Does FACTO – Facturación Electrónica have any unpatched vulnerabilities?

No. All known vulnerabilities in FACTO – Facturación Electrónica have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is FACTO – Facturación Electrónica compatible with WordPress 6.7.5?

According to WordPress.org data, FACTO – Facturación Electrónica 3.0.4 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is FACTO – Facturación Electrónica compatible with PHP 5.6+?

FACTO – Facturación Electrónica requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is FACTO – Facturación Electrónica updated?

FACTO – Facturación Electrónica was last updated on Jul 9, 2025. Frequent updates are generally a positive security signal.

What is FACTO – Facturación Electrónica's security score?

FACTO – Facturación Electrónica has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

FACTO – Facturación Electrónica Security & Risk Analysis

wordpress.org/plugins/facto-facturacioacuten-electroacutenica

Con este plugin Integra el módulo FACTO con tu sitio web y automatiza la emisión de documentos electrónicos cada vez que recibes una compra.

400 active installs v3.0.4 PHP 5.6+ WP 5.1+ Updated Jul 9, 2025

plugins-de-integracion-con-factura-electronica

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is FACTO – Facturación Electrónica Safe to Use in 2026?

Generally Safe

Score 100/100

FACTO – Facturación Electrónica has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8mo ago

Risk Assessment

The plugin "facto-facturacioacuten-electroacutenica" v3.0.4 exhibits a mixed security posture. On one hand, it demonstrates good practices by utilizing prepared statements for all SQL queries and performing a majority of output escaping. The absence of known CVEs and common vulnerability types in its history is a positive indicator, suggesting a generally stable codebase regarding publicly known exploits.

However, significant concerns arise from the static analysis. The presence of the `unserialize` function, especially without any apparent nonce or capability checks, represents a critical potential for remote code execution if an attacker can control the serialized data. Furthermore, the taint analysis revealed two high-severity flows with unsanitized paths, directly linked to this `unserialize` function, indicating that external input could be used in a dangerous manner. The complete lack of nonce and capability checks across all identified entry points, though currently zero in number, leaves the plugin vulnerable if new entry points are introduced or if existing ones are overlooked in the future.

In conclusion, while the plugin benefits from a clean vulnerability history and good SQL practices, the identified use of `unserialize` with unsanitized input and a complete absence of authorization checks on potential entry points poses a substantial risk. The lack of specific protections for the `unserialize` function is the most pressing concern, potentially allowing for severe security breaches.

Key Concerns

Unsanitized path flows (High severity)
Dangerous function: unserialize used
No nonce checks on entry points
No capability checks on entry points
Less than 100% output escaping

Vulnerabilities

None known

FACTO – Facturación Electrónica Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

FACTO – Facturación Electrónica Code Analysis

Dangerous Functions

Raw SQL Queries

22 prepared

Unescaped Output

85 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserializereturn (!is_null($s)) ? unserialize($s) : null;nusoap\class.wsdlcache.php:111

SQL Query Safety

100% prepared22 total queries

Output Escaping

74% escaped115 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

facto_fe_submenu_settings_logs (factofacturacionelectronica_admin.php:505)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

FACTO – Facturación Electrónica Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 18

actionadmin_menufactofacturacionelectronica_admin.php:8

actionadmin_initfactofacturacionelectronica_admin.php:12

actionadmin_noticesfactofacturacionelectronica_admin.php:824

actionadmin_noticesfactofacturacionelectronica_admin.php:832

actionadmin_noticesfactofacturacionelectronica_admin.php:873

actionadmin_noticesfactofacturacionelectronica_admin.php:878

actionadmin_noticesfactofacturacionelectronica_admin.php:896

actionwoocommerce_admin_order_data_after_billing_addressfactofacturacionelectronica_admin.php:1268

actionwoocommerce_order_details_after_order_tablefactofacturacionelectronica_admin.php:1362

actionwoocommerce_admin_order_data_after_billing_addressfactofacturacionelectronica_admin.php:1426

actionwoocommerce_order_details_after_order_tablefactofacturacionelectronica_admin.php:1427

filterwoocommerce_checkout_fieldsfactofacturacionelectronica_checkout.php:41

actionwoocommerce_after_order_notesfactofacturacionelectronica_checkout.php:64

actionwoocommerce_checkout_processfactofacturacionelectronica_checkout.php:269

actionwoocommerce_checkout_update_order_metafactofacturacionelectronica_checkout.php:323

actionwoocommerce_thankyoufactofacturacionelectronica_checkout.php:366

actionwoocommerce_order_status_processingfactofacturacionelectronica_checkout.php:367

actionwoocommerce_order_status_completedfactofacturacionelectronica_checkout.php:368

Maintenance & Trust

FACTO – Facturación Electrónica Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedJul 9, 2025

PHP min version5.6

Downloads16K

Community Trust

Rating90/100

Number of ratings2

Active installs400

Alternatives

FACTO – Facturación Electrónica Alternatives

No alternatives data available yet.

Developer Profile

FACTO – Facturación Electrónica Developer Profile

factocl

1 plugin · 400 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect FACTO – Facturación Electrónica

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/facto-facturacioacuten-electroacutenica/js/facto_fe_checkout.js/wp-content/plugins/facto-facturacioacuten-electroacutenica/css/facto_fe_admin.css/wp-content/plugins/facto-facturacioacuten-electroacutenica/js/facto_fe_admin.js

Script Paths

/wp-content/plugins/facto-facturacioacuten-electroacutenica/js/facto_fe_checkout.js/wp-content/plugins/facto-facturacioacuten-electroacutenica/js/facto_fe_admin.js

Version Parameters

facto-facturacioacuten-electroacutenica/js/facto_fe_checkout.js?ver=facto-facturacioacuten-electroacutenica/css/facto_fe_admin.css?ver=facto-facturacioacuten-electroacutenica/js/facto_fe_admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

forminp-text-facto

Data Attributes

id="facto_formulario"name="facto_webservice_mode"id="facto_webservice_mode"name="facto_webservice_user"id="facto_webservice_user"name="facto_webservice_pass"+11 more

JS Globals

facto_changemode

FAQ