Does Quaderno for EDD have any unpatched vulnerabilities?

No. All known vulnerabilities in Quaderno for EDD have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Quaderno for EDD compatible with WordPress 6.8.5?

According to WordPress.org data, Quaderno for EDD 1.38.1 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Quaderno for EDD compatible with PHP 7.4+?

Quaderno for EDD requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Quaderno for EDD updated?

Quaderno for EDD was last updated on Nov 17, 2025. Frequent updates are generally a positive security signal.

What is Quaderno for EDD's security score?

Quaderno for EDD has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Quaderno for EDD Security & Risk Analysis

wordpress.org/plugins/edd-quaderno

Automate global tax calculations and compliant invoicing for Easy Digital Downloads. Handle sales tax, VAT, GST worldwide with instant reports.

40 active installs v1.38.1 PHP 7.4+ WP + Updated Nov 17, 2025

gstsales-taxticketbaivatverifactu

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Quaderno for EDD Safe to Use in 2026?

Generally Safe

Score 100/100

Quaderno for EDD has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago

Risk Assessment

The edd-quaderno plugin version 1.38.1 presents a moderate security risk due to several concerning findings in the static analysis. While the plugin has no recorded vulnerability history, indicating a potentially stable past, the code itself shows weaknesses. The presence of one unprotected AJAX handler represents a significant entry point for potential attacks, especially when combined with the use of the `unserialize` function without proper sanitization, which could lead to remote code execution if exploited. Furthermore, a concerning percentage of output is not properly escaped, increasing the risk of cross-site scripting (XSS) vulnerabilities.

Key Concerns

Unprotected AJAX handler
Use of unserialize()
Unescaped output
Missing nonce checks
Missing capability checks

Vulnerabilities

None known

Quaderno for EDD Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Quaderno for EDD Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

6 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$document = unserialize(sprintf(quaderno\quaderno_transaction.php:20

SQL Query Safety

67% prepared3 total queries

Output Escaping

35% escaped17 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths

<business_fields> (includes\business_fields.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Quaderno for EDD Attack Surface

Entry Points1

Unprotected1

AJAX Handlers 1

authwp_ajax_quaderno_reviewedd-quaderno.php:108

WordPress Hooks 30

actionadmin_noticesedd-quaderno.php:106

actionadmin_footeredd-quaderno.php:107

actionedd_purchase_form_after_cc_formincludes\business_fields.php:50

actionedd_profile_editor_after_address_fieldsincludes\business_fields.php:51

actionedd_checkout_error_checksincludes\business_fields.php:93

actionedd_built_orderincludes\business_fields.php:161

actionedd_user_profile_updatedincludes\business_fields.php:162

actionedd_payment_billing_detailsincludes\business_fields.php:200

actionedd_updated_edited_purchaseincludes\business_fields.php:220

actionedd_refund_orderincludes\credits.php:124

actionedd_add_email_tagsincludes\emails.php:28

actionedd_complete_purchaseincludes\invoices.php:216

actionedd_recurring_record_paymentincludes\invoices.php:260

actionedd_resend_invoiceincludes\invoices.php:282

actionedd_view_order_details_payment_meta_beforeincludes\order_details.php:61

filteredd_payments_table_columnsincludes\order_details.php:92

filteredd_payments_table_columnincludes\order_details.php:117

actionedd_purchase_history_header_afterincludes\purchase_history.php:26

actionedd_purchase_history_row_endincludes\purchase_history.php:52

filteredd_purchase_form_required_fieldsincludes\required_fields.php:37

actionedd_checkout_error_checksincludes\required_fields.php:65

actionwp_enqueue_scriptsincludes\scripts.php:31

filteredd_settings_tabsincludes\settings.php:24

filteredd_registered_settingsincludes\settings.php:64

filterupdated_optionincludes\settings.php:88

filterplugin_action_linksincludes\settings.php:121

filterplugin_row_metaincludes\settings.php:130

filteredd_tax_rateincludes\taxes.php:99

actionedd_meta_box_price_fieldsincludes\tax_code_field.php:44

actionsave_postincludes\tax_code_field.php:58

Maintenance & Trust

Quaderno for EDD Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedNov 17, 2025

PHP min version7.4

Downloads16K

Community Trust

Rating100/100

Number of ratings9

Active installs40

Alternatives

Quaderno for EDD Alternatives

Quaderno: Global Tax & Invoicing Automation for WooCommerce

woocommerce-quaderno

100

Automate global tax calculations and compliant invoicing for WooCommerce. Handle sales tax, VAT, GST worldwide with instant reports.

400 No CVEs

WooCommerce Tax (formerly WooCommerce Shipping & Tax)

woocommerce-services

100

We’re here to help with tax rates: collect accurate sales tax, automatically.

600K 1 CVE

Rename VAT to GST for WooCommerce

rename-vat-to-gst-for-woocommerce

100

Replaces VAT and Tax terminology with GST throughout WooCommerce (emails, cart, checkout, admin, order pages).

200 No CVEs

FacturaONE para WooCommerce con VeriFactu

wp-facturaone

100

Conecta tu WooCommerce con el ERP FacturaONE ERP y gestiona ventas, stock y facturas en tiempo real. Compatible con VeriFactu 2026 y TicketBAI.

30 No CVEs

Anrok Tax for WooCommerce

anrok-tax

100

Complete sales tax automation for WooCommerce stores, from nexus monitoring to remittance. Connect in minutes, file on autopilot.

0 No CVEs

Developer Profile

Quaderno for EDD Developer Profile

polimorfico

2 plugins · 440 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Quaderno for EDD

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/edd-quaderno/assets/js/edd-quaderno.js/wp-content/plugins/edd-quaderno/assets/js/edd-quaderno.min.js

Script Paths

/wp-content/plugins/edd-quaderno/assets/js/edd-quaderno.js/wp-content/plugins/edd-quaderno/assets/js/edd-quaderno.min.js

Version Parameters

edd-quaderno/assets/js/edd-quaderno.js?ver=edd-quaderno/assets/js/edd-quaderno.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

edd-tax-id-wrapedd-business-name-wraptax-idbusiness-name

Data Attributes

data-tax-iddata-business-name

JS Globals

window.quaderno_reviewwindow.quaderno_dismiss_review

Shortcode Output

<label for="edd_tax_id" class="edd-label">Tax ID</label><input type="text" name="edd_tax_id" id="edd_tax_id" class="tax-id edd-input" <label for="edd_business_name" class="edd-label">Business Name</label><input type="text" name="edd_business_name" id="edd_business_name" class="business-name edd-input"

FAQ