WP-Safety

Flexible Invoices for WooCommerce – KSeF Add-on Security & Risk Analysis

wordpress.org/plugins/ksef-for-flexible-invoices

Easily send invoices from Flexible Invoices straight to KSeF using the official Ministry of Finance API. Check invoice status and KSeF details directl …

100 active installs v2.0.14 PHP 7.4+ WP 6.4+ Updated Mar 3, 2026
flexible-invoicesinvoiceinvoicesksefwoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Flexible Invoices for WooCommerce – KSeF Add-on Safe to Use in 2026?

Generally Safe

Score 100/100

Flexible Invoices for WooCommerce – KSeF Add-on has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The plugin 'ksef-for-flexible-invoices' v2.0.14 exhibits a mixed security posture. On the positive side, it has a relatively small attack surface with no exposed REST API routes or shortcodes, and all identified AJAX handlers have authentication checks. The plugin also demonstrates good practices with a high percentage of SQL queries using prepared statements and a decent number of nonce and capability checks. However, the presence of dangerous functions like 'proc_open', 'passthru', and 'unserialize' raises significant concerns. Furthermore, the taint analysis reveals flows with unsanitized paths, including two classified as high severity. While the plugin has no recorded vulnerability history, the static analysis findings suggest potential for serious security weaknesses that could be exploited if not addressed. The limited output escaping is also a notable concern.

Key Concerns

  • High severity taint flows
  • Use of dangerous functions (proc_open, passthru)
  • Use of unserialize
  • Low percentage of properly escaped output
  • Bundled library (Guzzle)
Vulnerabilities
None known

Flexible Invoices for WooCommerce – KSeF Add-on Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Flexible Invoices for WooCommerce – KSeF Add-on Code Analysis

Dangerous Functions
4
Raw SQL Queries
2
13 prepared
Unescaped Output
98
68 escaped
Nonce Checks
9
Capability Checks
5
File Operations
49
External Requests
1
Bundled Libraries
1

Dangerous Functions Found

proc_open$this->process = proc_open($this->command, static::DESCRIPTOR_SPEC, $this->pipes, $this->cwd);vendor_prefixed\monolog\monolog\src\Monolog\Handler\ProcessHandler.php:104
passthrupassthru($command);vendor_prefixed\wpdesk\wp-codeception\src\WPDesk\Composer\Commands\BaseCommand.php:20
unserializereturn unserialize($value);vendor_prefixed\wpdesk\wp-forms\src\Serializer\SerializeSerializer.php:14
unserializereturn unserialize($this->container->get($id));vendor_prefixed\wpdesk\wp-persistence\src\Decorator\SerializedPersistentContainer.php:24

Bundled Libraries

Guzzle

SQL Query Safety

87% prepared15 total queries

Output Escaping

41% escaped166 total outputs
Data Flows
4 unsanitized

Data Flow Analysis

6 flows4 with unsanitized paths
handle_download_xml (src\Controller\DownloadXMLController.php:24)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Flexible Invoices for WooCommerce – KSeF Add-on Attack Surface

