EDD Invoice Data Security & Risk Analysis
wordpress.org/plugins/edd-invoice-dataThis plugin allows you to gather invoice data for any EDD payment gateway.
Is EDD Invoice Data Safe to Use in 2026?
Generally Safe
Score 85/100EDD Invoice Data has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The plugin "edd-invoice-data" v1.2.1 exhibits a generally good security posture based on the provided static analysis and vulnerability history. The absence of any recorded CVEs and the lack of critical or high-severity issues in taint analysis are positive indicators. Furthermore, the code's adherence to prepared statements for SQL queries is a strong practice. However, there are areas for improvement.
The static analysis reveals a complete absence of entry points like AJAX handlers, REST API routes, shortcodes, and cron events, which significantly reduces the potential attack surface. This is a substantial strength. Despite this, a notable concern is the 73% proper output escaping, implying that 27% of outputs are not properly escaped. While no critical or high severity taint flows were identified, unescaped output can still lead to cross-site scripting (XSS) vulnerabilities, especially if user-supplied data is involved in those unescaped outputs.
In conclusion, the plugin has a strong foundation with minimal known vulnerabilities and a well-protected attack surface. The primary area of concern is the unescaped output, which, while not manifesting as critical taint flows in this analysis, still presents a latent risk. Addressing this would further harden the plugin's security.
Key Concerns
- 27% of outputs are not properly escaped
EDD Invoice Data Security Vulnerabilities
EDD Invoice Data Code Analysis
Output Escaping
EDD Invoice Data Attack Surface
WordPress Hooks 11
Maintenance & Trust
EDD Invoice Data Maintenance & Trust
Maintenance Signals
Community Trust
EDD Invoice Data Alternatives
EDD List File Names
edd-list-file-names
Shows a simple list of the download's files with a shortcode
EDD Auto Register
edd-auto-register
Automatically creates a WP user account at checkout, based on customer's email address.
Easy Digital Downloads Featured Downloads
edd-featured-downloads
Easily feature your downloads
EDD Downloads As Services
edd-downloads-as-services
Mark Downloads As Services in Easy Digital Downloads
Easy Digital Downloads – Blocks
edd-blocks
EDD Blocks adds a "Downloads" block to the new WordPress editor, also known as Gutenberg.
EDD Invoice Data Developer Profile
5 plugins · 740 total installs
How We Detect EDD Invoice Data
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/edd-invoice-data/assets/js/scripts.js/wp-content/plugins/edd-invoice-data/assets/css/style.css/wp-content/plugins/edd-invoice-data/assets/css/hide_fname.css/wp-content/plugins/edd-invoice-data/assets/css/hide_lname.css/wp-content/plugins/edd-invoice-data/assets/js/scripts.jsedd-invoice-data/assets/js/scripts.js?ver=edd-invoice-data/assets/css/style.css?ver=edd-invoice-data/assets/css/hide_fname.css?ver=edd-invoice-data/assets/css/hide_lname.css?ver=HTML / DOM Fingerprints
bpmj_edd_invoice_data_invoice_checkbpmj_edd_invoice_data_invoicebpmj_edd_invoice_data_invoice_forcebpmj_edd_invoice_data_person_name_pbpmj_edd_invoice_data_company_name_pbpmj_edd_invoice_data_company_name_p_showbpmj_edd_invoice_data_nip_pbpmj_edd_invoice_data_nip_p_showname="bpmj_edd_invoice_data_invoice_check"id="bpmj_edd_invoice_data_invoice_check"name="bpmj_edd_invoice_data_invoice_type"name="bpmj_edd_invoice_data_invoice_person_name"name="bpmj_edd_invoice_data_invoice_company_name"name="bpmj_edd_invoice_data_invoice_nip"+3 more