WP-Safety

PDF Invoice for WooCommerce + Drag and Drop Template Builder Security & Risk Analysis

wordpress.org/plugins/pdf-for-woocommerce

Provides features to create PDF files from form submissions and attach files to email notifications.

400 active installs v6.5.2 PHP 5.6+ WP 2.0+ Updated Apr 8, 2026
invoicewoo-pdfwoocommercewoocommerce-invoicewoocommerce-pdf
96
A · Safe
CVEs total3
Unpatched0
Last CVEAug 23, 2025
Download
Safety Verdict

Is PDF Invoice for WooCommerce + Drag and Drop Template Builder Safe to Use in 2026?

Generally Safe

Score 96/100

PDF Invoice for WooCommerce + Drag and Drop Template Builder has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

3 known CVEsLast CVE: Aug 23, 2025Updated 1mo ago
Risk Assessment

The plugin 'pdf-for-woocommerce' v6.5.1 demonstrates a generally strong security posture with several good practices in place. The static analysis shows a well-defined attack surface with all identified entry points (AJAX handlers, REST API routes, shortcodes) appearing to have proper authentication or permission checks. The high percentage of properly escaped output (96%) and a good number of nonce checks (11) further contribute to a secure foundation. However, concerns arise from the SQL query handling, where only 36% use prepared statements, leaving a significant portion potentially vulnerable to SQL injection if input is not meticulously sanitized elsewhere. Additionally, the presence of three 'flows with unsanitized paths' in the taint analysis, even without critical or high severity, warrants attention as it indicates potential avenues for data manipulation. The vulnerability history reveals a pattern of past issues including SQL injection and XSS, with a significant high-severity vulnerability present in the past. While there are no currently unpatched CVEs, the historical prevalence of these common vulnerability types suggests a need for continued vigilance and robust input validation practices.

Key Concerns

  • Low percentage of SQL prepared statements
  • Taint flows with unsanitized paths
  • Past high severity vulnerability
  • History of SQL injection vulnerabilities
  • History of XSS vulnerabilities
Vulnerabilities
3 published

PDF Invoice for WooCommerce + Drag and Drop Template Builder Security Vulnerabilities

CVEs by Year

3 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

High
1
Medium
2

3 total CVEs

CVE-2025-60083high · 8.8Deserialization of Untrusted Data

PDF Invoice Builder for WooCommerce <= 6.5.0 - Authenticated (Subscriber+) PHP Object Injection

Aug 23, 2025 Patched in 6.5.1 (161d)
CVE-2025-47537medium · 4.9Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

PDF Invoices for WooCommerce + Drag and Drop Template Builder <= 5.3.8 - Authenticated (Administrator+) SQL Injection

May 7, 2025 Patched in 5.4.0 (7d)
CVE-2025-24755medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

PDF Invoices for WooCommerce + Drag and Drop Template Builder <= 4.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jan 24, 2025 Patched in 4.7.0 (5d)
Version History

PDF Invoice for WooCommerce + Drag and Drop Template Builder Release Timeline

v6.5.2Current
v6.5.1
v6.5.01 CVE
CVE-2025-60083
v6.3.21 CVE
CVE-2025-60083
v6.0.01 CVE
CVE-2025-60083
v3.0.03 CVEs
CVE-2025-60083 CVE-2025-47537 CVE-2025-24755
v2.3.5.23 CVEs
CVE-2025-60083 CVE-2025-47537 CVE-2025-24755
Code Analysis
Analyzed Mar 16, 2026

PDF Invoice for WooCommerce + Drag and Drop Template Builder Code Analysis

Dangerous Functions
0
Raw SQL Queries
7
4 prepared
Unescaped Output
27
615 escaped
Nonce Checks
11
Capability Checks
5
File Operations
4
External Requests
6
Bundled Libraries
2

Bundled Libraries

TinyMCETCPDF

SQL Query Safety

36% prepared11 total queries

Output Escaping

96% escaped642 total outputs
Data Flows · Security
3 unsanitized

Data Flow Analysis

9 flows3 with unsanitized paths
update_settings (woocommerce\emails\index.php:315)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

