WP-Safety

Better Customer List for WooCommerce Security & Risk Analysis

wordpress.org/plugins/woo-better-customer-list

This plugin will no longer be maintained. This functionality can now be achieved by using the built-in WooCommerce Analytics.

100 active installs v1.2.3 PHP + WP 4.7+ Updated Feb 26, 2025
bettercustomerlistuserwoocommerce
71
B · Generally Safe
CVEs total1
Unpatched1
Last CVEFeb 21, 2025
Download
Safety Verdict

Is Better Customer List for WooCommerce Safe to Use in 2026?

Mostly Safe

Score 71/100

Better Customer List for WooCommerce is generally safe to use though it hasn't been updated recently. 1 past CVE were resolved. Keep it updated.

1 known CVE 1 unpatched Last CVE: Feb 21, 2025Updated 1yr ago
Risk Assessment

The "woo-better-customer-list" plugin version 1.2.3 exhibits a mixed security posture. While it avoids dangerous functions and external HTTP requests, and has a decent percentage of properly escaped output, significant concerns arise from its attack surface and vulnerability history. The plugin exposes two AJAX handlers without any authentication or capability checks, creating a direct entry point for unauthenticated attackers. Furthermore, a taint analysis revealed one flow with an unsanitized path, which could potentially lead to vulnerabilities if exploited, though it's not classified as critical or high severity. The plugin's history of known vulnerabilities, including an unpatched medium severity Cross-Site Scripting (XSS) issue from 2025, is a major red flag. The recurring nature of such vulnerabilities suggests a lack of robust secure coding practices within the development process, particularly in input validation and output sanitization.

Key Concerns

  • Unprotected AJAX handlers
  • Flow with unsanitized path
  • Unpatched CVE (Medium severity XSS)
  • Missing nonce checks on AJAX handlers
  • Missing capability checks on AJAX handlers
  • SQL query not using prepared statements
  • Improperly escaped output
Vulnerabilities
1

Better Customer List for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

WF-d089bfee-3d23-4d35-83e0-7575702a21b4-woo-better-customer-listmedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Better Customer List for WooCommerce <= 1.2.3 - Reflected Cross-Site Scripting

Feb 21, 2025Unpatched
Code Analysis
Analyzed Mar 16, 2026

Better Customer List for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
1 prepared
Unescaped Output
8
23 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

50% prepared2 total queries

Output Escaping

74% escaped31 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

4 flows1 with unsanitized paths
<list-customers-admin> (pages\list-customers-admin.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Better Customer List for WooCommerce Attack Surface

Entry Points2
Unprotected2

AJAX Handlers 2

authwp_ajax_blz_bcl_caluotwoocommerce-better-cus-list.php:143
authwp_ajax_blz_bcl_caluoswoocommerce-better-cus-list.php:156
WordPress Hooks 6
actioninitwoocommerce-better-cus-list.php:49
actionadmin_menuwoocommerce-better-cus-list.php:69
filterwoocommerce_settings_tabs_arraywoocommerce-better-cus-list.php:91
actionwoocommerce_settings_tabs_settings_tab_blz_bclwoocommerce-better-cus-list.php:92
actionwoocommerce_update_options_settings_tab_blz_bclwoocommerce-better-cus-list.php:93
actionadmin_enqueue_scriptswoocommerce-better-cus-list.php:135
Maintenance & Trust

Better Customer List for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested5.5.18
Last updatedFeb 26, 2025
PHP min version
Downloads9K

Community Trust

Rating74/100
Number of ratings3
Active installs100
Alternatives

Better Customer List for WooCommerce Alternatives

WP Mechanic

WP Mechanic

wp-mechanic

A
92

WP Mechanic is a combination of WordPress and Android Playstore Applications. Experience a set of hybrid software applications.

10 No CVEs
Product Customer List for WooCommerce

Product Customer List for WooCommerce

wc-product-customer-list

A
92

Display a list of customers who bought a specific product at the bottom of the product edit page in WooCommerce and send them e-mails.

9K No CVEs
Fraud Prevention For WooCommerce and EDD

Fraud Prevention For WooCommerce and EDD

woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers

A
95

It will Prevent fake orders and Blacklist fraud customers of your store.

5K 3 CVEs
Blacklist Manager – WooCommerce Anti-Fraud & Checkout Verification & Spam Prevention

Blacklist Manager – WooCommerce Anti-Fraud & Checkout Verification & Spam Prevention

wc-blacklist-manager

A
100

Anti-fraud, checkout verification and spam prevention plugin for WooCommerce and WordPress forms.

2K No CVEs
PiWeb Export Customers Users & Guest customer to CSV for WooCommerce

PiWeb Export Customers Users & Guest customer to CSV for WooCommerce

export-woocommerce-customer-list

A
100

Export WooCommerce customer list CSV, export WooCommerce guest customer list CSV, export WordPress users CSV, Product Customer List for WooCommerce

1K 1 CVE
Developer Profile

Better Customer List for WooCommerce Developer Profile

Blaze Concepts

6 plugins · 2K total installs

82
trust score
Avg Security Score
83/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Better Customer List for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/woo-better-customer-list/js/ajax-load.js

HTML / DOM Fingerprints

Data Attributes
wc-settings-tab-blz-bclWC_Settings_Tab_BLZ_BCL_general_sectionWC_Settings_Tab_BLZ_BCL_cus_statusWC_Settings_Tab_BLZ_BCL_general_end
JS Globals
blz_bcl_ajax_object
FAQ

Frequently Asked Questions about Better Customer List for WooCommerce