WP-Safety

PDF Invoices and Packing Slips For WooCommerce Security & Risk Analysis

wordpress.org/plugins/pdf-invoices-and-packing-slips-for-woocommerce

WooCommerce PDF Invoice plugin helps to generate custom designed invoices for a WooCommerce store. Apart from the Invoice, this plugin can also be use …

1K active installs v1.4.5 PHP + WP 4.4.0+ Updated Dec 8, 2025
delivery-notesinvoicespacking-slipspdf-invoicesshipping-labels
99
A · Safe
CVEs total1
Unpatched0
Last CVEMar 6, 2024
Download
Safety Verdict

Is PDF Invoices and Packing Slips For WooCommerce Safe to Use in 2026?

Generally Safe

Score 99/100

PDF Invoices and Packing Slips For WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Mar 6, 2024Updated 3mo ago
Risk Assessment

The plugin "pdf-invoices-and-packing-slips-for-woocommerce" v1.4.5 exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and conducting a decent number of capability checks. It also has no known unpatched vulnerabilities, which is encouraging.

However, there are significant concerns arising from the static analysis. The presence of two AJAX handlers without authentication checks exposes potential entry points for attackers. Furthermore, while no critical or high severity taint flows were identified, two flows with unsanitized paths were detected, indicating a risk of unexpected behavior or potential vulnerabilities if attacker-controlled data is involved. The 42% proper output escaping rate suggests a moderate risk of cross-site scripting (XSS) vulnerabilities, particularly concerning given the lack of nonce checks on AJAX endpoints. The plugin also bundles the TCPDF library, which, if outdated, could introduce its own set of vulnerabilities.

The vulnerability history reveals a past high-severity "Deserialization of Untrusted Data" vulnerability. While currently patched, this pattern suggests a recurring concern with handling serialized data, which requires careful ongoing scrutiny. The overall assessment is that while some good security practices are in place, the unprotected AJAX handlers and the history of deserialization issues present notable risks that require attention.

Key Concerns

  • AJAX handlers without auth checks
  • Unsanitized paths in taint flows
  • Output escaping is not properly handled (42%)
  • Nonce checks missing
  • Bundled library (TCPDF) may be outdated
  • Past high severity vulnerability (Deserialization)
Vulnerabilities
1

PDF Invoices and Packing Slips For WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

High
1

1 total CVE

CVE-2024-1773high · 8.8Deserialization of Untrusted Data

PDF Invoices and Packing Slips For WooCommerce <= 1.3.7 - Authenticated (Subscriber+) PHP Object Injection

Mar 6, 2024 Patched in 1.3.8 (2d)
Code Analysis
Analyzed Mar 16, 2026

PDF Invoices and Packing Slips For WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
11
8 escaped
Nonce Checks
0
Capability Checks
6
File Operations
5
External Requests
0
Bundled Libraries
1

Bundled Libraries

TCPDF

Output Escaping

42% escaped19 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
handle_bulk_actions_ordertable (includes\class-apifw-backend.php:1123)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

PDF Invoices and Packing Slips For WooCommerce Attack Surface

Entry Points5
Unprotected2

AJAX Handlers 2

authwp_ajax_apifw_handle_bulk_action_urlsincludes\class-apifw-backend.php:158
noprivwp_ajax_apifw_handle_bulk_action_urlsincludes\class-apifw-backend.php:160

REST API Routes 3

POST/wp-json/apifw/v1/save_base_settings/includes\class-apifw-api.php:28
POST/wp-json/apifw/v1/get_base_settings/includes\class-apifw-api.php:34
POST/wp-json/apifw/v1/reset_invoice_template/includes\class-apifw-api.php:40
WordPress Hooks 29
actionapifw_invoice_delete_cronincludes\apifw-cron.php:7
actionrest_api_initincludes\class-apifw-api.php:27
actioninitincludes\class-apifw-backend.php:136
actionadmin_menuincludes\class-apifw-backend.php:140
actionadmin_enqueue_scriptsincludes\class-apifw-backend.php:142
actionadmin_enqueue_scriptsincludes\class-apifw-backend.php:143
actionadd_meta_boxesincludes\class-apifw-backend.php:145
filtermanage_edit-shop_order_columnsincludes\class-apifw-backend.php:147
actionmanage_shop_order_posts_custom_columnincludes\class-apifw-backend.php:149
filtermanage_woocommerce_page_wc-orders_columnsincludes\class-apifw-backend.php:151
actionmanage_woocommerce_page_wc-orders_custom_columnincludes\class-apifw-backend.php:152
filterbulk_actions-edit-shop_orderincludes\class-apifw-backend.php:155
filterbulk_actions-woocommerce_page_wc-ordersincludes\class-apifw-backend.php:156
actionadd_meta_boxesincludes\class-apifw-backend.php:164
filtermanage_edit-awcdp_payment_columnsincludes\class-apifw-backend.php:166
actionmanage_awcdp_payment_posts_custom_columnincludes\class-apifw-backend.php:168
filterbulk_actions-edit-awcdp_paymentincludes\class-apifw-backend.php:170
actionadmin_footerincludes\class-apifw-backend.php:172
actionadmin_footerincludes\class-apifw-backend.php:178
actionadmin_noticesincludes\class-apifw-backend.php:217
actionwp_enqueue_scriptsincludes\class-apifw-front-end.php:60
actioninitincludes\class-apifw-front-end.php:62
actionwoocommerce_order_details_after_order_tableincludes\class-apifw-invoice.php:74
filterwoocommerce_my_account_my_orders_actionsincludes\class-apifw-invoice.php:76
filterwoocommerce_email_attachmentsincludes\class-apifw-invoice.php:81
actionwoocommerce_thankyouincludes\class-apifw-invoice.php:84
actionwoocommerce_order_status_changedincludes\class-apifw-invoice.php:86
actionplugins_loadedstart.php:48
actionbefore_woocommerce_initstart.php:93

