Does Widerrufsbutton have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Widerrufsbutton compatible with WordPress 6.9.4?

According to WordPress.org data, Widerrufsbutton 1.3.25 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Widerrufsbutton compatible with PHP 8.0+?

Widerrufsbutton requires PHP 8.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Widerrufsbutton updated?

Widerrufsbutton was last updated on Apr 3, 2026. Frequent updates are generally a positive security signal.

What is Widerrufsbutton's security score?

Widerrufsbutton has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Widerrufsbutton Security & Risk Analysis

wordpress.org/plugins/widerrufsbutton

Electronic withdrawal button for WooCommerce with two-step form, order verification, audit log and email confirmation.

20 active installs v1.3.25 PHP 8.0+ WP 6.7+ Updated Apr 3, 2026

elektronischer-widerrufwiderrufwiderruf-formularwiderrufsbuttonwoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Widerrufsbutton Safe to Use in 2026?

Generally Safe

Score 100/100

Widerrufsbutton has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The "widerrufsbutton" plugin v1.3.25 exhibits a generally strong security posture, with a notable absence of known vulnerabilities in its history. The code analysis reveals excellent practices in handling SQL queries, with all queries utilizing prepared statements, and a very high percentage of output escaping. This indicates a developer who understands fundamental WordPress security principles. However, there are areas for concern. The presence of 2 REST API routes without permission callbacks represents a significant attack surface that could potentially be exploited by unauthenticated users, leading to unauthorized actions or information disclosure. Furthermore, the taint analysis identified 3 flows with unsanitized paths, which, although not classified as critical or high severity, still suggest potential pathways for malicious input to be processed without adequate sanitization, which could lead to unexpected behavior or other vulnerabilities if combined with other factors.

Key Concerns

REST API routes without permission callbacks
Flows with unsanitized paths

Vulnerabilities

None known

Widerrufsbutton Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Widerrufsbutton Release Timeline

v1.3.25Current

Code Analysis

Analyzed Apr 16, 2026

Widerrufsbutton Code Analysis

Dangerous Functions

Raw SQL Queries

75 prepared

Unescaped Output

370 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared75 total queries

Output Escaping

99% escaped373 total outputs

Data Flows · Security

3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths

wbwiderruf_admin_render_widerrufe (includes/admin-widerrufe.php:154)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Widerrufsbutton Attack Surface

Entry Points6

Unprotected2

AJAX Handlers 2

authwp_ajax_wbwiderruf_search_pagesincludes/settings.php:298

authwp_ajax_wb_search_pagesincludes/settings.php:299

REST API Routes 2

GET/wp-json/widerrufsbutton/v1/withdrawal/pendingincludes/rest.php:6

GET/wp-json/widerrufsbutton/v1/withdrawal/confirmincludes/rest.php:78

Shortcodes 2

[widerrufsbutton] includes/shortcode-button.php:4

[widerrufsformular] includes/shortcode-form.php:4

WordPress Hooks 16

actionadmin_menuincludes/admin-settings.php:20

actionadmin_menuincludes/admin-widerrufe.php:112

actionplugins_loadedincludes/compat.php:107

actionwbwiderruf_withdrawal_confirmedincludes/emails.php:4

filtergettextincludes/i18n-fallback.php:9

actionadmin_initincludes/microcopy-admin.php:4

actionrest_api_initincludes/rest.php:4

actionadmin_initincludes/settings.php:85

actionplugins_loadedincludes/settings.php:376

actionplugins_loadedincludes/settings.php:377

actionadmin_initincludes/style-admin.php:4

actionadmin_enqueue_scriptsincludes/style-admin.php:54

actioninitwithdrawal-button.php:93

actionplugins_loadedwithdrawal-button.php:96

actionplugins_loadedwithdrawal-button.php:109

actionadmin_initwithdrawal-button.php:112

Maintenance & Trust

Widerrufsbutton Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedApr 3, 2026

PHP min version8.0

Downloads134

Community Trust

Rating0/100

Number of ratings0

Active installs20

Alternatives

Widerrufsbutton Alternatives

Essential Addons for Elementor – Popular Elementor Templates & Widgets

essential-addons-for-elementor-lite

Elementor addon offering 110+ widgets and templates — Elementor Gallery, Slider, Form, Post Grid, Menu, Accordion, WooCommerce & more.

2.0M 59 CVEs

Limit Login Attempts Reloaded – Login Security, 2FA, Brute Force Protection & Firewall

limit-login-attempts-reloaded

Stop password guessing attacks, secure WooCommerce, block bad IPs, block by countries (Pro), and add email 2FA. Lightweight with better performance.

2.0M 4 CVEs

Google for WooCommerce

google-listings-and-ads

Native integration with Google that allows merchants to easily display their products across Google’s network.

900K 1 CVE

WooPayments: Integrated WooCommerce Payments

woocommerce-payments

Securely accept credit and debit cards on your WooCommerce store. Manage payments without leaving your WordPress dashboard. Only with WooPayments.

900K 7 CVEs

WooCommerce PayPal Payments

woocommerce-paypal-payments

100

PayPal's latest payment processing solution. Accept PayPal, Pay Later, credit/debit cards, alternative digital wallets and bank accounts.

800K 1 CVE

Developer Profile

Widerrufsbutton Developer Profile

wbwiderrufbutton

1 plugin · 20 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Widerrufsbutton

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/widerrufsbutton/assets/withdrawal-button.css/wp-content/plugins/widerrufsbutton/assets/withdrawal-modal.css/wp-content/plugins/widerrufsbutton/assets/withdrawal-modal.js/wp-content/plugins/widerrufsbutton/assets/withdrawal-form.css/wp-content/plugins/widerrufsbutton/assets/withdrawal-form.js

Script Paths

/wp-content/plugins/widerrufsbutton/assets/withdrawal-modal.js/wp-content/plugins/widerrufsbutton/assets/withdrawal-form.js

Version Parameters

widerrufsbutton/assets/withdrawal-button.css?ver=widerrufsbutton/assets/withdrawal-modal.css?ver=widerrufsbutton/assets/withdrawal-modal.js?ver=widerrufsbutton/assets/withdrawal-form.css?ver=widerrufsbutton/assets/withdrawal-form.js?ver=

HTML / DOM Fingerprints

CSS Classes

wbwbwbwb-btnwbmodalwbmodal__backdropwbmodal__panelwbmodal__headwbmodal__titlewbmodal__close+11 more

Data Attributes

data-wb-modal-opendata-wb-modal-closedata-layout

JS Globals

window.wbwiderruf_plugin_vars

Shortcode Output

[widerrufsbutton][widerrufsformular]

FAQ