WP-Safety

PDF Invoices & Packing Slips Security & Risk Analysis

wordpress.org/plugins/pdf-invoices-and-packing-slips

Create, print & email PDF invoices & packing slips for WooCommerce orders.

0 active installs v1.2.3 PHP 7.0+ WP 4.0+ Updated Unknown
pdf-invoiceproduct-invoicewoocommerce-invoice
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is PDF Invoices & Packing Slips Safe to Use in 2026?

Generally Safe

Score 100/100

PDF Invoices & Packing Slips has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs
Risk Assessment

The "pdf-invoices-and-packing-slips" plugin v1.2.3 exhibits a mixed security posture. While it demonstrates good practices in areas such as SQL query sanitization and output escaping, with 100% of SQL queries using prepared statements and 94% of outputs properly escaped, significant concerns arise from its attack surface. All three identified AJAX handlers lack authentication checks, presenting a direct pathway for unauthenticated attackers to interact with potentially sensitive functionalities. The absence of any recorded vulnerabilities in its history is a positive indicator, suggesting a generally stable codebase, but this should not overshadow the critical security implications of unprotected AJAX endpoints.

Key Concerns

  • Unprotected AJAX handlers
  • Bundled library (dompdf) - potential outdatedness
Vulnerabilities
None known

PDF Invoices & Packing Slips Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

PDF Invoices & Packing Slips Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
7
106 escaped
Nonce Checks
1
Capability Checks
0
File Operations
5
External Requests
0
Bundled Libraries
1

Bundled Libraries

dompdf

Output Escaping

94% escaped113 total outputs
Attack Surface
3 unprotected

PDF Invoices & Packing Slips Attack Surface

Entry Points3
Unprotected3

AJAX Handlers 3

authwp_ajax_pips_save_order_pdfincludes\Ajax.php:17
authwp_ajax_install_woocommerce_pluginincludes\Ajax.php:18
authwp_ajax_activate_woocommerce_pluginincludes\Ajax.php:19
WordPress Hooks 32
actionadmin_enqueue_scriptsincludes\Admin\MetaBoxes.php:16
actionadd_meta_boxesincludes\Admin\MetaBoxes.php:17
actionsave_post_shop_orderincludes\Admin\MetaBoxes.php:18
actionwoocommerce_process_shop_order_metaincludes\Admin\MetaBoxes.php:19
filtermanage_edit-shop_order_columnsincludes\Admin\Order.php:19
filterwoocommerce_shop_order_list_table_columnsincludes\Admin\Order.php:20
actionmanage_shop_order_posts_custom_columnincludes\Admin\Order.php:22
actioninitincludes\Admin\Order.php:23
actionadmin_enqueue_scriptsincludes\Admin\Required.php:15
actioninitincludes\Admin\Required.php:16
actionadmin_noticesincludes\Admin\Required.php:31
filterwoocommerce_get_sections_pipsincludes\Admin\Settings.php:12
filterwoocommerce_get_settings_pipsincludes\Admin\Settings.php:13
filterwoocommerce_get_settings_pagesincludes\Admin.php:43
actionrest_api_initincludes\Api.php:15
actionadmin_enqueue_scriptsincludes\Assets.php:15
actionwp_enqueue_scriptsincludes\Assets.php:17
actioninitincludes\Frontend\Order.php:15
filterwoocommerce_my_account_my_orders_actionsincludes\Frontend\Order.php:16
actionwp_footerincludes\Frontend\Order.php:17
actioninitincludes\Illuminate\Email.php:15
actionadmin_menuincludes\Illuminate\Invoice.php:20
actionpips_invoice_template_html_headerincludes\Illuminate\Invoice.php:21
actionpips_packing_template_html_headerincludes\Illuminate\Invoice.php:22
actionpips_product_column_productincludes\Illuminate\Invoice.php:23
actionpips_product_column_qtyincludes\Illuminate\Invoice.php:24
actionpips_product_column_subtotalincludes\Illuminate\Invoice.php:25
filterwoocommerce_email_attachmentsincludes\Illuminate\Invoice.php:26
filterwoocommerce_settings_tabs_arrayincludes\Utils\Settings.php:18
actionplugins_loadedpdf-invoices-and-packing-slips.php:79
actioninitpdf-invoices-and-packing-slips.php:175
actioninitpdf-invoices-and-packing-slips.php:178
Maintenance & Trust

PDF Invoices & Packing Slips Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8
Last updatedUnknown
PHP min version7.0
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

PDF Invoices & Packing Slips Alternatives

WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes & Shipping Labels

WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes & Shipping Labels

print-invoices-packing-slip-labels-for-woocommerce

A
96

Auto-generate and attach WooCommerce PDF invoices and packing slips to order emails with customizable templates & bulk print options.

