WP-Safety

Advanced Order Export For WooCommerce Security & Risk Analysis

wordpress.org/plugins/woo-order-export-lite

Export WooCommerce orders to Excel, CSV, XML, JSON, PDF and HTML. Best free order export plugin for WooCommerce.

100K active installs v4.0.7 PHP 7.4.0+ WP 4.7+ Updated Apr 7, 2026
exportexport-ordersorderorder-exportwoocommerce
90
A · Safe
CVEs total8
Unpatched0
Last CVENov 12, 2024
Download
Safety Verdict

Is Advanced Order Export For WooCommerce Safe to Use in 2026?

Generally Safe

Score 90/100

Advanced Order Export For WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

8 known CVEsLast CVE: Nov 12, 2024Updated 1mo ago
Risk Assessment

The "woo-order-export-lite" plugin v4.0.6 exhibits a mixed security posture. On the positive side, the static analysis reveals a small attack surface with no unprotected entry points, a high percentage of SQL queries using prepared statements, and a strong adherence to output escaping best practices. This suggests some effort has been made to implement secure coding fundamentals.

However, significant concerns arise from the presence of the `unserialize` function, a known source of deserialization vulnerabilities. While the taint analysis shows no critical or high severity flows, the existence of 20 flows with unsanitized paths warrants caution. Furthermore, the plugin's historical vulnerability record is troubling, with 8 known CVEs including critical and high severity issues like Deserialization of Untrusted Data and Code Injection. The recent vulnerability dated 2024-11-12 indicates that these historical patterns may persist, suggesting potential ongoing weaknesses.

In conclusion, while the current version shows improvements in some areas of static analysis, the reliance on `unserialize` and the plugin's history of severe vulnerabilities pose a considerable risk. Organizations using this plugin should exercise extreme caution, monitor for any newly disclosed vulnerabilities, and ideally seek alternatives or ensure rigorous patching and monitoring protocols are in place. The past incidents suggest a recurring pattern of security flaws that cannot be ignored.

Key Concerns

  • Presence of unserialize function
  • High number of unsanitized paths in taint analysis
  • History of 8 known CVEs
  • History includes critical severity vulnerabilities
  • History includes high severity vulnerabilities
  • Recent vulnerability (2024-11-12)
Vulnerabilities
8 published

Advanced Order Export For WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2018
2018
1 CVE in 2020
2020
2 CVEs in 2021
2021
2 CVEs in 2022
2022
2 CVEs in 2024
2024
Patched Has unpatched

Severity Breakdown

Critical
1
High
3
Medium
4

8 total CVEs

CVE-2024-10828high · 8.1Deserialization of Untrusted Data

Advanced Order Export For WooCommerce <= 3.5.5 - Unauthenticated PHP Object Injection via Order Details

Nov 12, 2024 Patched in 3.5.6 (1d)
CVE-2024-31266critical · 9.1Improper Control of Generation of Code ('Code Injection')

Advanced Order Export For WooCommerce <= 3.4.4 - Authenticated (Shop Manager+) Remote Code Execution

Apr 5, 2024 Patched in 3.4.5 (7d)
CVE-2022-40128high · 8.8Cross-Site Request Forgery (CSRF)

Advanced Order Export For WooCommerce <= 3.3.2 - Cross-Site Request Forgery

Oct 20, 2022 Patched in 3.3.3 (460d)
CVE-2022-35275medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advanced Order Export For WooCommerce <= 3.3.1 - Reflected Cross-Site Scripting

Aug 9, 2022 Patched in 3.3.2 (532d)
CVE-2021-24169medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advanced Order Export For WooCommerce <= 3.1.7 - Reflected Cross-Site Scripting

Mar 3, 2021 Patched in 3.1.8 (1056d)
CVE-2021-27349medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advanced Order Export for WooCommerce <= 3.1.7 - Cross-Site Scripting

Feb 22, 2021 Patched in 3.1.8 (1065d)
CVE-2020-11727medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advanced Order Export for WooCommerce <= 3.1.3 - Cross-Site Scripting

Apr 8, 2020 Patched in 3.1.4 (1385d)
CVE-2018-11525high · 7.8Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Advanced Order Export For WooCommerce <= 1.5.4 - CSV Injection

Jun 20, 2018 Patched in 1.5.5 (2043d)
Version History

Advanced Order Export For WooCommerce Release Timeline

v4.0.7Current
v4.0.6
v4.0.5
v4.0.4
v4.0.3
v4.0.2
v4.0.1
v4.0.0
v3.6.0
v3.5.7
v3.5.6
v3.5.51 CVE
CVE-2024-10828
v3.5.41 CVE
CVE-2024-10828
v3.5.31 CVE
CVE-2024-10828
v3.5.21 CVE
CVE-2024-10828
v3.5.11 CVE
CVE-2024-10828
v3.5.01 CVE
CVE-2024-10828
v3.4.61 CVE
CVE-2024-10828
v3.4.51 CVE
CVE-2024-10828
v3.4.42 CVEs
CVE-2024-31266 CVE-2024-10828
Code Analysis
Analyzed Mar 16, 2026