Scheduled Events 1

apifw_invoice_delete_cron
Maintenance & Trust

PDF Invoices and Packing Slips For WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 8, 2025
PHP min version
Downloads46K

Community Trust

Rating100/100
Number of ratings19
Active installs1K
Alternatives

PDF Invoices and Packing Slips For WooCommerce Alternatives

PDF Invoices and Packing Slips for Woocommerce

PDF Invoices and Packing Slips for Woocommerce

webplanex-invoices

A
100

Generate PDF Invoices, Shipping Labels, Packing Slips, Delivery Notes and Credit notes for your WooCommerce store.

30 No CVEs
WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes & Shipping Labels

WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes & Shipping Labels

print-invoices-packing-slip-labels-for-woocommerce

A
96

Auto-generate and attach WooCommerce PDF invoices and packing slips to order emails with customizable templates & bulk print options.

60K 6 CVEs
Invoices for WooCommerce

Invoices for WooCommerce

woocommerce-pdf-invoices

A
92

Automatically generate and attach customizable PDF Invoices and PDF Packing Slips for WooCommerce to emails.

10K No CVEs
WCPDF User Template

WCPDF User Template

bvd-wcpdf-user-template

A
100

With this plugin you can change what PDF template will be used for a certain user. "WooCommerce PDF Invoices & Packing Slips" is the plu &hellip;

0 No CVEs
PDF Invoices & Packing Slips for WooCommerce

PDF Invoices & Packing Slips for WooCommerce

woocommerce-pdf-invoices-packing-slips

A
88

Create, print & automatically email PDF or XML Invoices & PDF Packing Slips for WooCommerce orders.

300K 12 CVEs
Developer Profile

PDF Invoices and Packing Slips For WooCommerce Developer Profile

acowebs

13 plugins · 74K total installs

93
trust score
Avg Security Score
98/100
Avg Patch Time
14 days
View full developer profile
Detection Fingerprints

How We Detect PDF Invoices and Packing Slips For WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/pdf-invoices-and-packing-slips-for-woocommerce/assets/css/backend.css/wp-content/plugins/pdf-invoices-and-packing-slips-for-woocommerce/assets/css/frontend.css/wp-content/plugins/pdf-invoices-and-packing-slips-for-woocommerce/assets/css/backend-common.css/wp-content/plugins/pdf-invoices-and-packing-slips-for-woocommerce/assets/js/backend.js/wp-content/plugins/pdf-invoices-and-packing-slips-for-woocommerce/assets/js/backend-common.js/wp-content/plugins/pdf-invoices-and-packing-slips-for-woocommerce/assets/js/frontend.js/wp-content/plugins/pdf-invoices-and-packing-slips-for-woocommerce/assets/js/apifw-common.js/wp-content/plugins/pdf-invoices-and-packing-slips-for-woocommerce/assets/js/apifw-backend.js
Script Paths
https://api.acowebs.com/wp-content/plugins/pdf-invoices-and-packing-slips-for-woocommerce/assets/js/backend.jshttps://api.acowebs.com/wp-content/plugins/pdf-invoices-and-packing-slips-for-woocommerce/assets/js/apifw-backend.jshttps://api.acowebs.com/wp-content/plugins/pdf-invoices-and-packing-slips-for-woocommerce/assets/js/frontend.jshttps://api.acowebs.com/wp-content/plugins/pdf-invoices-and-packing-slips-for-woocommerce/assets/js/apifw-common.js
Version Parameters
pdf-invoices-and-packing-slips-for-woocommerce/assets/css/backend.css?ver=pdf-invoices-and-packing-slips-for-woocommerce/assets/css/frontend.css?ver=pdf-invoices-and-packing-slips-for-woocommerce/assets/css/backend-common.css?ver=pdf-invoices-and-packing-slips-for-woocommerce/assets/js/backend.js?ver=pdf-invoices-and-packing-slips-for-woocommerce/assets/js/backend-common.js?ver=pdf-invoices-and-packing-slips-for-woocommerce/assets/js/frontend.js?ver=pdf-invoices-and-packing-slips-for-woocommerce/assets/js/apifw-common.js?ver=pdf-invoices-and-packing-slips-for-woocommerce/assets/js/apifw-backend.js?ver=

HTML / DOM Fingerprints

CSS Classes
apifw-admin-pageapifw-order-metaboxapifw-bulk-action-wrapperapifw-order-data-rowapifw-template-builder-editorapifw-pdf-editor-containerapifw-template-listapifw-pdf-templates-wrapper+2 more
HTML Comments
<!-- APIFW_START_RENDER_BUTTON --><!-- APIFW_END_RENDER_BUTTON --><!-- APIFW_ORDER_INVOICE_ACTIONS --><!-- APIFW_ORDER_PACKING_SLIP_ACTIONS -->+3 more
Data Attributes
data-apifw-template-iddata-apifw-field-namedata-apifw-field-typedata-apifw-order-iddata-apifw-actiondata-apifw-setting-key
JS Globals
window.APIFW_AJAX_URLwindow.APIFW_ORDER_IDwindow.APIFW_ADMIN_AJAX_URLwindow.APIFW_SETTINGSwindow.apifw_php_varswindow.apifw_editor_params
REST Endpoints
/wp-json/apifw/v1/templates/wp-json/apifw/v1/orders
FAQ

Frequently Asked Questions about PDF Invoices and Packing Slips For WooCommerce