WP-Safety

Devs Accounting – Simple Accounting and Invoicing Solution Security & Risk Analysis

wordpress.org/plugins/devs-accounting

Easily create your simple eCommerce store, get orders and also manage accounting and get automated reports.

0 active installs v1.1.9 PHP 7.4.25+ WP 4.6.0+ Updated Jan 31, 2026
accounting-managementbook-keepingdevs-accountinginventoryinvoicing
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Devs Accounting – Simple Accounting and Invoicing Solution Safe to Use in 2026?

Generally Safe

Score 100/100

Devs Accounting – Simple Accounting and Invoicing Solution has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago
Risk Assessment

The 'devs-accounting' plugin exhibits a generally strong security posture, with excellent output escaping (97%) and a high percentage of SQL queries using prepared statements (84%). The absence of known CVEs and external HTTP requests are also positive indicators. However, the analysis reveals areas of concern that warrant attention.

A significant risk lies in the presence of 5 REST API routes without proper permission checks, creating a direct attack vector. The static analysis also flagged the use of the `unserialize` function, which, when combined with untrusted input, can lead to arbitrary object injection vulnerabilities. The taint analysis identified one high-severity flow, which, while not classified as critical, still represents a potential exploit path. The presence of file operations and bundled libraries also introduce potential, albeit currently unrealized, risks.

While the plugin has a clean vulnerability history, this can sometimes indicate a lack of historical deep security auditing or that vulnerabilities have not yet been discovered. The combination of unprotected entry points and the use of potentially dangerous functions like `unserialize` suggests that a thorough security review, especially concerning input validation and sanitization for these specific areas, is advisable to maintain its good security track record.

Key Concerns

  • REST API routes without permission callbacks
  • Use of unserialize function
  • High severity taint flow
  • Unprotected REST API entry points
  • Bundled libraries (Stripe PHP)
Vulnerabilities
None known

Devs Accounting – Simple Accounting and Invoicing Solution Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Devs Accounting – Simple Accounting and Invoicing Solution Code Analysis

Dangerous Functions
6
Raw SQL Queries
35
190 prepared
Unescaped Output
7
259 escaped
Nonce Checks
12
Capability Checks
2
File Operations
14
External Requests
0
Bundled Libraries
1

Dangerous Functions Found

unserialize$result->data = unserialize($result->data);classes\class-devs-accounting-transactions.php:112
unserialize$result->data = unserialize($result->data);classes\class-devs-accounting-transactions.php:145
unserialize$transaction->data = unserialize($transaction->data);classes\class-devs-accounting-transactions.php:194
unserialize$result->data = unserialize($result->data);classes\class-devs-accounting-transfer.php:80
unserialize$transaction->data = unserialize($transaction->data);classes\class-devs-accounting-transfer.php:149
unserialize$user_meta = unserialize($user_meta);classes\class-devs-accounting-user.php:139

Bundled Libraries

Stripe PHP

SQL Query Safety

84% prepared225 total queries

Output Escaping

97% escaped266 total outputs
Data Flows
5 unsanitized

Data Flow Analysis

10 flows5 with unsanitized paths
import_categories (classes\class-devs-accounting-categories.php:268)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
5 unprotected

