WP-Safety

PeproDev Ultimate Invoice Security & Risk Analysis

wordpress.org/plugins/pepro-ultimate-invoice

Advanced WooCommerce invoice plugin: create customizable HTML/PDF invoices, attach to emails, and let customers download styled invoices easily.

6K active installs v2.2.6 PHP 7.4+ WP 5.0+ Updated Mar 8, 2026
pdf-invoicepersianwoocommercewoocommerce-invoice
96
A · Safe
CVEs total4
Unpatched0
Last CVEFeb 18, 2025
Plugin page Download
Safety Verdict

Is PeproDev Ultimate Invoice Safe to Use in 2026?

Generally Safe

Score 96/100

PeproDev Ultimate Invoice has a strong security track record. Known vulnerabilities have been patched promptly.

4 known CVEsLast CVE: Feb 18, 2025Updated 27d ago
Risk Assessment

The pepro-ultimate-invoice plugin exhibits a mixed security posture. On the positive side, the static analysis shows a lack of unprotected entry points (AJAX handlers, REST API routes) and all SQL queries utilize prepared statements. The presence of nonce and capability checks, along with proper output escaping in a significant portion of its outputs, are also good indicators of security-conscious development. However, the taint analysis reveals two flows with unsanitized paths, indicating potential for vulnerabilities if these paths are reachable and exploitable. The plugin's vulnerability history is a significant concern. With four known CVEs, including one high-severity and three medium-severity, it suggests a recurring pattern of security flaws. The common vulnerability types (Missing Authorization, XSS, Information Exposure) further highlight areas that require diligent attention. While there are no currently unpatched vulnerabilities, the history suggests a need for continuous vigilance and robust security practices.

Key Concerns

  • Flows with unsanitized paths
  • Significant vulnerability history (4 CVEs)
  • High severity vulnerability in history
  • Medium severity vulnerabilities in history
  • Output escaping only 47% properly
  • Bundled library (Select2, TCPDF)
Vulnerabilities
4

PeproDev Ultimate Invoice Security Vulnerabilities

CVEs by Year

3 CVEs in 2024
2024
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

High
1
Medium
3

4 total CVEs

CVE-2024-13719medium · 5.3Missing Authorization

PeproDev Ultimate Invoice <= 2.0.9 - Insecure Direct Object Reference to Unauthenticated Order Information Exposure

Feb 18, 2025 Patched in 2.1.0 (156d)
CVE-2024-49298medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

PeproDev Ultimate Invoice <= 2.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

Oct 15, 2024 Patched in 2.0.7 (4d)
CVE-2024-32518medium · 5.3Missing Authorization

PeproDev Ultimate Invoice <= 2.0.0 - Missing Authorization

Apr 15, 2024 Patched in 2.0.2 (19d)
CVE-2024-25933high · 7.5Exposure of Sensitive Information to an Unauthorized Actor

PeproDev Ultimate Invoice <= 1.9.7 - Unauthenticated Sensitive Information Exposure via init_plugin

Feb 20, 2024 Patched in 1.9.8 (44d)
Code Analysis
Analyzed Mar 16, 2026

PeproDev Ultimate Invoice Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
139
122 escaped
Nonce Checks
5
Capability Checks
5
File Operations
30
External Requests
1
Bundled Libraries
2

Bundled Libraries

Select2TCPDF

Output Escaping

47% escaped261 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths
init_plugin (pepro-ultimate-invoice.php:419)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

