WP-Safety

Contasimple Security & Risk Analysis

wordpress.org/plugins/contasimple

This module allows you to export all WooCommerce orders as invoices in Contasimple.

200 active installs v1.31.0 PHP 5.5+ WP 3.8+ Updated Aug 8, 2025
accountingbillingcontasimpleinvoicingtaxes
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Contasimple Safe to Use in 2026?

Generally Safe

Score 100/100

Contasimple has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7mo ago
Risk Assessment

The "contasimple" v1.31.0 plugin presents a mixed security posture. While it boasts a clean vulnerability history with no recorded CVEs and a reasonable adherence to secure coding practices like prepared statements and output escaping, significant concerns arise from its attack surface and code signals. The plugin exposes 11 AJAX handlers, all of which lack authentication checks. This is a substantial entry point for potential attacks, as any unauthenticated user could trigger these functions. Furthermore, the presence of 5 "unserialize" calls is a notable risk, as deserialization vulnerabilities can be exploited to execute arbitrary code if the data being unserialized is controlled by an attacker. The taint analysis, while showing no critical or high-severity flows, still indicates all analyzed flows had unsanitized paths, which, when combined with the unprotected AJAX endpoints, warrants caution. The plugin's strengths lie in its lack of external HTTP requests, a good percentage of properly escaped outputs, and the presence of nonce checks and capability checks, albeit infrequent. However, the extensive unprotected AJAX endpoints and the dangerous use of unserialize are significant weaknesses that overshadow these strengths.

Key Concerns

  • All 11 AJAX handlers lack authentication checks.
  • Presence of 'unserialize' dangerous function.
  • Taint analysis shows unsanitized paths in all flows.
  • Low number of capability checks compared to attack surface.
Vulnerabilities
None known

Contasimple Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Contasimple Code Analysis

Dangerous Functions
5
Raw SQL Queries
1
5 prepared
Unescaped Output
83
167 escaped
Nonce Checks
8
Capability Checks
2
File Operations
10
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$args = unserialize( $args );admin\class-contasimple-admin.php:2040
unserialize$args = unserialize( $args );admin\class-contasimple-admin.php:2268
unserializeif ( unserialize( $val[0] ) != $this->$key ) {includes\class-contasimple-invoice-sync.php:226
unserializereturn unserialize( $this->args );includes\class-contasimple-invoice-sync.php:551
unserialize$args = unserialize( $args );includes\wp-backward-compatibility.php:516

SQL Query Safety

83% prepared6 total queries

Output Escaping

67% escaped250 total outputs
Data Flows
9 unsanitized

Data Flow Analysis

9 flows9 with unsanitized paths
cs_sync (admin\class-contasimple-admin.php:1186)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
11 unprotected

