Does EU/UK VAT Validation Manager for WooCommerce have any unpatched vulnerabilities?

No. All known vulnerabilities in EU/UK VAT Validation Manager for WooCommerce have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is EU/UK VAT Validation Manager for WooCommerce compatible with WordPress 6.9.4?

According to WordPress.org data, EU/UK VAT Validation Manager for WooCommerce 4.5.8 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is EU/UK VAT Validation Manager for WooCommerce updated?

EU/UK VAT Validation Manager for WooCommerce was last updated on Feb 24, 2026. Frequent updates are generally a positive security signal.

What is EU/UK VAT Validation Manager for WooCommerce's security score?

EU/UK VAT Validation Manager for WooCommerce has a WP-Safety security score of 98/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

EU/UK VAT Validation Manager for WooCommerce Security & Risk Analysis

wordpress.org/plugins/eu-vat-for-woocommerce

Manage EU/ UK VAT in WooCommerce, validate VAT numbers real time with VIES, exempt or preserve VAT with various settings & cases.

6K active installs v4.5.8 PHP + WP 6.1+ Updated Feb 24, 2026

eu-vattaxuk-vatvatvat-validation

A · Safe

CVEs total3

Unpatched0

Last CVESep 27, 2024

Plugin page Download

Safety Verdict

Is EU/UK VAT Validation Manager for WooCommerce Safe to Use in 2026?

Generally Safe

Score 98/100

EU/UK VAT Validation Manager for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Sep 27, 2024Updated 1mo ago

Risk Assessment

The eu-vat-for-woocommerce plugin version 4.5.8 presents a mixed security posture. While it demonstrates good practices with a high percentage of properly escaped outputs and a significant portion of SQL queries using prepared statements, there are notable concerns regarding its attack surface. The plugin has a total of 5 entry points, with 4 of them lacking authentication checks, specifically within its AJAX handlers. This lack of authorization on a substantial portion of its entry points is a significant risk that could be exploited by unauthenticated users.

Taint analysis reveals one flow with an unsanitized path, which is a critical area for potential exploitation. Although the severity is not classified as critical or high in the taint analysis, any unsanitized path poses a risk. The vulnerability history shows a past of 3 medium-severity CVEs, primarily related to Cross-site Scripting and Missing Authorization. While there are currently no unpatched vulnerabilities, the recurrence of these types of issues suggests a pattern that requires vigilance. The last vulnerability was recently patched, indicating ongoing security efforts, but the historical context warrants careful consideration of the current security state.

In conclusion, the plugin shows strengths in output escaping and SQL query sanitization. However, the significant number of unprotected AJAX handlers and the presence of an unsanitized path flow are significant weaknesses. The past history of medium-severity vulnerabilities, particularly those related to authorization and XSS, reinforces the need for caution. A balanced view suggests that while the current version has addressed past issues, the exposed attack surface and the taint flow are areas that require immediate attention and mitigation.

Key Concerns

4 unprotected AJAX handlers
1 unsanitized path flow
3 medium CVEs in history

Vulnerabilities

EU/UK VAT Validation Manager for WooCommerce Security Vulnerabilities

CVEs by Year

3 CVEs in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

3 total CVEs

CVE-2024-8788medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

EU/UK VAT Manager for WooCommerce <= 2.12.12 - Reflected Cross-Site Scripting

Sep 27, 2024 Patched in 2.12.14 (1d)

CVE-2024-9189medium · 5.3Missing Authorization

EU/UK VAT Manager for WooCommerce <= 2.12.12 - Missing Authorization

Sep 27, 2024 Patched in 2.12.14 (1d)

CVE-2024-44061medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

EU/UK VAT Manager for WooCommerce <= 2.12.14 - Reflected Cross-Site Scripting

Aug 29, 2024 Patched in 3.0.0 (58d)

Code Analysis

Analyzed Mar 16, 2026

EU/UK VAT Validation Manager for WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

135 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

67% prepared3 total queries

Output Escaping

91% escaped148 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

6 flows1 with unsanitized paths

admin_notice (includes\admin\class-alg-wc-eu-vat-meta-boxes.php:82)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

4 unprotected

EU/UK VAT Validation Manager for WooCommerce Attack Surface

Entry Points5

Unprotected4

AJAX Handlers 4

authwp_ajax_alg_wc_eu_vat_validate_actionincludes\class-alg-wc-eu-vat-ajax.php:27

noprivwp_ajax_alg_wc_eu_vat_validate_actionincludes\class-alg-wc-eu-vat-ajax.php:28

authwp_ajax_alg_wc_eu_vat_validate_action_first_loadincludes\class-alg-wc-eu-vat-ajax.php:30

noprivwp_ajax_alg_wc_eu_vat_validate_action_first_loadincludes\class-alg-wc-eu-vat-ajax.php:31

