Invoice Generator Security & Risk Analysis

wordpress.org/plugins/invoice-creator

SignUp & SignIn is a flexible, open-source plugin built on WordPress. Easy way to built signup and login process in your wordpress site

10 active installs v1.0.0 PHP 5.6+ WP 4.9+ Updated Feb 18, 2020
invoiceinvoice-generatormanage-invoicesproduct-addview-invoice
55
C · Use Caution
CVEs total1
Unpatched1
Last CVEJun 23, 2026
Safety Verdict

Is Invoice Generator Safe to Use in 2026?

Use With Caution

Score 55/100

Invoice Generator has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Jun 23, 2026Updated 6yr ago
Risk Assessment

The invoice-creator plugin v1.0.0 exhibits a generally positive security posture based on the provided static analysis. There are no recorded vulnerabilities (CVEs) and the code analysis reveals no dangerous functions, no raw SQL queries, and no file operations or external HTTP requests, all of which are strong security indicators. The use of prepared statements for all SQL queries is commendable. However, there are areas for improvement. A significant concern is the lack of nonce and capability checks across all entry points, including the six shortcodes identified in the attack surface. This means that potentially any user could trigger these shortcodes without proper authentication or authorization, creating a significant risk. Furthermore, only 50% of output escaping is properly implemented, leaving half of the plugin's outputs vulnerable to cross-site scripting (XSS) attacks. The bundling of the DataTables library also raises a potential concern if it is not kept up-to-date, as outdated libraries can introduce vulnerabilities.

Key Concerns

  • Missing nonce checks on entry points
  • Missing capability checks on entry points
  • Half of outputs not properly escaped
  • Bundled library (DataTables) potentially outdated
Vulnerabilities
1 published

Invoice Generator Security Vulnerabilities

CVEs by Year

1 CVE in 2026 · unpatched
2026
Patched Has unpatched

Severity Breakdown

Critical
1

1 total CVE

CVE-2026-12416critical · 9.8Weak Password Recovery Mechanism for Forgotten Password

Invoice Generator <= 1.0.0 - Unauthenticated Account Takeover via Weak Password Reset Validation via 'reset_user_id' Parameter

Jun 23, 2026Unpatched
Version History

Invoice Generator Release Timeline

v1.0.0Current1 CVE
Code Analysis
Analyzed Mar 17, 2026

Invoice Generator Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
2
2 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
1

Bundled Libraries

DataTables

Output Escaping

50% escaped4 total outputs
Attack Surface

Invoice Generator Attack Surface

Entry Points6
Unprotected0

Shortcodes 6

[pravel_invoice_edit_account_form] template\edit-account.php:121
[pravel_invoice_forgotpassword_form] template\forgot-password.php:90
[pravel_invoice_form] template\invoice-form.php:333
[pravel_invoice_login_form] template\login.php:40
[pravel_invoice_signup_form] template\registration.php:96
[pravel_product_page] template\shop-product.php:161
WordPress Hooks 3
actionwp_enqueue_scriptsindex.php:57
actionplugins_loadedindex.php:62
actionactivated_pluginindex.php:68
Maintenance & Trust

Invoice Generator Maintenance & Trust

Maintenance Signals

WordPress version tested5.3.21
Last updatedFeb 18, 2020
PHP min version5.6
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Developer Profile

Invoice Generator Developer Profile

pravel

3 plugins · 30 total installs

70
trust score
Avg Security Score
65/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Invoice Generator

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/invoice-creator/assets/css/style.min.css/wp-content/plugins/invoice-creator/assets/css/jquery.dataTables.css/wp-content/plugins/invoice-creator/assets/js/pravel-repeater.js/wp-content/plugins/invoice-creator/assets/js/pravel-verification-code.min.js/wp-content/plugins/invoice-creator/assets/js/pravel_sweetalert.min.js/wp-content/plugins/invoice-creator/assets/js/jquery.dataTables.js/wp-content/plugins/invoice-creator/assets/js/main.min.js
Script Paths
/wp-content/plugins/invoice-creator/assets/js/pravel-repeater.js/wp-content/plugins/invoice-creator/assets/js/pravel-verification-code.min.js/wp-content/plugins/invoice-creator/assets/js/pravel_sweetalert.min.js/wp-content/plugins/invoice-creator/assets/js/jquery.dataTables.js/wp-content/plugins/invoice-creator/assets/js/main.min.js
Version Parameters
invoice-creator/assets/css/style.min.css?ver=invoice-creator/assets/css/jquery.dataTables.css?ver=invoice-creator/assets/js/pravel-repeater.js?ver=invoice-creator/assets/js/pravel-verification-code.min.js?ver=invoice-creator/assets/js/pravel_sweetalert.min.js?ver=invoice-creator/assets/js/jquery.dataTables.js?ver=invoice-creator/assets/js/main.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
sign_up_bgpravel_invoice_stylesheetpravel_invoice_style_datatabletablinksactivetabcontentsign_up_mainsign-box+9 more
Data Attributes
id="pravel_current_userid"id="pravel_account_tab"id="pravel_business_tab"id="user_first_name"id="user_last_name"id="user_email"+7 more
JS Globals
PRAVEL_INVOICE_PLUGIN_URL
Shortcode Output
<div class="sign_up_bg"><input type="hidden" value="<div class="tab"><button class="tablinks active" onclick="pravel_open_tab(event, 'pravel_account_tab')">Edit Account Info</button>
FAQ

Frequently Asked Questions about Invoice Generator