Devs Accounting – Simple Accounting and Invoicing Solution Attack Surface

Entry Points77
Unprotected5

REST API Routes 71

POST/wp-json/devs-accounting/v1/add-accountclasses\class-devs-accounting-accounts.php:14
get/wp-json/devs-accounting/v1/accountsclasses\class-devs-accounting-accounts.php:20
get/wp-json/devs-accounting/v1/get-account/(?P<id>\d+)classes\class-devs-accounting-accounts.php:28
get/wp-json/devs-accounting/v1/delete-account/(?P<id>\d+)classes\class-devs-accounting-accounts.php:36
POST/wp-json/devs-accounting/v1/toggle-account/(?P<id>\d+)classes\class-devs-accounting-accounts.php:77
POST/wp-json/devs-accounting/v1/add-categoryclasses\class-devs-accounting-categories.php:12
get/wp-json/devs-accounting/v1/categoriesclasses\class-devs-accounting-categories.php:18
get/wp-json/devs-accounting/v1/get-category/(?P<id>\d+)classes\class-devs-accounting-categories.php:26
get/wp-json/devs-accounting/v1/delete-category/(?P<id>\d+)classes\class-devs-accounting-categories.php:34
GET/wp-json/devs-accounting/v1/export-categoriesclasses\class-devs-accounting-categories.php:40
POST/wp-json/devs-accounting/v1/import-categoriesclasses\class-devs-accounting-categories.php:46
GET/wp-json/devs-accounting/v1/sample-categoryclasses\class-devs-accounting-categories.php:51
POST/wp-json/devs-accounting/v1/add-contactclasses\class-devs-accounting-contact.php:12
get/wp-json/devs-accounting/v1/contactsclasses\class-devs-accounting-contact.php:18
get/wp-json/devs-accounting/v1/get-customerclasses\class-devs-accounting-contact.php:24
get/wp-json/devs-accounting/v1/get-contact/(?P<id>\d+)classes\class-devs-accounting-contact.php:31
get/wp-json/devs-accounting/v1/delete-contact/(?P<id>\d+)classes\class-devs-accounting-contact.php:39
GET/wp-json/devs-accounting/v1/contacts-exportclasses\class-devs-accounting-contact.php:45
POST/wp-json/devs-accounting/v1/import-contactsclasses\class-devs-accounting-contact.php:51
GET/wp-json/devs-accounting/v1/sample-contactsclasses\class-devs-accounting-contact.php:57
POST/wp-json/devs-accounting/v1/add-invoiceclasses\class-devs-accounting-invoice.php:18
POST/wp-json/devs-accounting/v1/update-invoice/(?P<id>\d+)classes\class-devs-accounting-invoice.php:24
get/wp-json/devs-accounting/v1/send-mail/(?P<id>\d+)classes\class-devs-accounting-invoice.php:30
get/wp-json/devs-accounting/v1/invoicesclasses\class-devs-accounting-invoice.php:38
get/wp-json/devs-accounting/v1/show-invoice/(?P<id>\d+)classes\class-devs-accounting-invoice.php:46
get/wp-json/devs-accounting/v1/delete-invoice/(?P<id>\d+)classes\class-devs-accounting-invoice.php:54
POST/wp-json/devs-accounting/v1/create-payment-intentclasses\class-devs-accounting-invoice.php:60
GET/wp-json/devs-accounting/v1/get_invoiceclasses\class-devs-accounting-invoice.php:66
GET/wp-json/devs-accounting/v1/user-statsclasses\class-devs-accounting-invoice.php:72
POST/wp-json/devs-accounting/v1/add-itemclasses\class-devs-accounting-items.php:19
GET/wp-json/devs-accounting/v1/itemsclasses\class-devs-accounting-items.php:25
GET/wp-json/devs-accounting/v1/inventoriesclasses\class-devs-accounting-items.php:33
POST/wp-json/devs-accounting/v1/update-item-inventoryclasses\class-devs-accounting-items.php:41
GET/wp-json/devs-accounting/v1/show-item/(?P<id>\d+)classes\class-devs-accounting-items.php:47
GET/wp-json/devs-accounting/v1/delete-item/(?P<id>\d+)classes\class-devs-accounting-items.php:55
