WP-Safety

FreeInvoice API Security & Risk Analysis

wordpress.org/plugins/freeinvoice-api

Plugin di FreeInvoice per la fatturazione elettronica con WooCommerce.

10 active installs v1.0.3 PHP 7.2+ WP 5.2+ Updated May 27, 2024
codice-destinatariofattura-elettronicafattura-xmlfatturewoocommerce
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is FreeInvoice API Safe to Use in 2026?

Generally Safe

Score 92/100

FreeInvoice API has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The 'freeinvoice-api' v1.0.3 plugin exhibits a concerning security posture due to a significant lack of proper authentication and authorization checks, particularly within its AJAX handlers. With one AJAX handler identified as lacking authentication, this presents a direct and easily exploitable attack vector. While the absence of critical or high-severity taint flows is positive, the low percentage of properly escaped output (24%) suggests a high risk of Cross-Site Scripting (XSS) vulnerabilities across various output points. The presence of raw SQL queries (75% not using prepared statements) further heightens the risk of SQL injection attacks. The plugin's vulnerability history is clean, with no recorded CVEs, which could indicate a history of secure development or simply a lack of in-depth auditing. However, the current static analysis findings reveal fundamental security weaknesses that must be addressed.

Key Concerns

  • AJAX handler without authentication
  • Low percentage of properly escaped output
  • High percentage of SQL queries without prepared statements
  • No capability checks found
Vulnerabilities
None known

FreeInvoice API Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

FreeInvoice API Code Analysis

Dangerous Functions
0
Raw SQL Queries
6
2 prepared
Unescaped Output
57
18 escaped
Nonce Checks
2
Capability Checks
0
File Operations
1
External Requests
1
Bundled Libraries
0

SQL Query Safety

25% prepared8 total queries

Output Escaping

24% escaped75 total outputs
Attack Surface
1 unprotected

FreeInvoice API Attack Surface

Entry Points1
Unprotected1

AJAX Handlers 1

authwp_ajax_send_order_invoiceincludes\class-freeinvoice-api.php:196
WordPress Hooks 18
filterwoocommerce_settings_tabs_arrayadmin\class-freeinvoice-api-wc-settings.php:37
actionadmin_noticesfreeinvoice-api.php:53
actionplugins_loadedfreeinvoice-api.php:89
actionadmin_noticesincludes\class-freeinvoice-api-comm.php:218
actionplugins_loadedincludes\class-freeinvoice-api.php:152
actionadmin_enqueue_scriptsincludes\class-freeinvoice-api.php:168
actionadmin_enqueue_scriptsincludes\class-freeinvoice-api.php:169
filterwoocommerce_get_settings_pagesincludes\class-freeinvoice-api.php:172
filterplugin_row_metaincludes\class-freeinvoice-api.php:183
actionadd_meta_boxesincludes\class-freeinvoice-api.php:188
actionwoocommerce_process_shop_order_metaincludes\class-freeinvoice-api.php:190
filtermanage_edit-shop_order_columnsincludes\class-freeinvoice-api.php:192
actionmanage_shop_order_posts_custom_columnincludes\class-freeinvoice-api.php:194
actionwp_enqueue_scriptsincludes\class-freeinvoice-api.php:214
actionwp_enqueue_scriptsincludes\class-freeinvoice-api.php:215
actioninitincludes\class-freeinvoice-api.php:218
filterwoocommerce_checkout_fieldsincludes\class-freeinvoice-api.php:221
actionwoocommerce_checkout_update_order_metaincludes\class-freeinvoice-api.php:223
Maintenance & Trust

FreeInvoice API Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8
Last updatedMay 27, 2024
PHP min version7.2
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

FreeInvoice API Alternatives

WooCompany015

WooCompany015

woocompany015

A
100

Plugin ufficiale WooCompany015, attiva l'integrazione degli ordini ricevuti sul sito WooCommerce con il gestionale COMPANY015 https://www.

0 No CVEs
POP – Free European electronic invoicing for e-commerce (ex-WooPop)

POP – Free European electronic invoicing for e-commerce (ex-WooPop)

woopop-electronic-invoice-free

A
100

Automate European e-invoicing for e-commerce: generate XML & PDF invoices, send via SdI and PEPPOL, manage compliance with API credits.

100 No CVEs
WFatture for WooCommerce Fattureincloud

WFatture for WooCommerce Fattureincloud

woo-fattureincloud

A
99

WooCommerce Fattureincloud by Woofatture trasforma gli ordini in fatture su fattureincloud.it WFatture for WooCommerce Fattureincloud

800 1 CVE
Fattura24

Fattura24

fattura24

A
100

The official Fattura24 plugin allows the creation of electronic invoices, orders, traditional invoices and receipts via Fattura24

500 1 CVE
Partita Iva per Fattura Elettronica

Partita Iva per Fattura Elettronica

partita-iva-per-fattura-elettronica

A
85

Description: Partita Iva per Fattura Elettronica adds to the Woocommerce standard checkout form some custom fields(VAT Number, Fiscal Code, NIN Code a …

200 No CVEs
Developer Profile

FreeInvoice API Developer Profile

Cloud Finance

1 plugin · 10 total installs

88
trust score
Avg Security Score
92/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect FreeInvoice API

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/freeinvoice-api/admin/css/freeinvoice-api-admin.css/wp-content/plugins/freeinvoice-api/admin/js/freeinvoice-api-admin.js
Script Paths
/wp-content/plugins/freeinvoice-api/admin/js/freeinvoice-api-admin.js
Version Parameters
freeinvoice-api/admin/css/freeinvoice-api-admin.css?ver=freeinvoice-api/admin/js/freeinvoice-api-admin.js?ver=

HTML / DOM Fingerprints

FAQ

Frequently Asked Questions about FreeInvoice API