WP-Safety

GTU dla Faktur WooCommerce Security & Risk Analysis

wordpress.org/plugins/flexible-invoices-gtu

Support for goods and services designations (GTU codes) on documents created by the Flexible Invoices for WooCommerce PRO plugin.

10 active installs v1.0.21 PHP 7.4+ WP 6.4+ Updated Mar 7, 2026
fakturygtugtu-na-fakturzejpk
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is GTU dla Faktur WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

GTU dla Faktur WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 27d ago
Risk Assessment

The flexible-invoices-gtu plugin v1.0.21 exhibits a generally positive security posture with a small attack surface and a complete absence of known vulnerabilities. The static analysis shows a commendable effort in implementing nonce and capability checks on its entry points, particularly the AJAX handler, which is crucial for preventing unauthorized actions. The plugin also demonstrates good practices regarding output escaping, with over half of the identified outputs being properly secured.

However, there are notable concerns. The presence of dangerous functions like `proc_open` and `passthru` raises a red flag, as these functions can be exploited for arbitrary code execution if not handled with extreme care and robust sanitization, which is not explicitly detailed in the provided taint analysis results. Furthermore, the execution of SQL queries without prepared statements is a significant risk, leaving the plugin vulnerable to SQL injection attacks. The high number of file operations also warrants attention, as improper handling could lead to directory traversal or unauthorized file modification.

Despite the lack of historical vulnerabilities, the presence of dangerous functions and raw SQL queries points to potential weaknesses that could be exploited. The plugin's strengths lie in its limited attack surface and the presence of authentication checks. However, the identified risky coding practices, particularly around dangerous functions and SQL execution, introduce significant potential risks that need to be addressed.

Key Concerns

  • Dangerous functions: proc_open, passthru detected
  • SQL queries without prepared statements
  • Significant number of file operations
  • Unescaped output found
Vulnerabilities
None known

GTU dla Faktur WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

GTU dla Faktur WooCommerce Code Analysis

Dangerous Functions
3
Raw SQL Queries
2
0 prepared
Unescaped Output
18
23 escaped
Nonce Checks
4
Capability Checks
3
File Operations
40
External Requests
1
Bundled Libraries
0

Dangerous Functions Found

proc_open$this->process = proc_open($this->command, static::DESCRIPTOR_SPEC, $this->pipes, $this->cwd);vendor_prefixed\monolog\monolog\src\Monolog\Handler\ProcessHandler.php:104
passthrupassthru($command);vendor_prefixed\wpdesk\wp-codeception\src\WPDesk\Composer\Commands\BaseCommand.php:20
unserializereturn unserialize($this->container->get($id));vendor_prefixed\wpdesk\wp-persistence\src\Decorator\SerializedPersistentContainer.php:24

SQL Query Safety

0% prepared2 total queries

Output Escaping

56% escaped41 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
processAjaxNoticeDismiss (vendor_prefixed\wpdesk\wp-notice\src\WPDesk\Notice\AjaxHandler.php:67)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