Shortcodes 1

[alg_wc_eu_vat_translate] includes\class-alg-wc-eu-vat-shortcodes.php:24

WordPress Hooks 99

actionplugins_loadedeu-vat-for-woocommerce.php:64

filterwoocommerce_order_is_vat_exemptincludes\admin\class-alg-wc-eu-vat-admin-exempt.php:25

actionwoocommerce_order_item_add_action_buttonsincludes\admin\class-alg-wc-eu-vat-admin-exempt.php:27

actionadmin_footerincludes\admin\class-alg-wc-eu-vat-admin-exempt.php:30

filtermanage_edit-shop_order_columnsincludes\admin\class-alg-wc-eu-vat-admin-order-list.php:27

actionmanage_shop_order_posts_custom_columnincludes\admin\class-alg-wc-eu-vat-admin-order-list.php:28

filtermanage_woocommerce_page_wc-orders_columnsincludes\admin\class-alg-wc-eu-vat-admin-order-list.php:31

actionmanage_woocommerce_page_wc-orders_custom_columnincludes\admin\class-alg-wc-eu-vat-admin-order-list.php:32

actionrestrict_manage_postsincludes\admin\class-alg-wc-eu-vat-admin-order-list.php:35

actionwoocommerce_order_list_table_restrict_manage_ordersincludes\admin\class-alg-wc-eu-vat-admin-order-list.php:38

filterrequestincludes\admin\class-alg-wc-eu-vat-admin-order-list.php:40

filterwoocommerce_shop_order_search_fieldsincludes\admin\class-alg-wc-eu-vat-admin-order-list.php:41

filterpre_get_postsincludes\admin\class-alg-wc-eu-vat-admin-order-list.php:44

filterwoocommerce_order_list_table_prepare_items_query_argsincludes\admin\class-alg-wc-eu-vat-admin-order-list.php:47

actionrestrict_manage_usersincludes\admin\class-alg-wc-eu-vat-admin-user-list.php:24

filterpre_get_usersincludes\admin\class-alg-wc-eu-vat-admin-user-list.php:25

filterwoocommerce_admin_billing_fieldsincludes\admin\class-alg-wc-eu-vat-admin.php:34

filterwoocommerce_ajax_get_customer_detailsincludes\admin\class-alg-wc-eu-vat-admin.php:37

actionwoocommerce_admin_order_data_after_billing_addressincludes\admin\class-alg-wc-eu-vat-admin.php:40

actionadmin_print_scriptsincludes\admin\class-alg-wc-eu-vat-admin.php:43

filterwoocommerce_order_is_vat_exemptincludes\admin\class-alg-wc-eu-vat-admin.php:50

filterwoocommerce_admin_reportsincludes\admin\class-alg-wc-eu-vat-admin.php:59

actionwoocommerce_email_customer_detailsincludes\admin\class-alg-wc-eu-vat-admin.php:63

filteralg_wc_eu_vat_get_settingsincludes\admin\class-alg-wc-eu-vat-advertise.php:24

actionadmin_footerincludes\admin\class-alg-wc-eu-vat-advertise.php:25

actionadmin_menuincludes\admin\class-alg-wc-eu-vat-country-rates.php:26

actionadmin_initincludes\admin\class-alg-wc-eu-vat-country-rates.php:27

actionadmin_noticesincludes\admin\class-alg-wc-eu-vat-country-rates.php:154

actionadd_meta_boxesincludes\admin\class-alg-wc-eu-vat-meta-boxes.php:28

actionadmin_initincludes\admin\class-alg-wc-eu-vat-meta-boxes.php:31

actionadmin_initincludes\admin\class-alg-wc-eu-vat-meta-boxes.php:34

actionadmin_noticesincludes\admin\class-alg-wc-eu-vat-meta-boxes.php:35

actionadd_meta_boxesincludes\admin\class-alg-wc-eu-vat-meta-boxes.php:40

actionwoocommerce_initincludes\blocks\class-alg-wc-eu-vat-checkout-block.php:31

actionwoocommerce_initincludes\blocks\class-alg-wc-eu-vat-checkout-block.php:38

actionwoocommerce_store_api_checkout_update_order_from_requestincludes\blocks\class-alg-wc-eu-vat-checkout-block.php:45

actionwoocommerce_blocks_validate_location_contact_fieldsincludes\blocks\class-alg-wc-eu-vat-checkout-block.php:53

filterwoocommerce_get_default_value_for_alg_eu_vat/billing_eu_vat_numberincludes\blocks\class-alg-wc-eu-vat-checkout-block.php:61

actionwpincludes\blocks\class-alg-wc-eu-vat-checkout-block.php:69

actionwoocommerce_created_customerincludes\blocks\class-alg-wc-eu-vat-checkout-block.php:75

