Does Base ERP Invoices for WooCommerce have any unpatched vulnerabilities?

No. All known vulnerabilities in Base ERP Invoices for WooCommerce have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Base ERP Invoices for WooCommerce compatible with WordPress 6.9.4?

According to WordPress.org data, Base ERP Invoices for WooCommerce 1.0.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Base ERP Invoices for WooCommerce compatible with PHP 8.0+?

Base ERP Invoices for WooCommerce requires PHP 8.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Base ERP Invoices for WooCommerce updated?

Base ERP Invoices for WooCommerce was last updated on Feb 5, 2026. Frequent updates are generally a positive security signal.

What is Base ERP Invoices for WooCommerce's security score?

Base ERP Invoices for WooCommerce has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Base ERP Invoices for WooCommerce Security & Risk Analysis

wordpress.org/plugins/base-erp-invoices-for-woocommerce

Sync WooCommerce orders with Base ERP to automatically generate product invoices (NF-e).

0 active installs v1.0.0 PHP 8.0+ WP 4.4+ Updated Feb 5, 2026

asaasbaseclienterpwoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Base ERP Invoices for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Base ERP Invoices for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The "base-erp-invoices-for-woocommerce" v1.0.0 plugin presents a concerning security posture due to a significant number of unprotected entry points. While the plugin demonstrates good practices in its handling of SQL queries, opting for prepared statements, and generally good output escaping, the lack of authentication and permission checks on all identified AJAX handlers and the REST API route is a major weakness. This leaves these critical interaction points vulnerable to unauthorized access and potential manipulation by unauthenticated users.

The static analysis reveals that all four identified entry points (3 AJAX handlers and 1 REST API route) are unprotected, indicating a critical oversight in security implementation. Taint analysis found no critical or high-severity flows, which is a positive sign, suggesting that sensitive data might not be directly manipulated in a dangerous way if these entry points were exploited. However, the absence of vulnerability history, while seemingly positive, could also indicate a lack of rigorous historical security auditing or that the plugin is relatively new and less scrutinized in the wild.

In conclusion, the plugin has strengths in its database interaction and output sanitization. Nevertheless, the unprotected AJAX handlers and REST API route represent a significant attack surface that could be exploited by unauthenticated users. This vulnerability outweighs the positive aspects and requires immediate attention. The lack of past vulnerabilities should not be interpreted as a guarantee of future security, especially given the current exposure.

Key Concerns

4 unprotected entry points (AJAX/REST)
3 unprotected AJAX handlers
1 unprotected REST API route
0 capability checks

Vulnerabilities

None known

Base ERP Invoices for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Base ERP Invoices for WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

76 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

89% escaped85 total outputs

Data Flows

All sanitized

Data Flow Analysis

1 flows

<orders-list> (includes\orders-list.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

4 unprotected

Base ERP Invoices for WooCommerce Attack Surface

Entry Points4

Unprotected4

AJAX Handlers 3

authwp_ajax_baseerp_api_connectionincludes\Common\Api\Hook\ApiAjaxActions.php:19

authwp_ajax_baseerp_webhook_connectionincludes\Webhook\Hook\WebhookAjaxActions.php:20

authwp_ajax_baseerp_reenable_webhook_queueincludes\Webhook\Hook\WebhookAjaxActions.php:21

REST API Routes 1

POST/wp-json/base-erp-plugin/v1/webhook/includes\webhook.php:25

WordPress Hooks 58

actioninitbase-erp-invoices-for-woocommerce.php:26

actionplugins_loadedbase-erp-invoices-for-woocommerce.php:33

actionwoocommerce_order_action_generate_nfincludes\actions.php:12

actionadmin_enqueue_scriptsincludes\actions.php:14

filterhandle_bulk_actions-woocommerce_page_wc-ordersincludes\actions.php:365

filterhandle_bulk_actions-edit-shop_orderincludes\actions.php:366

filterbaseerp_settings_fieldsincludes\Common\Api\Hook\ApiSettingsPage.php:16

actionadmin_enqueue_scriptsincludes\Common\Api\Hook\ApiSettingsPage.php:17

actionadmin_enqueue_scriptsincludes\Common\Api\Hook\ApiSettingsPage.php:18

actionadmin_enqueue_scriptsincludes\Common\Api\Hook\ApiStatusSection.php:13

filterbaseerp_status_section_bodyincludes\Common\Api\Hook\ApiStatusSection.php:14

filterbaseerp_request_access_tokenincludes\Common\Api\Parameter\ApiRequestParameters.php:13

filterbaseerp_request_urlincludes\Common\Api\Parameter\ApiRequestParameters.php:23

filterbaseerp_advanced_settings_fieldsincludes\Common\Log\Hook\LogSettingsPage.php:12

actionadmin_noticesincludes\Customer\Hook\CustomerNotices.php:12

actionbaseerp_before_generate_invoice_requestincludes\Customer\Hook\GenerateInvoiceRequestCustomer.php:22

actionredirect_post_locationincludes\Customer\Hook\GenerateInvoiceRequestCustomer.php:23

actionadmin_noticesincludes\messages.php:94

actionwoocommerce_admin_order_data_after_shipping_addressincludes\order-nf-data.php:7

