Does Billy have any unpatched vulnerabilities?

No. All known vulnerabilities in Billy have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Billy compatible with WordPress 7.0?

According to WordPress.org data, Billy 2.2.1 has been tested up to WordPress 7.0. Check the plugin's changelog for the latest compatibility information.

Is Billy compatible with PHP 8.2+?

Billy requires PHP 8.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Billy updated?

Billy was last updated on Feb 26, 2026. Frequent updates are generally a positive security signal.

What is Billy's security score?

Billy has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Billy Security & Risk Analysis

wordpress.org/plugins/billy

Create invoices, quotes and keep track of your earnings and expenses with this billing suite—tailored for freelancers and small agencies.

10 active installs v2.2.1 PHP 8.2+ WP 6.6+ Updated Feb 26, 2026

accountingbillinginvoiceinvoicesquote

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Billy Safe to Use in 2026?

Generally Safe

Score 100/100

Billy has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The "billy" v2.2.1 plugin exhibits a generally strong security posture based on the provided static analysis and vulnerability history. The lack of any known CVEs and the fact that all identified SQL queries utilize prepared statements are positive indicators of secure development practices. Furthermore, the plugin demonstrates good output escaping hygiene with 91% of outputs being properly escaped. The presence of nonce and capability checks, although limited, suggests an awareness of WordPress security best practices. However, a single flow with an unsanitized path identified in the taint analysis warrants attention, even if it didn't result in a critical or high-severity finding. This indicates a potential for issues related to file operations or path manipulation that, while not exploited in this version, could be a vulnerability point in other contexts.

Key Concerns

Flow with unsanitized paths

Vulnerabilities

None known

Billy Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Billy Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

75 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

TCPDF

SQL Query Safety

100% prepared2 total queries

Output Escaping

91% escaped82 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths

<out> (vendor-prefixed\mpdf\mpdf\data\out.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Billy Attack Surface

Entry Points1

Unprotected0

REST API Routes 1

GET/wp-json/export/pdfinc\class-pdfexport.php:86

WordPress Hooks 32

actionadmin_menubilly.php:70

actionadmin_noticesbilly.php:88

actionadmin_noticesbilly.php:105

actionadmin_initbilly.php:116

actionadmin_noticesbilly.php:122

actionadmin_noticesbilly.php:139

actionadmin_noticesbilly.php:156

actionplugins_loadedbilly.php:191

filterduplicate_post_enabled_post_typesbilly.php:206

filterduplicate_post_excludelist_filterbilly.php:218

actiondp_duplicate_postbilly.php:236

actionwp_dashboard_setupinc\class-admin.php:14

actionadmin_enqueue_scriptsinc\class-admin.php:17

actionenqueue_block_assetsinc\class-admin.php:18

actioncustomize_registerinc\class-admin.php:21

filterdefault_contentinc\class-admin.php:24

actionrest_after_insert_billy-invoiceinc\class-admin.php:27

actionrest_after_insert_billy-quoteinc\class-admin.php:28

actionrest_after_insert_billy-accountinginc\class-admin.php:29

filterwp_insert_post_datainc\class-admin.php:30

filterpost_row_actionsinc\class-admin.php:33

actioninitinc\class-billy.php:96

actionafter_register_post_typeinc\class-billy.php:98

actionwp_enqueue_scriptsinc\class-billy.php:101

filterprivate_title_formatinc\class-billy.php:104

filterprotected_title_formatinc\class-billy.php:105

filterthe_contentinc\class-billy.php:108

filterrest_prepare_billy-invoiceinc\class-billy.php:115

filterrest_prepare_billy-quoteinc\class-billy.php:116

actioninitinc\class-blocks.php:13

filterblock_categories_allinc\class-blocks.php:16

actionrest_api_initinc\class-pdfexport.php:67

Maintenance & Trust

Billy Maintenance & Trust

Maintenance Signals

WordPress version tested7.0

Last updatedFeb 26, 2026

PHP min version8.2

Downloads6K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Billy Alternatives

myEasyCompta

my-easy-compta

myEasyCompta is a comprehensive and modern accounting solution for WordPress, specifically designed for freelancers and small businesses.

40 No CVEs

Invoct – PDF Invoices & Billing for WooCommerce

kirilkirkov-pdf-invoice-manager

Professional PDF invoicing & billing for WooCommerce and WordPress, with Stripe payments and automated VAT/tax handling.

0 1 CVE

Invoice Gateway for WooCommerce – Invoice Payment Gateway

invoice-gateway-for-woocommerce

100

Add a WooCommerce invoice gateway to your store. An easy invoicing payment gateway solution for WooCommerce.

2K No CVEs

Client Invoicing by Sprout Invoices – Easy Estimates and Invoices for WordPress

sprout-invoices

The best invoicing plugin for WordPress. See how you can get paid faster without those hidden service fees.

1K 8 CVEs

Easy Invoice – Professional Invoice & Quote Generator

easy-invoice

WordPress invoicing solution for freelancers & businesses. Create invoices, PDF quotes, accept payments, and automate billing—all in one plugin.

500 2 CVEs

Developer Profile

Billy Developer Profile

them.es

4 plugins · 2K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Billy

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/billy/assets/css/admin.css/wp-content/plugins/billy/assets/css/billy.css/wp-content/plugins/billy/assets/js/admin.js/wp-content/plugins/billy/assets/js/billing.js/wp-content/plugins/billy/assets/js/quote.js/wp-content/plugins/billy/assets/js/invoice.js/wp-content/plugins/billy/assets/js/script.js/wp-content/plugins/billy/assets/js/script.min.js+3 more

Generator Patterns

Billy 2.2.1

Script Paths

/wp-content/plugins/billy/assets/js/admin.js/wp-content/plugins/billy/assets/js/billing.js/wp-content/plugins/billy/assets/js/quote.js/wp-content/plugins/billy/assets/js/invoice.js/wp-content/plugins/billy/assets/js/script.js/wp-content/plugins/billy/assets/js/script.min.js+2 more

Version Parameters

Billy version=billy/assets/css/admin.css?ver=billy/assets/css/billy.css?ver=billy/assets/js/admin.js?ver=billy/assets/js/billing.js?ver=billy/assets/js/quote.js?ver=billy/assets/js/invoice.js?ver=billy/assets/js/script.js?ver=billy/assets/js/script.min.js?ver=billy/inc/mpdf/mpdf.css?ver=billy/inc/mpdf/mpdf.js?ver=billy/inc/mpdf/mpdf.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

notice-billybilly-invoice-formbilly-quote-formbilling-fieldsinvoice-fieldsquote-fieldsbilly-invoice-listbilly-quote-list+4 more

HTML Comments

Data Attributes

data-billing-iddata-quote-iddata-customer-iddata-product-iddata-invoice-statusdata-quote-status

JS Globals

BillyAdminBillyBillingBillyQuoteBillyInvoiceBillySettingsBillyDashboard

FAQ