PeproDev Ultimate Invoice Attack Surface

Entry Points2
Unprotected0

Shortcodes 2

[puiw_quick_shop] pepro-ultimate-invoice.php:673
[puiw_quick_shop] pepro-ultimate-invoice.php:699
WordPress Hooks 82
actionadmin_enqueue_scriptsinclude\admin\class-column.php:20
filtermanage_woocommerce_page_wc-orders_columnsinclude\admin\class-column.php:24
actionmanage_woocommerce_page_wc-orders_custom_columninclude\admin\class-column.php:25
filtermanage_edit-shop_order_columnsinclude\admin\class-column.php:28
actionmanage_shop_order_posts_custom_columninclude\admin\class-column.php:29
filterpuiw_get_default_dynamic_paramsinclude\admin\class-print.php:32
actioninitinclude\admin\class-print.php:37
filterpuiw_order_itemsinclude\admin\class-print.php:46
filterpuiw_order_itemsinclude\admin\class-print.php:48
filterpuiw_order_itemsinclude\admin\class-print.php:51
actionwoocommerce_before_order_itemmetainclude\admin\class-print.php:53
filterpuiw_invoice_item_extra_classesinclude\admin\class-print.php:54
filterpuiw_get_custom_css_styleinclude\admin\class-print.php:55
filterpuiw_get_pdf_css_styleinclude\admin\class-print.php:56
filterpuiw_get_inventory_css_styleinclude\admin\class-print.php:57
filterwoocommerce_get_settings_pagesinclude\admin\class-setting.php:5
actionwp_before_admin_bar_renderinclude\admin\class-setting.php:24
actionwoocommerce_product_options_inventory_product_datainclude\admin\class-wcproduct-panel.php:13
actionwoocommerce_process_product_metainclude\admin\class-wcproduct-panel.php:14
actionafter_setup_themepepro-ultimate-invoice.php:90
actioninitpepro-ultimate-invoice.php:101
actioninitpepro-ultimate-invoice.php:102
actionadmin_noticespepro-ultimate-invoice.php:111
actionbefore_woocommerce_initpepro-ultimate-invoice.php:117
actioninitpepro-ultimate-invoice.php:125
filterwoocommerce_email_attachmentspepro-ultimate-invoice.php:146
actionwoocommerce_order_status_changedpepro-ultimate-invoice.php:151
actionwoocommerce_new_orderpepro-ultimate-invoice.php:152
filterwoocommerce_admin_disabledpepro-ultimate-invoice.php:162
filterwoocommerce_marketing_menu_itemspepro-ultimate-invoice.php:163
filterwoocommerce_helper_suppress_admin_noticespepro-ultimate-invoice.php:164
filterwoocommerce_hidden_order_itemmetapepro-ultimate-invoice.php:167
filterwoocommerce_get_order_item_totalspepro-ultimate-invoice.php:168
filterwoocommerce_format_weightpepro-ultimate-invoice.php:170
filterwoocommerce_format_dimensionspepro-ultimate-invoice.php:173
filterwoocommerce_admin_disabledpepro-ultimate-invoice.php:178
filterwoocommerce_marketing_menu_itemspepro-ultimate-invoice.php:179
filterwoocommerce_helper_suppress_admin_noticespepro-ultimate-invoice.php:180
filterpuiw_get_default_dynamic_paramspepro-ultimate-invoice.php:187
filterquery_varspepro-ultimate-invoice.php:188
filterpuiw_printinvoice_return_html_minfiedpepro-ultimate-invoice.php:347
filterbulk_actions-woocommerce_page_wc-orderspepro-ultimate-invoice.php:431
filterhandle_bulk_actions-woocommerce_page_wc-orderspepro-ultimate-invoice.php:432
filterbulk_actions-edit-shop_orderpepro-ultimate-invoice.php:436
filterhandle_bulk_actions-edit-shop_orderpepro-ultimate-invoice.php:437
actionvc_before_initpepro-ultimate-invoice.php:675
actionplugin_row_metapepro-ultimate-invoice.php:681
filterplugin_action_linkspepro-ultimate-invoice.php:682
actionadmin_menupepro-ultimate-invoice.php:683
actionadmin_initpepro-ultimate-invoice.php:684
actionwp_before_admin_bar_renderpepro-ultimate-invoice.php:687
filterpwoosms_shortcodes_listpepro-ultimate-invoice.php:689
filterpwoosms_order_sms_body_after_replacepepro-ultimate-invoice.php:690
actionwoocommerce_proceed_to_checkoutpepro-ultimate-invoice.php:693
filterwoocommerce_my_account_my_orders_actionspepro-ultimate-invoice.php:696
actionwoocommerce_admin_order_data_after_shipping_addresspepro-ultimate-invoice.php:702
actionwoocommerce_order_details_after_order_table_itemspepro-ultimate-invoice.php:703
actionwoocommerce_checkout_update_order_metapepro-ultimate-invoice.php:704
actionwoocommerce_checkout_update_user_metapepro-ultimate-invoice.php:705
filterwoocommerce_checkout_fieldspepro-ultimate-invoice.php:706
actionwoocommerce_order_details_before_order_tablepepro-ultimate-invoice.php:707
filterwc_order_statusespepro-ultimate-invoice.php:708
filterwoocommerce_admin_billing_fieldspepro-ultimate-invoice.php:709
filterwoocommerce_admin_shipping_fieldspepro-ultimate-invoice.php:710
actionwoocommerce_checkout_create_order_line_itempepro-ultimate-invoice.php:711
filterpuiw_get_default_dynamic_paramspepro-ultimate-invoice.php:820
filterpuiw_printinvoice_create_html_item_row_metaspepro-ultimate-invoice.php:821
filterpuiw_printinvoice_preserve_html_tagspepro-ultimate-invoice.php:822
filterpuiw_printinvoice_preserve_english_numberspepro-ultimate-invoice.php:823
filterpuiw_get_export_pdf_namepepro-ultimate-invoice.php:824
filterpuiw_get_templates_listpepro-ultimate-invoice.php:825
filterpuiw_get_templatepepro-ultimate-invoice.php:826
filterpuiw_printinvoice_pdf_footer_newpepro-ultimate-invoice.php:827
filteradmin_footer_textpepro-ultimate-invoice.php:2008
filterupdate_footerpepro-ultimate-invoice.php:2011
filterpuiw_get_default_dynamic_paramspepro-ultimate-invoice.php:2141
actionadmin_noticespepro-ultimate-invoice.php:2261
actionadd_meta_boxespepro-ultimate-invoice.php:2287
actionadmin_enqueue_scriptspepro-ultimate-invoice.php:2288
actionwoocommerce_process_shop_order_metapepro-ultimate-invoice.php:2291
filterwoocommerce_email_stylespepro-ultimate-invoice.php:2292
actionplugins_loadedpepro-ultimate-invoice.php:2678
Maintenance & Trust

