WP-Safety

NIF (Num. de Contribuinte Português) for WooCommerce Security & Risk Analysis

wordpress.org/plugins/nif-num-de-contribuinte-portugues-for-woocommerce

This plugin adds the Portuguese NIF/NIPC as a new field to WooCommerce checkout and order details, if the billing address / customer is from Portugal.

5K active installs v6.7 PHP 7.2+ WP 5.8+ Updated Jun 24, 2025
ecommercenifnipctaxvat
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is NIF (Num. de Contribuinte Português) for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

NIF (Num. de Contribuinte Português) for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9mo ago
Risk Assessment

The plugin "nif-num-de-contribuinte-portugues-for-woocommerce" v6.7 exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices by exclusively using prepared statements for SQL queries and having a high percentage of properly escaped output. The absence of file operations, external HTTP requests, and known vulnerabilities in its history are also strong indicators of a well-maintained and secure codebase. However, a significant concern arises from its attack surface. The presence of one AJAX handler without authentication checks represents a direct entry point that could be exploited by unauthenticated users. The lack of nonce checks for this handler further exacerbates this risk, as it opens the door to potential Cross-Site Request Forgery (CSRF) attacks. While taint analysis revealed no immediate issues, the unprotected AJAX endpoint is a critical oversight that needs immediate attention. Overall, while the core data handling appears secure, the unprotected AJAX endpoint presents a notable weakness.

Key Concerns

  • Unprotected AJAX handler
  • Missing nonce check on AJAX handler
Vulnerabilities
None known

NIF (Num. de Contribuinte Português) for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

NIF (Num. de Contribuinte Português) for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
1
12 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

92% escaped13 total outputs
Attack Surface
1 unprotected

NIF (Num. de Contribuinte Português) for WooCommerce Attack Surface

Entry Points1
Unprotected1

AJAX Handlers 1

authwp_ajax_dismiss_webdados_invoicexpress_nagwebdados_invoicexpress_nag\webdados_invoicexpress_nag.php:58
WordPress Hooks 31
filterwoocommerce_nif_field_labelfilters_examples.php:20
filterwoocommerce_nif_field_placeholderfilters_examples.php:31
filterwoocommerce_nif_field_requiredfilters_examples.php:36
filterwoocommerce_nif_field_classfilters_examples.php:50
filterwoocommerce_nif_field_clearfilters_examples.php:52
filterwoocommerce_nif_field_autocompletefilters_examples.php:63
filterwoocommerce_nif_field_priorityfilters_examples.php:74
filterwoocommerce_nif_field_maxlengthfilters_examples.php:85
filterwoocommerce_nif_show_all_countriesfilters_examples.php:90
filterwoocommerce_nif_field_validatefilters_examples.php:95
filterwoocommerce_nif_use_javascriptfilters_examples.php:100
actionwoocommerce_store_api_checkout_order_processedptwoo-nif-extend-store-endpoint.php:44
actionadmin_noticeswebdados_invoicexpress_nag\webdados_invoicexpress_nag.php:47
actionplugins_loadedwoocommerce_nif.php:31
actionwp_enqueue_scriptswoocommerce_nif.php:41
actioninitwoocommerce_nif.php:43
filterwoocommerce_billing_fieldswoocommerce_nif.php:113
filterwoocommerce_admin_billing_fieldswoocommerce_nif.php:141
filterwoocommerce_ajax_get_customer_detailswoocommerce_nif.php:147
actionadmin_initwoocommerce_nif.php:149
actionwoocommerce_customer_meta_fieldswoocommerce_nif.php:179
actionwoocommerce_order_details_after_customer_detailswoocommerce_nif.php:202
filterwoocommerce_email_customer_details_fieldswoocommerce_nif.php:221
filterwoocommerce_api_order_responsewoocommerce_nif.php:237
filterwoocommerce_api_customer_responsewoocommerce_nif.php:253
actionwoocommerce_checkout_processwoocommerce_nif.php:288
actionwoocommerce_after_save_address_validationwoocommerce_nif.php:322
actionbefore_woocommerce_initwoocommerce_nif.php:430
actionwoocommerce_blocks_loadedwoocommerce_nif.php:441
actionwoocommerce_blocks_checkout_block_registrationwoocommerce_nif.php:447
actionadmin_initwoocommerce_nif.php:459
Maintenance & Trust

NIF (Num. de Contribuinte Português) for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJun 24, 2025
PHP min version7.2
Downloads88K

Community Trust

Rating100/100
Number of ratings8
Active installs5K
Alternatives

NIF (Num. de Contribuinte Português) for WooCommerce Alternatives

WooCommerce Tax (formerly WooCommerce Shipping & Tax)

WooCommerce Tax (formerly WooCommerce Shipping & Tax)

woocommerce-services

A
100

We’re here to help with tax rates: collect accurate sales tax, automatically.

600K 1 CVE
EU/UK VAT Validation Manager for WooCommerce

EU/UK VAT Validation Manager for WooCommerce

eu-vat-for-woocommerce

A
98

Manage EU/ UK VAT in WooCommerce, validate VAT numbers real time with VIES, exempt or preserve VAT with various settings & cases.

6K 3 CVEs
EU VAT Assistant for WooCommerce

EU VAT Assistant for WooCommerce

woocommerce-eu-vat-assistant

A
100

Extends the standard WooCommerce sale process and assists in achieving compliance with the new EU VAT regime starting on the 1st of January 2015.

5K No CVEs
Tax Switch for WooCommerce

Tax Switch for WooCommerce

tax-switch-for-woocommerce

A
99

Let customers toggle between inclusive and exclusive VAT pricing in your WooCommerce store.

900 1 CVE
Tax Exemption for WooCommerce

Tax Exemption for WooCommerce

tax-exemption-woo

A
100

Tax Exemption plugin for WooCommerce. Allow customers to declare tax / VAT exemption eligibility, and provide tax exemption details.

600 No CVEs
Developer Profile

NIF (Num. de Contribuinte Português) for WooCommerce Developer Profile

Marco Almeida | Webdados

21 plugins · 27K total installs

79
trust score
Avg Security Score
100/100
Avg Patch Time
143 days
View full developer profile
Detection Fingerprints

How We Detect NIF (Num. de Contribuinte Português) for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/nif-num-de-contribuinte-portugues-for-woocommerce/js/functions.js
Script Paths
js/functions.js
Version Parameters
nif-num-de-contribuinte-portugues-for-woocommerce/js/functions.js?ver=

HTML / DOM Fingerprints

CSS Classes
woocommerce_nif_infowoocommerce_nif_info_labelwoocommerce_nif_info_value
Data Attributes
billing_nif
JS Globals
woocommerce_nif
FAQ

Frequently Asked Questions about NIF (Num. de Contribuinte Português) for WooCommerce