WP-Safety

Invoct – PDF Invoices & Billing for WooCommerce Security & Risk Analysis

wordpress.org/plugins/kirilkirkov-pdf-invoice-manager

Professional PDF invoicing & billing for WooCommerce and WordPress, with Stripe payments and automated VAT/tax handling.

0 active installs v1.8 PHP 7.0+ WP 5.9+ Updated Feb 28, 2026
accountingbillinginvoicesinvoicingwoocommerce-invoice
99
A · Safe
CVEs total1
Unpatched0
Last CVEFeb 10, 2026
Download
Safety Verdict

Is Invoct – PDF Invoices & Billing for WooCommerce Safe to Use in 2026?

Generally Safe

Score 99/100

Invoct – PDF Invoices & Billing for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Feb 10, 2026Updated 1mo ago
Risk Assessment

The plugin "kirilkirkov-pdf-invoice-manager" v1.8 exhibits a generally strong security posture, with excellent practices in output escaping (99%) and a high percentage of SQL queries using prepared statements (90%). The absence of unprotected AJAX handlers and REST API routes is a significant strength, as is the presence of nonce and capability checks. The plugin also has a history of only one medium severity vulnerability, which is currently patched, indicating a positive trend in addressing security issues.

However, the taint analysis reveals some areas for concern. Specifically, there are 3 high-severity taint flows identified, indicating potential pathways for attackers to exploit unsanitized data. While the number of flows with unsanitized paths (6) is not exceptionally high, the presence of high-severity flows warrants attention. Additionally, the static analysis flags 6 flows with unsanitized paths, and while no critical severity flows were found, these still represent potential weaknesses that could be exploited if combined with other factors or specific attack vectors.

In conclusion, the plugin demonstrates good core security practices. The low number of unprotected entry points and the focus on prepared statements and output escaping are commendable. The vulnerability history is also a positive indicator. The primary area of concern lies within the taint analysis, where high-severity flows and unsanitized paths exist. Addressing these specific taint flows should be a priority to further harden the plugin's security.

Key Concerns

  • High severity taint flows found
  • Flows with unsanitized paths
  • Bundled library: Select2
  • Bundled library: dompdf
Vulnerabilities
1

Invoct – PDF Invoices & Billing for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2026-1748medium · 4.3Missing Authorization

Invoct – PDF Invoices & Billing for WooCommerce <= 1.6 - Missing Authorization to Authenticated (Subscriber+) Information Exposure

Feb 10, 2026 Patched in 1.7 (2d)
Code Analysis
Analyzed Mar 17, 2026

Invoct – PDF Invoices & Billing for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
13
119 prepared
Unescaped Output
15
1568 escaped
Nonce Checks
16
Capability Checks
4
File Operations
7
External Requests
0
Bundled Libraries
2

Bundled Libraries

Select2dompdf

SQL Query Safety

90% prepared132 total queries

Output Escaping

99% escaped1583 total outputs
Data Flows
6 unsanitized

Data Flow Analysis

15 flows6 with unsanitized paths
search_box (Includes\Admin\Classes\Clients\Clients.php:494)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Invoct – PDF Invoices & Billing for WooCommerce Attack Surface

Entry Points5
Unprotected0

AJAX Handlers 5

authwp_ajax_kirilkirkov_wp_inv_select_clientsKirilKirkovWpInvoices.php:159
authwp_ajax_kirilkirkov_wp_inv_select_client_by_idKirilKirkovWpInvoices.php:160
authwp_ajax_kirilkirkov_wp_inv_select_itemsKirilKirkovWpInvoices.php:161
authwp_ajax_kirilkirkov_wp_inv_select_customersKirilKirkovWpInvoices.php:162
authwp_ajax_kirilkirkov_wp_inv_change_inv_paid_statusKirilKirkovWpInvoices.php:163
WordPress Hooks 19
actioninitIncludes\Admin\Classes\Invoices\PeriodicInvoices.php:535
actionwp_enqueue_scriptsIncludes\Public\Classes\ShortCodes.php:19
actionkirilkirkovwipdf_clear_pdf_invoices_cronIncludes\Public\Classes\ShortCodes.php:38
actioninitIncludes\Public\Classes\ShortCodes.php:68
actioninitKirilKirkovWpInvoices.php:118
actionadmin_initKirilKirkovWpInvoices.php:121
actionadmin_menuKirilKirkovWpInvoices.php:124
actionwoocommerce_loadedKirilKirkovWpInvoices.php:128
actionadd_meta_boxesKirilKirkovWpInvoices.php:131
filtermanage_woocommerce_page_wc-orders_columnsKirilKirkovWpInvoices.php:135
actionmanage_woocommerce_page_wc-orders_custom_columnKirilKirkovWpInvoices.php:136
filtermanage_edit-shop_order_columnsKirilKirkovWpInvoices.php:139
actionmanage_shop_order_posts_custom_columnKirilKirkovWpInvoices.php:140
filterset-screen-optionKirilKirkovWpInvoices.php:153
actionadmin_enqueue_scriptsKirilKirkovWpInvoices.php:156
actionwoocommerce_before_thankyouKirilKirkovWpInvoices.php:185
actionwoocommerce_new_orderKirilKirkovWpInvoices.php:186
actionwoocommerce_checkout_order_processedKirilKirkovWpInvoices.php:187
actionwoocommerce_order_status_changedKirilKirkovWpInvoices.php:188

Scheduled Events 1

kirilkirkovwipdf_clear_pdf_invoices_cron
Maintenance & Trust

Invoct – PDF Invoices & Billing for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 28, 2026
PHP min version7.0
Downloads208

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Invoct – PDF Invoices & Billing for WooCommerce Alternatives

Contasimple

Contasimple

contasimple

A
100

This module allows you to export all WooCommerce orders as invoices in Contasimple.

