Does Nota Fiscal Eletrônica WooCommerce have any unpatched vulnerabilities?

No. All known vulnerabilities in Nota Fiscal Eletrônica WooCommerce have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Nota Fiscal Eletrônica WooCommerce compatible with WordPress 6.8.5?

According to WordPress.org data, Nota Fiscal Eletrônica WooCommerce 3.4.3 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is Nota Fiscal Eletrônica WooCommerce updated?

Nota Fiscal Eletrônica WooCommerce was last updated on Jan 28, 2026. Frequent updates are generally a positive security signal.

What is Nota Fiscal Eletrônica WooCommerce's security score?

Nota Fiscal Eletrônica WooCommerce has a WP-Safety security score of 98/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Nota Fiscal Eletrônica WooCommerce Security & Risk Analysis

wordpress.org/plugins/nota-fiscal-eletronica-woocommerce

Emissão de Nota Fiscal Eletrônica para WooCommerce através da REST API da Webmania®. Faça a emissão de NF-e e NFS-e com um clique.

400 active installs v3.4.3 PHP + WP 3.0+ Updated Jan 28, 2026

nfenfsenota-fiscalwebmaniawoocommerce

A · Safe

CVEs total2

Unpatched0

Last CVESep 26, 2025

Plugin page Download

Safety Verdict

Is Nota Fiscal Eletrônica WooCommerce Safe to Use in 2026?

Generally Safe

Score 98/100

Nota Fiscal Eletrônica WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Sep 26, 2025Updated 2mo ago

Risk Assessment

The "nota-fiscal-eletronica-woocommerce" plugin v3.4.3 exhibits a generally strong security posture based on the static analysis. The plugin demonstrates good practices with 100% of SQL queries using prepared statements and a high percentage (95%) of output escaping, significantly reducing the risk of SQL injection and XSS vulnerabilities. Furthermore, all identified entry points (AJAX handlers, REST API routes, and shortcodes) appear to have proper authentication and authorization checks, and there are no identified flows with unsanitized paths or critical/high severity taint issues.

However, a concerning aspect is the plugin's vulnerability history. It has a total of two known medium-severity CVEs, both of which are listed as currently unpatched. The common vulnerability types identified in past issues, 'Cross-site Scripting' and 'Missing Authorization,' are significant and suggest a potential recurring weakness in input sanitization and access control, despite the current static analysis results not flagging these issues. The bundled TCPDF v1.0.004 library is also outdated, which could be a vector for zero-day exploits if vulnerabilities exist within it. While the current version appears to have addressed past critical flaws, the history warrants vigilance.

In conclusion, the plugin has made significant improvements in its code hygiene, particularly in handling database queries and output. The absence of critical static analysis findings is positive. Nevertheless, the persistent medium-severity vulnerabilities in its history, coupled with the outdated bundled library, indicate that users should remain cautious. The fact that past vulnerabilities included Cross-site Scripting and Missing Authorization, which are common and severe, is a point of concern that suggests ongoing monitoring is crucial.

Key Concerns

Bundled outdated library TCPDF v1.0.004
2 medium severity CVEs, currently unpatched

Vulnerabilities

Nota Fiscal Eletrônica WooCommerce Security Vulnerabilities

CVEs by Year

2 CVEs in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2025-60158medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Nota Fiscal Eletrônica WooCommerce <= 3.4.0.9 - Authenticated (Shop manager+) Stored Cross-Site Scripting

Sep 26, 2025 Patched in 3.4.1.0 (103d)

CVE-2025-60159medium · 5.3Missing Authorization

Nota Fiscal Eletrônica WooCommerce <= 3.4.0.9 - Missing Authorization

Sep 26, 2025 Patched in 3.4.1.0 (103d)

