WP-Safety

Billingo Official for WooCommerce Security & Risk Analysis

wordpress.org/plugins/billingo

Hivatalos Billingo összeköttetés WooCommerce-hez.

3K active installs v4.2.9 PHP 8.1+ WP 6.8+ Updated Dec 17, 2025
billingobillingo-humagyarszamlazaswoocommerce
74
B · Generally Safe
CVEs total2
Unpatched1
Last CVEJul 10, 2025
Download
Safety Verdict

Is Billingo Official for WooCommerce Safe to Use in 2026?

Mostly Safe

Score 74/100

Billingo Official for WooCommerce is generally safe to use. 2 past CVEs were resolved. Keep it updated.

2 known CVEs 1 unpatched Last CVE: Jul 10, 2025Updated 3mo ago
Risk Assessment

The Billingo plugin v4.2.9 demonstrates several good security practices, including a significant percentage of properly escaped outputs and the exclusive use of prepared statements for SQL queries. The absence of critical or high severity taint flows, along with no identified unsanitized paths, suggests a relatively clean internal code structure regarding input handling. The plugin also incorporates a decent number of nonce and capability checks, and a limited attack surface with all identified entry points appearing to have authentication checks. However, the plugin's vulnerability history is a significant concern. With two known CVEs, and one still unpatched at a high severity, this indicates a recurring pattern of security weaknesses. The types of past vulnerabilities, Improper Privilege Management and Cross-site Scripting, are critical areas that require robust and ongoing attention. The presence of a bundled library (Guzzle) also introduces a potential dependency risk if not actively maintained and updated against its own known vulnerabilities.

Key Concerns

  • Unpatched high severity CVE
  • Past vulnerabilities: Improper Privilege Management
  • Past vulnerabilities: Cross-site Scripting
  • Bundled library (Guzzle) potential risk
Vulnerabilities
2

Billingo Official for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2022
2022
1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

High
1
Medium
1

2 total CVEs

CVE-2025-49950high · 7.2Improper Privilege Management

Official Integration for Billingo <= 4.2.5 - Authenticated (Shop Manager+) Privilege Escalation

Jul 10, 2025Unpatched
CVE-2022-3420medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Official Integration for Billingo <= 3.3.9 - Reflected Cross-Site Scripting

Oct 7, 2022 Patched in 3.4.0 (473d)
Code Analysis
Analyzed Mar 16, 2026

Billingo Official for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
5 prepared
Unescaped Output
18
67 escaped
Nonce Checks
11
Capability Checks
7
File Operations
5
External Requests
0
Bundled Libraries
1

Bundled Libraries

Guzzle

SQL Query Safety

100% prepared5 total queries

Output Escaping

79% escaped85 total outputs
Data Flows
All sanitized

Data Flow Analysis

4 flows
save_api_settings (src\WooCommerce\Controllers\WC_Billingo_Admin_Controller.php:648)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Billingo Official for WooCommerce Attack Surface

