{"id":285220,"date":"2026-03-31T22:17:00","date_gmt":"2026-03-31T22:17:00","guid":{"rendered":"https:\/\/de.wordpress.org\/plugins\/widerrufsbutton-fuer-online-shops\/"},"modified":"2026-04-03T17:11:15","modified_gmt":"2026-04-03T17:11:15","slug":"widerrufsbutton","status":"publish","type":"plugin","link":"https:\/\/twd.wordpress.org\/plugins\/widerrufsbutton\/","author":23454092,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_crdt_document":"","version":"1.3.25","stable_tag":"1.3.25","tested":"6.9.4","requires":"6.7","requires_php":"8.0","requires_plugins":null,"header_name":"Widerrufsbutton f\u00fcr WooCommerce","header_author":"widerrufbutton.eu","header_description":"Adds a legally compliant withdrawal button and two-step withdrawal form for WooCommerce, including validation, logging, and email confirmation.","assets_banners_color":"393f5e","last_updated":"2026-04-03 17:11:15","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"","header_author_uri":"https:\/\/www.widerrufbutton.eu","rating":0,"author_block_rating":0,"active_installs":10,"downloads":78,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","faq","changelog"],"tags":{"1.3.25":{"tag":"1.3.25","author":"wbwiderrufbutton","date":"2026-04-03 17:11:15"}},"upgrade_notice":[],"ratings":[],"assets_icons":{"Icon-128x128.png":{"filename":"Icon-128x128.png","revision":3496030,"resolution":"128x128","location":"assets","locale":""},"Icon-256x256.png":{"filename":"Icon-256x256.png","revision":3496030,"resolution":"256x256","location":"assets","locale":""}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":3496030,"resolution":"1544x500","location":"assets","locale":""},"banner-772x250.png":{"filename":"banner-772x250.png","revision":3496030,"resolution":"772x250","location":"assets","locale":""}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.3.25"],"block_files":[],"assets_screenshots":{"Screenshot-1.png":{"filename":"Screenshot-1.png","revision":3496030,"resolution":"1","location":"assets","locale":""},"Screenshot-10.png":{"filename":"Screenshot-10.png","revision":3496030,"resolution":"10","location":"assets","locale":""},"Screenshot-11.png":{"filename":"Screenshot-11.png","revision":3496030,"resolution":"11","location":"assets","locale":""},"Screenshot-2.png":{"filename":"Screenshot-2.png","revision":3496030,"resolution":"2","location":"assets","locale":""},"Screenshot-3.png":{"filename":"Screenshot-3.png","revision":3496030,"resolution":"3","location":"assets","locale":""},"Screenshot-4.png":{"filename":"Screenshot-4.png","revision":3496030,"resolution":"4","location":"assets","locale":""},"Screenshot-5.png":{"filename":"Screenshot-5.png","revision":3496030,"resolution":"5","location":"assets","locale":""},"Screenshot-6.png":{"filename":"Screenshot-6.png","revision":3496030,"resolution":"6","location":"assets","locale":""},"Screenshot-7.png":{"filename":"Screenshot-7.png","revision":3496030,"resolution":"7","location":"assets","locale":""},"Screenshot-8.png":{"filename":"Screenshot-8.png","revision":3496030,"resolution":"8","location":"assets","locale":""},"Screenshot-9.png":{"filename":"Screenshot-9.png","revision":3496030,"resolution":"9","location":"assets","locale":""}},"screenshots":{"1":"Withdrawal button in the frontend","2":"Withdrawal form \u2013 step 1","3":"Withdrawal form \u2013 step 2","4":"Success confirmation after submission","5":"Admin overview of recorded withdrawals","6":"Admin detail view of a withdrawal","7":"Settings \u2013 form options","8":"Settings \u2013 texts and email content","9":"Settings \u2013 design options","10":"Plugin overview and status page","11":"Confirmation emails for customer and