WP-Safety

Order Limit For WooCommerce ( Free Version ) Security & Risk Analysis

wordpress.org/plugins/wc-order-limit-lite

Set WooCommerce order limits with ease. Control min/max quantities, cart totals, category rules, user role restrictions, and checkout limit.

800 active installs v3.1.2 PHP 7.4+ WP 4.4.0+ Updated Apr 6, 2026
categorylimitsordersproductswoocommerce
99
A · Safe
CVEs total2
Unpatched0
Last CVEFeb 23, 2025
Download
Safety Verdict

Is Order Limit For WooCommerce ( Free Version ) Safe to Use in 2026?

Generally Safe

Score 99/100

Order Limit For WooCommerce ( Free Version ) has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

2 known CVEsLast CVE: Feb 23, 2025Updated 1mo ago
Risk Assessment

The "wc-order-limit-lite" v3.1.1 plugin demonstrates a mixed security posture. While it excels in using prepared statements for all SQL queries and has a very high rate of output escaping, there are significant concerns regarding its attack surface. A substantial portion of its AJAX handlers (8 out of 8) lack authentication checks, presenting a clear vulnerability vector. The taint analysis shows two flows with unsanitized paths, although thankfully they are not classified as critical or high severity. The plugin's vulnerability history is concerning, with two known medium severity CVEs, even though none are currently unpatched. The pattern of 'Missing Authorization' in past vulnerabilities directly correlates with the current findings of unprotected AJAX handlers, suggesting a recurring issue that needs to be addressed.

Overall, the plugin shows good practices in data handling (SQL and output escaping), which is a strong positive. However, the large number of unprotected entry points, particularly AJAX handlers, and the historical trend of authorization flaws are significant weaknesses. The presence of unsanitized paths, even without critical severity, warrants attention. The conclusion is that while the plugin has foundational security strengths in its query and output handling, the lack of robust authentication on its AJAX endpoints and past authorization issues present a tangible risk that could be exploited. Addressing these authorization gaps is paramount for improving its security.

Key Concerns

  • Unprotected AJAX handlers
  • Flows with unsanitized paths
  • Medium severity CVEs in history
  • Bundled outdated library (Select2)
Vulnerabilities
2 published

Order Limit For WooCommerce ( Free Version ) Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2025-26928medium · 4.3Missing Authorization

Order Limit for WooCommerce <= 3.0.2 - Missing Authorization

Feb 23, 2025 Patched in 3.0.3 (9d)
CVE-2024-32675medium · 5.3Missing Authorization

Order Limit for WooCommerce <= 2.0.0 - Missing Authorization

Apr 17, 2024 Patched in 2.0.1 (7d)
Version History

Order Limit For WooCommerce ( Free Version ) Release Timeline

v3.1.2Current
v3.1.1
v3.1.0
v3.0.9
v3.0.8
v3.0.7
v3.0.6
v3.0.5
v3.0.4
v3.0.3
v3.0.21 CVE
CVE-2025-26928
v3.0.11 CVE
CVE-2025-26928
v3.0.01 CVE
CVE-2025-26928
v2.2.41 CVE
CVE-2025-26928
v2.2.31 CVE
CVE-2025-26928
v2.2.21 CVE
CVE-2025-26928
v2.2.11 CVE
CVE-2025-26928
v2.2.01 CVE
CVE-2025-26928
v2.0.11 CVE
CVE-2025-26928
v2.0.02 CVEs
CVE-2025-26928 CVE-2024-32675
Code Analysis
Analyzed Mar 16, 2026

Order Limit For WooCommerce ( Free Version ) Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
17 prepared
Unescaped Output
17
562 escaped
Nonce Checks
14
Capability Checks
12
File Operations
0
External Requests
0
Bundled Libraries
1

Bundled Libraries

Select2

SQL Query Safety

100% prepared17 total queries

Output Escaping

97% escaped579 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

6 flows2 with unsanitized paths
wcol_get_product (admin\class-wc-order-limit-admin.php:632)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
8 unprotected

Order Limit For WooCommerce ( Free Version ) Attack Surface

Entry Points13
Unprotected8

AJAX Handlers 8

authwp_ajax_wc_order_limit_send_deactivation_reasonincludes\class-wc-order-limit.php:163
authwp_ajax_wc_order_limit_save_settingsincludes\class-wc-order-limit.php:178
authwp_ajax_xswcol_delete_ruleincludes\class-wc-order-limit.php:179
authwp_ajax_wcol_load_new_rowincludes\class-wc-order-limit.php:191
authwp_ajax_wcol_get_productincludes\class-wc-order-limit.php:209
authwp_ajax_wcol_get_categoriesincludes\class-wc-order-limit.php:210
authwp_ajax_wcol_get_usersincludes\class-wc-order-limit.php:211
authwp_ajax_wcol_enable_disable_ruleincludes\class-wc-order-limit.php:212