PeproDev Ultimate Invoice Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 8, 2026
PHP min version7.4
Downloads128K

Community Trust

Rating96/100
Number of ratings33
Active installs6K
Alternatives

PeproDev Ultimate Invoice Alternatives

WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes & Shipping Labels

WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes & Shipping Labels

print-invoices-packing-slip-labels-for-woocommerce

A
96

Auto-generate and attach WooCommerce PDF invoices and packing slips to order emails with customizable templates & bulk print options.

60K 6 CVEs
Flexible PDF Invoices for WooCommerce & WordPress

Flexible PDF Invoices for WooCommerce & WordPress

flexible-invoices

A
99

WooCommerce PDF invoices made simple. EU VAT validation, reverse charge invoice, proforma invoices, MOSS / OSS support, invoices in bulk and more.

7K 1 CVE
mPDF add-on for RTL and Unicode Support

mPDF add-on for RTL and Unicode Support

mpdf-addon-for-pdf-invoices

A
100

RTL and Unicode support add-on for WebToffee WooCommerce Gift Cards, WebToffee WooCommerce Request a Quote and WooCommerce PDF Invoices, Packing Slips &hellip;

4K No CVEs
PDF Invoices & Packing Slips for WooCommerce – Challan

PDF Invoices & Packing Slips for WooCommerce – Challan

webappick-pdf-invoice-for-woocommerce

A
97

WooCommerce PDF invoice generator with automatic email attachment. Create packing slips, shipping labels, credit notes, multilingual.

3K 2 CVEs
PDF Builder for WooCommerce. Create invoices,packing slips and more

PDF Builder for WooCommerce. Create invoices,packing slips and more

woo-pdf-invoice-builder

A
92

Create WooCommerce pdf invoices, packing slips, certificates and more, customized them as you want them with the best drag-drop builder.

2K 10 CVEs
Developer Profile

PeproDev Ultimate Invoice Developer Profile

Pepro Dev. Group

6 plugins · 8K total installs

69
trust score
Avg Security Score
86/100
Avg Patch Time
104 days
View full developer profile
Detection Fingerprints