merchant"},"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[259146,76384,259147,259145,286],"plugin_category":[45],"plugin_contributors":[259148],"plugin_business_model":[],"class_list":["post-285220","plugin","type-plugin","status-publish","hentry","plugin_tags-elektronischer-widerruf","plugin_tags-widerruf","plugin_tags-widerruf-formular","plugin_tags-widerrufsbutton","plugin_tags-woocommerce","plugin_category-ecommerce","plugin_contributors-wbwiderrufbutton","plugin_committers-wbwiderrufbutton"],"banners":{"banner":"https:\/\/ps.w.org\/widerrufsbutton\/assets\/banner-772x250.png?rev=3496030","banner_2x":"https:\/\/ps.w.org\/widerrufsbutton\/assets\/banner-1544x500.png?rev=3496030","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/widerrufsbutton\/assets\/Icon-128x128.png?rev=3496030","icon_2x":"https:\/\/ps.w.org\/widerrufsbutton\/assets\/Icon-256x256.png?rev=3496030","generated":false},"screenshots":[{"src":"https:\/\/ps.w.org\/widerrufsbutton\/assets\/Screenshot-1.png?rev=3496030","caption":"Withdrawal button in the frontend"},{"src":"https:\/\/ps.w.org\/widerrufsbutton\/assets\/Screenshot-2.png?rev=3496030","caption":"Withdrawal form \u2013 step 1"},{"src":"https:\/\/ps.w.org\/widerrufsbutton\/assets\/Screenshot-3.png?rev=3496030","caption":"Withdrawal form \u2013 step 2"},{"src":"https:\/\/ps.w.org\/widerrufsbutton\/assets\/Screenshot-4.png?rev=3496030","caption":"Success confirmation after submission"},{"src":"https:\/\/ps.w.org\/widerrufsbutton\/assets\/Screenshot-5.png?rev=3496030","caption":"Admin overview of recorded withdrawals"},{"src":"https:\/\/ps.w.org\/widerrufsbutton\/assets\/Screenshot-6.png?rev=3496030","caption":"Admin detail view of a withdrawal"},{"src":"https:\/\/ps.w.org\/widerrufsbutton\/assets\/Screenshot-7.png?rev=3496030","caption":"Settings \u2013 form options"},{"src":"https:\/\/ps.w.org\/widerrufsbutton\/assets\/Screenshot-8.png?rev=3496030","caption":"Settings \u2013 texts and email content"},{"src":"https:\/\/ps.w.org\/widerrufsbutton\/assets\/Screenshot-9.png?rev=3496030","caption":"Settings \u2013 design options"},{"src":"https:\/\/ps.w.org\/widerrufsbutton\/assets\/Screenshot-10.png?rev=3496030","caption":"Plugin overview and status page"},{"src":"https:\/\/ps.w.org\/widerrufsbutton\/assets\/Screenshot-11.png?rev=3496030","caption":"Confirmation emails for customer and merchant"}],"raw_content":"<!--section=description-->\n<p>Widerrufsbutton provides a structured, two-step electronic withdrawal (right of revocation) process for WooCommerce shops \u2014 compliant with \u00a7 356a BGB and EU Directive 2011\/83\/EU. All submissions are logged in the WordPress backend for full audit traceability.<\/p>\n\n<p><strong>Free version features:<\/strong><\/p>\n\n<ul>\n<li>Withdrawal button via shortcode<\/li>\n<li>Withdrawal form via shortcode (place it anywhere)<\/li>\n<li>Optional modal mode or dedicated form page<\/li>\n<li>Two-step process: submission and confirmation<\/li>\n<li>WooCommerce order verification (order ID + email + withdrawal period)<\/li>\n<li>Email confirmation for customer and merchant<\/li>\n<li>Dedicated database table for audit logging<\/li>\n<li>Admin overview and detail view of all withdrawals<\/li>\n<li>Fully configurable texts, labels, error messages, and email content<\/li>\n<li>Theme-neutral base styling<\/li>\n<\/ul>\n\n<p><strong>Pro version add-ons:<\/strong><\/p>\n\n<ul>\n<li>Partial withdrawal (select individual items and quantities)<\/li>\n<li>Elementor &amp; Gutenberg block widgets<\/li>\n<li>PDF proof with integrity hash<\/li>\n<li>CSV export (bulk and individual download)<\/li>\n<li>HTML email templates<\/li>\n<li>Shortcode for WooCommerce email templates (order confirmation etc.)<\/li>\n<li>Advanced backend features<\/li>\n<\/ul>\n\n<p><strong>Security &amp; abuse protection:<\/strong><\/p>\n\n<ul>\n<li>Honeypot field (bots are silently rejected)<\/li>\n<li>Per-IP rate limiting (transients, IP stored as hash only)<\/li>\n<li>IP addresses are never stored in plain text<\/li>\n<li>Two-step confirmation with time-limited cryptographic token<\/li>\n<\/ul>\n\n<p><strong>Privacy:<\/strong><\/p>\n\n<p>The plugin stores only the data required to process and document a withdrawal: name, email address, order or contract reference, optional reason and remark, and timestamps. No data is transmitted to external servers. Emails are sent via the WordPress\/WooCommerce mail system.