WP-Safety

Individual Item Description and Price for WP Invoices Security & Risk Analysis

wordpress.org/plugins/individual-item-description-and-price-for-wp-invoices

Add individual item descriptions and prices per invoice in WP Invoices with rich text support and PDF/email compatibility.

0 active installs v1.1.0 PHP 5.6+ WP 4.7+ Updated Jan 13, 2026
descriptioninvoicepricewp-invoicingwp-invoice
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Individual Item Description and Price for WP Invoices Safe to Use in 2026?

Generally Safe

Score 100/100

Individual Item Description and Price for WP Invoices has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago
Risk Assessment

This plugin exhibits a concerning security posture primarily due to a significant number of unprotected AJAX handlers. While the plugin demonstrates good practices in other areas, such as using prepared statements for all SQL queries and having no recorded vulnerabilities, the lack of authentication checks on 8 AJAX entry points creates a substantial attack surface. This means that unauthenticated users could potentially trigger these AJAX actions, leading to unintended consequences or further exploitation if they can be chained with other weaknesses.

The static analysis reveals that all 8 AJAX handlers are exposed without any authorization checks. This is the most critical finding and represents a direct pathway for attackers to interact with plugin functionalities. Although there are no direct critical or high severity taint flows identified, and the plugin has a clean vulnerability history, the presence of unprotected AJAX endpoints is a significant risk that cannot be overlooked. The relatively low percentage of properly escaped output (39%) is also a concern, as it increases the likelihood of cross-site scripting (XSS) vulnerabilities, especially when combined with the unprotected AJAX handlers.

In conclusion, while the plugin shows strengths in its SQL query handling and lack of historical vulnerabilities, the critical weakness of unprotected AJAX handlers dominates the risk assessment. The limited output escaping further exacerbates this risk. A substantial number of points should be deducted to reflect the immediate danger posed by these exposed AJAX endpoints, which could allow for unauthorized actions or information disclosure. Addressing these unprotected AJAX handlers should be the top priority for improving the plugin's security.

Key Concerns

  • AJAX handlers without auth checks
  • Low percentage of properly escaped output
Vulnerabilities
None known

Individual Item Description and Price for WP Invoices Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Individual Item Description and Price for WP Invoices Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
90
57 escaped
Nonce Checks
5
Capability Checks
7
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

39% escaped147 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

3 flows1 with unsanitized paths
wpinv_dp_admin_get_line_items (wpinvoices_itemdescription.php:91)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
8 unprotected

Individual Item Description and Price for WP Invoices Attack Surface

Entry Points8
Unprotected8

AJAX Handlers 8

noprivwp_ajax_wpinv_admin_recalculate_totalsincludes\class-wpinvoices_itemdescription.php:167
authwp_ajax_wpinv_admin_recalculate_totalsincludes\class-wpinvoices_itemdescription.php:168
noprivwp_ajax_wpinv_dp_add_invoice_itemincludes\class-wpinvoices_itemdescription.php:170
authwp_ajax_wpinv_dp_add_invoice_itemincludes\class-wpinvoices_itemdescription.php:171
noprivwp_ajax_wpinv_dp_remove_invoice_itemincludes\class-wpinvoices_itemdescription.php:173
authwp_ajax_wpinv_dp_remove_invoice_itemincludes\class-wpinvoices_itemdescription.php:174
noprivwp_ajax_wpinv_dp_create_invoice_itemincludes\class-wpinvoices_itemdescription.php:175
authwp_ajax_wpinv_dp_create_invoice_itemincludes\class-wpinvoices_itemdescription.php:176
WordPress Hooks 13
actionplugins_loadedincludes\class-wpinvoices_itemdescription.php:142
actioninitincludes\class-wpinvoices_itemdescription.php:158
actionadmin_enqueue_scriptsincludes\class-wpinvoices_itemdescription.php:159
actionadmin_enqueue_scriptsincludes\class-wpinvoices_itemdescription.php:160
actionadd_meta_boxesincludes\class-wpinvoices_itemdescription.php:161
filterwpinv_admin_invoice_line_item_summaryincludes\class-wpinvoices_itemdescription.php:163
filterwp_insert_post_dataincludes\class-wpinvoices_itemdescription.php:165
actionwpinv_email_invoice_itemsincludes\class-wpinvoices_itemdescription.php:181
actionwpinv_email_invoice_detailsincludes\class-wpinvoices_itemdescription.php:182
filtertemplate_includeincludes\class-wpinvoices_itemdescription.php:184
filterwpinv_get_invoice_taxincludes\class-wpinvoices_itemdescription.php:185
actionwp_enqueue_scriptsincludes\class-wpinvoices_itemdescription.php:199
actionwp_enqueue_scriptsincludes\class-wpinvoices_itemdescription.php:200
Maintenance & Trust

Individual Item Description and Price for WP Invoices Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 13, 2026
PHP min version5.6
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Individual Item Description and Price for WP Invoices Alternatives

Wontonee CommerIQ — AI Commerce Insights for WooCommerce

Wontonee CommerIQ — AI Commerce Insights for WooCommerce

wontonee-commeriq

A
100

AI-powered product descriptions, image generation, and price comparison for WooCommerce. Boost sales with smart content optimization.

0 No CVEs
All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic

All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic

all-in-one-seo-pack

B
82

AIOSEO is the most powerful WordPress SEO plugin. Improve SEO rankings and traffic with comprehensive SEO tools and smart AI SEO optimizations!

3.0M 26 CVEs
SiteSEO – SEO Simplified

SiteSEO – SEO Simplified

siteseo

A
95

SiteSEO is an easy, fast and powerful SEO plugin for WordPress. Unlock your Website's potential and Maximize your online visibility with our SiteSEO!

500K 4 CVEs
PDF Invoices & Packing Slips for WooCommerce

PDF Invoices & Packing Slips for WooCommerce

woocommerce-pdf-invoices-packing-slips

A
88

Create, print & automatically email PDF or XML Invoices & PDF Packing Slips for WooCommerce orders.

300K 12 CVEs
WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes & Shipping Labels

WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes & Shipping Labels

print-invoices-packing-slip-labels-for-woocommerce

A
96

Auto-generate and attach WooCommerce PDF invoices and packing slips to order emails with customizable templates & bulk print options.

60K 6 CVEs
Developer Profile

Individual Item Description and Price for WP Invoices Developer Profile

iflairwebtechnologies

11 plugins · 820 total installs

92
trust score
Avg Security Score
97/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Individual Item Description and Price for WP Invoices

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/individual-item-description-and-price-for-wp-invoices/css/wpinvoices_itemdescription_admin.css/wp-content/plugins/individual-item-description-and-price-for-wp-invoices/js/wpinvoices_itemdescription_admin.js
Script Paths
/wp-content/plugins/individual-item-description-and-price-for-wp-invoices/js/wpinvoices_itemdescription_admin.js
Version Parameters
individual-item-description-and-price-for-wp-invoices/css/wpinvoices_itemdescription_admin.css?ver=individual-item-description-and-price-for-wp-invoices/js/wpinvoices_itemdescription_admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
wpinv-dp-item-remove
Data Attributes
data-item-iddata-quantity
FAQ

Frequently Asked Questions about Individual Item Description and Price for WP Invoices