Code Analysis

Analyzed Mar 16, 2026

Nota Fiscal Eletrônica WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

351 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

TCPDF1.0.004

SQL Query Safety

100% prepared2 total queries

Output Escaping

95% escaped369 total outputs

Data Flows

All sanitized

Data Flow Analysis

1 flows

<class-backend> (class-backend.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Nota Fiscal Eletrônica WooCommerce Attack Surface

Entry Points3

Unprotected0

AJAX Handlers 3

authwp_ajax_wmbr_remove_order_id_auto_invoiceclass-backend.php:38

authwp_ajax_wmbr_dismiss_auto_invoice_noticeclass-backend.php:39

authwp_ajax_force_digital_certificate_updateclass-backend.php:42

WordPress Hooks 64

actionadmin_noticesclass-backend.php:13

actionadmin_noticesclass-backend.php:14

actionadd_meta_boxesclass-backend.php:15

actionadmin_initclass-backend.php:16

actionadd_meta_boxesclass-backend.php:17

actioninitclass-backend.php:18

actionwoocommerce_api_nfe_callbackclass-backend.php:19

actionwoocommerce_api_nfse_callbackclass-backend.php:20

actionsave_postclass-backend.php:21

actionadmin_headclass-backend.php:22

actionwoocommerce_order_actionsclass-backend.php:23

actionwoocommerce_order_action_wc_nfe_emitirclass-backend.php:24

actionadmin_footerclass-backend.php:25

actionadmin_initclass-backend.php:26

filterwoocommerce_settings_tabs_arrayclass-backend.php:27

actionwoocommerce_settings_tabs_woocommercenfe_tabclass-backend.php:28

actionwoocommerce_update_options_woocommercenfe_tabclass-backend.php:29

actionadmin_enqueue_scriptsclass-backend.php:30

actionproduct_cat_add_form_fieldsclass-backend.php:31

actionproduct_cat_edit_form_fieldsclass-backend.php:32

actionedited_product_catclass-backend.php:33

actioncreate_product_catclass-backend.php:34

actionadmin_noticesclass-backend.php:35

actionadmin_menuclass-backend.php:36

actionadmin_initclass-backend.php:37

filterwoocommerce_admin_shipping_fieldsclass-backend.php:40

actionadmin_enqueue_scriptsclass-backend.php:41

filtermanage_woocommerce_page_wc-orders_columnsclass-backend.php:46

actionmanage_woocommerce_page_wc-orders_custom_columnclass-backend.php:47

actionwoocommerce_process_shop_order_metaclass-backend.php:48

filtermanage_edit-shop_order_columnsclass-backend.php:52

actionmanage_shop_order_posts_custom_columnclass-backend.php:53

actionwoocommerce_variation_options_dimensionsclass-backend.php:56

actionwoocommerce_save_product_variationclass-backend.php:57

filterwoocommerce_customer_meta_fieldsclass-backend.php:69

filterwoocommerce_user_column_billing_addressclass-backend.php:70

filterwoocommerce_user_column_shipping_addressclass-backend.php:71

filterwoocommerce_admin_billing_fieldsclass-backend.php:72

filterwoocommerce_admin_shipping_fieldsclass-backend.php:73

filterwoocommerce_found_customer_detailsclass-backend.php:74

actionwoocommerce_process_shop_order_metaclass-backend.php:75

actionwoocommerce_api_create_orderclass-backend.php:76

actionwoocommerce_admin_order_data_after_billing_addressclass-backend.php:77

actionwoocommerce_admin_order_data_after_shipping_addressclass-backend.php:78

filterwoocommerce_api_order_responseclass-backend.php:79

filterwoocommerce_api_customer_responseclass-backend.php:80

actionadmin_footerclass-backend.php:253

actionwp_enqueue_scriptsclass-frontend.php:33

filterwoocommerce_billing_fieldsclass-frontend.php:34

filterwoocommerce_shipping_fieldsclass-frontend.php:35

actionwoocommerce_checkout_processclass-frontend.php:36