Contasimple Attack Surface

Entry Points11
Unprotected11

AJAX Handlers 11

authwp_ajax_check_for_logincludes\class-contasimple.php:376
authwp_ajax_create_new_seriesincludes\class-contasimple.php:377
authwp_ajax_cs_loginincludes\class-contasimple.php:378
authwp_ajax_cs_select_sync_order_statusincludes\class-contasimple.php:379
authwp_ajax_cs_select_companyincludes\class-contasimple.php:396
authwp_ajax_cs_select_payment_methodsincludes\class-contasimple.php:397
authwp_ajax_cs_select_numbering_seriesincludes\class-contasimple.php:398
authwp_ajax_cs_pdfincludes\class-contasimple.php:422
authwp_ajax_cs_emailincludes\class-contasimple.php:423
authwp_ajax_cs_stopincludes\class-contasimple.php:424
authwp_ajax_cs_syncincludes\class-contasimple.php:425
WordPress Hooks 44
filterset-screen-optionadmin\class-contasimple-admin.php:3187
actionadmin_noticesincludes\class-contasimple-notice.php:44
filteradmin_headincludes\class-contasimple-post-types.php:67
filterpost_row_actionsincludes\class-contasimple-post-types.php:68
filterviews_edit-cs_invoiceincludes\class-contasimple-post-types.php:69
filterviews_edit-cs_invoiceincludes\class-contasimple-post-types.php:70
filterbulk_actions-edit-cs_invoiceincludes\class-contasimple-post-types.php:71
filtermanage_cs_invoice_posts_columnsincludes\class-contasimple-post-types.php:72
filtermanage_cs_invoice_posts_custom_columnincludes\class-contasimple-post-types.php:73
filterrestrict_manage_postsincludes\class-contasimple-post-types.php:74
filterparse_queryincludes\class-contasimple-post-types.php:75
actionpre_get_postsincludes\class-contasimple-post-types.php:76
filterget_meta_sqlincludes\class-contasimple-post-types.php:1239
actioninitincludes\class-contasimple-wc-integration.php:810
filterwoocommerce_cs_invoice_error_syncincludes\class-contasimple-wc-invoice-sync-error.php:79
filterwoocommerce_cs_invoice_generated_syncincludes\class-contasimple-wc-invoiced-order-email.php:80
actionplugins_loadedincludes\class-contasimple.php:202
actionplugins_loadedincludes\class-contasimple.php:218
actionplugins_loadedincludes\class-contasimple.php:232
filterwoocommerce_email_classesincludes\class-contasimple.php:233
actionbefore_woocommerce_initincludes\class-contasimple.php:234
actionadmin_initincludes\class-contasimple.php:258
actioninitincludes\class-contasimple.php:259
actionshutdownincludes\class-contasimple.php:270
filterwoocommerce_integrationsincludes\class-contasimple.php:295
actionadmin_enqueue_scriptsincludes\class-contasimple.php:380
actionadmin_enqueue_scriptsincludes\class-contasimple.php:381
actionclean_urlincludes\class-contasimple.php:382
actionwoocommerce_order_status_completedincludes\class-contasimple.php:413
actionwoocommerce_order_status_processingincludes\class-contasimple.php:414
actionwoocommerce_order_status_on-holdincludes\class-contasimple.php:415
actionwoocommerce_refund_createdincludes\class-contasimple.php:417
actionwoocommerce_order_status_changedincludes\class-contasimple.php:418
actionwoocommerce_admin_order_data_after_billing_addressincludes\class-contasimple.php:419
actionwoocommerce_email_attachmentsincludes\class-contasimple.php:428
actioninitincludes\class-contasimple.php:431
actionadmin_menuincludes\class-contasimple.php:432
actionsubmenu_fileincludes\class-contasimple.php:433
actionwp_enqueue_scriptsincludes\class-contasimple.php:449
actionwp_enqueue_scriptsincludes\class-contasimple.php:450
actionwoocommerce_after_checkout_billing_formincludes\class-contasimple.php:451
actionwoocommerce_checkout_update_order_metaincludes\class-contasimple.php:452
actionwoocommerce_checkout_update_user_metaincludes\class-contasimple.php:453
actionwoocommerce_checkout_processincludes\class-contasimple.php:454
Maintenance & Trust

Contasimple Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.0
Last updatedAug 8, 2025
PHP min version5.5
Downloads18K

Community Trust

Rating80/100
Number of ratings6
Active installs200
Alternatives

Contasimple Alternatives

Invoct – PDF Invoices & Billing for WooCommerce

Invoct – PDF Invoices & Billing for WooCommerce

kirilkirkov-pdf-invoice-manager

A
99

Professional PDF invoicing & billing for WooCommerce and WordPress, with Stripe payments and automated VAT/tax handling.

0 1 CVE
Client Invoicing by Sprout Invoices – Easy Estimates and Invoices for WordPress

Client Invoicing by Sprout Invoices – Easy Estimates and Invoices for WordPress

sprout-invoices

A
89

The best invoicing plugin for WordPress. See how you can get paid faster without those hidden service fees.

1K 8 CVEs
WP Forms + Sprout Invoices – Easy Invoice & Quote Submissions

WP Forms + Sprout Invoices – Easy Invoice & Quote Submissions

sprout-invoices-wp-forms

A
100

Dynamic invoicing (and estimates/quotes) from WP Form submissions.

400 No CVEs
Declarando – Invoice Management

Declarando – Invoice Management

declarando-gestion-facturas

A
100

Automatically integrate your online store with Declarando to manage invoices, sync orders, and keep your accounting up to date.

300 No CVEs
Formidable Forms + Sprout Invoices – Easy Invoice & Estimate Submissions

Formidable Forms + Sprout Invoices – Easy Invoice & Estimate Submissions

sprout-invoices-formidable-forms

A
100

Dynamic invoicing (and estimates/quotes) from Formidable Form submissions.

200 No CVEs
Developer Profile

Contasimple Developer Profile

Contasimple

1 plugin · 200 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Contasimple

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/contasimple/css/bootstrap-cs.css/wp-content/plugins/contasimple/css/contasimple-admin.css/wp-content/plugins/contasimple/js/bootstrap.min.js/wp-content/plugins/contasimple/js/analytics.js/wp-content/plugins/contasimple/js/contasimple-configuration.js/wp-content/plugins/contasimple/js/contasimple-orders.js
Script Paths
//www.googletagmanager.com/gtag/js?id=UA-9928674-21#asyncload
Version Parameters
contasimple-admin.css?ver=bootstrap.min.js?ver=analytics.js?ver=contasimple-configuration.js?ver=contasimple-orders.js?ver=bootstrap-cs.css?ver=

HTML / DOM Fingerprints

CSS Classes
cs-modal-lgcs-btn-primarycs-btn-default
Data Attributes
data-cs-fielddata-cs-modal
JS Globals
cs_gtag_configcs_gtagContasimple_Admincs_ga_analytics
FAQ

Frequently Asked Questions about Contasimple