Advanced Order Export For WooCommerce Code Analysis

Dangerous Functions
4
Raw SQL Queries
32
123 prepared
Unescaped Output
66
512 escaped
Nonce Checks
4
Capability Checks
5
File Operations
100
External Requests
1
Bundled Libraries
1

Dangerous Functions Found

unserialize$arr = unserialize( trim($row[ $field ]), ['allowed_classes' => false] );classes\core\trait-woe-core-extractor.php:1015
unserialize$item = unserialize($rawItem );classes\formats\storage\class-woe-formatter-storage-csv.php:124
unserialize$item = unserialize( $rawItem );classes\formats\storage\class-woe-formatter-storage-csv.php:162
unserialize$item = unserialize( $rawItem );classes\formats\storage\class-woe-formatter-storage-csv.php:254

Bundled Libraries

Select2

SQL Query Safety

79% prepared155 total queries

Output Escaping

89% escaped578 total outputs
Data Flows · Security
20 unsanitized

Data Flow Analysis

23 flows20 with unsanitized paths
ajax_export_download_bulk_file (classes\admin\tabs\ajax\class-wc-order-export-ajax.php:35)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Advanced Order Export For WooCommerce Attack Surface

Entry Points1
Unprotected0

AJAX Handlers 1

authwp_ajax_order_exporterclasses\class-wc-order-export-admin.php:43
WordPress Hooks 30
actioninitclasses\class-wc-order-export-admin.php:26
actionadmin_menuclasses\class-wc-order-export-admin.php:29
actionadmin_enqueue_scriptsclasses\class-wc-order-export-admin.php:34
filterscript_loader_srcclasses\class-wc-order-export-admin.php:35
actionwp_loadedclasses\class-wc-order-export-admin.php:38
filterbulk_actions-edit-shop_orderclasses\class-wc-order-export-admin.php:46
filterhandle_bulk_actions-edit-shop_orderclasses\class-wc-order-export-admin.php:47
actionadmin_noticesclasses\class-wc-order-export-admin.php:51
filterbulk_actions-woocommerce_page_wc-ordersclasses\class-wc-order-export-admin.php:54
filterhandle_bulk_actions-woocommerce_page_wc-ordersclasses\class-wc-order-export-admin.php:55
actionadmin_noticesclasses\class-wc-order-export-admin.php:62
filtermanage_edit-shop_order_columnsclasses\class-wc-order-export-admin.php:69
filtermanage_edit-shop_order_sortable_columnsclasses\class-wc-order-export-admin.php:70
filtermanage_woocommerce_page_wc-orders_columnsclasses\class-wc-order-export-admin.php:71
filtermanage_woocommerce_page_wc-orders_sortable_columnsclasses\class-wc-order-export-admin.php:72
filterrequestclasses\class-wc-order-export-admin.php:73
actionmanage_shop_order_posts_custom_columnclasses\class-wc-order-export-admin.php:76
actionmanage_woocommerce_page_wc-orders_custom_columnclasses\class-wc-order-export-admin.php:77
actionadmin_print_stylesclasses\class-wc-order-export-admin.php:82
actionadmin_enqueue_scriptsclasses\class-wc-order-export-admin.php:83
actionlearn-press/admin/after-enqueue-scriptsclasses\class-wc-order-export-admin.php:299
actionwoe_export_finishedclasses\core\class-wc-order-export-engine.php:344
filterwoe_tax_rate_rounding_precisionclasses\core\class-wc-order-export-engine.php:362
filterwoe_sql_get_order_ids_order_byclasses\core\class-wc-order-export-engine.php:722
filtercomments_clausesclasses\core\class-wc-order-export-order-fields.php:487
filterwoe_csv_custom_output_funcclasses\formats\class-woe-formatter-csv.php:23
filterwoe_storage_sort_by_fieldclasses\formats\class-woe-formatter-pdf.php:164
filterwoe_storage_sort_by_fieldclasses\formats\class-woe-formatter-xls.php:232
actionbefore_woocommerce_initwoo-order-export-lite.php:32
actionadmin_noticeswoo-order-export-lite.php:41
Maintenance & Trust

Advanced Order Export For WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 7, 2026
PHP min version7.4.0
Downloads3.8M

Community Trust

Rating100/100
Number of ratings349
Active installs100K
Alternatives

Advanced Order Export For WooCommerce Alternatives

Order Export & Order Import for WooCommerce

Order Export & Order Import for WooCommerce

order-import-export-for-woocommerce

A
92

The best order export import plugin for WooCommerce. Easily import and export WooCommerce orders and WooCommerce coupons using CSV.