actionwoocommerce_customer_save_addressincludes\blocks\class-alg-wc-eu-vat-checkout-block.php:80

actionwoocommerce_blocks_loadedincludes\blocks\eu-vat-for-woocommerce-blocks-initialize.php:47

actionwoocommerce_blocks_cart_block_registrationincludes\blocks\eu-vat-for-woocommerce-blocks-initialize.php:51

actionwoocommerce_blocks_checkout_block_registrationincludes\blocks\eu-vat-for-woocommerce-blocks-initialize.php:58

actionblock_categories_allincludes\blocks\eu-vat-for-woocommerce-blocks-initialize.php:95

actionwp_enqueue_scriptsincludes\blocks\eu-vat-for-woocommerce-blocks-integration.php:36

actionwp_enqueue_scriptsincludes\class-alg-wc-eu-vat-ajax.php:25

filterwpo_wcpdf_after_billing_addressincludes\class-alg-wc-eu-vat-compatibility.php:27

actionwpo_wcpdf_after_order_detailsincludes\class-alg-wc-eu-vat-compatibility.php:28

filteryith_ywpi_template_editor_customer_info_placeholdersincludes\class-alg-wc-eu-vat-compatibility.php:33

actioninitincludes\class-alg-wc-eu-vat-core.php:94

actioninitincludes\class-alg-wc-eu-vat-core.php:97

actionwoocommerce_checkout_update_order_reviewincludes\class-alg-wc-eu-vat-core.php:98

actionwoocommerce_before_calculate_totalsincludes\class-alg-wc-eu-vat-core.php:99

actionwoocommerce_before_checkout_billing_formincludes\class-alg-wc-eu-vat-core.php:100

actionwoocommerce_after_checkout_validationincludes\class-alg-wc-eu-vat-core.php:103

filterwoocommerce_checkout_fieldsincludes\class-alg-wc-eu-vat-core.php:110

filterwoocommerce_billing_fieldsincludes\class-alg-wc-eu-vat-core.php:111

filterwoocommerce_cart_tax_totalsincludes\class-alg-wc-eu-vat-core.php:119

filterwp_enqueue_scriptsincludes\class-alg-wc-eu-vat-core.php:127

actionwp_footerincludes\class-alg-wc-eu-vat-core.php:131

filteralg_wc_eu_vat_maybe_exclude_vatincludes\class-alg-wc-eu-vat-core.php:134

actionalg_wc_eu_vat_exempt_appliedincludes\class-alg-wc-eu-vat-core.php:137

filterwoocommerce_get_price_htmlincludes\class-alg-wc-eu-vat-core.php:159

filterwoocommerce_get_price_htmlincludes\class-alg-wc-eu-vat-core.php:213

filterwoocommerce_get_country_localeincludes\class-alg-wc-eu-vat-country-locale.php:48

filterwoocommerce_get_country_locale_defaultincludes\class-alg-wc-eu-vat-country-locale.php:53

filterwoocommerce_country_locale_field_selectorsincludes\class-alg-wc-eu-vat-country-locale.php:58

filterwoocommerce_customer_meta_fieldsincludes\class-alg-wc-eu-vat-customer-meta-field.php:28

actionadmin_initincludes\class-alg-wc-eu-vat-customer-meta-field.php:31

actionadmin_noticesincludes\class-alg-wc-eu-vat-customer-meta-field.php:32

actionwoocommerce_order_details_after_order_tableincludes\class-alg-wc-eu-vat-display.php:30

actionwoocommerce_email_after_order_tableincludes\class-alg-wc-eu-vat-display.php:31

filterwoocommerce_order_formatted_billing_addressincludes\class-alg-wc-eu-vat-display.php:36

filterwoocommerce_my_account_my_address_formatted_addressincludes\class-alg-wc-eu-vat-display.php:37

filterwoocommerce_localisation_address_formatsincludes\class-alg-wc-eu-vat-display.php:38

filterwoocommerce_formatted_address_replacementsincludes\class-alg-wc-eu-vat-display.php:39

filterwoocommerce_address_to_editincludes\class-alg-wc-eu-vat-display.php:41

actionwoocommerce_customer_save_addressincludes\class-alg-wc-eu-vat-display.php:42

actioninitincludes\class-alg-wc-eu-vat-keep-vat-individual-product.php:25

actionwoocommerce_product_options_taxincludes\class-alg-wc-eu-vat-keep-vat-individual-product.php:35

actionwoocommerce_admin_process_product_objectincludes\class-alg-wc-eu-vat-keep-vat-individual-product.php:36

actionalg_wc_eu_vat_exempt_appliedincludes\class-alg-wc-eu-vat-keep-vat-individual-product.php:37

filterwoocommerce_rest_prepare_shop_order_objectincludes\class-alg-wc-eu-vat-orders.php:26