filterwoocommerce_localisation_address_formatsclass-frontend.php:37

filterwoocommerce_formatted_address_replacementsclass-frontend.php:38

filterwoocommerce_order_formatted_billing_addressclass-frontend.php:39

filterwoocommerce_order_formatted_shipping_addressclass-frontend.php:40

filterwoocommerce_my_account_my_address_formatted_addressclass-frontend.php:41

filterwoocommerce_form_fieldclass-frontend.php:42

actionwoocommerce_checkout_processclass-frontend.php:46

actionadmin_noticesinit-class.php:45

filterwoocommercenfe_plugins_urlinit-class.php:70

actiontransition_post_statusinit-class.php:71

actionwoocommerce_nfe_clean_logssecurity-config.php:160

actionbefore_woocommerce_initwoocommerce_nfe.php:25

actionplugins_loadedwoocommerce_nfe.php:40

Scheduled Events 1

woocommerce_nfe_clean_logs

Maintenance & Trust

Nota Fiscal Eletrônica WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJan 28, 2026

PHP min version

Downloads44K

Community Trust

Rating86/100

Number of ratings11

Active installs400

Alternatives

Nota Fiscal Eletrônica WooCommerce Alternatives

Confetti for WooCommerce

wc-confetti

You can "start a confetti rain and display a message" according to WooCommerce cart amount with Confetti for WooCommerce.

20 No CVEs

Essential Addons for Elementor – Popular Elementor Templates & Widgets

essential-addons-for-elementor-lite

Elementor addon offering 110+ widgets and templates — Elementor Gallery, Slider, Form, Post Grid, Menu, Accordion, WooCommerce & more.

2.0M 56 CVEs

Google for WooCommerce

google-listings-and-ads

Native integration with Google that allows merchants to easily display their products across Google’s network.

900K 1 CVE

WooPayments: Integrated WooCommerce Payments

woocommerce-payments

Securely accept credit and debit cards on your WooCommerce store. Manage payments without leaving your WordPress dashboard. Only with WooPayments.

900K 6 CVEs

WooCommerce PayPal Payments

woocommerce-paypal-payments

100

PayPal's latest payment processing solution. Accept PayPal, Pay Later, credit/debit cards, alternative digital wallets and bank accounts.

800K 1 CVE

Developer Profile

Nota Fiscal Eletrônica WooCommerce Developer Profile

webmaniabr

2 plugins · 400 total installs

trust score

Avg Security Score

92/100

Avg Patch Time

103 days

View full developer profile

Detection Fingerprints

How We Detect Nota Fiscal Eletrônica WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/nota-fiscal-eletronica-woocommerce/assets/css/admin_style.css/wp-content/plugins/nota-fiscal-eletronica-woocommerce/assets/js/admin_scripts.js/wp-content/plugins/nota-fiscal-eletronica-woocommerce/assets/js/nfe_table.js/wp-content/plugins/nota-fiscal-eletronica-woocommerce/assets/css/nfe_table.css

Script Paths

//cdnjs.cloudflare.com/ajax/libs/jquery.maskedinput/1.4.1/jquery.maskedinput.js

Version Parameters

nota-fiscal-eletronica-woocommerce/assets/css/admin_style.css?ver=nota-fiscal-eletronica-woocommerce/assets/js/admin_scripts.js?ver=nota-fiscal-eletronica-woocommerce/assets/js/nfe_table.js?ver=nota-fiscal-eletronica-woocommerce/assets/css/nfe_table.css?ver=

HTML / DOM Fingerprints

CSS Classes

wc_nfe_emitirwc_nfe_emitir_printwc-order-data-row-wc_nfe_emitir

HTML Comments

Plugin: Brazilian Market on WooCommerce (Customized)Author: Claudio SanchesLink: https://github.com/claudiosmweb/woocommerce-extra-checkout-fields-for-brazil

JS Globals

wc_nfe_emitir_params

REST Endpoints

/wp-json/wc-nfe/v1/settings

FAQ