Does Dokan Invoice have any unpatched vulnerabilities?

No. All known vulnerabilities in Dokan Invoice have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Dokan Invoice compatible with WordPress 6.8.5?

According to WordPress.org data, Dokan Invoice 1.2.7 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is Dokan Invoice updated?

Dokan Invoice was last updated on Dec 9, 2025. Frequent updates are generally a positive security signal.

What is Dokan Invoice's security score?

Dokan Invoice has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Dokan Invoice Security & Risk Analysis

wordpress.org/plugins/dokan-invoice

PDF Invoicing system for Admin, Seller and Customer

500 active installs v1.2.7 PHP + WP 6.4+ Updated Dec 9, 2025

dokaninvoicemulti-sellermulti-vendorwoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Dokan Invoice Safe to Use in 2026?

Generally Safe

Score 100/100

Dokan Invoice has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago

Risk Assessment

The Dokan Invoice plugin version 1.2.7 presents a generally positive security posture based on the static analysis. The absence of identified AJAX handlers, REST API routes, shortcodes, and cron events suggests a limited attack surface. Furthermore, the code signals indicate no dangerous functions, no raw SQL queries (all use prepared statements), no file operations, and no external HTTP requests. The lack of identified critical or high severity taint flows is also a strong indicator of robust security practices. The plugin also boasts a clean vulnerability history with zero known CVEs.

However, a significant concern arises from the output escaping. With one total output identified and 0% properly escaped, there is a high likelihood of Cross-Site Scripting (XSS) vulnerabilities. Any data displayed to users that originates from an untrusted source and is not properly sanitized before output can be exploited. While the attack surface and taint analysis appear clean, this single, unescaped output is a critical flaw that could be leveraged if user-supplied data is involved.

In conclusion, Dokan Invoice 1.2.7 has strengths in its limited attack surface, secure database interaction, and lack of historical vulnerabilities. Nevertheless, the complete absence of output escaping for identified outputs represents a serious security weakness that needs immediate attention. This unescaped output risk overshadows the otherwise positive findings.

Key Concerns

Output escaping is not properly implemented

Vulnerabilities

None known

Dokan Invoice Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Dokan Invoice Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped1 total outputs

Attack Surface

Dokan Invoice Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 8

actionbefore_woocommerce_initdokan-invoice.php:87

actioninitdokan-invoice.php:88

actionplugins_loadeddokan-invoice.php:89

actionadmin_noticesdokan-invoice.php:134

filterdokan_my_account_my_sub_orders_actionsdokan-invoice.php:183

filterwpo_wcpdf_shop_namedokan-invoice.php:184

filterwpo_wcpdf_shop_addressdokan-invoice.php:185

filterwpo_wcpdf_check_privsdokan-invoice.php:186

Maintenance & Trust

Dokan Invoice Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedDec 9, 2025

PHP min version

Downloads27K

Community Trust

Rating0/100

Number of ratings0

Active installs500

Alternatives

Dokan Invoice Alternatives

Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy

dokan-lite

Transform your WooCommerce site into a multivendor marketplace with Dokan – an AI powered & advanced WooCommerce marketplace solution

40K 7 CVEs

WCFM Marketplace – Multivendor Marketplace for WooCommerce

wc-multivendor-marketplace

The most featured and powerful multi vendor plugin for WordPress, setup fantastic woocommerce marketplace store in minutes.

20K 1 unpatched

Customer Management for Dokan

dokan-customers

100

This plugin simply enable vendor customer's management feature on the dokan vendor dashboard.

20 No CVEs

Smart Affiliate for Dokan

smart-affiliate-for-dokan

A robust affiliate marketing system for WooCommerce and Dokan, allowing vendors to manage affiliate links and track commissions effortlessly.

10 No CVEs

Superstore

superstore

Superstore is the most advanced multivendor marketplace plugin for WordPress.

0 No CVEs

Developer Profile

Dokan Invoice Developer Profile

weDevs

20 plugins · 113K total installs

trust score

Avg Security Score

91/100

Avg Patch Time

366 days

View full developer profile

Detection Fingerprints

How We Detect Dokan Invoice

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/dokan-invoice/assets/css/style.css

Version Parameters

dokan-invoice/assets/css/style.css?ver=

HTML / DOM Fingerprints

HTML Comments

FAQ