WP-Safety

Link Invoice Payment for WooCommerce Security & Risk Analysis

wordpress.org/plugins/invoice-payment-for-woocommerce

Link Invoice Payment plugin is a powerful extension for WooCommerce, designed to simplify online billing. Whether for one-time or recurring invoices.

200 active installs v2.9.1 PHP 7.2+ WP 5.7+ Updated Jan 6, 2026
faturasinvoicepaymentrecorrentesubscription
98
A · Safe
CVEs total2
Unpatched0
Last CVEJan 26, 2026
Plugin page Download
Safety Verdict

Is Link Invoice Payment for WooCommerce Safe to Use in 2026?

Generally Safe

Score 98/100

Link Invoice Payment for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Jan 26, 2026Updated 2mo ago
Risk Assessment

The "invoice-payment-for-woocommerce" plugin v2.9.1 presents a mixed security posture. On the positive side, it demonstrates good practices with a high percentage of prepared SQL statements and properly escaped output, along with a substantial number of nonce and capability checks. There are no external HTTP requests, indicating no risk of compromised third-party services. However, significant concerns arise from the attack surface. A notable portion of AJAX handlers (7 out of 13) and one REST API route lack authentication checks, creating potential entry points for unauthorized actions. The taint analysis reveals two high-severity flows, suggesting potential vulnerabilities in how data is processed and rendered, even with a high output escaping rate.

The plugin's vulnerability history, with two past medium-severity CVEs and a recent one in 2026, points to a recurring pattern of security weaknesses. The types of past vulnerabilities – Missing Authorization and Cross-site Scripting – align with the current findings of unprotected AJAX handlers and potentially unsanitized data flows. While there are no currently unpatched CVEs, the historical trend necessitates vigilance. In conclusion, while the plugin incorporates several good security practices, the presence of unprotected entry points and high-severity taint flows, coupled with a history of vulnerabilities, indicates a moderate to high risk that requires careful attention and potential remediation.

Key Concerns

  • Unprotected AJAX handlers
  • Unprotected REST API routes
  • High severity taint flows
  • Past medium severity CVEs
Vulnerabilities
2

Link Invoice Payment for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2025-14971medium · 5.3Missing Authorization

Link Invoice Payment for WooCommerce <= 2.8.0 - Missing Authorization to Unauthenticated Arbitrary Partial Payment Creation/Cancellation

Jan 26, 2026 Patched in 2.8.1 (1d)
CVE-2024-54328medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Invoice Payment for WooCommerce <= 1.7.2 - Reflected Cross-Site Scripting

Dec 11, 2024 Patched in 2.0.0 (9d)
Code Analysis
Analyzed Mar 16, 2026

Link Invoice Payment for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
8 prepared
Unescaped Output
50
1157 escaped
Nonce Checks
29
Capability Checks
12
File Operations
2
External Requests
0
Bundled Libraries
1

Bundled Libraries

dompdf

SQL Query Safety

89% prepared9 total queries

Output Escaping

96% escaped1207 total outputs
Data Flows
5 unsanitized

Data Flow Analysis

17 flows5 with unsanitized paths
proccess_bulk_action (Admin\LknWcipListTable.php:1688)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
8 unprotected

Link Invoice Payment for WooCommerce Attack Surface

Entry Points19
Unprotected8

AJAX Handlers 13

authwp_ajax_lkn_wcip_approve_quoteAdmin\WcPaymentInvoiceAdmin.php:72
authwp_ajax_lkn_wcip_approve_quote_onlyAdmin\WcPaymentInvoiceAdmin.php:73
authwp_ajax_lkn_wcip_create_invoiceAdmin\WcPaymentInvoiceAdmin.php:74
authwp_ajax_lkn_wcip_send_quote_emailAdmin\WcPaymentInvoiceAdmin.php:75
authwp_ajax_lkn_wcip_get_product_dataIncludes\WcPaymentInvoice.php:188
noprivwp_ajax_lkn_wcip_get_product_dataIncludes\WcPaymentInvoice.php:189
authwp_ajax_lkn_wcip_approve_quote_frontendIncludes\WcPaymentInvoice.php:192
noprivwp_ajax_lkn_wcip_approve_quote_frontendIncludes\WcPaymentInvoice.php:193
authwp_ajax_lkn_wcip_cancel_quote_frontendIncludes\WcPaymentInvoice.php:194
noprivwp_ajax_lkn_wcip_cancel_quote_frontendIncludes\WcPaymentInvoice.php:195
authwp_ajax_cancel_subscriptionIncludes\WcPaymentInvoice.php:250
authwp_ajax_lkn_wcip_download_invoiceIncludes\WcPaymentInvoicePartial.php:1216
noprivwp_ajax_lkn_wcip_download_invoiceIncludes\WcPaymentInvoicePartial.php:1217

