Does Moloni España have any unpatched vulnerabilities?

No. All known vulnerabilities in Moloni España have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Moloni España compatible with WordPress 6.8.5?

According to WordPress.org data, Moloni España 2.1.4 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Moloni España compatible with PHP 7.2+?

Moloni España requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Moloni España updated?

Moloni España was last updated on Jul 24, 2025. Frequent updates are generally a positive security signal.

What is Moloni España's security score?

Moloni España has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Moloni España Security & Risk Analysis

wordpress.org/plugins/moloni-es

Innovative billing software that fits your business.! Intended for professionals, micro, small and medium enterprises.

20 active installs v2.1.4 PHP 7.2+ WP 5.0+ Updated Jul 24, 2025

invoicingorders

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Moloni España Safe to Use in 2026?

Generally Safe

Score 100/100

Moloni España has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8mo ago

Risk Assessment

The moloni-es v2.1.4 plugin presents a significant security risk due to a lack of robust access control mechanisms. With 10 unprotected AJAX handlers and 1 REST API route without permission callbacks, a large portion of its attack surface is exposed to unauthenticated users. While the plugin doesn't exhibit obviously dangerous functions or critical taint flows, the high percentage of improperly escaped output (88%) is a major concern, potentially leading to Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is not handled carefully before being displayed. The absence of any recorded vulnerabilities in its history is positive, suggesting that the developers may be proactive or that the plugin hasn't been a target, but this does not negate the clear structural weaknesses identified in the code analysis. The reliance on capability checks is minimal (1), further highlighting the exposure. Overall, the plugin's security posture is weak due to its extensive unprotected entry points and output handling issues, despite a clean vulnerability history.

Key Concerns

AJAX handlers without auth checks
REST API routes without permission callbacks
High percentage of unescaped output
No nonce checks
Limited capability checks

Vulnerabilities

None known

Moloni España Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Moloni España Code Analysis

Dangerous Functions

Raw SQL Queries

17 prepared

Unescaped Output

489

67 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

41% prepared41 total queries

Output Escaping

12% escaped556 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

4 flows3 with unsanitized paths

<Start> (src\Start.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

11 unprotected

Moloni España Attack Surface

Entry Points11

Unprotected11

AJAX Handlers 10

authwp_ajax_genInvoicesrc\Hooks\Ajax.php:36

authwp_ajax_discardOrdersrc\Hooks\Ajax.php:37

authwp_ajax_toolsMassImportStocksrc\Hooks\Ajax.php:39

authwp_ajax_toolsMassImportProductsrc\Hooks\Ajax.php:40

authwp_ajax_toolsMassExportStocksrc\Hooks\Ajax.php:41

authwp_ajax_toolsMassExportProductsrc\Hooks\Ajax.php:42

authwp_ajax_toolsCreateWcProductsrc\Hooks\Ajax.php:44

authwp_ajax_toolsUpdateWcStocksrc\Hooks\Ajax.php:45

authwp_ajax_toolsCreateMoloniProductsrc\Hooks\Ajax.php:46

authwp_ajax_toolsUpdateMoloniStocksrc\Hooks\Ajax.php:47

REST API Routes 1

POST/wp-json/moloni/v1products/(?P<hash>[a-f0-9]{32}$)src\WebHooks\Products.php:46

WordPress Hooks 21

actionwp_initialize_sitemoloni_es.php:54

actionwp_uninitialize_sitemoloni_es.php:55

actionplugins_loadedmoloni_es.php:56

actionadmin_enqueue_scriptsmoloni_es.php:57

filtermanage_woocommerce_page_wc-orders_columnssrc\Hooks\OrderList.php:51

actionmanage_woocommerce_page_wc-orders_custom_columnsrc\Hooks\OrderList.php:52

filtermanage_edit-shop_order_columnssrc\Hooks\OrderList.php:57

actionmanage_shop_order_posts_custom_columnsrc\Hooks\OrderList.php:58

actionwoocommerce_order_status_completedsrc\Hooks\OrderPaid.php:30

actionwoocommerce_order_status_processingsrc\Hooks\OrderPaid.php:31

actionadd_meta_boxessrc\Hooks\OrderView.php:35

actiondelete_postsrc\Hooks\ProductDelete.php:21

actionwoocommerce_product_set_stocksrc\Hooks\ProductSetStock.php:40

actionwoocommerce_variation_set_stocksrc\Hooks\ProductSetStock.php:41

actionwoocommerce_update_productsrc\Hooks\ProductUpdate.php:52

actionadd_meta_boxessrc\Hooks\ProductView.php:41

actionupgrader_process_completesrc\Hooks\UpgradeProcess.php:20

actionbefore_woocommerce_initsrc\Hooks\WoocommerceInitialize.php:22

actionadmin_menusrc\Menus\Admin.php:22

actionadmin_noticessrc\Menus\Admin.php:23

actionrest_api_initsrc\WebHooks\WebHook.php:13

Maintenance & Trust

Moloni España Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJul 24, 2025

PHP min version7.2

Downloads5K

Community Trust

Rating0/100

Number of ratings0

Active installs20

Alternatives

Moloni España Alternatives

Moloni

moloni

Software de faturação inovador que se adapta ao seu negócio! Destinado a profissionais liberais, micro, pequenas e médias empresas.

2K 1 CVE

Contribuinte Checkout

contribuinte-checkout

With this plugin you can add VAT and VIES support to your WooCommerce store. The VAT field will be saved as '_billing_vat'.

1K 1 CVE

Vendus

vendus

Faturação 100% online, sem dores de cabeça e sem sair da sua loja online! Programa nº 2230 certificado pela AT a partir de 4€ / mês.

100 No CVEs

Marvinerp

marvinerp-api

O Marvin ERP é um produto com a qualidade da PONTO 25 – informática lda.

10 No CVEs

LH Woocommerce Invoicing

lh-woocommerce-invoicing

Adds membership functionality to LH Teams.

0 No CVEs

Developer Profile

Moloni España Developer Profile

Moloni, lda

1 plugin · 20 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Moloni España

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/moloni-es/assets/css/moloni.min.css/wp-content/plugins/moloni-es/assets/js/moloni.min.js

Script Paths

/wp-content/plugins/moloni-es/assets/js/moloni.min.js

Version Parameters

moloni-es/assets/css/moloni.min.css?ver=moloni-es/assets/js/moloni.min.js?ver=

HTML / DOM Fingerprints

REST Endpoints

/wp-json/moloni/v1/products/

FAQ