REST API Routes 3

GET/wp-json/wcol/v1/rolesadmin\class-wc-order-limit-block.php:84
GET/wp-json/wcol/v1/usersadmin\class-wc-order-limit-block.php:93
GET/wp-json/wcol/v1/payment-methodsadmin\class-wc-order-limit-block.php:102

Shortcodes 2

[order-limit-for-woocommerce] includes\class-wc-order-limit-rule.php:56
[wc-order-limit-remaining] includes\class-wc-order-limit-rule.php:57
WordPress Hooks 53
actionadmin_noticesadmin\class-wc-order-limit-admin.php:561
actionadmin_noticesadmin\class-wc-order-limit-admin.php:567
actioninitadmin\class-wc-order-limit-block.php:56
actionwoocommerce_layout_template_after_instantiationadmin\class-wc-order-limit-block.php:75
filterwoocommerce_settings_tabs_arrayadmin\class-wc-order-limit-settings.php:37
actionwoocommerce_sections_wcol_settingsadmin\class-wc-order-limit-settings.php:38
actionwoocommerce_settings_wcol_settingsadmin\class-wc-order-limit-settings.php:39
actionwoocommerce_settings_save_wcol_settingsadmin\class-wc-order-limit-settings.php:40
actionadmin_headadmin\class-wc-order-limit-settings.php:41
actionadmin_noticesincludes\class-wc-order-limit-activator.php:51
actionplugins_loadedincludes\class-wc-order-limit.php:145
actionadmin_enqueue_scriptsincludes\class-wc-order-limit.php:160
actionadmin_enqueue_scriptsincludes\class-wc-order-limit.php:161
actionadmin_initincludes\class-wc-order-limit.php:162
filterwoocommerce_get_settings_pagesincludes\class-wc-order-limit.php:164
actionadmin_menuincludes\class-wc-order-limit.php:166
actionrest_api_initincludes\class-wc-order-limit.php:167
actionwoocommerce_rest_insert_product_objectincludes\class-wc-order-limit.php:168
actioninitincludes\class-wc-order-limit.php:169
actionadd_meta_boxesincludes\class-wc-order-limit.php:170
actionsave_postincludes\class-wc-order-limit.php:171
filterwp_insert_post_dataincludes\class-wc-order-limit.php:172
filterviews_edit-wcol_ruleincludes\class-wc-order-limit.php:173
filterparse_queryincludes\class-wc-order-limit.php:174
actionadmin_footerincludes\class-wc-order-limit.php:175
filterpost_updated_messagesincludes\class-wc-order-limit.php:176
actionadmin_head-post.phpincludes\class-wc-order-limit.php:177
actionwoocommerce_product_write_panel_tabsincludes\class-wc-order-limit.php:180
actionwoocommerce_product_data_panelsincludes\class-wc-order-limit.php:181
actionwoocommerce_process_product_metaincludes\class-wc-order-limit.php:182
actionwoocommerce_variation_optionsincludes\class-wc-order-limit.php:183
actionwoocommerce_variation_options_pricingincludes\class-wc-order-limit.php:184
filterwoocommerce_available_variationincludes\class-wc-order-limit.php:185
actionwoocommerce_save_product_variationincludes\class-wc-order-limit.php:186
actionproduct_cat_add_form_fieldsincludes\class-wc-order-limit.php:187
actionproduct_cat_edit_form_fieldsincludes\class-wc-order-limit.php:188
actioncreated_termincludes\class-wc-order-limit.php:189
actionedit_termincludes\class-wc-order-limit.php:190
actiontemplate_redirectincludes\class-wc-order-limit.php:193
actionwoocommerce_add_to_cart_validationincludes\class-wc-order-limit.php:194
actionwoocommerce_before_cartincludes\class-wc-order-limit.php:196
actionwoocommerce_after_checkout_validationincludes\class-wc-order-limit.php:197
actionwoocommerce_store_api_cart_errorsincludes\class-wc-order-limit.php:198
actionwoocommerce_store_api_checkout_update_order_from_requestincludes\class-wc-order-limit.php:199
actiontemplate_redirectincludes\class-wc-order-limit.php:202
actionwp_enqueue_scriptsincludes\class-wc-order-limit.php:203
filtermanage_wcol_rule_posts_columnsincludes\class-wc-order-limit.php:205
actionmanage_wcol_rule_posts_custom_columnincludes\class-wc-order-limit.php:206
actionbefore_woocommerce_initorder-limit-for-woocommerce.php:34
actionadmin_noticesorder-limit-for-woocommerce.php:42
actionadmin_noticesorder-limit-for-woocommerce.php:48
actionplugins_loadedorder-limit-for-woocommerce.php:56
actionadmin_noticesorder-limit-for-woocommerce.php:75
Maintenance & Trust