Entry Points3
Unprotected0

AJAX Handlers 3

authwp_ajax_billingo_dismiss_notificationsrc\WooCommerce\Traits\Admin_Init.php:27
authwp_ajax_wc_billingo_generate_invoicesrc\WooCommerce\Traits\Standard_Init.php:27
authwp_ajax_wc_billingo_storno_invoicesrc\WooCommerce\Traits\Standard_Init.php:28
WordPress Hooks 26
actionupgrader_process_completeindex.php:37
actioninitindex.php:64
actioninitindex.php:67
filterwoocommerce_email_enabled_customer_completed_ordersrc\WooCommerce\Controllers\Billingo_Controller.php:213
filterwoocommerce_email_enabled_customer_refunded_ordersrc\WooCommerce\Controllers\Billingo_Controller.php:214
filterwoocommerce_email_enabled_customer_processing_ordersrc\WooCommerce\Controllers\Billingo_Controller.php:215
filterwoocommerce_email_enabled_customer_on_hold_ordersrc\WooCommerce\Controllers\Billingo_Controller.php:216
actionadmin_noticessrc\WooCommerce\Controllers\WC_Billingo_Admin_Controller.php:640
actionwoocommerce_thankyousrc\WooCommerce\Service\Billingo_Checkout_Fields.php:22
filterwoocommerce_checkout_fieldssrc\WooCommerce\Service\Billingo_Checkout_Fields.php:54
actionwoocommerce_checkout_processsrc\WooCommerce\Service\Billingo_Checkout_Fields.php:55
actionwoocommerce_checkout_update_order_metasrc\WooCommerce\Service\Billingo_Checkout_Fields.php:56
actionwoocommerce_admin_order_data_after_billing_addresssrc\WooCommerce\Service\Billingo_Checkout_Fields.php:57
actionwoocommerce_order_details_after_customer_detailssrc\WooCommerce\Service\Billingo_Checkout_Fields.php:58
actionadmin_initsrc\WooCommerce\Traits\Admin_Init.php:17
filterwoocommerce_settings_tabs_arraysrc\WooCommerce\Traits\Admin_Init.php:18
actionwoocommerce_settings_tabs_settings_tab_billingosrc\WooCommerce\Traits\Admin_Init.php:19
actionwoocommerce_update_options_settings_tab_billingosrc\WooCommerce\Traits\Admin_Init.php:20
actionadd_meta_boxessrc\WooCommerce\Traits\Admin_Init.php:21
filterplugin_action_links_billingonew/index.phpsrc\WooCommerce\Traits\Admin_Init.php:22
actionadmin_noticessrc\WooCommerce\Traits\Admin_Init.php:26
actionmanage_woocommerce_page_wc-orders_custom_columnsrc\WooCommerce\Traits\Admin_Init.php:30
actionmanage_shop_order_posts_custom_columnsrc\WooCommerce\Traits\Admin_Init.php:31
actionadmin_headsrc\WooCommerce\Traits\Admin_Init.php:32
actionwoocommerce_email_before_order_tablesrc\WooCommerce\Traits\Standard_Init.php:29
actionwoocommerce_thankyousrc\WooCommerce\Traits\Standard_Init.php:33
Maintenance & Trust

Billingo Official for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedDec 17, 2025
PHP min version8.1
Downloads86K

Community Trust

Rating82/100
Number of ratings14
Active installs3K
Alternatives

Billingo Official for WooCommerce Alternatives

Billingo Plus integráció WooCommerce-hez

Billingo Plus integráció WooCommerce-hez

woo-billingo-plus

A
100

Billingo integráció WooCommerce-hez rengeteg extra funkcióval

900 No CVEs
HuCommerce | Magyar kiegészítések WooCommerce webáruházakhoz

HuCommerce | Magyar kiegészítések WooCommerce webáruházakhoz

surbma-magyar-woocommerce

A
100

Hasznos javítások és kiegészítések a magyar WooCommerce webáruházakhoz.

10K No CVEs
Számlázz.hu integráció WooCommerce-hez

Számlázz.hu integráció WooCommerce-hez

integration-for-szamlazzhu-woocommerce

A
100

Számlázz.hu összeköttetés WooCommerce-hez.

7K No CVEs
Integration for Billingo & Gravity Forms

Integration for Billingo & Gravity Forms

integration-for-billingo-gravity-forms

A
100

Billingo összeköttetés Gravity Forms-hoz(nem hivatalos bővítmény)

10 No CVEs
Számlahegy WooCommerce

Számlahegy WooCommerce

szamlahegy-woocommerce

A
85

A Számlahegy online számlázó program plugin-je Wordpress Woocommerce webáruházhoz.

10 No CVEs
Developer Profile

Billingo Official for WooCommerce Developer Profile

billingo

1 plugin · 3K total installs

61
trust score
Avg Security Score
74/100
Avg Patch Time
473 days
View full developer profile
Detection Fingerprints

How We Detect Billingo Official for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/billingo/admin/js/global.js/wp-content/plugins/billingo/admin/images/ajax-loader.gif
Script Paths
/wp-content/plugins/billingo/vendor/bin/simple-circle-ci-detector/wp-content/plugins/billingo/vendor/bin/simple-circle-ci-detector.php
Version Parameters
billingo/admin/js/global.js?ver=

HTML / DOM Fingerprints

Data Attributes
data-wc-billingo-settings-api-sectiondata-wc-billingo-settings-sections-wrapper
JS Globals
wc_billingo_params
FAQ

Frequently Asked Questions about Billingo Official for WooCommerce