Does Camptix Invoices have any unpatched vulnerabilities?

No. All known vulnerabilities in Camptix Invoices have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Camptix Invoices compatible with WordPress 5.0.25?

According to WordPress.org data, Camptix Invoices 1.0.1 has been tested up to WordPress 5.0.25. Check the plugin's changelog for the latest compatibility information.

Is Camptix Invoices compatible with PHP 5.4+?

Camptix Invoices requires PHP 5.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Camptix Invoices updated?

Camptix Invoices was last updated on Unknown. Frequent updates are generally a positive security signal.

What is Camptix Invoices's security score?

Camptix Invoices has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Camptix Invoices Security & Risk Analysis

wordpress.org/plugins/invoices-camptix

Allow CampTix administrators to send invoices automatically when an attendee buys a ticket.

0 active installs v1.0.1 PHP 5.4+ WP 3.0.1+ Updated Unknown

camptixeventinvoiceorganizertickets

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Camptix Invoices Safe to Use in 2026?

Generally Safe

Score 100/100

Camptix Invoices has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs

Risk Assessment

The "invoices-camptix" v1.0.1 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by avoiding dangerous functions, utilizing prepared statements for all SQL queries, and properly escaping the vast majority of its output. There are no recorded vulnerabilities or CVEs in its history, which suggests a generally secure development approach for past versions. The absence of external HTTP requests and bundled libraries also reduces potential attack vectors.

However, a significant concern arises from the identified attack surface. The plugin exposes one REST API route without any permission callbacks. This means any unauthenticated user can potentially interact with this endpoint, creating a notable security risk if it's not adequately secured internally. While taint analysis shows no flows, the presence of an unprotected REST API endpoint is a direct gateway for potential exploitation. The lack of capability checks in general is also a weakness.

In conclusion, while the plugin's code quality regarding SQL and output handling is strong and its vulnerability history is clean, the unprotected REST API endpoint is a critical oversight. This single point of entry without authentication or authorization is the primary security concern that needs immediate attention. Addressing this would significantly improve the plugin's overall security posture.

Key Concerns

REST API route without permission callbacks
0 capability checks found

Vulnerabilities

None known

Camptix Invoices Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Camptix Invoices Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

39 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

95% escaped41 total outputs

Attack Surface

1 unprotected

Camptix Invoices Attack Surface

Entry Points1

Unprotected1

REST API Routes 1

GET/wp-json/camptix-invoices/v1/invoice-formcamptix-invoices.php:368

WordPress Hooks 23

actioninitcamptix-invoices.php:25

actioninitcamptix-invoices.php:33

actioncamptix_load_addonscamptix-invoices.php:35

actionpost_submitbox_misc_actionscamptix-invoices.php:89

actionadd_meta_boxes_tix_invoicecamptix-invoices.php:117

actionsave_post_tix_invoicecamptix-invoices.php:316

actionpublish_tix_invoicecamptix-invoices.php:329

actionpublish_tix_invoicecamptix-invoices.php:341

actionpre_post_updatecamptix-invoices.php:358

actionrest_api_initcamptix-invoices.php:363

actionadmin_post_nopriv_camptix-invoice.getcamptix-invoices.php:420

actionadmin_post_camptix-invoice.getcamptix-invoices.php:421

filtercamptix_setup_sectionsincludes\class-camptix-addon-invoices.php:24

actioncamptix_menu_setup_controlsincludes\class-camptix-addon-invoices.php:25

filtercamptix_validate_optionsincludes\class-camptix-addon-invoices.php:26

actioncamptix_payment_resultincludes\class-camptix-addon-invoices.php:27

actionwp_enqueue_scriptsincludes\class-camptix-addon-invoices.php:28

actionadmin_enqueue_scriptsincludes\class-camptix-addon-invoices.php:29

filtercamptix_checkout_attendee_infoincludes\class-camptix-addon-invoices.php:30

actioncamptix_noticesincludes\class-camptix-addon-invoices.php:31

filtercamptix_form_register_complete_attendee_objectincludes\class-camptix-addon-invoices.php:32

actioncamptix_checkout_update_post_metaincludes\class-camptix-addon-invoices.php:33

filtercamptix_metabox_attendee_info_additional_rowsincludes\class-camptix-addon-invoices.php:34

Maintenance & Trust

Camptix Invoices Maintenance & Trust

Maintenance Signals

WordPress version tested5.0.25

Last updatedUnknown

PHP min version5.4

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Camptix Invoices Alternatives

WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce

wp-event-manager

Lightweight, scalable and full-featured event listings & management plugin for managing events & tickets from the Frontend and Backend.

20K 11 CVEs

EventPrime – Events Calendar, Bookings and Tickets

eventprime-event-calendar-management

Modern Events Calendar plugin ❤️ for creating free or paid events. Supports Event Types, Bookings, Tickets, Venues, Performers, and a lot more.

7K 39 CVEs

The Events Calendar

the-events-calendar

The Events Calendar: #1 calendar plugin for WordPress. Create/manage events (virtual too!) on your site with the free plugin.

700K 25 CVEs

Event Tickets and Registration

event-tickets

Event Tickets allows your visitors to RSVP and buy tickets to events on your site. Also works seamlessly with The Events Calendar.

90K 11 CVEs

Events Manager – Calendar, Bookings, Tickets, and more!

events-manager

Events calendar with bookings, scheduling, appointments, event registration, tickets, recurring events, and venue management.

70K 34 CVEs

Developer Profile

Camptix Invoices Developer Profile

Willy Bahuaud

8 plugins · 9K total installs

trust score

Avg Security Score

89/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Camptix Invoices

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/invoices-camptix/assets/css/admin-camptix-invoices.css/wp-content/plugins/invoices-camptix/assets/js/admin-camptix-invoices.js

Script Paths

/wp-content/plugins/invoices-camptix/assets/js/admin-camptix-invoices.js

HTML / DOM Fingerprints

CSS Classes

camptix-mediacamptix-invoice-logo-preview-wrapper

Data Attributes

data-imagewrapperdata-setdata-unsetdata-field="image_attachment"

JS Globals

camptixInvoiceBackVars

FAQ