Does Fattura24 have any unpatched vulnerabilities?

No. All known vulnerabilities in Fattura24 have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Fattura24 compatible with WordPress 6.9.4?

According to WordPress.org data, Fattura24 8.1.4 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Fattura24 compatible with PHP 5.6+?

Fattura24 requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Fattura24 updated?

Fattura24 was last updated on Mar 11, 2026. Frequent updates are generally a positive security signal.

What is Fattura24's security score?

Fattura24 has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Fattura24 Security & Risk Analysis

wordpress.org/plugins/fattura24

The official Fattura24 plugin allows the creation of electronic invoices, orders, traditional invoices and receipts via Fattura24

500 active installs v8.1.4 PHP 5.6+ WP 4.6+ Updated Mar 11, 2026

codice-fiscalefattura-elettronicafatturazionefatturepartita-iva

A · Safe

CVEs total1

Unpatched0

Last CVEOct 9, 2023

Plugin page Download

Safety Verdict

Is Fattura24 Safe to Use in 2026?

Generally Safe

Score 100/100

Fattura24 has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Oct 9, 2023Updated 24d ago

Risk Assessment

The "fattura24" plugin version 8.1.4 presents a mixed security posture. While it shows some positive security practices like the use of prepared statements for a majority of its SQL queries and the inclusion of nonce and capability checks for its AJAX handlers, there are significant areas of concern. The most alarming finding is that all 11 identified AJAX entry points lack authentication checks, creating a broad attack surface that is entirely unprotected. This means any unauthenticated user could potentially interact with these handlers, which is a critical security flaw.

The static analysis also flagged the presence of the dangerous "assert" function, though its context and potential exploitability are not detailed. The taint analysis, while not revealing critical or high severity flows, did indicate one flow with an unsanitized path, which could lead to issues if exploited. The vulnerability history shows a past medium severity Cross-site Scripting (XSS) vulnerability, and although currently unpatched CVEs are zero, this history suggests a potential for such vulnerabilities to emerge if input validation and output escaping are not consistently robust across all entry points.

Overall, the plugin has some strengths in its database query handling and the implementation of checks for some AJAX requests. However, the widespread lack of authentication on AJAX handlers is a major weakness that significantly elevates the risk. Coupled with the presence of a dangerous function and a history of XSS, diligent security practices, especially around input sanitization and authorization for all AJAX endpoints, are crucial.

Key Concerns

All AJAX handlers lack authentication
Presence of dangerous 'assert' function
Unsanitized path in taint flow
Low percentage of properly escaped output
Past medium severity CVE (XSS)

Vulnerabilities

Fattura24 Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2023-5211medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Fattura24 <= 6.2.7 - Reflected Cross-Site Scripting via 'id'

Oct 9, 2023 Patched in 6.2.8 (106d)

Code Analysis

Analyzed Mar 16, 2026

Fattura24 Code Analysis

Dangerous Functions

Raw SQL Queries

21 prepared

Unescaped Output

91 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

assertassert('$id != null');src\settings_uty.php:401

SQL Query Safety

78% prepared27 total queries

Output Escaping

49% escaped184 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

7 flows1 with unsanitized paths

<fattura24> (fattura24.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

11 unprotected

Fattura24 Attack Surface

Entry Points11

Unprotected11

AJAX Handlers 11

authwp_ajax_hit_starsfattura24.php:315

authwp_ajax_test_keyfattura24.php:335

authwp_ajax_download_logfattura24.php:352

authwp_ajax_woocommerce_get_customer_detailssrc\classes\fattura24-extend-woo-core.php:68

authwp_ajax_fatt_24_dismiss_noticesrc\messages.php:124

authwp_ajax_fattura24_deactivation_reasonsrc\methods\met_deactivation.php:18

authwp_ajax_save_mpsrc\methods\met_payment_types.php:301

authwp_ajax_save_pdcsrc\methods\met_products.php:152

authwp_ajax_update_tax_codesrc\methods\met_tax.php:216

authwp_ajax_download_pdfsrc\order_status.php:233

authwp_ajax_invoice_admin_commandsrc\order_status.php:272

WordPress Hooks 42

actionwoocommerce_store_api_checkout_update_order_from_requestfattura24-billing-block\fattura24-billing-block-extend-woo-core.php:58