60K 7 CVEs
Export All Posts, Products, Orders, Refunds & Users

Export All Posts, Products, Orders, Refunds & Users

wp-ultimate-exporter

B
77

Export any WordPress website including WooCommerce data seamlessly with our powerful export plugin. Save records as CSV, XML, or Excel file for secure &hellip;

9K 9 CVEs
Store Exporter – Export WooCommerce Products, Orders, Subscriptions, Customers

Store Exporter – Export WooCommerce Products, Orders, Subscriptions, Customers

woocommerce-exporter

A
89

Export WooCommerce products, orders, customers, categories, tags, subscriptions & more into formatted files like CSV, XML, Excel 2007, XLS, XLSX.

7K 9 CVEs
Ninjalytics: Sales Reports & Order Export for WooCommerce and EDD

Ninjalytics: Sales Reports & Order Export for WooCommerce and EDD

product-sales-report-for-woocommerce

A
100

Create sales reports and order exports for WooCommerce with product analytics, order fulfillment data, filtering, charts, and 15+ templates.

6K No CVEs
GSheetConnector for WooCommerce – Send your Orders and Products to Google Sheet in Real-Time

GSheetConnector for WooCommerce – Send your Orders and Products to Google Sheet in Real-Time

wc-gsheetconnector

A
97

Google Sheets Integration for WooCommerce – Automatically send WooCommerce orders, products, variations, coupons, and customers to Google Sheets in re &hellip;

3K 3 CVEs
Developer Profile

Advanced Order Export For WooCommerce Developer Profile

algol.plus

3 plugins · 121K total installs

75
trust score
Avg Security Score
94/100
Avg Patch Time
571 days
View full developer profile
Detection Fingerprints

How We Detect Advanced Order Export For WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/woo-order-export-lite/assets/css/admin-settings.css/wp-content/plugins/woo-order-export-lite/assets/css/admin-styles.css/wp-content/plugins/woo-order-export-lite/assets/css/bootstrap.min.css/wp-content/plugins/woo-order-export-lite/assets/css/bootstrap-theme.min.css/wp-content/plugins/woo-order-export-lite/assets/css/font-awesome.min.css/wp-content/plugins/woo-order-export-lite/assets/css/jquery-ui.css/wp-content/plugins/woo-order-export-lite/assets/css/jquery.dataTables.min.css/wp-content/plugins/woo-order-export-lite/assets/css/select2.min.css+11 more
Script Paths
/wp-content/plugins/woo-order-export-lite/assets/js/admin-settings.js/wp-content/plugins/woo-order-export-lite/assets/js/bootstrap.min.js/wp-content/plugins/woo-order-export-lite/assets/js/dataTables.bootstrap.js/wp-content/plugins/woo-order-export-lite/assets/js/export-orders.js/wp-content/plugins/woo-order-export-lite/assets/js/frontend.js/wp-content/plugins/woo-order-export-lite/assets/js/jquery-ui.js+4 more
Version Parameters
woo-order-export-lite/assets/css/admin-settings.css?ver=woo-order-export-lite/assets/css/admin-styles.css?ver=woo-order-export-lite/assets/css/bootstrap.min.css?ver=woo-order-export-lite/assets/css/bootstrap-theme.min.css?ver=woo-order-export-lite/assets/css/font-awesome.min.css?ver=woo-order-export-lite/assets/css/jquery-ui.css?ver=woo-order-export-lite/assets/css/jquery.dataTables.min.css?ver=woo-order-export-lite/assets/css/select2.min.css?ver=woo-order-export-lite/assets/css/style.css?ver=woo-order-export-lite/assets/js/admin-settings.js?ver=woo-order-export-lite/assets/js/bootstrap.min.js?ver=woo-order-export-lite/assets/js/dataTables.bootstrap.js?ver=woo-order-export-lite/assets/js/export-orders.js?ver=woo-order-export-lite/assets/js/frontend.js?ver=woo-order-export-lite/assets/js/jquery-ui.js?ver=woo-order-export-lite/assets/js/jquery.dataTables.min.js?ver=woo-order-export-lite/assets/js/plugins.js?ver=woo-order-export-lite/assets/js/select2.full.min.js?ver=woo-order-export-lite/assets/js/script.js?ver=

HTML / DOM Fingerprints

CSS Classes
woe-admin-settings-wrapwoe-export-sectionwoe-profiles-listwoe-profile-itemwoe-schedule-settings
HTML Comments
<!--Stop if another version is active!--><!--declare compatibility on startup--><!--a small function to check startup conditions--><!--don't load for frontend !-->+11 more
Data Attributes
data-woe-iddata-woe-type
JS Globals
WOE_VERSIONwoe_params
FAQ

Frequently Asked Questions about Advanced Order Export For WooCommerce