How We Detect PeproDev Ultimate Invoice

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/pepro-ultimate-invoice/assets/css/bootstrap.min.css/wp-content/plugins/pepro-ultimate-invoice/assets/css/custom.css/wp-content/plugins/pepro-ultimate-invoice/assets/css/font-awesome.min.css/wp-content/plugins/pepro-ultimate-invoice/assets/css/intlTelInput.css/wp-content/plugins/pepro-ultimate-invoice/assets/css/pepro-ultimate-invoice.css/wp-content/plugins/pepro-ultimate-invoice/assets/css/select2.min.css/wp-content/plugins/pepro-ultimate-invoice/assets/js/bootstrap.min.js/wp-content/plugins/pepro-ultimate-invoice/assets/js/clipboard.min.js+14 more
Script Paths
/wp-content/plugins/pepro-ultimate-invoice/assets/js/bootstrap.min.js/wp-content/plugins/pepro-ultimate-invoice/assets/js/clipboard.min.js/wp-content/plugins/pepro-ultimate-invoice/assets/js/custom.js/wp-content/plugins/pepro-ultimate-invoice/assets/js/intlTelInput.min.js/wp-content/plugins/pepro-ultimate-invoice/assets/js/jquery.repeater.min.js/wp-content/plugins/pepro-ultimate-invoice/assets/js/pepro-ultimate-invoice.js+10 more
Version Parameters
/wp-content/plugins/pepro-ultimate-invoice/assets/css/bootstrap.min.css?ver=/wp-content/plugins/pepro-ultimate-invoice/assets/css/custom.css?ver=/wp-content/plugins/pepro-ultimate-invoice/assets/css/font-awesome.min.css?ver=/wp-content/plugins/pepro-ultimate-invoice/assets/css/intlTelInput.css?ver=/wp-content/plugins/pepro-ultimate-invoice/assets/css/pepro-ultimate-invoice.css?ver=/wp-content/plugins/pepro-ultimate-invoice/assets/css/select2.min.css?ver=/wp-content/plugins/pepro-ultimate-invoice/assets/js/bootstrap.min.js?ver=/wp-content/plugins/pepro-ultimate-invoice/assets/js/clipboard.min.js?ver=/wp-content/plugins/pepro-ultimate-invoice/assets/js/custom.js?ver=/wp-content/plugins/pepro-ultimate-invoice/assets/js/intlTelInput.min.js?ver=/wp-content/plugins/pepro-ultimate-invoice/assets/js/jquery.repeater.min.js?ver=/wp-content/plugins/pepro-ultimate-invoice/assets/js/pepro-ultimate-invoice.js?ver=/wp-content/plugins/pepro-ultimate-invoice/assets/js/select2.min.js?ver=/wp-content/plugins/pepro-ultimate-invoice/assets/js/tinymce/jquery.tinymce.js?ver=/wp-content/plugins/pepro-ultimate-invoice/assets/js/tinymce/plugins/image/plugin.js?ver=/wp-content/plugins/pepro-ultimate-invoice/assets/js/tinymce/plugins/link/plugin.js?ver=/wp-content/plugins/pepro-ultimate-invoice/assets/js/tinymce/plugins/lists/plugin.js?ver=/wp-content/plugins/pepro-ultimate-invoice/assets/js/tinymce/plugins/paste/plugin.js?ver=/wp-content/plugins/pepro-ultimate-invoice/assets/js/tinymce/plugins/textcolor/plugin.js?ver=/wp-content/plugins/pepro-ultimate-invoice/assets/js/tinymce/tinymce.min.js?ver=/wp-content/plugins/pepro-ultimate-invoice/assets/js/tinymce/themes/silver/theme.js?ver=/wp-content/plugins/pepro-ultimate-invoice/assets/js/xlsx.full.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
pepro-ultimate-invoice-admin-wrappepro-ultimate-invoice-setting-pagepepro-ultimate-invoice-template-editorpepro-invoice-item-fieldpepro-invoice-table-headerpepro-invoice-table-rowpepro-invoice-total-row
HTML Comments
<!-- PeproDev Ultimate Invoice --><!-- PeproDev Ultimate Invoice :: Developed by Pepro Dev. Group (https://pepro.dev/) --><!-- PeproUltimateInvoice :: This is the Main Class --><!-- pepro-ultimate-invoice -->
Data Attributes
data-pepro-invoice-iddata-pepro-item-iddata-pepro-template-id
JS Globals
PeproUltimateInvoiceAdminpepro_ultimate_invoice_params
REST Endpoints
/wp-json/pepro-ultimate-invoice/v1/settings/wp-json/pepro-ultimate-invoice/v1/templates
Shortcode Output
<div class="pepro-ultimate-invoice-shortcode"><div class="pepro-invoice-preview">
FAQ

Frequently Asked Questions about PeproDev Ultimate Invoice