WP-Safety

COMITI Invoicing Cloud for Ecommerce Security & Risk Analysis

wordpress.org/plugins/efitec-facturacion-for-comiti

CFDI 4.0 invoicing extension for WooCommerce integrated with COMITI’s services.

0 active installs v1.1.33 PHP 8.2+ WP 5.8+ Updated Feb 22, 2026
cfdiinvoicemexicotimbradowoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is COMITI Invoicing Cloud for Ecommerce Safe to Use in 2026?

Generally Safe

Score 100/100

COMITI Invoicing Cloud for Ecommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The 'efitec-facturacion-for-comiti' v1.1.33 plugin presents a mixed security posture. On the positive side, it demonstrates good practices regarding SQL query sanitization, with all queries utilizing prepared statements. The vast majority of its output is also properly escaped, and it includes a reasonable number of nonce and capability checks for its entry points. The absence of any recorded vulnerabilities in its history is a significant strength, suggesting a generally stable and secure development approach.

However, there are notable areas of concern. The presence of the 'exec' function, a dangerous function, warrants careful scrutiny as it can be a vector for arbitrary code execution if not handled with extreme care. The taint analysis revealing two critical severity flows with unsanitized paths is particularly alarming. These flows, if exploitable, could lead to significant security compromises. Additionally, the plugin has one unprotected AJAX handler, creating a direct entry point that lacks authentication, which is a significant security weakness.

While the plugin has no known CVEs, the identified critical taint flows and the unprotected AJAX handler represent immediate risks that should be prioritized. The strengths in SQL and output handling are overshadowed by these critical code-level vulnerabilities. A balanced conclusion is that while the plugin avoids historical vulnerabilities, its current code has critical security flaws that require immediate attention and remediation to improve its overall security posture.

Key Concerns

  • Critical taint flows without sanitization
  • AJAX handler without authorization check
  • Use of dangerous function 'exec'
  • Flows with unsanitized paths
Vulnerabilities
None known

COMITI Invoicing Cloud for Ecommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

COMITI Invoicing Cloud for Ecommerce Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
0 prepared
Unescaped Output
6
220 escaped
Nonce Checks
6
Capability Checks
4
File Operations
19
External Requests
0
Bundled Libraries
1

Dangerous Functions Found

execexec ('openssl '.$key_command_pem, $result, $status);includes\metaboxes.php:213

Bundled Libraries

TCPDF

Output Escaping

97% escaped226 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
comitifact_guardar_metaboxes (includes\metaboxes.php:221)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

COMITI Invoicing Cloud for Ecommerce Attack Surface

Entry Points7
Unprotected1

AJAX Handlers 3

authwp_ajax_comitifact_csf_uploadefitec-facturacion-for-comiti.php:94
authwp_ajax_comiti_csfuploadincludes\ajax-handlers.php:79
noprivwp_ajax_comiti_csfuploadincludes\ajax-handlers.php:80

Shortcodes 4

[testcancel] includes\cancelcfdi.php:14
[testtimbrado] includes\timbradocfdi.php:76
[footag] includes\timbradocfdi.php:78
[testxmlcreate] includes\xmlcreate.php:33
WordPress Hooks 28
actionadd_meta_boxesefitec-facturacion-for-comiti.php:96
actionadmin_enqueue_scriptsefitec-facturacion-for-comiti.php:126
filterupload_dirincludes\comitifact_Uploads.php:105
actionplugins_loadedincludes\comitifact_WC_extra_data.php:15
filterwoocommerce_integrationsincludes\comitifact_WC_extra_data.php:21
actionadd_meta_boxesincludes\metaboxes.php:22
filterupload_mimesincludes\metaboxes.php:31
actionpost_edit_form_tagincludes\metaboxes.php:37
filterenter_title_hereincludes\metaboxes.php:47
actionsave_postincludes\metaboxes.php:420
actioninitincludes\posttypes.php:49
actionwp_enqueue_scriptsincludes\scripts.php:18
actionadmin_enqueue_scriptsincludes\scripts.php:24
actionplugins_loadedincludes\WC_addExtraData.php:15
filterwoocommerce_integrationsincludes\WC_addExtraData.php:21
actionwoocommerce_update_options_integrationincludes\WC_addExtraDataClass.php:85
actionwoocommerce_after_checkout_billing_formincludes\WC_addExtraDataClass.php:264
actionwoocommerce_initincludes\WC_addExtraDataClass.php:267
actionwoocommerce_blocks_validate_location_address_fieldsincludes\WC_addExtraDataClass.php:398
actionwoocommerce_before_checkout_processincludes\WC_addExtraDataClass.php:471
actionwoocommerce_before_thankyouincludes\WC_addExtraDataClass.php:497
actionwoocommerce_checkout_update_order_metaincludes\WC_addExtraDataClass.php:594
filtermanage_woocommerce_page_wc-orders_columnsincludes\WC_Orders_Columns.php:8
actionmanage_woocommerce_page_wc-orders_custom_columnincludes\WC_Orders_Columns.php:45
actionwoocommerce_admin_order_data_after_billing_addressincludes\WC_Orders_Update.php:25
actionwoocommerce_process_shop_order_metaincludes\WC_Orders_Update.php:314
actionwoocommerce_product_options_general_product_dataincludes\WC_ProductManager.php:45
actionwoocommerce_process_product_metaincludes\WC_ProductManager.php:83
Maintenance & Trust

