Does Contribuinte Checkout have any unpatched vulnerabilities?

No. All known vulnerabilities in Contribuinte Checkout have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Contribuinte Checkout compatible with WordPress 6.7.5?

According to WordPress.org data, Contribuinte Checkout 2.0.04 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is Contribuinte Checkout compatible with PHP 5.6+?

Contribuinte Checkout requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Contribuinte Checkout updated?

Contribuinte Checkout was last updated on May 19, 2025. Frequent updates are generally a positive security signal.

What is Contribuinte Checkout's security score?

Contribuinte Checkout has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Contribuinte Checkout Security & Risk Analysis

wordpress.org/plugins/contribuinte-checkout

With this plugin you can add VAT and VIES support to your WooCommerce store. The VAT field will be saved as '_billing_vat'.

1K active installs v2.0.04 PHP 5.6+ WP 5.0+ Updated May 19, 2025

customersinvoicingordersvatwoocommerce

A · Safe

CVEs total1

Unpatched0

Last CVEMay 7, 2025

Download

Safety Verdict

Is Contribuinte Checkout Safe to Use in 2026?

Generally Safe

Score 99/100

Contribuinte Checkout has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: May 7, 2025Updated 10mo ago

Risk Assessment

The plugin "contribuinte-checkout" v2.0.04 exhibits a mixed security posture. On the positive side, the static analysis reveals no dangerous functions, no raw SQL queries, and no file operations, indicating good practices in these areas. The presence of nonce and capability checks is also a positive sign. However, the taint analysis flags one flow with unsanitized paths, which, although not classified as critical or high, represents a potential risk that could be exploited if an attacker can control the input leading to this path.

The vulnerability history shows a single known CVE, which is thankfully patched. The common vulnerability type being CSRF suggests that in the past, the plugin may have had issues with securing actions against unauthorized requests. While there are no currently unpatched vulnerabilities, this history warrants continued vigilance and regular updates.

Overall, the plugin has some strong security foundations, particularly in its database and file handling. The primary concerns stem from the identified unsanitized path in the taint analysis and the historical pattern of CSRF vulnerabilities, even though currently patched. While the attack surface is reported as zero, which is excellent, the latent risk from the unsanitized path should not be overlooked.

Key Concerns

Flow with unsanitized path identified in taint analysis
Historically vulnerable to CSRF (though patched)
Only 68% of output properly escaped

Vulnerabilities

Contribuinte Checkout Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-47685medium · 6.1Cross-Site Request Forgery (CSRF)

Contribuinte Checkout <= 2.0.03 - Cross-Site Request Forgery to Stored Cross-Site Scripting

May 7, 2025 Patched in 2.0.04 (15d)

Code Analysis

Analyzed Mar 16, 2026

Contribuinte Checkout Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

23 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

68% escaped34 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths

renderPage (src\Settings.php:193)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Contribuinte Checkout Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 20

actionplugins_loadedcontribuinte-checkout.php:41

actionadmin_menusrc\Menus\Admin.php:23

filterwoocommerce_customer_meta_fieldssrc\Plugin.php:57

filterwoocommerce_ajax_get_customer_detailssrc\Plugin.php:58

filterwoocommerce_api_order_responsesrc\Plugin.php:59

filterwoocommerce_api_customer_responsesrc\Plugin.php:60

actionbefore_woocommerce_initsrc\Plugin.php:64

actionwoocommerce_admin_order_data_after_billing_addresssrc\Plugin.php:65

actionwoocommerce_after_edit_account_address_formsrc\Plugin.php:66

actionwoocommerce_initsrc\Plugin.php:70

actionwoocommerce_set_additional_field_valuesrc\Plugin.php:71

actionwoocommerce_blocks_validate_location_address_fieldssrc\Plugin.php:72

filterwoocommerce_get_default_value_for_contribuinte-checkout/billing_vatsrc\Plugin.php:75

actionwoocommerce_after_save_address_validationsrc\Plugin.php:81

actionwoocommerce_checkout_processsrc\Plugin.php:82

actionwp_footersrc\Plugin.php:83

filterwoocommerce_admin_billing_fieldssrc\Plugin.php:86

filterwoocommerce_order_get_formatted_billing_addresssrc\Plugin.php:87

filterwoocommerce_billing_fieldssrc\Plugin.php:88

actioninitsrc\Translations.php:24

Maintenance & Trust

Contribuinte Checkout Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedMay 19, 2025

PHP min version5.6

Downloads17K

Community Trust

Rating100/100

Number of ratings1

Active installs1K

Alternatives

Contribuinte Checkout Alternatives

Fraud Prevention For WooCommerce and EDD

woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers

It will Prevent fake orders and Blacklist fraud customers of your store.

5K 2 CVEs

Blacklist Manager – WooCommerce Anti-Fraud & Checkout Verification & Spam Prevention

wc-blacklist-manager

100

Anti-fraud, checkout verification and spam prevention plugin for WooCommerce and WordPress forms.

2K No CVEs

Export WooCommerce Orders, Products, Customers & Coupons to Google Sheets

wpsyncsheets-woocommerce

Export WooCommerce orders, products, customers, and coupons to Google Sheets automatically in real-time.

700 1 CVE

RD Order Modifier for WooCommerce

rd-wc-order-modifier

100

Allows editing order items pricing inclusive of tax or VAT and using unit cost instead of items totals.

300 1 CVE

All Woocommerce Export

all-woocommerce-export

100

Export WooCommerce Orders, products and Customers into Excel. Supports all Excel format XLS, XLSX & Mac)

100 No CVEs

Developer Profile

Contribuinte Checkout Developer Profile

Moloni

2 plugins · 3K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

11 days

View full developer profile

Detection Fingerprints

How We Detect Contribuinte Checkout

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/contribuinte-checkout/build/index.css/wp-content/plugins/contribuinte-checkout/build/index.js

Script Paths

/wp-content/plugins/contribuinte-checkout/build/index.js

Version Parameters

contribuinte-checkout/build/index.css?ver=contribuinte-checkout/build/index.js?ver=

HTML / DOM Fingerprints

CSS Classes

contribuinte-checkout-billing-vatcontribuinte-checkout-shipping-vatbilling_vatshipping_vat

HTML Comments

Data Attributes

data-vat-field-label

JS Globals

window.contribuinteCheckout

FAQ