actionwoocommerce_process_shop_order_metafattura24-billing-block\fattura24-billing-block-extend-woo-core.php:83

actionwoocommerce_admin_order_data_after_billing_addressfattura24-billing-block\fattura24-billing-block-extend-woo-core.php:107

actionwoocommerce_thankyoufattura24-billing-block\fattura24-billing-block-extend-woo-core.php:202

actionwoocommerce_email_after_order_tablefattura24-billing-block\fattura24-billing-block-extend-woo-core.php:256

actionwoocommerce_blocks_cart_block_registrationfattura24-billing-block\fattura24-billing-block.php:9

actionwoocommerce_blocks_checkout_block_registrationfattura24-billing-block\fattura24-billing-block.php:16

actionblock_categories_allfattura24-billing-block\fattura24-billing-block.php:38

actionadmin_enqueue_scriptsfattura24.php:35

actioninitfattura24.php:62

actionwoocommerce_blocks_loadedfattura24.php:70

actionbefore_woocommerce_initfattura24.php:87

actionadmin_menufattura24.php:132

actionplugin_row_metafattura24.php:210

actionadmin_initfattura24.php:211

actionadmin_noticesfattura24.php:286

filterwoocommerce_admin_order_update_customer_datasrc\classes\fattura24-extend-woo-core.php:52

actionwoocommerce_store_api_checkout_update_order_from_requestsrc\classes\fattura24-extend-woo-core.php:121

actionwoocommerce_process_shop_order_metasrc\classes\fattura24-extend-woo-core.php:146

actionwoocommerce_admin_order_data_after_billing_addresssrc\classes\fattura24-extend-woo-core.php:170

actionwoocommerce_thankyousrc\classes\fattura24-extend-woo-core.php:265

actionwoocommerce_email_after_order_tablesrc\classes\fattura24-extend-woo-core.php:319

actionadmin_initsrc\classes\fattura24-plugin-updater.php:19

actioncurrent_screensrc\hooks.php:128

actiondelete_usersrc\hooks.php:131

actionwoocommerce_order_status_changedsrc\hooks.php:136

filterwoocommerce_billing_fieldssrc\hooks.php:194

actionadmin_footer-plugins.phpsrc\hooks.php:202

actionwoocommerce_after_checkout_validationsrc\hooks.php:205

actionwoocommerce_checkout_create_ordersrc\hooks.php:208

actionwoocommerce_created_customersrc\hooks.php:211

filterwoocommerce_customer_meta_fieldssrc\hooks.php:214

actionwoocommerce_save_account_detailssrc\hooks.php:217

actionwoocommerce_admin_order_data_after_order_detailssrc\hooks.php:228

actionmanage_posts_custom_columnsrc\hooks.php:243

actionpre_get_postssrc\hooks.php:250

filterwoocommerce_shop_order_list_table_prepare_items_query_argssrc\hooks.php:253

filterwoocommerce_my_account_my_orders_actionssrc\hooks.php:258

actionwoocommerce_after_account_orderssrc\hooks.php:260

actionwp_enqueue_scriptssrc\hooks.php:266

filterfatt_24_product_umsrc\methods\met_save_document.php:712

actionwoocommerce_after_register_post_typesrc\tickets.php:16

Maintenance & Trust

Fattura24 Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 11, 2026

PHP min version5.6

Downloads59K

Community Trust

Rating98/100

Number of ratings94

Active installs500

Alternatives

Fattura24 Alternatives

WFatture for WooCommerce Fattureincloud

woo-fattureincloud

WooCommerce Fattureincloud by Woofatture trasforma gli ordini in fatture su fattureincloud.it WFatture for WooCommerce Fattureincloud

800 1 CVE

POP – Free European electronic invoicing for e-commerce (ex-WooPop)

woopop-electronic-invoice-free

100

Automate European e-invoicing for e-commerce: generate XML & PDF invoices, send via SdI and PEPPOL, manage compliance with API credits.

