WP-Safety

MyInvoice Sync Security & Risk Analysis

wordpress.org/plugins/myinvoice-sync

Automated invoice submission to LHDN MyInvois system for Malaysian businesses.

0 active installs v2.1.0 PHP 7.4+ WP 5.0+ Updated Mar 6, 2026
einvoicelhdnmyinvoicemyinvoiswoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is MyInvoice Sync Safe to Use in 2026?

Generally Safe

Score 100/100

MyInvoice Sync has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago
Risk Assessment

The "myinvoice-sync" v2.1.0 plugin exhibits a generally good security posture with several strengths. The absence of known CVEs and a clean vulnerability history suggest a history of stable and secure development. Static analysis reveals a strong adherence to security best practices, with a high percentage of SQL queries using prepared statements and properly escaped outputs. The plugin also implements a significant number of nonce and capability checks, indicating an effort to protect against common attack vectors. However, the taint analysis highlights a potential area of concern with 5 out of 8 analyzed flows having unsanitized paths. While no critical or high-severity taint flows were identified, this indicates a potential for path traversal vulnerabilities if these unsanitized paths are exposed to user input. The plugin also has a moderate attack surface with 2 AJAX handlers, though none are explicitly listed as unprotected, which warrants further investigation to ensure all entry points are adequately secured. Overall, the plugin is well-developed with a strong foundation in security, but the identified unsanitized paths in taint analysis require attention to mitigate potential risks.

Key Concerns

  • Flows with unsanitized paths detected
Vulnerabilities
None known

MyInvoice Sync Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

MyInvoice Sync Release Timeline

v2.1.1
v2.1.0Current
Code Analysis
Analyzed Mar 17, 2026

MyInvoice Sync Code Analysis

Dangerous Functions
0
Raw SQL Queries
25
85 prepared
Unescaped Output
21
235 escaped
Nonce Checks
33
Capability Checks
7
File Operations
3
External Requests
10
Bundled Libraries
0

SQL Query Safety

77% prepared110 total queries

Output Escaping

92% escaped256 total outputs
Data Flows · Security
5 unsanitized

Data Flow Analysis

8 flows5 with unsanitized paths
search_box (includes\class-lhdn-admin.php:247)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

MyInvoice Sync Attack Surface

Entry Points2
Unprotected0

AJAX Handlers 2

authwp_ajax_lhdn_get_logsincludes\class-lhdn-plugin.php:310
authwp_ajax_lhdn_submit_orderincludes\class-lhdn-plugin.php:311
WordPress Hooks 33
actioninitincludes\class-lhdn-plugin.php:107
actionadmin_initincludes\class-lhdn-plugin.php:246
actionadmin_menuincludes\class-lhdn-plugin.php:249
actionadmin_initincludes\class-lhdn-plugin.php:250
actionadmin_enqueue_scriptsincludes\class-lhdn-plugin.php:251
filtercron_schedulesincludes\class-lhdn-plugin.php:254
actioninitincludes\class-lhdn-plugin.php:255
actionlhdn_sync_submitted_invoicesincludes\class-lhdn-plugin.php:256
actionlhdn_retry_err_invoicesincludes\class-lhdn-plugin.php:257
actionlhdn_process_queued_invoicesincludes\class-lhdn-plugin.php:258
actionwoocommerce_order_status_completedincludes\class-lhdn-plugin.php:261
actionwoocommerce_order_status_processingincludes\class-lhdn-plugin.php:262
actionwoocommerce_checkout_processincludes\class-lhdn-plugin.php:263
actionwoocommerce_order_refundedincludes\class-lhdn-plugin.php:265
filtermanage_woocommerce_page_wc-orders_columnsincludes\class-lhdn-plugin.php:278
actionmanage_woocommerce_page_wc-orders_custom_columnincludes\class-lhdn-plugin.php:279
filterbulk_actions-woocommerce_page_wc-ordersincludes\class-lhdn-plugin.php:282
filterhandle_bulk_actions-woocommerce_page_wc-ordersincludes\class-lhdn-plugin.php:283
actionadmin_noticesincludes\class-lhdn-plugin.php:284
filterbulk_actions-edit-shop_orderincludes\class-lhdn-plugin.php:287
filterhandle_bulk_actions-edit-shop_orderincludes\class-lhdn-plugin.php:288
actionadmin_enqueue_scriptsincludes\class-lhdn-plugin.php:290
filterwoocommerce_my_account_my_orders_columnsincludes\class-lhdn-plugin.php:293
actionwoocommerce_my_account_my_orders_column_lhdn-receiptincludes\class-lhdn-plugin.php:294
actionuser_profile_update_errorsincludes\class-lhdn-plugin.php:297
actionshow_user_profileincludes\class-lhdn-plugin.php:298
actionedit_user_profileincludes\class-lhdn-plugin.php:299
actionpersonal_options_updateincludes\class-lhdn-plugin.php:300
actionedit_user_profile_updateincludes\class-lhdn-plugin.php:301
actionwoocommerce_edit_account_formincludes\class-lhdn-plugin.php:302
actionwoocommerce_save_account_detailsincludes\class-lhdn-plugin.php:303
actionwoocommerce_before_checkout_formincludes\class-lhdn-plugin.php:304
actionwp_enqueue_scriptsincludes\class-lhdn-plugin.php:307