actionrestrict_manage_postsincludes\orders-list.php:8

actionwoocommerce_order_list_table_restrict_manage_ordersincludes\orders-list.php:9

filterparse_queryincludes\orders-list.php:71

filterwoocommerce_order_list_table_prepare_items_query_argsincludes\orders-list.php:72

actionmanage_edit-shop_order_columnsincludes\orders-list.php:111

actionmanage_woocommerce_page_wc-orders_columnsincludes\orders-list.php:112

actionmanage_shop_order_posts_custom_columnincludes\orders-list.php:127

actionmanage_woocommerce_page_wc-orders_custom_columnincludes\orders-list.php:128

actionwoocommerce_order_status_changedincludes\orders-status.php:7

actionwoocommerce_checkout_order_createdincludes\orders-status.php:21

actionadmin_noticesincludes\Product\Hook\DisplayNoticesOnProductPage.php:12

actionadmin_enqueue_scriptsincludes\Product\Hook\ProductStyleEnqueuer.php:12

filterwoocommerce_product_data_tabsincludes\Product\Hook\RegisterProductWooCommerceFields.php:13

actionwoocommerce_product_data_panelsincludes\Product\Hook\RegisterProductWooCommerceFields.php:14

actionbaseerp_product_panel_fieldsincludes\Product\Hook\RegisterProductWooCommerceFields.php:15

actionwoocommerce_update_productincludes\Product\Hook\SaveProduct.php:22

actionwoocommerce_new_productincludes\Product\Hook\SaveProduct.php:23

actionredirect_post_locationincludes\Product\Hook\SaveProduct.php:24

filterbulk_actions-edit-shop_orderincludes\register-actions.php:5

filterbulk_actions-woocommerce_page_wc-ordersincludes\register-actions.php:6

filterwoocommerce_page_wc-orders_actionsincludes\register-actions.php:15

filterwoocommerce_order_actionsincludes\register-actions.php:16

actionbaseerp_generate_invoiceincludes\scheduled-actions.php:8

actionwoocommerce_payment_completeincludes\scheduled-actions.php:38

actionadmin_enqueue_scriptsincludes\Setting\Hook\RegisterSettingsAssets.php:12

filterwoocommerce_get_settings_pagesincludes\Setting\Hook\RegisterSettingsPage.php:11

actionwoocommerce_system_status_reportincludes\Setting\Hook\RegisterStatusSection.php:11

filterbaseerp_request_argsincludes\Shipping\Hook\ShippingIssueRequest.php:13

actionbaseerp_before_generate_invoice_requestincludes\Shipping\Hook\ShippingIssueVerifier.php:20

actionredirect_post_locationincludes\Shipping\Hook\ShippingIssueVerifier.php:21

actionadmin_noticesincludes\Shipping\Hook\ShippingNotices.php:12

filterbaseerp_settings_fieldsincludes\Shipping\Hook\ShippingSettingsPage.php:18

filterbaseerp_settings_fieldsincludes\Webhook\Hook\WebhookSettingsPage.php:16

actionadmin_enqueue_scriptsincludes\Webhook\Hook\WebhookSettingsPage.php:17

actionadmin_enqueue_scriptsincludes\Webhook\Hook\WebhookSettingsPage.php:18

actionwoocommerce_admin_field_webhook_queueincludes\Webhook\Hook\WebhookSettingsPage.php:19

actionadmin_enqueue_scriptsincludes\Webhook\Hook\WebhookStatusSection.php:13

filterbaseerp_status_section_bodyincludes\Webhook\Hook\WebhookStatusSection.php:14

actionrest_api_initincludes\webhook.php:24

Maintenance & Trust

Base ERP Invoices for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 5, 2026

PHP min version8.0

Downloads150

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Base ERP Invoices for WooCommerce Alternatives

Weight Based Shipping Table Rate for WooCommerce – Flexible Shipping

flexible-shipping

Weight based shipping methods for WooCommerce. Flexible shipping with table rate rules by cart weight and order value. Accurate rates at checkout.

100K 2 CVEs

Weight Based Shipping for WooCommerce

weight-based-shipping-for-woocommerce

100

Weight Based Shipping is a flexible and widely-used solution to calculate shipping costs based on the total cart weight and value.

60K 1 CVE

Jetpack CRM – Clients, Leads, Invoices, Billing, Email Marketing, & Automation

zero-bs-crm

The CRM for small businesses. Manage leads, invoicing, billing, email marketing, clients, contacts, quotes, automation. Works with WooCommerce too.

30K 8 CVEs

Price Based on Country for WooCommerce

woocommerce-product-price-based-on-countries

100

Product Pricing and Currency based on Shopper's Country for WooCommerce with multi-currency support and geolocation to boost international sales.

20K No CVEs

Afterpay Gateway for WooCommerce

afterpay-gateway-for-woocommerce

Provide Afterpay as a payment option for WooCommerce orders.

10K 2 CVEs

Developer Profile

Base ERP Invoices for WooCommerce Developer Profile

Asaas

2 plugins · 9K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Base ERP Invoices for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/base-erp-invoices-for-woocommerce/base-erp.js

Script Paths