REST API Routes 6

POST/wp-json/invoice_payments/create_partial_paymentIncludes\WcPaymentInvoiceEndpoint.php:9
POST/wp-json/invoice_payments/cancel_partial_paymentIncludes\WcPaymentInvoiceEndpoint.php:14
GET/wp-json/wc-invoice-payment/v1/generate-pdfIncludes\WcPaymentInvoiceLoaderRest.php:14
GET/wp-json/wc-invoice-payment/v1/redirectIncludes\WcPaymentInvoiceLoaderRest.php:23
POST/wp-json/invoice_payments/send_otp_codeIncludes\WcPaymentInvoiceOtpEmail.php:23
POST/wp-json/invoice_payments/verify_otp_codeIncludes\WcPaymentInvoiceOtpEmail.php:37
WordPress Hooks 110
actionadmin_menuAdmin\WcPaymentInvoiceAdmin.php:67
actionadmin_menuAdmin\WcPaymentInvoiceAdmin.php:68
actionadmin_menuAdmin\WcPaymentInvoiceAdmin.php:69
actionplugins_loadedIncludes\WcPaymentInvoice.php:172
actionadmin_enqueue_scriptsIncludes\WcPaymentInvoice.php:183
actionadmin_enqueue_scriptsIncludes\WcPaymentInvoice.php:184
actionlkn_wcip_cron_hookIncludes\WcPaymentInvoice.php:185
filterproduct_type_selectorIncludes\WcPaymentInvoice.php:200
filterproduct_type_optionsIncludes\WcPaymentInvoice.php:201
filterwoocommerce_product_data_tabsIncludes\WcPaymentInvoice.php:202
filterwoocommerce_product_data_tabsIncludes\WcPaymentInvoice.php:203
actionwoocommerce_product_data_panelsIncludes\WcPaymentInvoice.php:204
actionwoocommerce_process_product_metaIncludes\WcPaymentInvoice.php:205
actionadmin_enqueue_scriptsIncludes\WcPaymentInvoice.php:206
actionwp_enqueue_scriptsIncludes\WcPaymentInvoice.php:207
filterwoocommerce_product_supportsIncludes\WcPaymentInvoice.php:208
filterwoocommerce_product_add_to_cart_textIncludes\WcPaymentInvoice.php:211
filterwoocommerce_product_single_add_to_cart_textIncludes\WcPaymentInvoice.php:212
filterwoocommerce_get_price_htmlIncludes\WcPaymentInvoice.php:213
actionwoocommerce_donation_add_to_cartIncludes\WcPaymentInvoice.php:214
filterwoocommerce_add_to_cart_validationIncludes\WcPaymentInvoice.php:215
filterwoocommerce_add_cart_item_dataIncludes\WcPaymentInvoice.php:216
filterwoocommerce_before_calculate_totalsIncludes\WcPaymentInvoice.php:217
actionwoocommerce_order_status_completedIncludes\WcPaymentInvoice.php:220
actionwoocommerce_checkout_order_processedIncludes\WcPaymentInvoice.php:223
actionwoocommerce_rest_checkout_process_payment_with_contextIncludes\WcPaymentInvoice.php:224
actionwoocommerce_store_api_checkout_order_processedIncludes\WcPaymentInvoice.php:225
actionproduct_type_optionsIncludes\WcPaymentInvoice.php:231
filterwoocommerce_product_data_tabsIncludes\WcPaymentInvoice.php:232
actionwoocommerce_product_data_panelsIncludes\WcPaymentInvoice.php:233
actionwoocommerce_checkout_order_processedIncludes\WcPaymentInvoice.php:234
actionwoocommerce_store_api_checkout_order_processedIncludes\WcPaymentInvoice.php:235
actionwoocommerce_initIncludes\WcPaymentInvoice.php:236
filterwoocommerce_payment_gatewaysIncludes\WcPaymentInvoice.php:237
actioninitIncludes\WcPaymentInvoice.php:238
filterwc_order_statusesIncludes\WcPaymentInvoice.php:239
filterwoocommerce_register_shop_order_post_statusesIncludes\WcPaymentInvoice.php:240
actionwoocommerce_order_status_changedIncludes\WcPaymentInvoice.php:241
actionadd_meta_boxesIncludes\WcPaymentInvoice.php:242
filterwoocommerce_shop_order_list_table_prepare_items_query_argsIncludes\WcPaymentInvoice.php:243
filterwoocommerce_shop_order_list_table_order_countIncludes\WcPaymentInvoice.php:244
actionwoocommerce_before_delete_orderIncludes\WcPaymentInvoice.php:245
filterwc_order_statusesIncludes\WcPaymentInvoice.php:246
filterwoocommerce_register_shop_order_post_statusesIncludes\WcPaymentInvoice.php:247
filterwoocommerce_valid_order_statuses_for_cancelIncludes\WcPaymentInvoice.php:248
actionwoocommerce_process_product_metaIncludes\WcPaymentInvoice.php:249
actiongenerate_invoice_eventIncludes\WcPaymentInvoice.php:251
filterwoocommerce_get_price_htmlIncludes\WcPaymentInvoice.php:252
filterwoocommerce_cart_item_priceIncludes\WcPaymentInvoice.php:253
filterwoocommerce_cart_item_subtotalIncludes\WcPaymentInvoice.php:254
filterwp_enqueue_scriptsIncludes\WcPaymentInvoice.php:255