COMITI Invoicing Cloud for Ecommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 22, 2026
PHP min version8.2
Downloads201

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

COMITI Invoicing Cloud for Ecommerce Alternatives

PDF Invoices & Packing Slips for WooCommerce

PDF Invoices & Packing Slips for WooCommerce

woocommerce-pdf-invoices-packing-slips

A
88

Create, print & automatically email PDF or XML Invoices & PDF Packing Slips for WooCommerce orders.

300K 12 CVEs
WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes & Shipping Labels

WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes & Shipping Labels

print-invoices-packing-slip-labels-for-woocommerce

A
96

Auto-generate and attach WooCommerce PDF invoices and packing slips to order emails with customizable templates & bulk print options.

60K 6 CVEs
Print Invoice & Delivery Notes for WooCommerce

Print Invoice & Delivery Notes for WooCommerce

woocommerce-delivery-notes

A
89

Create and print PDF invoices, delivery notes and receipts for your WooCommerce orders. Choose your document format from multiple templates.

30K 8 CVEs
Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools

Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools

woocommerce-jetpack

B
82

Supercharge WooCommerce with FREE Abandoned Cart Recovery, Product Variation Swatches, PDF Invoices & 100+ tools. Boost sales & save time.

30K 31 CVEs
Invoices for WooCommerce

Invoices for WooCommerce

woocommerce-pdf-invoices

A
92

Automatically generate and attach customizable PDF Invoices and PDF Packing Slips for WooCommerce to emails.

10K No CVEs
Developer Profile

COMITI Invoicing Cloud for Ecommerce Developer Profile

Arturo Ramirez

1 plugin · 0 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect COMITI Invoicing Cloud for Ecommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/efitec-facturacion-for-comiti/assets/css/comitifact.css/wp-content/plugins/efitec-facturacion-for-comiti/assets/js/comitifact.js/wp-content/plugins/efitec-facturacion-for-comiti/assets/js/comitifact-upload.js
Script Paths
/wp-content/plugins/efitec-facturacion-for-comiti/assets/js/comitifact-upload.js
Version Parameters
efitec-facturacion-for-comiti/assets/css/comitifact.css?ver=efitec-facturacion-for-comiti/assets/js/comitifact.js?ver=efitec-facturacion-for-comiti/assets/js/comitifact-upload.js?ver=

HTML / DOM Fingerprints

CSS Classes
comitifact_upload_result
HTML Comments
<!-- Nonce para AJAX -->
Data Attributes
id="comitifact_csf"name="comitifact_csf"id="comitifact_order_id"id="comitifact_upload_btn"id="comitifact_upload_result"
JS Globals
comitifactAjaxadmin_urlCOMITIFACT_PLUGIN_URLCOMITIFACT_PLUGIN_DIRCOMITIFACT_VERSION
REST Endpoints
/wp-json/wp/v2/comitifact
Shortcode Output
[testcancel]
FAQ

Frequently Asked Questions about COMITI Invoicing Cloud for Ecommerce