200 No CVEs
Billy

Billy

billy

A
100

Create invoices, quotes and keep track of your earnings and expenses with this billing suite—tailored for freelancers and small agencies.

10 No CVEs
WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes & Shipping Labels

WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes & Shipping Labels

print-invoices-packing-slip-labels-for-woocommerce

A
96

Auto-generate and attach WooCommerce PDF invoices and packing slips to order emails with customizable templates & bulk print options.

60K 6 CVEs
Flexible PDF Invoices for WooCommerce & WordPress

Flexible PDF Invoices for WooCommerce & WordPress

flexible-invoices

A
99

WooCommerce PDF invoices made simple. EU VAT validation, reverse charge invoice, proforma invoices, MOSS / OSS support, invoices in bulk and more.

7K 1 CVE
Invoice Gateway for WooCommerce – Invoice Payment Gateway

Invoice Gateway for WooCommerce – Invoice Payment Gateway

invoice-gateway-for-woocommerce

A
100

Add a WooCommerce invoice gateway to your store. An easy invoicing payment gateway solution for WooCommerce.

2K No CVEs
Developer Profile

Invoct – PDF Invoices & Billing for WooCommerce Developer Profile

Kiril Kirkov

2 plugins · 20 total installs

100
trust score
Avg Security Score
100/100
Avg Patch Time
2 days
View full developer profile
Detection Fingerprints

How We Detect Invoct – PDF Invoices & Billing for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/kirilkirkov-pdf-invoice-manager/Includes/Public/Assets/css/style.css/wp-content/plugins/kirilkirkov-pdf-invoice-manager/Includes/Public/Assets/js/script.js/wp-content/plugins/kirilkirkov-pdf-invoice-manager/Includes/Public/Assets/js/chart.js/wp-content/plugins/kirilkirkov-pdf-invoice-manager/Includes/Admin/Assets/js/admin-script.js/wp-content/plugins/kirilkirkov-pdf-invoice-manager/Includes/Admin/Assets/css/admin-style.css
Script Paths
/wp-content/plugins/kirilkirkov-pdf-invoice-manager/Includes/Public/Assets/js/script.js/wp-content/plugins/kirilkirkov-pdf-invoice-manager/Includes/Public/Assets/js/chart.js/wp-content/plugins/kirilkirkov-pdf-invoice-manager/Includes/Admin/Assets/js/admin-script.js
Version Parameters
/wp-content/plugins/kirilkirkov-pdf-invoice-manager/Includes/Public/Assets/css/style.css?ver=/wp-content/plugins/kirilkirkov-pdf-invoice-manager/Includes/Public/Assets/js/script.js?ver=/wp-content/plugins/kirilkirkov-pdf-invoice-manager/Includes/Public/Assets/js/chart.js?ver=/wp-content/plugins/kirilkirkov-pdf-invoice-manager/Includes/Admin/Assets/js/admin-script.js?ver=/wp-content/plugins/kirilkirkov-pdf-invoice-manager/Includes/Admin/Assets/css/admin-style.css?ver=

HTML / DOM Fingerprints

CSS Classes
kirilkirkov_wp_inv_wrapkirilkirkov_wp_inv_select_client_fieldkirilkirkov_wp_inv_select_item_fieldkirilkirkov_wp_inv_clients_list_tablekirilkirkov_wp_inv_invoices_list_tablekirilkirkov_wp_inv_items_list_tablekirilkirkov_wp_inv_create_invoice_formkirilkirkov_wp_inv_item_row+2 more
HTML Comments
<!-- KirilKirkovWpInvoices Plugin --><!-- BEGIN WOOCOMMERCE INVOICE BOX --><!-- END WOOCOMMERCE INVOICE BOX -->
Data Attributes
data-wp-invoice-iddata-invoice-iddata-client-iddata-item-iddata-action='kirilkirkov_wp_inv_change_inv_paid_status'data-nonce='+5 more
JS Globals
kirilkirkov_wp_inv_ajax_objectKirilKirkovWpInvoicesInvoiceChart
REST Endpoints
/wp-json/kirilkirkov-pdf-invoice-manager/v1/clients/wp-json/kirilkirkov-pdf-invoice-manager/v1/items/wp-json/kirilkirkov-pdf-invoice-manager/v1/invoices/wp-json/kirilkirkov-pdf-invoice-manager/v1/settings
Shortcode Output
[kirilkirkov_wp_invoices][kirilkirkov_wp_invoice_list][kirilkirkov_wp_client_list][kirilkirkov_wp_item_list]
FAQ

Frequently Asked Questions about Invoct – PDF Invoices & Billing for WooCommerce