WP-Safety

Peki – Fiken Integration for WooCommerce Security & Risk Analysis

wordpress.org/plugins/peki-fiken-integration-for-woocommerce

Automate your bookkeeping by connecting WooCommerce to Fiken. Export orders automatically and save time on manual accounting tasks.

30 active installs v1.0.23 PHP 7.4+ WP 5.8+ Updated Unknown
accountingbookkeepingfikeninvoiceswoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Peki – Fiken Integration for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Peki – Fiken Integration for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs
Risk Assessment

The "peki-fiken-integration-for-woocommerce" plugin exhibits a generally good security posture with several strengths. Notably, it has no known vulnerabilities (CVEs), indicating a history of stable and secure development. The plugin also demonstrates good practices by utilizing prepared statements for all SQL queries and incorporating nonce checks for most entry points. The absence of dangerous functions and file operations further contributes to its security.

However, there are some areas of concern that warrant attention. The static analysis reveals a REST API route that lacks permission callbacks, creating an unprotected entry point into the application. Additionally, a significant portion of the plugin's output (49%) is not properly escaped. While taint analysis did not reveal critical or high-severity issues, two flows with unsanitized paths were identified, which, combined with the unescaped output, could potentially lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is involved in these paths.

Overall, the plugin is relatively secure due to its lack of historical vulnerabilities and its use of prepared statements and nonces. However, the unprotected REST API endpoint and the high percentage of unescaped output represent tangible risks that should be addressed to further strengthen its security.

Key Concerns

  • REST API route without permission callbacks
  • Significant portion of output not properly escaped
  • Flows with unsanitized paths identified
Vulnerabilities
None known

Peki – Fiken Integration for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Peki – Fiken Integration for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
110
115 escaped
Nonce Checks
10
Capability Checks
18
File Operations
0
External Requests
6
Bundled Libraries
0

Output Escaping

51% escaped225 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

5 flows2 with unsanitized paths
handle_callback (includes\admin\class-admin-connect.php:54)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Peki – Fiken Integration for WooCommerce Attack Surface

Entry Points3
Unprotected1

AJAX Handlers 2

authwp_ajax_pekifiken_refresh_statusincludes\admin\class-admin-connect.php:18
authwp_ajax_pekifiken_dismiss_noticeincludes\admin\class-admin-notices.php:25

REST API Routes 1

POST/wp-json/fiken/v1/pingfiken.php:130
WordPress Hooks 27
actionplugins_loadedfiken.php:78
filterallowed_redirect_hostsfiken.php:79
actionplugins_loadedfiken.php:93
actionadmin_noticesfiken.php:99
actionrest_api_initfiken.php:129
actionpekifiken_cron_refresh_statusfiken.php:166
filtercron_schedulesfiken.php:188
actionwoocommerce_order_status_completedfiken.php:199
actionwoocommerce_order_refundedfiken.php:244
filterwoocommerce_order_actionsfiken.php:269
actionwoocommerce_order_action_pekifiken_force_exportfiken.php:275
filtermanage_edit-shop_order_columnsfiken.php:344
actionmanage_shop_order_posts_custom_columnfiken.php:359
filterwoocommerce_shop_order_list_table_columnsfiken.php:374
actionwoocommerce_shop_order_list_table_custom_columnfiken.php:389
actionadmin_post_pekifiken_start_connectincludes\admin\class-admin-connect.php:13
actionadmin_post_pekifiken_callbackincludes\admin\class-admin-connect.php:14
actionadmin_post_nopriv_pekifiken_callbackincludes\admin\class-admin-connect.php:15
actionadmin_initincludes\admin\class-admin-connect.php:17
actionadmin_noticesincludes\admin\class-admin-notices.php:22
actionadmin_initincludes\admin\class-admin-notices.php:23
actionnetwork_admin_noticesincludes\admin\class-admin-notices.php:24
actionadmin_menuincludes\admin\class-admin.php:34
actionadmin_enqueue_scriptsincludes\admin\class-admin.php:35
actionadmin_headincludes\admin\class-admin.php:36
actionadmin_initincludes\admin\class-admin.php:39
actionadmin_post_pekifiken_toggle_auto_upgradeincludes\admin\class-admin.php:42

Scheduled Events 1

pekifiken_cron_refresh_status
Maintenance & Trust

Peki – Fiken Integration for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedUnknown
PHP min version7.4
Downloads1K

Community Trust

Rating100/100
Number of ratings4
Active installs30
Alternatives

Peki – Fiken Integration for WooCommerce Alternatives

Peki Tripletex Integration for WooCommerce

Peki Tripletex Integration for WooCommerce

peki-tripletex-integration-for-woocommerce

A
100

Integrate WooCommerce with Tripletex. Automatically transfer orders and refunds to Tripletex via the Peki service. Learn more on our Tripletex plugin …

0 No CVEs
Accounting for WooCommerce

Accounting for WooCommerce

accounting-for-woocommerce

A
95

All you need to transfer accounting data from Woocommerce to accounting softwares!

600 3 CVEs
Akaunting for WooCommerce

Akaunting for WooCommerce

akaunting-for-woocommerce

A
85

Akaunting is a free, open source and online accounting software for small businesses and freelancers.

100 No CVEs
Web:D Accounts

Web:D Accounts

wp-accounts

A
100

Manage your Clients, Invoices, Receipts and Payments. Send Invoices and Receipts to clients via email.

10 No CVEs
Invoct – PDF Invoices & Billing for WooCommerce

Invoct – PDF Invoices & Billing for WooCommerce

kirilkirkov-pdf-invoice-manager

A
99

Professional PDF invoicing & billing for WooCommerce and WordPress, with Stripe payments and automated VAT/tax handling.

0 1 CVE
Developer Profile

Peki – Fiken Integration for WooCommerce Developer Profile

PEKI AS

3 plugins · 30 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Peki – Fiken Integration for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/peki-fiken-integration-for-woocommerce/assets/css/admin-style.css/wp-content/plugins/peki-fiken-integration-for-woocommerce/assets/js/admin-script.js/wp-content/plugins/peki-fiken-integration-for-woocommerce/assets/css/connect.css/wp-content/plugins/peki-fiken-integration-for-woocommerce/assets/js/connect.js/wp-content/plugins/peki-fiken-integration-for-woocommerce/assets/css/status.css/wp-content/plugins/peki-fiken-integration-for-woocommerce/assets/js/status.js
Version Parameters
peki-fiken-integration-for-woocommerce/assets/css/admin-style.css?ver=peki-fiken-integration-for-woocommerce/assets/js/admin-script.js?ver=peki-fiken-integration-for-woocommerce/assets/css/connect.css?ver=peki-fiken-integration-for-woocommerce/assets/js/connect.js?ver=peki-fiken-integration-for-woocommerce/assets/css/status.css?ver=peki-fiken-integration-for-woocommerce/assets/js/status.js?ver=

HTML / DOM Fingerprints

CSS Classes
fiken-integration-admin-wrapfiken-connect-page-wrapfiken-status-page-wrap
Data Attributes
data-webhook-noncedata-fiken-connect-url
JS Globals
fiken_admin_script_paramsfiken_connect_script_paramsfiken_status_script_params
REST Endpoints
/wp-json/fiken/v1/ping
FAQ

Frequently Asked Questions about Peki – Fiken Integration for WooCommerce