WP-Safety

NikanWP WooCommerce Reporting Security & Risk Analysis

wordpress.org/plugins/wc-reports-lite

WooCommerce Reporting is a complete reporting solution for your store. It helps you track sales, monitor order trends, analyze product performance, an …

60 active installs v1.0.0 PHP 7.0+ WP 4.9+ Updated Jul 3, 2025
order-reportreportsale-reportstock-reporttax-report
78
B · Generally Safe
CVEs total1
Unpatched1
Last CVEOct 15, 2025
Plugin page Download
Safety Verdict

Is NikanWP WooCommerce Reporting Safe to Use in 2026?

Mostly Safe

Score 78/100

NikanWP WooCommerce Reporting is generally safe to use. 1 past CVE were resolved. Keep it updated.

1 known CVE 1 unpatched Last CVE: Oct 15, 2025Updated 9mo ago
Risk Assessment

The "wc-reports-lite" v1.0.0 plugin exhibits a mixed security posture. On one hand, it demonstrates good practices by largely utilizing prepared statements for SQL queries and avoiding file operations or external HTTP requests. The limited attack surface with zero unprotected entry points is also a positive indicator. However, significant concerns arise from the low rate of proper output escaping (46%), indicating a potential for cross-site scripting (XSS) vulnerabilities if not all outputs are adequately sanitized. The presence of two unsanitized paths in the taint analysis, even without a critical or high severity classification, warrants attention as these could be entry points for malicious data. The vulnerability history reveals a past medium-severity Cross-Site Request Forgery (CSRF) vulnerability, and critically, one unpatched CVE. This pattern suggests a history of security weaknesses that, while not always critical, require diligent maintenance and patching.

Key Concerns

  • Unpatched CVE present
  • Low percentage of properly escaped output
  • Taint flow with unsanitized path
  • Past CSRF vulnerability
Vulnerabilities
1

NikanWP WooCommerce Reporting Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-62957medium · 4.3Cross-Site Request Forgery (CSRF)

NikanWP WooCommerce Reporting <= 1.0.0 - Cross-Site Request Forgery

Oct 15, 2025Unpatched
Code Analysis
Analyzed Mar 16, 2026

NikanWP WooCommerce Reporting Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
24 prepared
Unescaped Output
106
89 escaped
Nonce Checks
0
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

96% prepared25 total queries

Output Escaping

46% escaped195 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
wcrl_settingsFieldsGeneral (includes\admin-pages\wcrl-settings.php:20)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

NikanWP WooCommerce Reporting Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 5
actionadd_meta_boxesincludes\admin-pages\wcrl-overview.php:11
actionadmin_enqueue_scriptsincludes\class-wcrl-admin-assets.php:12
actionadmin_menuincludes\class-wcrl-admin-menus.php:18
filterset-screen-optionincludes\class-wcrl-admin-menus.php:19
actioninitincludes\class-wcrl.php:36
Maintenance & Trust

NikanWP WooCommerce Reporting Maintenance & Trust

Maintenance Signals

WordPress version tested5.5.18
Last updatedJul 3, 2025
PHP min version7.0
Downloads2K

Community Trust

Rating100/100
Number of ratings1
Active installs60
Alternatives

NikanWP WooCommerce Reporting Alternatives

REPORTiT – Advanced Reporting for WooCommerce

REPORTiT – Advanced Reporting for WooCommerce

ithemelandco-woo-report

A
98

Stop guessing. Grow your sales with powerful, easy-to-understand reports and analytics for WooCommerce.

800 2 CVEs
Ni WooCommerce Sales Report

Ni WooCommerce Sales Report

ni-woocommerce-sales-report

A
100

Ni WooCommerce Sales Report Plugin - Generate Comprehensive Sales Reports for Your WooCommerce Store.

600 1 CVE
Advanced Reporting for Woocommerce

Advanced Reporting for Woocommerce

advanced-reporting-for-woocommerce

A
85

WooCommerce Advance Reporting System plugin is a plugin which shows you a complete sales report of Total Summary, Recent Orders, Top Billing Country, &hellip;

400 No CVEs
Order Reports for WooCommerce

Order Reports for WooCommerce

wc-order-reports

A
92

Product sales reports for woocommerce store, order overview, order status wise performance, sales report download and show options with product item d &hellip;

400 No CVEs
Order Reports for WooCommerce

Order Reports for WooCommerce

order-reports-for-woocommerce

A
85

Order Reports for WooCommerce by Payment Method, Order Status and Order Amount filtered by time frame selectors.

40 No CVEs
Developer Profile

NikanWP WooCommerce Reporting Developer Profile

NikanWP

2 plugins · 80 total installs

86
trust score
Avg Security Score
89/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect NikanWP WooCommerce Reporting

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wc-reports-lite/assets/css/admin-style.css/wp-content/plugins/wc-reports-lite/assets/css/admin-style-rtl.css/wp-content/plugins/wc-reports-lite/assets/css/persianDatepicker-default.css/wp-content/plugins/wc-reports-lite/assets/js/admin.js/wp-content/plugins/wc-reports-lite/assets/js/persianDatepicker.js
Script Paths
wp-content/plugins/wc-reports-lite/assets/js/admin.jswp-content/plugins/wc-reports-lite/assets/js/persianDatepicker.js
Version Parameters
wc-reports-lite/assets/css/admin-style.css?ver=wc-reports-lite/assets/css/admin-style-rtl.css?ver=wc-reports-lite/assets/css/persianDatepicker-default.css?ver=wc-reports-lite/assets/js/admin.js?ver=wc-reports-lite/assets/js/persianDatepicker.js?ver=

HTML / DOM Fingerprints

FAQ

Frequently Asked Questions about NikanWP WooCommerce Reporting