Does Invoice King Pro have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Invoice King Pro compatible with WordPress 3.9.40?

According to WordPress.org data, Invoice King Pro 1.1.7 has been tested up to WordPress 3.9.40. Check the plugin's changelog for the latest compatibility information.

How often is Invoice King Pro updated?

Invoice King Pro was last updated on Jul 16, 2014. Frequent updates are generally a positive security signal.

What is Invoice King Pro's security score?

Invoice King Pro has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Invoice King Pro Security & Risk Analysis

wordpress.org/plugins/invoice-king-pro

Invoice King Pro makes invoicing simple.

30 active installs v1.1.7 PHP + WP 3.0.1+ Updated Jul 16, 2014

clientsinvoiceinvoicingpdfrevenue

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Invoice King Pro Safe to Use in 2026?

Generally Safe

Score 85/100

Invoice King Pro has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago

Risk Assessment

The "invoice-king-pro" v1.1.7 plugin exhibits a mixed security posture. On the positive side, it has a very limited attack surface with only one AJAX handler and no REST API routes, shortcodes, or cron events. Furthermore, there are no recorded CVEs for this plugin, suggesting a history of relative stability and potentially good security practices in the past.

However, significant concerns arise from the static code analysis. The plugin uses a dangerous function, `unserialize`, which is a known vector for deserialization vulnerabilities, especially if the data being unserialized is controlled by an attacker. The analysis also reveals that 100% of SQL queries are not using prepared statements, posing a high risk of SQL injection vulnerabilities. The complete lack of properly escaped output (0%) is a critical flaw, opening the door to cross-site scripting (XSS) attacks. Additionally, the absence of capability checks for its entry points is concerning, as it implies that all users, regardless of their role, might be able to trigger potentially sensitive actions.

While the vulnerability history is currently clean, the numerous code-level weaknesses, particularly the unescaped output and raw SQL queries, present a substantial risk. These are fundamental security failings that could be easily exploited. The presence of `unserialize` is also a red flag. The plugin's strengths lie in its small attack surface and lack of known historical vulnerabilities, but these are overshadowed by critical code-level security flaws that demand immediate attention.

Key Concerns

Unescaped output (0%)
SQL queries without prepared statements (100%)
Dangerous function: unserialize
No capability checks

Vulnerabilities

None known

Invoice King Pro Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Invoice King Pro Release Timeline

v1.1.7Current

v1.1.6

v1.1.5

v1.1.4

v1.1.3

v1.1.2

v1.1.1

v1.1

v1.0.10

v1.0.9

v1.0.8

v1.0.7

v1.0.6

v1.0.5

v1.0.4

v1.0.3

v1.0.2

v1.0.1

v1.0

Code Analysis

Analyzed Mar 16, 2026

Invoice King Pro Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

365

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$rows = unserialize($invoice[0]->custom['invkp_column'][0]);includes\admin_area.php:399

unserialize$columns = unserialize($invoice[0]->custom['invkp_columns'][0]);includes\admin_area.php:402

unserialize$column_types = unserialize($invoice[0]->custom['invkp_column_types'][0]);includes\admin_area.php:403

unserialize$column_widths = unserialize($invoice[0]->custom['invkp_column_widths'][0]);includes\admin_area.php:404

unserialize$rows = unserialize($invoice[0]->custom['invkp_column'][0]);includes\admin_area.php:483

unserialize$columns = unserialize($invoice[0]->custom['invkp_columns'][0]);includes\admin_area.php:486

unserialize$column_types = unserialize($invoice[0]->custom['invkp_column_types'][0]);includes\admin_area.php:487

unserialize$column_widths = unserialize($invoice[0]->custom['invkp_column_widths'][0]);includes\admin_area.php:488

unserialize$rows = unserialize($custom_fields['invkp_column'][0]);includes\admin_area.php:605

unserializeif (isset($custom_fields["invkp_columns"][0])) $columns = unserialize($custom_fields["invkp_columns"includes\admin_area.php:609

unserializeif (isset($custom_fields["invkp_column_types"][0])) $column_types = unserialize($custom_fields["invkincludes\admin_area.php:612

unserializeif (isset($custom_fields["invkp_column_widths"][0])) $column_widths = unserialize($custom_fields["inincludes\admin_area.php:615

unserializeif (isset($custom_fields["invkp_calculate_rows"][0])) $calc_cols = unserialize($custom_fields["invkpincludes\admin_area.php:618

unserializeif (isset($custom_fields["invkp_calculate_operators"][0])) $calc_ops = unserialize($custom_fields["iincludes\admin_area.php:621