Order Limit For WooCommerce ( Free Version ) Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 6, 2026
PHP min version7.4
Downloads39K

Community Trust

Rating84/100
Number of ratings13
Active installs800
Alternatives

Order Limit For WooCommerce ( Free Version ) Alternatives

Export All Posts, Products, Orders, Refunds & Users

Export All Posts, Products, Orders, Refunds & Users

wp-ultimate-exporter

B
77

Export any WordPress website including WooCommerce data seamlessly with our powerful export plugin. Save records as CSV, XML, or Excel file for secure &hellip;

9K 9 CVEs
Store Exporter – Export WooCommerce Products, Orders, Subscriptions, Customers

Store Exporter – Export WooCommerce Products, Orders, Subscriptions, Customers

woocommerce-exporter

A
89

Export WooCommerce products, orders, customers, categories, tags, subscriptions & more into formatted files like CSV, XML, Excel 2007, XLS, XLSX.

7K 9 CVEs
Stickers for WooCommerce

Stickers for WooCommerce

woo-stickers-by-webline

A
100

Enhance your buyer's shopping experience by adding various stickers to your products in your WooCommerce Shop. Various stickers are available lik &hellip;

3K No CVEs
Order Export for WooCommerce

Order Export for WooCommerce

order-export-and-more-for-woocommerce

A
99

Export WooCommerce orders & export products with advanced filtering. Supports CSV & all Excel formats.

2K 2 CVEs
WOOF by Category

WOOF by Category

woof-by-category

A
92

WooCommerce Product Filter (WOOF) extension to display a set of filters depending on the current product category page.

2K No CVEs
Developer Profile

Order Limit For WooCommerce ( Free Version ) Developer Profile

Xfinitysoft

9 plugins · 4K total installs

99
trust score
Avg Security Score
98/100
Avg Patch Time
6 days
View full developer profile
Detection Fingerprints

How We Detect Order Limit For WooCommerce ( Free Version )

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wc-order-limit-lite/admin/css/bootstrap.min.css/wp-content/plugins/wc-order-limit-lite/admin/css/deactivation-feedback.css/wp-content/plugins/wc-order-limit-lite/admin/css/select2.min.css/wp-content/plugins/wc-order-limit-lite/admin/css/jquery-rain-date-time.min.css/wp-content/plugins/wc-order-limit-lite/admin/css/wc-order-limit-admin.css/wp-content/plugins/wc-order-limit-lite/admin/js/bootstrap.min.js/wp-content/plugins/wc-order-limit-lite/admin/js/select2.full.min.js/wp-content/plugins/wc-order-limit-lite/admin/js/jquery-rain-date-time.js+2 more
Script Paths
https://npmcdn.com/tether@1.2.4/dist/js/tether.min.js
Version Parameters
wc-order-limit-lite/admin/css/bootstrap.min.css?ver=wc-order-limit-lite/admin/css/deactivation-feedback.css?ver=wc-order-limit-lite/admin/css/select2.min.css?ver=wc-order-limit-lite/admin/css/jquery-rain-date-time.min.css?ver=wc-order-limit-lite/admin/css/wc-order-limit-admin.css?ver=wc-order-limit-lite/admin/js/bootstrap.min.js?ver=wc-order-limit-lite/admin/js/select2.full.min.js?ver=wc-order-limit-lite/admin/js/jquery-rain-date-time.js?ver=wc-order-limit-lite/admin/js/wc-order-limit-admin.js?ver=wc-order-limit-lite/admin/js/wc-order-limit-rule.js?ver=

HTML / DOM Fingerprints

CSS Classes
wcol-settingswcol-supportwc-order-limit-feedback-stylewc-order-limit-admin
HTML Comments
<!-- This function is provided for demonstration purposes only. --><!-- An instance of this class should be passed to the run() function --><!-- defined in WC_Order_Limit_Loader as all of the hooks are defined --><!-- in that particular class. -->+14 more
Data Attributes
data-wcol-nonce
JS Globals
wcolwcol_script_vars
FAQ

Frequently Asked Questions about Order Limit For WooCommerce ( Free Version )