actionwoocommerce_checkout_update_order_metaincludes\class-alg-wc-eu-vat-orders.php:29

actionwoocommerce_checkout_update_order_metaincludes\class-alg-wc-eu-vat-orders.php:32

actionwoocommerce_register_formincludes\class-alg-wc-eu-vat-sign-up-form.php:29

actionwoocommerce_register_postincludes\class-alg-wc-eu-vat-sign-up-form.php:30

actionwoocommerce_created_customerincludes\class-alg-wc-eu-vat-sign-up-form.php:31

actioninitincludes\class-alg-wc-eu-vat.php:83

actionbefore_woocommerce_initincludes\class-alg-wc-eu-vat.php:86

actioninitincludes\class-alg-wc-eu-vat.php:170

actioninitincludes\class-alg-wc-eu-vat.php:173

filterwoocommerce_get_settings_pagesincludes\class-alg-wc-eu-vat.php:176

actionadmin_initincludes\class-alg-wc-eu-vat.php:183

filterwoocommerce_get_sections_alg_wc_eu_vatincludes\settings\class-alg-wc-eu-vat-settings-section.php:40

filterwoocommerce_admin_settings_sanitize_optionincludes\settings\class-alg-wc-eu-vat-settings.php:38

actionadmin_footerincludes\settings\class-alg-wc-eu-vat-settings.php:40

actionadmin_noticesincludes\settings\class-alg-wc-eu-vat-settings.php:134

Maintenance & Trust

EU/UK VAT Validation Manager for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 24, 2026

PHP min version

Downloads264K

Community Trust

Rating96/100

Number of ratings37

Active installs6K

Alternatives

EU/UK VAT Validation Manager for WooCommerce Alternatives

Teamwant VIES VAT for WooCommerce

teamwanteuvatvies

100

Validate EU VAT numbers with VIES during checkout. Automatically apply tax exemptions for B2B transactions and ensure compliance with OSS EU VAT.

50 No CVEs

WooCommerce EU VAT Rates for Digital Goods Sync

woocommerce-eu-vat-rates-sync

This plugin will install and sync 2 new tax classes in WooCommerce;

10 No CVEs

WooCommerce Tax (formerly WooCommerce Shipping & Tax)

woocommerce-services

100

We’re here to help with tax rates: collect accurate sales tax, automatically.

600K 1 CVE

Flexible PDF Invoices for WooCommerce & WordPress

flexible-invoices

WooCommerce PDF invoices made simple. EU VAT validation, reverse charge invoice, proforma invoices, MOSS / OSS support, invoices in bulk and more.

7K 1 CVE

NIF (Num. de Contribuinte Português) for WooCommerce

nif-num-de-contribuinte-portugues-for-woocommerce

100

This plugin adds the Portuguese NIF/NIPC as a new field to WooCommerce checkout and order details, if the billing address / customer is from Portugal.

5K No CVEs

Developer Profile

EU/UK VAT Validation Manager for WooCommerce Developer Profile

WPFactory

63 plugins · 136K total installs

trust score

Avg Security Score

97/100

Avg Patch Time

90 days

View full developer profile

Detection Fingerprints

How We Detect EU/UK VAT Validation Manager for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/eu-vat-for-woocommerce/build/checkout-eu-vat-field-block/style-index.css/wp-content/plugins/eu-vat-for-woocommerce/build/checkout-eu-vat-field-block/index.js/wp-content/plugins/eu-vat-for-woocommerce/build/checkout-eu-vat-field-block/frontend.js/wp-content/plugins/eu-vat-for-woocommerce/includes/blocks/languages

Script Paths

/wp-content/plugins/eu-vat-for-woocommerce/includes/blocks/eu-vat-for-woocommerce-blocks-initialize.php/wp-content/plugins/eu-vat-for-woocommerce/includes/class-alg-wc-eu-vat.php/wp-content/plugins/eu-vat-for-woocommerce/includes/class-alg-wc-eu-vat-ajax.php/wp-content/plugins/eu-vat-for-woocommerce/includes/blocks/eu-vat-for-woocommerce-blocks-integration.php

Version Parameters

eu-vat-for-woocommerce-checkout-eu-vat-field-blockeu-vat-for-woocommerce-checkout-eu-vat-field-block-editoreu-vat-for-woocommerce-checkout-eu-vat-field-block-frontend

HTML / DOM Fingerprints

CSS Classes

alg-wc-eu-vat-billing-eu-vat-number

Data Attributes

id="contact-alg_eu_vat-billing_eu_vat_number"data-eu-vat-field-id="#contact-alg_eu_vat-billing_eu_vat_number"

JS Globals

alg_wc_eu_frontend_countries_objectalg_wc_eu_vat_field_idalg_wc_eu_vat_field_position_idget_show_in_countriesoptInDefaultText

FAQ