WP-Safety

Declarando – Invoice Management Security & Risk Analysis

wordpress.org/plugins/declarando-gestion-facturas

Automatically integrate your online store with Declarando to manage invoices, sync orders, and keep your accounting up to date.

300 active installs v1.0.0 PHP 7.4+ WP 5.0+ Updated Dec 3, 2025
automationbillingdeclarandoinvoicingwoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Declarando – Invoice Management Safe to Use in 2026?

Generally Safe

Score 100/100

Declarando – Invoice Management has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago
Risk Assessment

The plugin "declarando-gestion-facturas" v1.0.0 exhibits a mixed security posture. While it demonstrates good practices by largely using prepared statements for SQL queries and properly escaping output, significant concerns arise from its attack surface and taint analysis. The presence of one AJAX handler without authentication checks presents a direct and exploitable entry point for attackers, even without critical severity taint flows. The single unsanitized path identified in the taint analysis, while not explicitly critical, is a potential vector for injection attacks if not handled carefully. The absence of any recorded vulnerability history is a positive indicator, suggesting a generally stable codebase or a lack of prior public scrutiny. However, this lack of history should not overshadow the identified weaknesses in the current static analysis.

Overall, the plugin's strengths lie in its careful handling of database interactions and output. The primary risk stems from an exposed AJAX endpoint that could potentially be leveraged for unauthorized actions if it processes user-supplied data without proper validation and authorization. The identified unsanitized path, though not deemed critical, warrants attention to prevent potential future vulnerabilities. The plugin has a small attack surface, but one critical unprotected entry point significantly lowers its security score. A proactive approach to securing this AJAX handler is highly recommended.

Key Concerns

  • Unprotected AJAX handler
  • Flow with unsanitized path
Vulnerabilities
None known

Declarando – Invoice Management Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Declarando – Invoice Management Code Analysis

Dangerous Functions
0
Raw SQL Queries
8
10 prepared
Unescaped Output
9
71 escaped
Nonce Checks
4
Capability Checks
6
File Operations
3
External Requests
2
Bundled Libraries
0

SQL Query Safety

56% prepared18 total queries

Output Escaping

89% escaped80 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths
<RefundsUIBox> (src\Admin\RefundsUIBox.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Declarando – Invoice Management Attack Surface

Entry Points2
Unprotected1

AJAX Handlers 2

authwp_ajax_decl82gf_crear_facturasrc\Admin\Column.php:65
authwp_ajax_decl82gf_crear_abonosrc\Admin\RefundsUIBox.php:30
WordPress Hooks 28
actionadmin_noticesdeclarando-gestion-facturas.php:30
actionadmin_menudeclarando-gestion-facturas.php:109
actionadmin_initdeclarando-gestion-facturas.php:110
actionadmin_enqueue_scriptsdeclarando-gestion-facturas.php:111
actionadmin_post_guardar_declarando_vinculardeclarando-gestion-facturas.php:112
actionadmin_post_guardar_declarando_datosdeclarando-gestion-facturas.php:113
actionadmin_post_declarando_desvinculardeclarando-gestion-facturas.php:114
actionplugins_loadeddeclarando-gestion-facturas.php:115
actionadmin_enqueue_scriptsdeclarando-gestion-facturas.php:123
actionadmin_headdeclarando-gestion-facturas.php:195
actionadmin_enqueue_scriptssrc\Admin\Column.php:13
filtermanage_edit-shop_order_columnssrc\Admin\Column.php:18
actionmanage_shop_order_posts_custom_columnsrc\Admin\Column.php:36
filterwoocommerce_shop_order_list_table_columnssrc\Admin\Column.php:45
actionwoocommerce_shop_order_list_table_custom_columnsrc\Admin\Column.php:54
actionbefore_woocommerce_initsrc\Admin\Column.php:103
actionwoocommerce_order_status_changedsrc\Admin\Declarando_WC_Integrator.php:69
actionwoocommerce_order_status_changedsrc\Admin\Declarando_WC_Integrator.php:70
actionwoocommerce_created_refundsrc\Admin\Declarando_WC_Integrator.php:76
actionwoocommerce_refund_createdsrc\Admin\Declarando_WC_Integrator.php:77
actionwoocommerce_order_status_changedsrc\Admin\Declarando_WC_Integrator.php:85
filterwoocommerce_order_fully_refunded_statussrc\Admin\Declarando_WC_Integrator.php:96
actionadmin_enqueue_scriptssrc\Admin\Init.php:15
actionadmin_enqueue_scriptssrc\Admin\RefundsUIBox.php:17
actionadd_meta_boxessrc\Admin\RefundsUIBox.php:20
actionadmin_print_footer_scripts-post.phpsrc\Admin\RefundsUIBox.php:23
actionadmin_print_footer_scripts-post-new.phpsrc\Admin\RefundsUIBox.php:24
actionadmin_print_footer_scriptssrc\Admin\RefundsUIBox.php:27
Maintenance & Trust

Declarando – Invoice Management Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedDec 3, 2025
PHP min version7.4
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs300
Alternatives

Declarando – Invoice Management Alternatives

TOConline for WooCommerce

TOConline for WooCommerce

toconline-for-woocommerce

A
100

TOConline for WooCommerce is a WordPress plugin that automates invoicing with TOConline.

100 No CVEs
WC Recurring Invoice

WC Recurring Invoice

wc-invoice-pdf

A
100

WooCommerce invoice PDF generator for recurring / non-recurring orders and Email submission.

40 No CVEs
Qinvoice Connect for Woocommerce

Qinvoice Connect for Woocommerce

qinvoice-connect-for-woocommerce

A
85

Connects your Woocommerce installation to q-invoice for automatic invoicing.

30 No CVEs
Quoteo – Invoice & CRM

Quoteo – Invoice & CRM

quoteo-invoice-crm

A
100

Connect your WordPress or WooCommerce site to Quoteo CRM to sync customers, orders and invoices automatically. Developed by Digitalworks.

10 No CVEs
Invoct – PDF Invoices & Billing for WooCommerce

Invoct – PDF Invoices & Billing for WooCommerce

kirilkirkov-pdf-invoice-manager

A
99

Professional PDF invoicing & billing for WooCommerce and WordPress, with Stripe payments and automated VAT/tax handling.

0 1 CVE
Developer Profile

Declarando – Invoice Management Developer Profile

declarando

1 plugin · 300 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Declarando – Invoice Management

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/declarando-gestion-facturas/assets/css/style.css/wp-content/plugins/declarando-gestion-facturas/assets/js/admin.js
Script Paths
/wp-content/plugins/declarando-gestion-facturas/assets/js/admin.js
Version Parameters
declarando-gestion-facturas/assets/css/style.css?ver=declarando-gestion-facturas/assets/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
declarando-settings-sectiondeclarando-option-fielddeclarando-vincular-btndeclarando-desvincular-btn
HTML Comments
<!-- Declarando Options --><!-- Declarando API Settings -->
Data Attributes
data-declarando-option-keydata-declarando-field-name
JS Globals
window.declarandoApiSettingsvar declarandoAdminParams
REST Endpoints
/wp-json/declarando/v1/settings/wp-json/declarando/v1/sync
FAQ

Frequently Asked Questions about Declarando – Invoice Management