WP-Safety

Invelity iKros Invoices Security & Risk Analysis

wordpress.org/plugins/invelity-ikros-invoices

Plugin Invelity iKros invoices is designed for Wordpress (WooCommerce) online stores who have purchased invoicing software iKros.

50 active installs v1.3.3 PHP 7.0+ WP 5.2+ Updated Apr 19, 2022
ikrosinvoiceswoocommerce
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Invelity iKros Invoices Safe to Use in 2026?

Generally Safe

Score 85/100

Invelity iKros Invoices has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago
Risk Assessment

The "invelity-ikros-invoices" plugin v1.3.3 exhibits a mixed security posture. On the positive side, it demonstrates good practices by avoiding common entry points like AJAX handlers, REST API routes, shortcodes, and cron events without authentication or permission checks. Furthermore, all SQL queries utilize prepared statements, and there's a moderate number of nonces and capability checks present. However, the static analysis reveals significant concerns. The presence of the `unserialize` function, a known source of vulnerabilities if not handled with extreme care, is a critical warning sign. This is compounded by a high severity taint flow with an unsanitized path, indicating a potential pathway for malicious input to be processed without proper validation. The limited output escaping (62%) also suggests a risk of cross-site scripting (XSS) vulnerabilities. The plugin's vulnerability history being entirely clean is a positive indicator, but it does not negate the risks identified in the static analysis. The lack of recorded vulnerabilities could be due to lack of widespread use, insufficient auditing, or simply good fortune. In conclusion, while the plugin avoids common attack vectors, the identified code signals like `unserialize` and the high severity taint flow, coupled with insufficient output escaping, present tangible security risks that require immediate attention and remediation.

Key Concerns

  • High severity unsanitized taint flow detected
  • Use of dangerous function: unserialize
  • Low percentage of properly escaped output
Vulnerabilities
None known

Invelity iKros Invoices Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Invelity iKros Invoices Release Timeline

No version history available.
Code Analysis
Analyzed Apr 16, 2026

Invelity iKros Invoices Code Analysis

Dangerous Functions
2
Raw SQL Queries
0
0 prepared
Unescaped Output
46
75 escaped
Nonce Checks
1
Capability Checks
0
File Operations
5
External Requests
4
Bundled Libraries
0

Dangerous Functions Found

unserialize$sucessfull = unserialize(str_replace('\\', '', urldecode($_REQUEST['ikros-sucessfull'])));classes/class.invelityIkrosInvoicesProcess.php:189
unserialize$unsucessfull = unserialize(str_replace('\\', '', urldecode($_REQUEST['ikros-unsucessfull'])));classes/class.invelityIkrosInvoicesProcess.php:190

Output Escaping

62% escaped121 total outputs
Data Flows · Security
1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths
<class.invelityIkrosInvoicesProcess> (classes/class.invelityIkrosInvoicesProcess.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Invelity iKros Invoices Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 11
actionadmin_menuclasses/class.invelityIkrosInvoicesAdmin.php:17
actionadmin_initclasses/class.invelityIkrosInvoicesAdmin.php:18
actionadmin_initclasses/class.invelityIkrosInvoicesAdmin.php:19
actionadmin_enqueue_scriptsclasses/class.invelityIkrosInvoicesAdmin.php:20
actionadd_meta_boxesclasses/class.invelityIkrosInvoicesAdmin.php:21
actionwoocommerce_email_before_order_tableclasses/class.invelityIkrosInvoicesAdmin.php:25
actionadmin_footer-edit.phpclasses/class.invelityIkrosInvoicesProcess.php:75
actionload-edit.phpclasses/class.invelityIkrosInvoicesProcess.php:76
actionadmin_noticesclasses/class.invelityIkrosInvoicesProcess.php:77
actionadmin_enqueue_scriptsclasses/class.invelityPluginsAdmin.php:19
actionadmin_menuclasses/class.invelityPluginsAdmin.php:20
Maintenance & Trust

Invelity iKros Invoices Maintenance & Trust

Maintenance Signals

WordPress version tested5.8.13
Last updatedApr 19, 2022
PHP min version7.0
Downloads3K

Community Trust

Rating80/100
Number of ratings4
Active installs50
Alternatives

Invelity iKros Invoices Alternatives

PDF Invoices & Packing Slips for WooCommerce

PDF Invoices & Packing Slips for WooCommerce

woocommerce-pdf-invoices-packing-slips

A
88

Create, print & automatically email PDF or XML Invoices & PDF Packing Slips for WooCommerce orders.

300K 13 CVEs
WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes & Shipping Labels

WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes & Shipping Labels

print-invoices-packing-slip-labels-for-woocommerce

A
96

Auto-generate and attach WooCommerce PDF invoices and packing slips to order emails with customizable templates & bulk print options.

60K 6 CVEs
Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools

Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools

woocommerce-jetpack

B
82

Supercharge WooCommerce with FREE Abandoned Cart Recovery, Product Variation Swatches, PDF Invoices & 100+ tools. Boost sales & save time.

30K 32 CVEs
Invoices for WooCommerce

Invoices for WooCommerce

woocommerce-pdf-invoices

A
92

Automatically generate and attach customizable PDF Invoices and PDF Packing Slips for WooCommerce to emails.

10K No CVEs
Flexible PDF Invoices for WooCommerce & WordPress

Flexible PDF Invoices for WooCommerce & WordPress

flexible-invoices

A
99

WooCommerce PDF invoices made simple. EU VAT validation, reverse charge invoice, proforma invoices, MOSS / OSS support, invoices in bulk and more.

7K 1 CVE
Developer Profile

Invelity iKros Invoices Developer Profile

INVELITY

9 plugins · 430 total installs

81
trust score
Avg Security Score
82/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Invelity iKros Invoices

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/invelity-ikros-invoices/assets/css/invelity-ikros-invoices-admin.css/wp-content/plugins/invelity-ikros-invoices/assets/js/invelity-ikros-invoices-admin.js
Script Paths
/wp-content/plugins/invelity-ikros-invoices/assets/js/invelity-ikros-invoices-admin.js
Version Parameters
invelity-ikros-invoices/assets/css/invelity-ikros-invoices-admin.css?ver=invelity-ikros-invoices/assets/js/invelity-ikros-invoices-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
invelity-plugins
HTML Comments
<!-- Download invoice PDF --><!-- Faktúra k vašej objednávke č. -->
Data Attributes
data-post-id
FAQ

Frequently Asked Questions about Invelity iKros Invoices