PDF Invoice for WooCommerce + Drag and Drop Template Builder Attack Surface

Entry Points12
Unprotected0

AJAX Handlers 7

authwp_ajax_yeepdf_builder_textbackend\ajax.php:8
authwp_ajax_yeepdf_builder_export_htmlbackend\ajax.php:9
authwp_ajax_pdf_reset_templatebackend\ajax.php:10
authwp_ajax_yeepdf_import_templatebackend\ajax.php:11
authwp_ajax_yeepdf_remove_fontbackend\settings.php:10
authwp_ajax_yeepdf_dropbox_client_id_validatebackend\settings.php:13
authwp_ajax_yeekit_dismiss_notyyeekit\document.php:13

Shortcodes 5

[yeepdf_barcode] backend\shortcode.php:5
[yeepdf_barcode_new] backend\shortcode.php:6
[yeepdf_qrcode] backend\shortcode.php:7
[yeepdf_qrcode_new] backend\shortcode.php:8
[pdf_download] backend\shortcode.php:9
WordPress Hooks 116
actionadmin_initbackend\ajax.php:12
actionadd_meta_boxesbackend\ajax.php:13
actionbuilder_yeepdfsbackend\demo\templates_demo.php:5
actionyeepdf_builder_block_formsbackend\forms\checkbox.php:5
filteryeepdf_builder_block_htmlbackend\forms\checkbox.php:6
actionyeepdf_builder_tab_block_addonsbackend\forms\index.php:5
actionyeepdf_builder_block_formsbackend\forms\index.php:6
filteryeepdf_builder_block_htmlbackend\forms\index.php:7
actionyeepdf_builder_tab__editor_beforebackend\forms\index.php:8
actionyeepdf_builder_block_formsbackend\forms\radio.php:5
filteryeepdf_builder_block_htmlbackend\forms\radio.php:6
actionyeepdf_builder_block_formsbackend\forms\select.php:5
filteryeepdf_builder_block_htmlbackend\forms\select.php:6
actionyeepdf_builder_block_formsbackend\forms\textarea.php:5
filteryeepdf_builder_block_htmlbackend\forms\textarea.php:6
actionadmin_enqueue_scriptsbackend\index.php:8
actionadmin_headbackend\index.php:9
actioninitbackend\index.php:10
actionadd_meta_boxesbackend\index.php:11
filterget_sample_permalink_htmlbackend\index.php:12
actionsave_post_yeepdfbackend\index.php:13
filteradmin_body_classbackend\index.php:14
actionadmin_footerbackend\index.php:15
filterpost_row_actionsbackend\index.php:16
actionyeepdf_builder_tab__editor_beforebackend\index.php:17
actionyeepdf_header_settingsbackend\index.php:18
actionyeepdf_footer_settingsbackend\index.php:19
actionyeepdf_watermark_text_settingsbackend\index.php:20
actionyeepdf_watermark_img_settingsbackend\index.php:21
actionadmin_menubackend\settings.php:9
actionyeepdf_custom_sizesbackend\settings.php:11
actionadmin_initbackend\settings.php:12
actionyeepdf_after_settingsbackend\settings.php:14
filterupload_mimesbackend\settings.php:15
actionadmin_noticesbackend\settings.php:152
actionadmin_initbackend\settings.php:296
actionadmin_footerbackend\setup.php:5
filteryeepdf_builder_shortcodebackend\shortcode.php:24
filteryeepdf_builder_block_htmlbackend\templates\barcode_qrcode.php:6
actionyeepdf_builder_blockbackend\templates\barcode_qrcode.php:7
actionyeepdf_builder_tab_block_addonsbackend\templates\block_templates.php:3
actionyeepdf_builder_blockbackend\templates\breakpoint.php:3
filteryeepdf_builder_block_htmlbackend\templates\breakpoint.php:14
filteryeepdf_builder_block_htmlbackend\templates\button.php:14
actionyeepdf_builder_blockbackend\templates\divider.php:3
filteryeepdf_builder_block_htmlbackend\templates\divider.php:14
actionyeepdf_builder_tab__editorbackend\templates\editor.php:6
actionyeepdf_condition_settingsbackend\templates\editor.php:7
actionyeepdf_builder_tab_block_templatebackend\templates\image-box.php:3
filteryeepdf_builder_block_htmlbackend\templates\image-box.php:14
actionyeepdf_builder_tab_block_templatebackend\templates\image-list.php:3
filteryeepdf_builder_block_htmlbackend\templates\image-list.php:14
actionyeepdf_builder_blockbackend\templates\image.php:3
actionyeepdf_builder_block_htmlbackend\templates\image.php:14
actionyeepdf_builder_block_htmlbackend\templates\index.php:3
