.php:10
actionwoocommerce_email_before_order_tableinc\emails\admin-email-order-return-request.php:10
actionyoocr_wc_order_cancellation_return_handle_email_order_return_requestinc\emails\email-functions.php:10
actionwp_footerinc\frontend\form-cancel-order.php:10
actionwp_footerinc\frontend\form-return-order.php:10
actionwoocommerce_order_details_before_order_tableinc\frontend\order-details-actions-record.php:10
actionwoocommerce_order_details_after_order_tableinc\frontend\order-details-cancel-button.php:11
actionwoocommerce_order_details_after_order_tableinc\frontend\order-details-return-button.php:11
Maintenance & Trust

Order Cancellation & Returns for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 13, 2026
PHP min version7.4
Downloads3K

Community Trust

Rating100/100
Number of ratings1
Active installs100
Alternatives

Order Cancellation & Returns for WooCommerce Alternatives

PiWeb Cancel order / Refund request for WooCommerce

PiWeb Cancel order / Refund request for WooCommerce

cancel-order-request-woocommerce

A
100

Order cancellation request / Refund request / Return order request. Repeat order option to customer for WooCommerce

2K 1 CVE
Flexible Refund and Return Order for WooCommerce

Flexible Refund and Return Order for WooCommerce

flexible-refund-and-return-order-for-woocommerce

A
98

WooCommerce refund and returns process made simple. Let your customers request a refund and return products directly from the My Account page.

1K 2 CVEs
WC Cancel Order

WC Cancel Order

wc-cancel-order

A
100

Add order cancellation request functionality to your woocommerce powered store.

5K No CVEs
Return Refund and Exchange For WooCommerce

Return Refund and Exchange For WooCommerce

woo-refund-and-exchange-lite

A
92

Provide an easy refund service and increase customer satisfaction with WooCommerce Return Refund, and Exchange Warranty Management Plugin.

5K 5 CVEs
Prevent Customers To Cancel WooCommerce Orders

Prevent Customers To Cancel WooCommerce Orders

woo-prevent-cancel-order

A
85

This plugin prevents customers from cancelling a WooCommerce order. It will hide the Cancel button on My Account page for all user roles, except admin &hellip;

400 No CVEs
Developer Profile

Order Cancellation & Returns for WooCommerce Developer Profile

YoOhw Studio

7 plugins · 3K total installs

92
trust score
Avg Security Score
97/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Order Cancellation & Returns for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wc-order-cancellation-return/css/admin-style.css/wp-content/plugins/wc-order-cancellation-return/js/form-cancel-button.js/wp-content/plugins/wc-order-cancellation-return/js/form-return-button.js/wp-content/plugins/wc-order-cancellation-return/css/style.css
Script Paths
/wp-content/plugins/wc-order-cancellation-return/js/form-cancel-button.js/wp-content/plugins/wc-order-cancellation-return/js/form-return-button.js
Version Parameters
wc-order-cancellation-return/css/admin-style.css?ver=wc-order-cancellation-return/js/form-cancel-button.js?ver=wc-order-cancellation-return/js/form-return-button.js?ver=wc-order-cancellation-return/css/style.css?ver=

HTML / DOM Fingerprints

CSS Classes
wcocr-cancel-order-popup-contentwcocr-cancel-order-popup-formwcocr-cancel-order-popup-reasonwcocr-cancel-order-popup-termswcocr-cancel-order-popup-submitwcocr-return-order-popup-contentwcocr-return-order-popup-formwcocr-return-order-popup-reason+2 more
HTML Comments
<!-- WC Order Cancellation & Return Settings --><!-- Yoohw Dashboard Widget --><!-- Yoohw News Widget -->
Data Attributes
data-wcocr-cancel-order-iddata-wcocr-return-order-id
JS Globals
wcocr_cancel_order_varswcocr_return_order_vars
REST Endpoints
/wp-json/wc-order-cancellation-return/v1/handle-cancellation/wp-json/wc-order-cancellation-return/v1/handle-return
FAQ

Frequently Asked Questions about Order Cancellation & Returns for WooCommerce