GET/wp-json/devs-accounting/v1/export-itemsclasses\class-devs-accounting-items.php:60
POST/wp-json/devs-accounting/v1/import-itemsclasses\class-devs-accounting-items.php:65
GET/wp-json/devs-accounting/v1/sample-itemsclasses\class-devs-accounting-items.php:71
POST/wp-json/devs-accounting/v1/toggle-item/(?P<id>\d+)classes\class-devs-accounting-items.php:76
POST/wp-json/devs-accounting/v1/add-purchaseclasses\class-devs-accounting-purchases.php:15
POST/wp-json/devs-accounting/v1/get-purchaseclasses\class-devs-accounting-purchases.php:21
POST/wp-json/devs-accounting/v1/add-settingclasses\class-devs-accounting-setting.php:13
get/wp-json/devs-accounting/v1/settingsclasses\class-devs-accounting-setting.php:19
get/wp-json/devs-accounting/v1/get-setting/(?P<id>\d+)classes\class-devs-accounting-setting.php:27
get/wp-json/devs-accounting/v1/delete-setting/(?P<id>\d+)classes\class-devs-accounting-setting.php:35
POST/wp-json/devs-accounting/v1/add-taxesclasses\class-devs-accounting-taxes.php:13
GET/wp-json/devs-accounting/v1/get-taxesclasses\class-devs-accounting-taxes.php:19
DELETE/wp-json/devs-accounting/v1/delete-tax/(?P<tax_id>\d+)classes\class-devs-accounting-taxes.php:25
PUT/wp-json/devs-accounting/v1/edit-tax/(?P<tax_id>\d+)classes\class-devs-accounting-taxes.php:31
POST/wp-json/devs-accounting/v1/item-taxesclasses\class-devs-accounting-taxes.php:36
GET/wp-json/devs-accounting/v1/get-item-tax/(?P<item_id>\d+)classes\class-devs-accounting-taxes.php:41
GET/wp-json/devs-accounting/v1/get-tax/(?P<tax_id>\d+)classes\class-devs-accounting-taxes.php:47
POST/wp-json/devs-accounting/v1/add-transactionclasses\class-devs-accounting-transactions.php:16
get/wp-json/devs-accounting/v1/transactionsclasses\class-devs-accounting-transactions.php:22
GET/wp-json/devs-accounting/v1/transaction-typeclasses\class-devs-accounting-transactions.php:30
get/wp-json/devs-accounting/v1/get-reportsclasses\class-devs-accounting-transactions.php:38
get/wp-json/devs-accounting/v1/get-transaction/(?P<id>\d+)classes\class-devs-accounting-transactions.php:46
get/wp-json/devs-accounting/v1/get-transaction-invoice/(?P<id>\d+)classes\class-devs-accounting-transactions.php:53
get/wp-json/devs-accounting/v1/delete-transaction/(?P<id>\d+)classes\class-devs-accounting-transactions.php:61
POST/wp-json/devs-accounting/v1/import-transactionsclasses\class-devs-accounting-transactions.php:67
GET/wp-json/devs-accounting/v1/export-transactionsclasses\class-devs-accounting-transactions.php:73
GET/wp-json/devs-accounting/v1/sample-transactionsclasses\class-devs-accounting-transactions.php:79
POST/wp-json/devs-accounting/v1/add-transferclasses\class-devs-accounting-transfer.php:15
get/wp-json/devs-accounting/v1/get-transferclasses\class-devs-accounting-transfer.php:21
get/wp-json/devs-accounting/v1/get-transfer/(?P<id>\d+)classes\class-devs-accounting-transfer.php:29
get/wp-json/devs-accounting/v1/delete-transfer/(?P<id>\d+)classes\class-devs-accounting-transfer.php:37
get/wp-json/devsaccounting/v1/auth-checkclasses\class-devs-accounting-user.php:12
POST/wp-json/devsaccounting/v1/loginclasses\class-devs-accounting-user.php:18
POST/wp-json/devsaccounting/v1/logoutclasses\class-devs-accounting-user.php:25
POST/wp-json/devs-accounting/v1/update-user-metaclasses\class-devs-accounting-user.php:31
GET/wp-json/devs-accounting/v1/get-user-metaclasses\class-devs-accounting-user.php:39