60K 6 CVEs
Flexible PDF Invoices for WooCommerce & WordPress

Flexible PDF Invoices for WooCommerce & WordPress

flexible-invoices

A
99

WooCommerce PDF invoices made simple. EU VAT validation, reverse charge invoice, proforma invoices, MOSS / OSS support, invoices in bulk and more.

7K 1 CVE
PeproDev Ultimate Invoice

PeproDev Ultimate Invoice

pepro-ultimate-invoice

A
96

Advanced WooCommerce invoice plugin: create customizable HTML/PDF invoices, attach to emails, and let customers download styled invoices easily.

6K 4 CVEs
mPDF add-on for RTL and Unicode Support

mPDF add-on for RTL and Unicode Support

mpdf-addon-for-pdf-invoices

A
100

RTL and Unicode support add-on for WebToffee WooCommerce Gift Cards, WebToffee WooCommerce Request a Quote and WooCommerce PDF Invoices, Packing Slips …

4K No CVEs
PDF Invoices & Packing Slips for WooCommerce – Challan

PDF Invoices & Packing Slips for WooCommerce – Challan

webappick-pdf-invoice-for-woocommerce

A
97

WooCommerce PDF invoice generator with automatic email attachment. Create packing slips, shipping labels, credit notes, multilingual.

3K 2 CVEs
Developer Profile

PDF Invoices & Packing Slips Developer Profile

Abu Huraira Bin Aman

7 plugins · 9K total installs

71
trust score
Avg Security Score
88/100
Avg Patch Time
238 days
View full developer profile
Detection Fingerprints

How We Detect PDF Invoices & Packing Slips

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/pdf-invoices-and-packing-slips/assets/css/invoice-buttons.css/wp-content/plugins/pdf-invoices-and-packing-slips/assets/css/pips-admin.css/wp-content/plugins/pdf-invoices-and-packing-slips/assets/css/pips-editor.css/wp-content/plugins/pdf-invoices-and-packing-slips/assets/js/admin-script.js/wp-content/plugins/pdf-invoices-and-packing-slips/assets/js/invoice-editor.js
Script Paths
/wp-content/plugins/pdf-invoices-and-packing-slips/assets/js/admin-script.js/wp-content/plugins/pdf-invoices-and-packing-slips/assets/js/invoice-editor.js
Version Parameters
pdf-invoices-and-packing-slips/assets/css/invoice-buttons.css?ver=pdf-invoices-and-packing-slips/assets/css/pips-admin.css?ver=pdf-invoices-and-packing-slips/assets/css/pips-editor.css?ver=pdf-invoices-and-packing-slips/assets/js/admin-script.js?ver=pdf-invoices-and-packing-slips/assets/js/invoice-editor.js?ver=

HTML / DOM Fingerprints

CSS Classes
pips-invoice-buttonpips-packing-slip-buttonpips-invoice-datepips-invoice-notepips-invoice-numbersdevs-pips-admin-wrapinvoice-actions-wrap
HTML Comments
<!-- phpcs:disable WordPress.DB.SlowDBQuery.slow_db_query --><!-- phpcs:enable WordPress.DB.SlowDBQuery.slow_db_query --><!-- sidebar --><!-- invoice buttons -->+6 more
Data Attributes
data-order_id
JS Globals
pips_admin_paramspips_invoice_editor_params
REST Endpoints
/wp-json/pips/v1/admin/save_invoice_settings/wp-json/pips/v1/admin/update_invoice_settings/wp-json/pips/v1/admin/get_invoice_settings/wp-json/pips/v1/admin/delete_invoice_setting
FAQ

Frequently Asked Questions about PDF Invoices & Packing Slips