Does Invoice On The Go have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Invoice On The Go compatible with WordPress 4.9.29?

According to WordPress.org data, Invoice On The Go 1.0 has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

How often is Invoice On The Go updated?

Invoice On The Go was last updated on May 26, 2018. Frequent updates are generally a positive security signal.

What is Invoice On The Go's security score?

Invoice On The Go has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Invoice On The Go Security & Risk Analysis

wordpress.org/plugins/invoice-on-the-go

Create invoices anywhere (and in seconds) using your phone!

0 active installs v1.0 PHP + WP 4.7+ Updated May 26, 2018

invoice

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Invoice On The Go Safe to Use in 2026?

Generally Safe

Score 85/100

Invoice On The Go has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago

Risk Assessment

The "invoice-on-the-go" v1.0 plugin exhibits a mixed security posture. While it demonstrates good practices in SQL query preparation and output escaping, significant concerns arise from its attack surface and taint analysis. The presence of multiple unprotected AJAX handlers and a REST API route without permission callbacks represents a substantial risk, as these entry points could be exploited by unauthenticated users. The taint analysis revealing two high-severity flows with unsanitized paths further exacerbates this, suggesting potential for code execution or data manipulation if these paths are triggered with malicious input.

The plugin's vulnerability history is a positive sign, with no recorded CVEs. This indicates a generally stable codebase or perhaps a lack of public scrutiny thus far. However, this lack of history should not overshadow the critical flaws identified in the static analysis. The strengths lie in its diligent use of prepared statements for SQL and robust output escaping, which mitigates common web vulnerabilities. Conversely, the weaknesses are stark, primarily centered around the lack of authentication and authorization checks on critical entry points, coupled with the identified high-severity taint flows.

Key Concerns

Unprotected AJAX handlers
REST API route without permission callbacks
High severity taint flows
No nonce checks

Vulnerabilities

None known

Invoice On The Go Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Invoice On The Go Release Timeline

No version history available.

Code Analysis

Analyzed Mar 17, 2026

Invoice On The Go Code Analysis

Dangerous Functions

Raw SQL Queries

19 prepared

Unescaped Output

14 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2

SQL Query Safety

79% prepared24 total queries

Output Escaping

93% escaped15 total outputs

Data Flows · Security

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

IsDuplicate (api\gateways\PayPalGateWay.php:66)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

4 unprotected

Invoice On The Go Attack Surface

Entry Points5

Unprotected4

AJAX Handlers 3

noprivwp_ajax_rniotgRednaoInvoiceOnTheGo.php:117

authwp_ajax_rniotgRednaoInvoiceOnTheGo.php:118

noprivwp_ajax_rniotg_paypal_receivedRednaoInvoiceOnTheGo.php:119

REST API Routes 1

GET/wp-json/myplugin/v1/author/(?P<id>\d+)api\Base.php:16

Shortcodes 1

[rniotg_payment] RednaoInvoiceOnTheGo.php:54

WordPress Hooks 11

actionrest_api_initapi\Base.php:15

actionadmin_menuRednaoInvoiceOnTheGo.php:106

actionrest_api_initRednaoInvoiceOnTheGo.php:107

actionshow_user_profileRednaoInvoiceOnTheGo.php:108

actionedit_user_profileRednaoInvoiceOnTheGo.php:109

actionuser_new_formRednaoInvoiceOnTheGo.php:110

actionadmin_initRednaoInvoiceOnTheGo.php:111

actionedit_user_profile_updateRednaoInvoiceOnTheGo.php:113

actionpersonal_options_updateRednaoInvoiceOnTheGo.php:114

actiondelete_userRednaoInvoiceOnTheGo.php:115

actionrniotg_process_remindersRednaoInvoiceOnTheGo.php:120

Scheduled Events 1

rniotg_process_reminders

Maintenance & Trust

Invoice On The Go Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedMay 26, 2018

PHP min version

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Invoice On The Go Alternatives

PDF Invoices & Packing Slips for WooCommerce

woocommerce-pdf-invoices-packing-slips

Create, print & automatically email PDF or XML Invoices & PDF Packing Slips for WooCommerce orders.

300K 13 CVEs

WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes & Shipping Labels

print-invoices-packing-slip-labels-for-woocommerce

Auto-generate and attach WooCommerce PDF invoices and packing slips to order emails with customizable templates & bulk print options.

60K 6 CVEs

Print Invoice & Delivery Notes for WooCommerce

woocommerce-delivery-notes

Create and print PDF invoices, delivery notes and receipts for your WooCommerce orders. Choose your document format from multiple templates.

30K 9 CVEs

Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools

woocommerce-jetpack

Supercharge WooCommerce with FREE Abandoned Cart Recovery, Product Variation Swatches, PDF Invoices & 100+ tools. Boost sales & save time.

30K 32 CVEs

Invoices for WooCommerce

woocommerce-pdf-invoices

Automatically generate and attach customizable PDF Invoices and PDF Packing Slips for WooCommerce to emails.

10K No CVEs

Developer Profile

Invoice On The Go Developer Profile

EDGARROJAS

19 plugins · 12K total installs

trust score

Avg Security Score

94/100

Avg Patch Time

278 days

View full developer profile

Detection Fingerprints

How We Detect Invoice On The Go

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/invoice-on-the-go/assets/css/admin/invoice-style.css/wp-content/plugins/invoice-on-the-go/assets/css/style.css/wp-content/plugins/invoice-on-the-go/assets/js/admin/invoice-admin.js/wp-content/plugins/invoice-on-the-go/assets/js/invoice.js/wp-content/plugins/invoice-on-the-go/assets/js/payment.js

Script Paths

/wp-content/plugins/invoice-on-the-go/assets/js/admin/invoice-admin.js/wp-content/plugins/invoice-on-the-go/assets/js/invoice.js/wp-content/plugins/invoice-on-the-go/assets/js/payment.js

Version Parameters

invoice-on-the-go/assets/css/admin/invoice-style.css?ver=invoice-on-the-go/assets/css/style.css?ver=invoice-on-the-go/assets/js/admin/invoice-admin.js?ver=invoice-on-the-go/assets/js/invoice.js?ver=invoice-on-the-go/assets/js/payment.js?ver=

HTML / DOM Fingerprints

CSS Classes

rniotg-invoice-formrniotg-payment-formrednao-invoice-on-the-go

Data Attributes

data-invoice-iddata-invoice-number

JS Globals

rniotg_payment_settingsrniotg_invoice_settings

REST Endpoints

/wp-json/rniotg/v1/invoice/wp-json/rniotg/v1/payment

Shortcode Output

[rniotg_payment][rniotg_invoice]

FAQ