Shortcodes 6

[devsaccounting_login] inc\devs-accounting-pro-shortcode.php:8
[devsaccounting_register] inc\devs-accounting-pro-shortcode.php:9
[devsaccounting_purchase] inc\devs-accounting-pro-shortcode.php:10
[devsaccounting_profile] inc\devs-accounting-pro-shortcode.php:11
[devsaccounting_allItems] inc\devs-accounting-pro-shortcode.php:12
[devsaccounting_invoice] inc\devs-accounting-shortcode.php:7
WordPress Hooks 31
actionrest_api_initclasses\class-devs-accounting-accounts.php:8
actionrest_api_initclasses\class-devs-accounting-categories.php:7
actionrest_api_initclasses\class-devs-accounting-contact.php:7
actionrest_api_initclasses\class-devs-accounting-invoice.php:13
actionrest_api_initclasses\class-devs-accounting-items.php:13
actionrest_api_initclasses\class-devs-accounting-purchases.php:10
actionrest_api_initclasses\class-devs-accounting-setting.php:7
actionwp_enqueue_scriptsclasses\class-devs-accounting-setting.php:8
actionrest_api_initclasses\class-devs-accounting-taxes.php:9
actionrest_api_initclasses\class-devs-accounting-transactions.php:11
actionrest_api_initclasses\class-devs-accounting-transfer.php:11
actionrest_api_initclasses\class-devs-accounting-user.php:7
actioninitdevs-accounting.php:30
actionadmin_menudevs-accounting.php:31
actionadmin_enqueue_scriptsdevs-accounting.php:32
actionenqueue_block_editor_assetsdevs-accounting.php:33
actionparse_requestdevs-accounting.php:35
filterthe_contentdevs-accounting.php:36
actioninitdevs-accounting.php:37
filtersingle_templatedevs-accounting.php:38
filtermanage_items_posts_columnsdevs-accounting.php:40
actionmanage_items_posts_custom_columndevs-accounting.php:41
filtermanage_edit-items_sortable_columnsdevs-accounting.php:42
actionadd_meta_boxesdevs-accounting.php:44
actionsave_post_itemsdevs-accounting.php:45
actionsave_postdevs-accounting.php:46
actioninitinc\devs-accounting-auth.php:7
actionadmin_post_nopriv_devsaccounting_registerinc\devs-accounting-auth.php:8
actiondevsaccounting_after_item_details_imageinc\devs-accounting-image-modal.php:57
filterthe_contentinc\devs-accounting-pro-shortcode.php:16
filterthe_contentinc\devs-accounting-shortcode.php:11
Maintenance & Trust

Devs Accounting – Simple Accounting and Invoicing Solution Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedJan 31, 2026
PHP min version7.4.25
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Devs Accounting – Simple Accounting and Invoicing Solution Alternatives

1984 Connector for DK and WooCommerce

1984 Connector for DK and WooCommerce

1984-connector-for-dk-and-woocommerce

A
100

Sync your WooCommerce store with DK, including product prices, inventory status and generate invoices for customers on checkout.

0 No CVEs
WooCommerce Square

WooCommerce Square

woocommerce-square

A
96

Securely accept payments, synchronize sales, and seamlessly manage inventory and product data between WooCommerce and Square POS.

80K 2 CVEs
Stock Manager for WooCommerce

Stock Manager for WooCommerce

woocommerce-stock-manager

A
92

WooCommerce stock management plugin to manage and edit product stock and their variables from a single dashboard. Stock log, import/export, filters!

20K 4 CVEs
ATUM WooCommerce Inventory Management and Stock Tracking

ATUM WooCommerce Inventory Management and Stock Tracking

atum-stock-manager-for-woocommerce

A
100

WooCommerce Full Inventory Management, Purchase Orders, Suppliers, Inbound Stock, Inventory Logs, WooCommerce Sales Statistics, and More.

10K No CVEs
Smart Manager – Advanced WooCommerce Bulk Edit & Inventory Management

Smart Manager – Advanced WooCommerce Bulk Edit & Inventory Management

smart-manager-for-wp-e-commerce

A
94

WooCommerce Advanced Bulk Edit products, orders, & posts in an Excel-like sheet editor. Get advanced WooCommerce stock, pricing, & order management.

10K 4 CVEs
Developer Profile

Devs Accounting – Simple Accounting and Invoicing Solution Developer Profile

Devsbrain

2 plugins · 90 total installs

85
trust score
Avg Security Score
79/100
Avg Patch Time
4 days
View full developer profile
Detection Fingerprints

How We Detect Devs Accounting – Simple Accounting and Invoicing Solution

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/devs-accounting/assets/css/items.css/wp-content/plugins/devs-accounting/assets/css/dashboard.css/wp-content/plugins/devs-accounting/assets/js/items.js/wp-content/plugins/devs-accounting/assets/js/dashboard.js
Script Paths
/wp-content/plugins/devs-accounting/assets/js/items.js/wp-content/plugins/devs-accounting/assets/js/dashboard.js
Version Parameters
devs-accounting/assets/css/items.css?ver=devs-accounting/assets/css/dashboard.css?ver=devs-accounting/assets/js/items.js?ver=devs-accounting/assets/js/dashboard.js?ver=

HTML / DOM Fingerprints

CSS Classes
switchslideritem-meta-rowremove-meta
Data Attributes
item_skuitem_purchase_priceitem_sale_priceitem_categoryitem_stock_limititem_exp_date+5 more
JS Globals
devs_accounting_ajax_object
FAQ

Frequently Asked Questions about Devs Accounting – Simple Accounting and Invoicing Solution