<\/p>\n\n<p><strong>Data retention &amp; uninstall:<\/strong><\/p>\n\n<p>Withdrawal records are retained until the shop operator deletes them. By default, plugin data is not removed on uninstall. Optionally, all plugin options and the withdrawal table can be deleted on uninstall (opt-in setting).<\/p>\n\n<p><strong>Legal notice:<\/strong><\/p>\n\n<p>This plugin provides a technical solution and does not replace individual legal advice.<\/p>\n\n<h3>Shortcodes<\/h3>\n\n<p>Widerrufsbutton:\n  [widerrufsbutton url=\"\/widerruf\"]<\/p>\n\n<p>Optional als Modal:\n  [widerrufsbutton target=\"modal\" layout=\"multi\"]<\/p>\n\n<p>Widerrufsformular:\n  [widerrufsformular]<\/p>\n\n<p>Layout-Option (mehrstufig):\n  [widerrufsformular layout=\"multi\"]<\/p>\n\n<h3>Settings<\/h3>\n\n<p>Admin location: Withdrawal Button \u2192 Settings<\/p>\n\n<p>Form tab:<\/p>\n\n<ul>\n<li>withdrawal period in days<\/li>\n<li>merchant email (optional)<\/li>\n<li>target URL for the withdrawal button<\/li>\n<li>optional data deletion on uninstall<\/li>\n<\/ul>\n\n<p>Text tab:<\/p>\n\n<ul>\n<li>headings and helper texts<\/li>\n<li>form labels<\/li>\n<li>button texts<\/li>\n<li>validation and error messages<\/li>\n<li>email subject lines and email body templates<\/li>\n<\/ul>\n\n<h3>Email placeholders<\/h3>\n\n<ul>\n<li>{customer_name}<\/li>\n<li>{customer_email}<\/li>\n<li>{contract_ref}<\/li>\n<li>{remark_line}<\/li>\n<li>{confirmed_at}<\/li>\n<li>{withdrawal_id}<\/li>\n<li>{admin_link}<\/li>\n<li>{statement}<\/li>\n<\/ul>\n\n<!--section=faq-->\n<dl>\n<dt id=\"does%20the%20plugin%20require%20woocommerce%3F\"><h3>Does the plugin require WooCommerce?<\/h3><\/dt>\n<dd><p>Yes. The free version validates withdrawal requests against WooCommerce orders.<\/p><\/dd>\n<dt id=\"can%20customers%20submit%20a%20withdrawal%20without%20logging%20in%3F\"><h3>Can customers submit a withdrawal without logging in?<\/h3><\/dt>\n<dd><p>Yes.<\/p><\/dd>\n<dt id=\"which%20order%20number%20format%20is%20supported%20in%20the%20free%20version%3F\"><h3>Which order number format is supported in the free version?<\/h3><\/dt>\n<dd><p>The free version validates the default WooCommerce order ID (numeric, for example 1234).<\/p><\/dd>\n<dt id=\"what%20personal%20data%20is%20stored%3F\"><h3>What personal data is stored?<\/h3><\/dt>\n<dd><p>Only the data needed to process and document a withdrawal request. IP addresses are not stored in plain text.<\/p><\/dd>\n<dt id=\"are%20data%20deleted%20automatically%3F\"><h3>Are data deleted automatically?<\/h3><\/dt>\n<dd><p>No. Withdrawal data are intended for legal documentation. Optional data deletion on uninstall is available.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>1.3.25<\/h4>\n\n<ul>\n<li>Fix: Removed backup file (withdrawal-form.js.bak) inadvertently included in the distribution archive.<\/li>\n<li>Fix: Wizard step tracking (step_texts_touched, step_design_touched) moved from a $<em>GET[settings-updated] check into pre_update_option<\/em> filter hooks. The wizard steps are now marked as completed inside the verified settings save flow, removing all unverified $_GET access from the settings screen.<\/li>\n<\/ul>\n\n<h4>1.3.24<\/h4>\n\n<ul>\n<li>Improvement: All SQL SELECT queries in class-wbwiderruf-db.php rewritten with fully literal column names, ORDER BY direction and column hardcoded per branch \u2014 no variable interpolation in any SQL template. Eliminates remaining PluginCheck.Security.DirectDB.UnescapedDBParameter warnings for $cols\/$col\/$dir.