Scheduled Events 3

lhdn_sync_submitted_invoices
lhdn_retry_err_invoices
lhdn_process_queued_invoices
Maintenance & Trust

MyInvoice Sync Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 6, 2026
PHP min version7.4
Downloads249

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

MyInvoice Sync Alternatives

E-Invoice for MyInvois LHDN

E-Invoice for MyInvois LHDN

e-invoice-for-myinvois-lhdn

A
100

Enable customers to request official e-invoices for Bayarcash payments through Malaysia's MyInvois system with seamless WooCommerce integration.

0 No CVEs
Essential Addons for Elementor – Popular Elementor Templates & Widgets

Essential Addons for Elementor – Popular Elementor Templates & Widgets

essential-addons-for-elementor-lite

B
76

Elementor addon offering 110+ widgets and templates — Elementor Gallery, Slider, Form, Post Grid, Menu, Accordion, WooCommerce & more.

2.0M 59 CVEs
Limit Login Attempts Reloaded – Login Security, 2FA, Brute Force Protection & Firewall

Limit Login Attempts Reloaded – Login Security, 2FA, Brute Force Protection & Firewall

limit-login-attempts-reloaded

A
98

Stop password guessing attacks, secure WooCommerce, block bad IPs, block by countries (Pro), and add email 2FA. Lightweight with better performance.

2.0M 4 CVEs
Google for WooCommerce

Google for WooCommerce

google-listings-and-ads

A
99

Native integration with Google that allows merchants to easily display their products across Google’s network.

900K 1 CVE
WooPayments: Integrated WooCommerce Payments

WooPayments: Integrated WooCommerce Payments

woocommerce-payments

A
89

Securely accept credit and debit cards on your WooCommerce store. Manage payments without leaving your WordPress dashboard. Only with WooPayments.

900K 7 CVEs
Developer Profile

MyInvoice Sync Developer Profile

TikusL4ju

1 plugin · 0 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect MyInvoice Sync

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/myinvoice-sync/css/style.css/wp-content/plugins/myinvoice-sync/js/script.js
Script Paths
/wp-content/plugins/myinvoice-sync/js/script.js
Version Parameters
myinvoice-sync/css/style.css?ver=myinvoice-sync/js/script.js?ver=

HTML / DOM Fingerprints

CSS Classes
lhdn-myinvoice-tablemyinvoice-sync-settings-form
HTML Comments
<!-- LHDN MyInvois Auto Submission --><!-- Base class for invoice tables with common functionality --><!-- Search form for invoices -->
Data Attributes
data-invoice-iddata-sync-status
JS Globals
MyInvoiceSyncConfiglhdn_sync_ajax_object
REST Endpoints
/wp-json/myinvoicesync/v1/sync/wp-json/myinvoicesync/v1/settings
Shortcode Output
[myinvoice_sync_form][myinvoice_sync_status]
FAQ

Frequently Asked Questions about MyInvoice Sync