EDD Invoice Data Security & Risk Analysis
wordpress.org/plugins/edd-invoice-dataThis plugin allows you to gather invoice data for any EDD payment gateway.
Is EDD Invoice Data Safe to Use in 2026?
Generally Safe
Score 85/100EDD Invoice Data has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The plugin "edd-invoice-data" v1.2.1 exhibits a generally good security posture based on the provided static analysis and vulnerability history. The absence of any recorded CVEs and the lack of critical or high-severity issues in taint analysis are positive indicators. Furthermore, the code's adherence to prepared statements for SQL queries is a strong practice. However, there are areas for improvement.
The static analysis reveals a complete absence of entry points like AJAX handlers, REST API routes, shortcodes, and cron events, which significantly reduces the potential attack surface. This is a substantial strength. Despite this, a notable concern is the 73% proper output escaping, implying that 27% of outputs are not properly escaped. While no critical or high severity taint flows were identified, unescaped output can still lead to cross-site scripting (XSS) vulnerabilities, especially if user-supplied data is involved in those unescaped outputs.
In conclusion, the plugin has a strong foundation with minimal known vulnerabilities and a well-protected attack surface. The primary area of concern is the unescaped output, which, while not manifesting as critical taint flows in this analysis, still presents a latent risk. Addressing this would further harden the plugin's security.
Key Concerns
- 27% of outputs are not properly escaped
EDD Invoice Data Security Vulnerabilities
EDD Invoice Data Release Timeline
EDD Invoice Data Code Analysis
Output Escaping
EDD Invoice Data Attack Surface
WordPress Hooks 11
Maintenance & Trust
EDD Invoice Data Maintenance & Trust
Maintenance Signals
Community Trust
EDD Invoice Data Alternatives
EDD List File Names
edd-list-file-names
Shows a simple list of the download's files with a shortcode
EDD Auto Register
edd-auto-register
Automatically creates a WP user account at checkout, based on customer's email address.
Easy Digital Downloads Featured Downloads
edd-featured-downloads
Easily feature your downloads
EDD Downloads As Services
edd-downloads-as-services
Mark Downloads As Services in Easy Digital Downloads
Easy Digital Downloads – Blocks
edd-blocks
EDD Blocks adds a "Downloads" block to the new WordPress editor, also known as Gutenberg.
EDD Invoice Data Developer Profile
5 plugins · 740 total installs
How We Detect EDD Invoice Data
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/edd-invoice-data/assets/js/scripts.js/wp-content/plugins/edd-invoice-data/assets/css/style.css/wp-content/plugins/edd-invoice-data/assets/css/hide_fname.css/wp-content/plugins/edd-invoice-data/assets/css/hide_lname.css/wp-content/plugins/edd-invoice-data/assets/js/scripts.jsedd-invoice-data/assets/js/scripts.js?ver=edd-invoice-data/assets/css/style.css?ver=edd-invoice-data/assets/css/hide_fname.css?ver=edd-invoice-data/assets/css/hide_lname.css?ver=HTML / DOM Fingerprints
bpmj_edd_invoice_data_invoice_checkbpmj_edd_invoice_data_invoicebpmj_edd_invoice_data_invoice_forcebpmj_edd_invoice_data_person_name_pbpmj_edd_invoice_data_company_name_pbpmj_edd_invoice_data_company_name_p_showbpmj_edd_invoice_data_nip_pbpmj_edd_invoice_data_nip_p_showname="bpmj_edd_invoice_data_invoice_check"id="bpmj_edd_invoice_data_invoice_check"name="bpmj_edd_invoice_data_invoice_type"name="bpmj_edd_invoice_data_invoice_person_name"name="bpmj_edd_invoice_data_invoice_company_name"name="bpmj_edd_invoice_data_invoice_nip"+3 more