100 No CVEs

PDF Invoices Italian Add-on for WooCommerce

woocommerce-pdf-invoices-italian-add-on

100

Italian Add-on for PDF invoices & packing slips for WooCommerce. Donate link: https://ldav.it/plugin/woocommerce-pdf-invoices-italian-add-on/

5K No CVEs

Easy Fattura Elettronica FREE

easy-fattura-elettronica-free

100

Compatibile con la versione 1.7.1 delle specifiche tecniche dell'Agenzia delle Entrate in vigore dal 1° ottobre 2022.

100 No CVEs

Partita IVA e Codice Fiscale

partita-iva-e-codice-fiscale

100

Aggiunge Codice Fiscale, Partita IVA, Ragione Sociale, PEC e Codice SDI al checkout WooCommerce.

100 No CVEs

Developer Profile

Fattura24 Developer Profile

Fattura24

1 plugin · 500 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

106 days

View full developer profile

Detection Fingerprints

How We Detect Fattura24

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/fattura24/assets/css/backend.css/wp-content/plugins/fattura24/assets/css/frontend.css/wp-content/plugins/fattura24/assets/js/backend.js/wp-content/plugins/fattura24/assets/js/frontend.js/wp-content/plugins/fattura24/assets/js/vendors/jquery.validate.min.js/wp-content/plugins/fattura24/assets/js/vendors/moment.min.js/wp-content/plugins/fattura24/assets/js/vendors/sweetalert.min.js/wp-content/plugins/fattura24/assets/js/vendors/toast.min.js+2 more

Version Parameters

fattura24/assets/css/backend.css?ver=fattura24/assets/css/frontend.css?ver=fattura24/assets/js/backend.js?ver=fattura24/assets/js/frontend.js?ver=fattura24/assets/js/vendors/jquery.validate.min.js?ver=fattura24/assets/js/vendors/moment.min.js?ver=fattura24/assets/js/vendors/sweetalert.min.js?ver=fattura24/assets/js/vendors/toast.min.js?ver=fattura24/assets/js/vendors/vue.js?ver=fattura24/assets/js/vendors/vue-router.js?ver=

HTML / DOM Fingerprints

CSS Classes

fattura24-settings-wrapperfattura24-tabfattura24-tab-contentfattura24-sectionfattura24-fieldfattura24-labelfattura24-inputfattura24-button+3 more

HTML Comments

+6 more

Data Attributes

data-f24-setting-groupdata-f24-setting-namedata-f24-setting-typedata-f24-api-keydata-f24-client-iddata-f24-test-mode

JS Globals

fattura24_varsFattura24AdminFattura24Frontend

REST Endpoints

/wp-json/fattura24/v1/settings/wp-json/fattura24/v1/orders/wp-json/fattura24/v1/invoices

FAQ

Fattura24 Security & Risk Analysis

Is Fattura24 Safe to Use in 2026?

Generally Safe

Key Concerns

Fattura24 Security Vulnerabilities

CVEs by Year

Severity Breakdown

Fattura24 Code Analysis

Dangerous Functions Found

SQL Query Safety

Output Escaping

Data Flow Analysis

Fattura24 Attack Surface

AJAX Handlers 11

Fattura24 Maintenance & Trust

Maintenance Signals

Community Trust

Fattura24 Alternatives

WFatture for WooCommerce Fattureincloud

POP – Free European electronic invoicing for e-commerce (ex-WooPop)

PDF Invoices Italian Add-on for WooCommerce

Easy Fattura Elettronica FREE

Partita IVA e Codice Fiscale

Fattura24 Developer Profile

How We Detect Fattura24

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Fattura24