Entry Points3
Unprotected0

AJAX Handlers 3

authwp_ajax_fiksef_send_document_to_ksefsrc\Xml\SendDocument.php:66
authwp_ajax_fiksef_check_document_statussrc\Xml\SendDocument.php:67
authwp_ajax_wpdesk_notice_dismissvendor_prefixed\wpdesk\wp-notice\src\WPDesk\Notice\AjaxHandler.php:42
WordPress Hooks 35
actionbefore_woocommerce_initfaktury-ksef.php:55
actionadmin_enqueue_scriptssrc\Assets.php:40
actionadmin_enqueue_scriptssrc\Assets.php:41
filterfi/core/blocks/block_listsrc\Blocks\RegisterEditorBlocks.php:17
filterfi/core/blocks/replacerssrc\Blocks\RegisterEditorBlocks.php:18
filterfi/core/blocks/allowed_block_typessrc\Blocks\RegisterEditorBlocks.php:19
filterbulk_actions-edit-inspire_invoicesrc\Dashboard\BulkAction.php:23
filterfi/core/lists/columns/headersrc\Dashboard\Columns.php:31
actionfi/core/lists/columns/bodysrc\Dashboard\Columns.php:32
actionadd_meta_boxessrc\Dashboard\MetaBox.php:48
actionsave_post_inspire_invoicesrc\Dashboard\MetaBox.php:49
filterfi/core/ksef/tabssrc\Dashboard\SettingsPageRegistry.php:17
filterfi/core/ksef/should_display_menusrc\Plugin.php:82
actioninitsrc\Plugin.php:83
actionfi/core/initializedsrc\Plugin.php:103
actionfi/core/document/savesrc\Xml\SendDocument.php:69
actionadmin_enqueue_scriptsvendor_prefixed\wpdesk\wp-builder\src\Plugin\AbstractPlugin.php:148
actionwp_enqueue_scriptsvendor_prefixed\wpdesk\wp-builder\src\Plugin\AbstractPlugin.php:149
actionadmin_footervendor_prefixed\wpdesk\wp-helpscout-beacon\src\Beacon\Beacon.php:66
actionadmin_enqueue_scriptsvendor_prefixed\wpdesk\wp-helpscout-beacon\src\Beacon\Beacon.php:67
actionadmin_enqueue_scriptsvendor_prefixed\wpdesk\wp-notice\src\WPDesk\Notice\AjaxHandler.php:41
actionadmin_noticesvendor_prefixed\wpdesk\wp-notice\src\WPDesk\Notice\Notice.php:144
actionadmin_footervendor_prefixed\wpdesk\wp-notice\src\WPDesk\Notice\Notice.php:145
filterwp_autoloader_loader_loaders_to_loadvendor_prefixed\wpdesk\wp-plugin-flow-common\src\Initialization\PluginDisablerByFileTrait.php:45
filterwp_autoloader_loader_loaders_to_createvendor_prefixed\wpdesk\wp-plugin-flow-common\src\Initialization\PluginDisablerByFileTrait.php:46
actionplugins_loadedvendor_prefixed\wpdesk\wp-plugin-flow-common\src\Initialization\Simple\SimplePaidStrategy.php:58
actionplugins_loadedvendor_prefixed\wpdesk\wp-plugin-flow-common\src\PluginBootstrap.php:81
actionbefore_woocommerce_initvendor_prefixed\wpdesk\wp-plugin-flow-common\src\PluginBootstrap.php:88
actionactivated_pluginvendor_prefixed\wpdesk\wp-plugin-flow-common\src\PluginBootstrap.php:102
filterdoing_it_wrong_trigger_errorvendor_prefixed\wpdesk\wp-plugin-flow-common\src\PluginBootstrap.php:123
actionadmin_enqueue_scriptsvendor_prefixed\wpdesk\wp-wpdesk-tracker\src\PSR\WPDesk\Tracker\Assets.php:28
actionadmin_menuvendor_prefixed\wpdesk\wp-wpdesk-tracker\src\PSR\WPDesk\Tracker\OptInPage.php:35
actionadmin_initvendor_prefixed\wpdesk\wp-wpdesk-tracker\src\PSR\WPDesk\Tracker\OptInPage.php:36
actionadmin_noticesvendor_prefixed\wpdesk\wp-wpdesk-tracker\src\PSR\WPDesk\Tracker\OptOut.php:28
filterplugin_row_metavendor_prefixed\wpdesk\wp-wpdesk-tracker\src\PSR\WPDesk\Tracker\PluginActionLinks.php:36
Maintenance & Trust

Flexible Invoices for WooCommerce – KSeF Add-on Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 3, 2026
PHP min version7.4
Downloads2K

Community Trust

Rating80/100
Number of ratings1
Active installs100
Alternatives

Flexible Invoices for WooCommerce – KSeF Add-on Alternatives

PDF Invoices & Packing Slips for WooCommerce

PDF Invoices & Packing Slips for WooCommerce

woocommerce-pdf-invoices-packing-slips

A
88

Create, print & automatically email PDF or XML Invoices & PDF Packing Slips for WooCommerce orders.