filterwoocommerce_my_account_my_orders_queryIncludes\WcPaymentInvoice.php:256
actionlkn_wcip_check_expired_quotesIncludes\WcPaymentInvoice.php:258
actionwoocommerce_get_country_localeIncludes\WcPaymentInvoice.php:260
actionrest_api_initIncludes\WcPaymentInvoice.php:263
actionrest_api_initIncludes\WcPaymentInvoice.php:427
actionwp_enqueue_scriptsIncludes\WcPaymentInvoice.php:433
actionwp_enqueue_scriptsIncludes\WcPaymentInvoice.php:434
actionwoocommerce_pay_order_before_submitIncludes\WcPaymentInvoice.php:435
filterwoocommerce_checkout_registration_enabledIncludes\WcPaymentInvoice.php:436
filterwoocommerce_checkout_registration_requiredIncludes\WcPaymentInvoice.php:437
actionenqueue_block_assetsIncludes\WcPaymentInvoice.php:438
actionenqueue_block_assetsIncludes\WcPaymentInvoice.php:439
actionenqueue_block_assetsIncludes\WcPaymentInvoice.php:441
actiondokan_product_edit_after_titleIncludes\WcPaymentInvoice.php:442
actionwoocommerce_process_product_meta_donationIncludes\WcPaymentInvoice.php:443
filterdokan_product_typesIncludes\WcPaymentInvoice.php:444
filterdokan_get_dashboard_navIncludes\WcPaymentInvoice.php:447
actiondokan_load_custom_templateIncludes\WcPaymentInvoice.php:448
filterdokan_query_var_filterIncludes\WcPaymentInvoice.php:449
filterdokan_get_dashboard_navIncludes\WcPaymentInvoice.php:453
actiondokan_load_custom_templateIncludes\WcPaymentInvoice.php:454
filterdokan_query_var_filterIncludes\WcPaymentInvoice.php:455
actiondokan_order_detail_after_order_general_detailsIncludes\WcPaymentInvoice.php:458
actioninitIncludes\WcPaymentInvoice.php:461
actionwoocommerce_order_details_after_order_tableIncludes\WcPaymentInvoice.php:463
filterwoocommerce_valid_order_statuses_for_cancelIncludes\WcPaymentInvoice.php:464
actionwoocommerce_valid_order_statuses_for_paymentIncludes\WcPaymentInvoice.php:465
actionrest_api_initIncludes\WcPaymentInvoice.php:466
actionwoocommerce_cart_calculate_feesIncludes\WcPaymentInvoice.php:467
actionwoocommerce_blocks_payment_method_type_registrationIncludes\WcPaymentInvoice.php:468
actionenqueue_block_assetsIncludes\WcPaymentInvoice.php:469
filterwoocommerce_get_price_htmlIncludes\WcPaymentInvoice.php:472
actionwoocommerce_order_details_after_order_tableIncludes\WcPaymentInvoice.php:473
actionwoocommerce_before_pay_actionIncludes\WcPaymentInvoice.php:474
actiontemplate_redirectIncludes\WcPaymentInvoice.php:475
actiontemplate_redirectIncludes\WcPaymentInvoice.php:476
actionwoocommerce_initIncludes\WcPaymentInvoice.php:477
filterquery_varsIncludes\WcPaymentInvoice.php:478
filterwoocommerce_account_menu_itemsIncludes\WcPaymentInvoice.php:479
actionwoocommerce_account_quotes_endpointIncludes\WcPaymentInvoice.php:480
filterwoocommerce_endpoint_quotes_titleIncludes\WcPaymentInvoice.php:481
filterthe_titleIncludes\WcPaymentInvoice.php:482
filterwp_titleIncludes\WcPaymentInvoice.php:483
actionwp_enqueue_scriptsIncludes\WcPaymentInvoice.php:484
actionwp_loadedIncludes\WcPaymentInvoice.php:487
filterwoocommerce_order_email_verification_requiredIncludes\WcPaymentInvoice.php:488
actionwp_footerIncludes\WcPaymentInvoice.php:494
actionwoocommerce_before_customer_login_formIncludes\WcPaymentInvoice.php:498
filterwoocommerce_process_registration_errorsIncludes\WcPaymentInvoice.php:499
actionwoocommerce_before_customer_login_formIncludes\WcPaymentInvoice.php:502
actionadmin_headIncludes\WcPaymentInvoiceSettings.php:20
filtersubmenu_fileIncludes\WcPaymentInvoiceSettings.php:30
filterparent_fileIncludes\WcPaymentInvoiceSettings.php:31
filterwoocommerce_settings_tabs_arrayIncludes\WcPaymentInvoiceSettings.php:38
actionwoocommerce_admin_field_lkn_wp_editorIncludes\WcPaymentInvoiceSettings.php:1006
actionwoocommerce_admin_field_lkn_payment_gateway_configIncludes\WcPaymentInvoiceSettings.php:1007
actionwoocommerce_admin_field_lkn_partial_payment_gateway_configIncludes\WcPaymentInvoiceSettings.php:1008
actionwoocommerce_after_add_to_cart_buttonIncludes\WcPaymentInvoiceWhatsAppButton.php:18
actionwp_enqueue_scriptsIncludes\WcPaymentInvoiceWhatsAppButton.php:21