actionyeepdf_builder_blockbackend\templates\rotate-text.php:3
filteryeepdf_builder_block_htmlbackend\templates\rotate-text.php:14
actionyeepdf_builder_tab_block_rowbackend\templates\row.php:4
filteryeepdf_builder_block_htmlbackend\templates\row.php:68
actionyeepdf_builder_blockbackend\templates\signature.php:3
actionyeepdf_builder_block_htmlbackend\templates\signature.php:14
actionyeepdf_builder_blockbackend\templates\spacer.php:3
filteryeepdf_builder_block_htmlbackend\templates\spacer.php:14
actionyeepdf_builder_blockbackend\templates\table.php:6
filteryeepdf_builder_block_htmlbackend\templates\table.php:7
actionyeepdf_builder_tab__editor_beforebackend\templates\table.php:8
actionyeepdf_builder_tab_block_templatebackend\templates\text-list.php:3
filteryeepdf_builder_block_htmlbackend\templates\text-list.php:14
actionyeepdf_builder_blockbackend\templates\text.php:3
filteryeepdf_builder_block_htmlbackend\templates\text.php:14
actionyeepdf_builder_tab_block_templatebackend\templates\title.php:3
filteryeepdf_builder_block_htmlbackend\templates\title.php:14
filterwp_mail_content_typefrontend\index.php:22
filterupload_mimesfrontend\index.php:23
actioninitfrontend\index.php:24
filterpdf_before_render_datasfrontend\index.php:25
filtertemplate_includefrontend\index.php:74
actionbefore_woocommerce_initpdf-for-woocommerce.php:58
filteryeepdf_builder_block_htmlwoocommerce\backend\index.php:9
actionyeepdf_head_settingswoocommerce\backend\index.php:10
actionsave_post_yeepdfwoocommerce\backend\index.php:11
actionyeepdf_builder_tab__editor_beforewoocommerce\backend\index.php:12
filtermanage_shop_order_posts_columnswoocommerce\backend\index.php:13
filtermanage_woocommerce_page_wc-orders_columnswoocommerce\backend\index.php:14
filtername_pdf_downloadwoocommerce\backend\index.php:15
filteryeepdf_add_libswoocommerce\backend\index.php:16
actionyeepdf_builder_tab_block_addonswoocommerce\backend\index.php:17
filterbulk_actions-edit-shop_orderwoocommerce\backend\index.php:18
filterbulk_actions-woocommerce_page_wc-orderswoocommerce\backend\index.php:20
actionadmin_enqueue_scriptswoocommerce\backend\index.php:21
actionbuilder_yeepdfswoocommerce\demo\demo.php:7
filterwoocommerce_email_attachmentswoocommerce\emails\index.php:8
filterwoocommerce_settings_tabs_arraywoocommerce\emails\index.php:9
actionwoocommerce_settings_tabs_settings_pdfswoocommerce\emails\index.php:10
actionadd_meta_boxeswoocommerce\emails\index.php:11
filterwoocommerce_my_account_my_orders_actionswoocommerce\emails\index.php:12
actionwoocommerce_update_options_settings_pdfswoocommerce\emails\index.php:13
actionwoocommerce_order_details_before_order_tablewoocommerce\emails\index.php:14
actionmanage_shop_order_posts_custom_columnwoocommerce\emails\index.php:15
actionmanage_woocommerce_page_wc-orders_custom_columnwoocommerce\emails\index.php:16
actionwoocommerce_email_sentwoocommerce\emails\index.php:18
actionwoocommerce_order_status_changedwoocommerce\emails\index.php:19
actionyeepdf_woo_pass_settingswoocommerce\emails\index.php:20
actionyeepdf_woo_dropbox_settingswoocommerce\emails\index.php:21
actionyeepdf_woo_conditional_settingswoocommerce\emails\index.php:22
filteryeepdf_shortcodeswoocommerce\shortcodes.php:10
actionpdf_builder_blockwoocommerce\templates\order_detail.php:6
filterpdf_builder_block_htmlwoocommerce\templates\order_detail.php:7
actionadmin_menuyeekit\document.php:10
actionadmin_enqueue_scriptsyeekit\document.php:11
filterfluentform_global_addonsyeekit\document.php:12
actionadmin_noticesyeekit\document.php:14
actionelementor/element/form/section_form_options/after_section_endyeekit\document.php:15
actionadmin_inityeekit\document.php:17
actionelementor/editor/after_enqueue_stylesyeekit\document.php:19
filterhttp_responseyeekit\document.php:208
Maintenance & Trust