300K 12 CVEs
WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes & Shipping Labels

WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes & Shipping Labels

print-invoices-packing-slip-labels-for-woocommerce

A
96

Auto-generate and attach WooCommerce PDF invoices and packing slips to order emails with customizable templates & bulk print options.

60K 6 CVEs
Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools

Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools

woocommerce-jetpack

B
82

Supercharge WooCommerce with FREE Abandoned Cart Recovery, Product Variation Swatches, PDF Invoices & 100+ tools. Boost sales & save time.

30K 31 CVEs
Invoices for WooCommerce

Invoices for WooCommerce

woocommerce-pdf-invoices

A
92

Automatically generate and attach customizable PDF Invoices and PDF Packing Slips for WooCommerce to emails.

10K No CVEs
Flexible PDF Invoices for WooCommerce & WordPress

Flexible PDF Invoices for WooCommerce & WordPress

flexible-invoices

A
99

WooCommerce PDF invoices made simple. EU VAT validation, reverse charge invoice, proforma invoices, MOSS / OSS support, invoices in bulk and more.

7K 1 CVE
Developer Profile

Flexible Invoices for WooCommerce – KSeF Add-on Developer Profile

wpdesk

23 plugins · 127K total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
135 days
View full developer profile
Detection Fingerprints

How We Detect Flexible Invoices for WooCommerce – KSeF Add-on

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/ksef-for-flexible-invoices/assets/css/ksef-status.css/wp-content/plugins/ksef-for-flexible-invoices/assets/css/ksef-metabox.css/wp-content/plugins/ksef-for-flexible-invoices/assets/css/ksef-settings.css/wp-content/plugins/ksef-for-flexible-invoices/assets/js/ksef-metabox-field-manager.js/wp-content/plugins/ksef-for-flexible-invoices/assets/js/ksef-general-settings-field-manager.js/wp-content/plugins/ksef-for-flexible-invoices/assets/js/ksef-ajax-handling.js/wp-content/plugins/ksef-for-flexible-invoices/assets/js/ksef-bulk-handling.js/wp-content/plugins/ksef-for-flexible-invoices/assets/js/ksef-metabox-handling.js
Script Paths
/wp-content/plugins/ksef-for-flexible-invoices/assets/js/ksef-metabox-field-manager.js/wp-content/plugins/ksef-for-flexible-invoices/assets/js/ksef-general-settings-field-manager.js/wp-content/plugins/ksef-for-flexible-invoices/assets/js/ksef-ajax-handling.js/wp-content/plugins/ksef-for-flexible-invoices/assets/js/ksef-bulk-handling.js/wp-content/plugins/ksef-for-flexible-invoices/assets/js/ksef-metabox-handling.js
Version Parameters
ksef-for-flexible-invoices/assets/css/ksef-status.css?ver=ksef-for-flexible-invoices/assets/css/ksef-metabox.css?ver=ksef-for-flexible-invoices/assets/css/ksef-settings.css?ver=ksef-for-flexible-invoices/assets/js/ksef-metabox-field-manager.js?ver=ksef-for-flexible-invoices/assets/js/ksef-general-settings-field-manager.js?ver=ksef-for-flexible-invoices/assets/js/ksef-ajax-handling.js?ver=ksef-for-flexible-invoices/assets/js/ksef-bulk-handling.js?ver=ksef-for-flexible-invoices/assets/js/ksef-metabox-handling.js?ver=

HTML / DOM Fingerprints

CSS Classes
ksef-statusksef-metaboxksef-settings
JS Globals
fiksef_MetaboxFieldManagerDatafiksef_bulkSendingHandlerDatafiksef_metaboxHandlerData
FAQ

Frequently Asked Questions about Flexible Invoices for WooCommerce – KSeF Add-on