Scheduled Events 6

lkn_wcip_cron_hook
lkn_wcip_cron_hook
lkn_wcip_cron_hook
lkn_wcip_check_expired_quotes
generate_invoice_event
lkn_wcip_cron_hook
Maintenance & Trust

Link Invoice Payment for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedJan 6, 2026
PHP min version7.2
Downloads8K

Community Trust

Rating100/100
Number of ratings1
Active installs200
Alternatives

Link Invoice Payment for WooCommerce Alternatives

SureCart – Ecommerce Made Easy For Selling Physical Products, Digital Downloads, Subscriptions, Donations, & Payments

SureCart – Ecommerce Made Easy For Selling Physical Products, Digital Downloads, Subscriptions, Donations, & Payments

surecart

A
99

Make ecommerce easy with a simple to use, all-in-one platform, that anyone can set up in just a few minutes!

90K 2 CVEs
Pledged Plugins Secure Gateway for Authorize.net and WooCommerce

Pledged Plugins Secure Gateway for Authorize.net and WooCommerce

woo-authorize-net-gateway-aim

A
100

Authorize.net payment gateway integration for WooCommerce to accept credit cards directly on WordPress e-commerce websites.

10K No CVEs
Pay with Vipps and MobilePay for WooCommerce

Pay with Vipps and MobilePay for WooCommerce

woo-vipps

A
100

Official Vipps MobilePay payment plugin for WooCommerce.

5K 1 CVE
FluentCart A New Era of eCommerce – Faster, Lighter, and Simpler

FluentCart A New Era of eCommerce – Faster, Lighter, and Simpler

fluent-cart

A
96

Sell Subscriptions, Physical Products, Digital Downloads easier than ever. Built for performance, scalability, and flexibility.

4K 2 CVEs
Quickpay for WooCommerce

Quickpay for WooCommerce

woocommerce-quickpay

A
100

Integrates your Quickpay payment gateway into your WooCommerce installation.

4K No CVEs
Developer Profile

Link Invoice Payment for WooCommerce Developer Profile

linknacional

18 plugins · 5K total installs

99
trust score
Avg Security Score
98/100
Avg Patch Time
6 days
View full developer profile
Detection Fingerprints

How We Detect Link Invoice Payment for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/invoice-payment-for-woocommerce/css/wc-invoice-payment-admin.css/wp-content/plugins/invoice-payment-for-woocommerce/js/wc-invoice-payment-admin.js
Version Parameters
/invoice-payment-for-woocommerce/css/wc-invoice-payment-admin.css?ver=/invoice-payment-for-woocommerce/js/wc-invoice-payment-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
lkn-wcip-section-title
HTML Comments
<!-- START: New Invoice Page --><!-- END: New Invoice Page --><!-- START: Edit Invoice Page --><!-- END: Edit Invoice Page -->+2 more
Data Attributes
data-lkn-wcip-modal-invoice-iddata-lkn-wcip-modal-quote-iddata-lkn-wcip-send-quote-iddata-lkn-wcip-approve-quote-iddata-lkn-wcip-approve-quote-only-id
JS Globals
window.lkn_wcip_datawindow.lkn_wcip_ajax_object
FAQ

Frequently Asked Questions about Link Invoice Payment for WooCommerce