SQL Query Safety

0% prepared1 total queries

Output Escaping

0% escaped365 total outputs

Data Flows · Security

5 unsanitized

Data Flow Analysis

6 flows5 with unsanitized paths

invkp_theme_version_check (includes\admin_area.php:6)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Invoice King Pro Attack Surface

Entry Points1

Unprotected0

AJAX Handlers 1

authwp_ajax_invkp_save_clientjs\invoicekingpro-js.php:48

WordPress Hooks 26

actionadmin_initincludes\admin_area.php:43

actionadmin_action_invkpcheckthemeversionincludes\admin_area.php:63

actionadmin_noticesincludes\admin_area.php:86

actionadmin_noticesincludes\admin_area.php:106

actioninitincludes\admin_area.php:229

actionadmin_headincludes\admin_area.php:255

filtermanage_edit-invkp_invoices_columnsincludes\admin_area.php:273

actionmanage_invkp_invoices_posts_custom_columnincludes\admin_area.php:311

filtermanage_edit-invkp_clients_columnsincludes\admin_area.php:326

actionmanage_invkp_clients_posts_custom_columnincludes\admin_area.php:350

filterpost_row_actionsincludes\admin_area.php:369

actionadmin_action_invkpmarkpaidincludes\admin_area.php:379

actionadmin_action_invkpmarkunpaidincludes\admin_area.php:389

actionadmin_action_invkpviewpdfincludes\admin_area.php:457

actionadmin_action_invkpemailpdfincludes\admin_area.php:556

filterenter_title_hereincludes\admin_area.php:567

actiondo_meta_boxesincludes\admin_area.php:579

actionsave_postincludes\admin_area.php:886

actionsave_postincludes\admin_area.php:1149

filterget_sample_permalink_htmlincludes\admin_area.php:1175

actionadmin_enqueue_scriptsincludes\admin_area.php:1209

actionadmin_menuincludes\admin_area.php:1253

actionpre_update_option_invkp_column_widthsincludes\admin_area.php:1283

actionadmin_initincludes\admin_area.php:1340

actionplugins_loadedinvoicekingpro.php:52

filterplugin_action_linksinvoicekingpro.php:71

Maintenance & Trust

Invoice King Pro Maintenance & Trust

Maintenance Signals

WordPress version tested3.9.40

Last updatedJul 16, 2014

PHP min version

Downloads14K

Community Trust

Rating88/100

Number of ratings7

Active installs30

Alternatives

Invoice King Pro Alternatives

Sliced Invoices – WordPress Invoice Plugin

sliced-invoices

A WordPress invoicing plugin for creating invoices and quotes. Online payments, manage clients, reports, exports, taxes & more.

5K 1 unpatched

PDF Invoices & Packing Slips for WooCommerce

woocommerce-pdf-invoices-packing-slips

Create, print & automatically email PDF or XML Invoices & PDF Packing Slips for WooCommerce orders.

300K 13 CVEs

WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes & Shipping Labels

print-invoices-packing-slip-labels-for-woocommerce

Auto-generate and attach WooCommerce PDF invoices and packing slips to order emails with customizable templates & bulk print options.

60K 6 CVEs

Print Invoice & Delivery Notes for WooCommerce

woocommerce-delivery-notes

Create and print PDF invoices, delivery notes and receipts for your WooCommerce orders. Choose your document format from multiple templates.

30K 9 CVEs

Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools

woocommerce-jetpack

Supercharge WooCommerce with FREE Abandoned Cart Recovery, Product Variation Swatches, PDF Invoices & 100+ tools. Boost sales & save time.

30K 32 CVEs

Developer Profile

Invoice King Pro Developer Profile

Ash Durham

6 plugins · 170 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Invoice King Pro

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/invoice-king-pro/css/invoicekingpro.css/wp-content/plugins/invoice-king-pro/js/invoicekingpro-js.js

Script Paths

/wp-content/plugins/invoice-king-pro/js/invoicekingpro-js.php

Version Parameters

invoice-king-pro/css/invoicekingpro.css?ver=invoice-king-pro/js/invoicekingpro-js.js?ver=

HTML / DOM Fingerprints

CSS Classes

invkp-admin-page

Data Attributes

data-plugin-name="Invoice King Pro"data-plugin-version="1.1.7"

JS Globals

invkp_revenue_currencyinvkp_company_nameinvkp_addressinvkp_safe_theme

FAQ