PDF Invoice for WooCommerce + Drag and Drop Template Builder Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 8, 2026
PHP min version5.6
Downloads10K

Community Trust

Rating100/100
Number of ratings4
Active installs400
Alternatives

PDF Invoice for WooCommerce + Drag and Drop Template Builder Alternatives

WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes & Shipping Labels

WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes & Shipping Labels

print-invoices-packing-slip-labels-for-woocommerce

A
96

Auto-generate and attach WooCommerce PDF invoices and packing slips to order emails with customizable templates & bulk print options.

60K 6 CVEs
Flexible PDF Invoices for WooCommerce & WordPress

Flexible PDF Invoices for WooCommerce & WordPress

flexible-invoices

A
99

WooCommerce PDF invoices made simple. EU VAT validation, reverse charge invoice, proforma invoices, MOSS / OSS support, invoices in bulk and more.

7K 1 CVE
PDF Invoices & Packing Slips for WooCommerce – Challan

PDF Invoices & Packing Slips for WooCommerce – Challan

webappick-pdf-invoice-for-woocommerce

A
98

WooCommerce PDF invoice generator with automatic email attachment. Create packing slips, shipping labels, credit notes, multilingual.

3K 2 CVEs
PDF Builder for WooCommerce. Create invoices,packing slips and more

PDF Builder for WooCommerce. Create invoices,packing slips and more

woo-pdf-invoice-builder

A
94

Create WooCommerce pdf invoices, packing slips, certificates and more, customized them as you want them with the best drag-drop builder.

2K 10 CVEs
Invoice Manager for WooCommerce

Invoice Manager for WooCommerce

wc-invoice-manager

A
100

Manage WooCommerce invoices with the first Gutenberg-based editor; it's user-friendly, and ensures professional, accurate billing.

30 No CVEs
Developer Profile

PDF Invoice for WooCommerce + Drag and Drop Template Builder Developer Profile

add-ons.org

59 plugins · 26K total installs

87
trust score
Avg Security Score
99/100
Avg Patch Time
48 days
View full developer profile
Detection Fingerprints

How We Detect PDF Invoice for WooCommerce + Drag and Drop Template Builder

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/pdf-for-woocommerce/frontend/css/yeepdf-frontend.css/wp-content/plugins/pdf-for-woocommerce/frontend/css/yeepdf-responsive.css/wp-content/plugins/pdf-for-woocommerce/frontend/js/yeepdf-frontend.js
Version Parameters
pdf-for-woocommerce/frontend/css/yeepdf-frontend.css?ver=pdf-for-woocommerce/frontend/css/yeepdf-responsive.css?ver=pdf-for-woocommerce/frontend/js/yeepdf-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
yeepdf-frontend-templateyeepdf-wrapper
HTML Comments
<!-- YEE PDF WooCommerece END -->
Data Attributes
data-yeepdf-template
JS Globals
yeepdf_frontend_data
Shortcode Output
[yeepdf_woo_order_id]
FAQ

Frequently Asked Questions about PDF Invoice for WooCommerce + Drag and Drop Template Builder