GTU dla Faktur WooCommerce Attack Surface

Entry Points1
Unprotected0

AJAX Handlers 1

authwp_ajax_wpdesk_notice_dismissvendor_prefixed\wpdesk\wp-notice\src\WPDesk\Notice\AjaxHandler.php:45
WordPress Hooks 23
actionwoocommerce_product_options_general_product_datasrc\Plugin\Flexible_Invoices_Integration.php:36
actionwoocommerce_process_product_metasrc\Plugin\Flexible_Invoices_Integration.php:37
actionfi/core/document/savesrc\Plugin\Flexible_Invoices_Integration.php:38
actionfi/core/template/invoice/after_notessrc\Plugin\Flexible_Invoices_Integration.php:39
actionfi/core/layout/metabox/payment/aftersrc\Plugin\Flexible_Invoices_Integration.php:40
actionadmin_enqueue_scriptsvendor_prefixed\wpdesk\wp-builder\src\Plugin\AbstractPlugin.php:148
actionwp_enqueue_scriptsvendor_prefixed\wpdesk\wp-builder\src\Plugin\AbstractPlugin.php:149
actionadmin_enqueue_scriptsvendor_prefixed\wpdesk\wp-notice\src\WPDesk\Notice\AjaxHandler.php:41
actionadmin_headvendor_prefixed\wpdesk\wp-notice\src\WPDesk\Notice\AjaxHandler.php:43
actionadmin_noticesvendor_prefixed\wpdesk\wp-notice\src\WPDesk\Notice\Notice.php:155
actionadmin_footervendor_prefixed\wpdesk\wp-notice\src\WPDesk\Notice\Notice.php:156
actionadmin_headvendor_prefixed\wpdesk\wp-notice\src\WPDesk\Notice\Notice.php:157
filterwp_autoloader_loader_loaders_to_loadvendor_prefixed\wpdesk\wp-plugin-flow-common\src\Initialization\PluginDisablerByFileTrait.php:45
filterwp_autoloader_loader_loaders_to_createvendor_prefixed\wpdesk\wp-plugin-flow-common\src\Initialization\PluginDisablerByFileTrait.php:46
actionplugins_loadedvendor_prefixed\wpdesk\wp-plugin-flow-common\src\Initialization\Simple\SimplePaidStrategy.php:58
actionplugins_loadedvendor_prefixed\wpdesk\wp-plugin-flow-common\src\PluginBootstrap.php:81
actionbefore_woocommerce_initvendor_prefixed\wpdesk\wp-plugin-flow-common\src\PluginBootstrap.php:88
actionactivated_pluginvendor_prefixed\wpdesk\wp-plugin-flow-common\src\PluginBootstrap.php:102
actionadmin_enqueue_scriptsvendor_prefixed\wpdesk\wp-wpdesk-tracker\src\PSR\WPDesk\Tracker\Assets.php:28
actionadmin_menuvendor_prefixed\wpdesk\wp-wpdesk-tracker\src\PSR\WPDesk\Tracker\OptInPage.php:35
actionadmin_initvendor_prefixed\wpdesk\wp-wpdesk-tracker\src\PSR\WPDesk\Tracker\OptInPage.php:36
actionadmin_noticesvendor_prefixed\wpdesk\wp-wpdesk-tracker\src\PSR\WPDesk\Tracker\OptOut.php:28
filterplugin_row_metavendor_prefixed\wpdesk\wp-wpdesk-tracker\src\PSR\WPDesk\Tracker\PluginActionLinks.php:36
Maintenance & Trust

GTU dla Faktur WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 7, 2026
PHP min version7.4
Downloads4K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

GTU dla Faktur WooCommerce Alternatives

ING Księgowość

ING Księgowość

ing-ksiegowosc

A
92

Niech faktury za zakupy Twoich klientów wystawiają się automatycznie! Wtyczka pozwala na powiązanie sklepu z kontem firmy w aplikacji ING Księgowość

100 No CVEs
PayU Purchase

PayU Purchase

estrx-payu-purchase

A
85

Plug-in do a purchase in case you have PayU account

0 No CVEs
KPiR

KPiR

kpir

A
100

Effortless Polish bookkeeping for small businesses—track expenses, manage VAT, and generate JPK reports directly from your WordPress dashboard.

0 No CVEs
PagTur for WooCommerce

PagTur for WooCommerce

pagtur-woocommerce

A
85

PagTur Payment Plugin for WooCommerce

0 No CVEs
Developer Profile

GTU dla Faktur WooCommerce Developer Profile

wpdesk

23 plugins · 127K total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
135 days
View full developer profile
Detection Fingerprints

How We Detect GTU dla Faktur WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/flexible-invoices-gtu/assets/css/admin.css/wp-content/plugins/flexible-invoices-gtu/assets/css/frontend.css/wp-content/plugins/flexible-invoices-gtu/assets/js/admin.js/wp-content/plugins/flexible-invoices-gtu/assets/js/frontend.js
Script Paths
/wp-content/plugins/flexible-invoices-gtu/vendor_prefixed/wpdesk/wp-plugin-flow-common/src/plugin-init-php52-free.php
Version Parameters
flexible-invoices-gtu/assets/css/admin.css?ver=flexible-invoices-gtu/assets/css/frontend.css?ver=flexible-invoices-gtu/assets/js/admin.js?ver=flexible-invoices-gtu/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

FAQ

Frequently Asked Questions about GTU dla Faktur WooCommerce