<\/li>\n<\/ul>\n\n<h4>1.3.23<\/h4>\n\n<ul>\n<li>Fix: Confirmation page (success step) now correctly appears after form submission. Root cause: the REST API validate_callback for pending_token had a length limit of 128 characters, which is shorter than real-world tokens (which include a full SHA-256 HMAC). Requests were silently rejected before reaching the callback.<\/li>\n<li>Fix: Database migration (v2) no longer converts freshly-created pending entries to submitted. Only entries with a confirmed_at timestamp are migrated. A v3 migration corrects any entries affected by the previous behaviour.<\/li>\n<li>Fix: JavaScript confirmStep() now uses a locally scoped error element instead of referencing the out-of-scope alert variable from the parent closure.<\/li>\n<li>Fix: Admin withdrawal list search now works correctly. The wbwiderruf_db_admin_list() call in the list table was passing positional arguments; updated to named array.<\/li>\n<li>Fix: Spurious status filter tabs (In Pr\u00fcfung, Fertig, Abgelehnt) removed from admin list. These statuses are not used by the Free version and always showed (0).<\/li>\n<li>Fix: ORDER BY column is now correctly passed through from admin list table to the database query.<\/li>\n<li>Improvement: All database queries in class-wbwiderruf-db.php rewritten to explicit per-branch $wpdb-&gt;prepare() calls, eliminating Plugin Check warnings about dynamically-constructed SQL strings.<\/li>\n<li>Improvement: db-schema.php migration queries use $wpdb-&gt;prepare() with %i table-name placeholder instead of raw string interpolation.<\/li>\n<li>Readme: Short description and main description section rewritten in English per wp.org requirements.<\/li>\n<\/ul>\n\n<h4>1.3.21<\/h4>\n\n<ul>\n<li>Review update: unique internal prefixes introduced for WordPress.org compliance.<\/li>\n<li>Review update: settings sanitization, request sanitization, nonce handling, and script enqueueing improved.<\/li>\n<li>Review update: compatibility layer added for migrated option keys and hooks.<\/li>\n<li>Review update: readme short description and description are now provided in English.<\/li>\n<\/ul>\n\n<h4>1.3.11<\/h4>\n\n<ul>\n<li>Fix: frontend form uses the correct REST routes again.<\/li>\n<\/ul>\n\n<h4>1.3.10<\/h4>\n\n<ul>\n<li>Removed manual load_plugin_textdomain() call.<\/li>\n<\/ul>\n\n<h4>1.3.7<\/h4>\n\n<ul>\n<li>REST validation consolidated.<\/li>\n<li>Fix: safe MySQL datetime conversion to RFC3339.<\/li>\n<li>Admin search improved.<\/li>\n<\/ul>\n\n<h4>1.3.6<\/h4>\n\n<ul>\n<li>Improved user-facing validation messages in the withdrawal form.<\/li>\n<\/ul>\n\n<h4>1.0.0<\/h4>\n\n<ul>\n<li>Initial Version released.<\/li>\n<\/ul>","raw_excerpt":"Electronic withdrawal button for WooCommerce with two-step form, order verification, audit log and email confirmation.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/twd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/285220","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/twd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/twd.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/twd.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=285220"}],"author":[{"embeddable":true,"href":"https:\/\/twd.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/wbwiderrufbutton"}],"wp:attachment":[{"href":"https:\/\/twd.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=285220"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/twd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=285220"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/twd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=285220"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/twd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=285220"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/twd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=285220"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/twd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=285220"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}