WP-Safety

Primer MyData for Woocommerce Security & Risk Analysis

wordpress.org/plugins/primer-mydata

Issue legal receipts automatically directly from your wordpress using MyData provider Services.

100 active installs v4.3.0 PHP 7.4+ WP 5.3+ Updated Dec 18, 2025
greeceinvoicesmydataprimer-mydatareceipts
95
A · Safe
CVEs total4
Unpatched0
Last CVEFeb 9, 2026
Plugin page Download
Safety Verdict

Is Primer MyData for Woocommerce Safe to Use in 2026?

Generally Safe

Score 95/100

Primer MyData for Woocommerce has a strong security track record. Known vulnerabilities have been patched promptly.

4 known CVEsLast CVE: Feb 9, 2026Updated 3mo ago
Risk Assessment

The 'primer-mydata' plugin v4.3.0 exhibits a concerning security posture due to a large number of unprotected entry points. With 34 out of 38 total entry points lacking authentication checks, the plugin presents a significant attack surface. While the plugin demonstrates good practices in using prepared statements for SQL queries (56%) and proper output escaping (86%), the high number of unauthenticated AJAX handlers is a critical weakness. The taint analysis revealing two high-severity flows with unsanitized paths is particularly worrying, suggesting potential for path traversal vulnerabilities.

The vulnerability history of this plugin is also a point of concern. Although there are currently no unpatched CVEs, the presence of four historical medium-severity vulnerabilities, including path traversal, CSRF, and XSS, indicates a recurring pattern of insecure coding practices. The last reported vulnerability in 2026 also raises questions about the plugin's maintenance and update cadence. The combination of a large, exposed attack surface and past vulnerabilities suggests a high likelihood of future security issues if not addressed.

In conclusion, while the plugin shows some positive aspects like well-escaped output and prepared SQL statements, these strengths are overshadowed by the significant risks posed by its numerous unprotected entry points and the history of exploitable vulnerabilities. The high-severity taint flows are a red flag that requires immediate attention. The plugin's overall security is compromised by these factors, and users should exercise extreme caution.

Key Concerns

  • Large attack surface without auth checks
  • High severity taint flows
  • History of medium severity CVEs
  • Unprotected AJAX handlers
  • Unprotected REST API routes
Vulnerabilities
4

Primer MyData for Woocommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
2 CVEs in 2025
2025
1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

Medium
4

4 total CVEs

CVE-2025-69325medium · 5.3Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Primer MyData for Woocommerce <= 4.2.8 - Unauthenticated Path Traversal

Feb 9, 2026 Patched in 4.2.9 (9d)
CVE-2025-53575medium · 4.3Cross-Site Request Forgery (CSRF)

Primer MyData for Woocommerce <= 4.2.5 - Cross-Site Request Forgery

Aug 14, 2025 Patched in 4.2.6 (5d)
CVE-2025-30924medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Primer MyData for Woocommerce < 4.2.4 - Reflected Cross-Site Scripting

Mar 27, 2025 Patched in 4.2.4 (7d)
CVE-2024-11809medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Primer MyData for Woocommerce <= 4.2.1 - Reflected Cross-Site Scripting

Dec 12, 2024 Patched in 4.2.2 (1d)
Code Analysis
Analyzed Mar 16, 2026

Primer MyData for Woocommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
11
14 prepared
Unescaped Output
75
473 escaped
Nonce Checks
6
Capability Checks
2
File Operations
39
External Requests
25
Bundled Libraries
3

Bundled Libraries

dompdfTCPDFSelect2

SQL Query Safety

56% prepared25 total queries

Output Escaping

86% escaped548 total outputs
Data Flows
6 unsanitized

Data Flow Analysis

24 flows6 with unsanitized paths
create_primer_the_zip_file (admin\includes\primer-admin-options.php:5235)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
34 unprotected

Primer MyData for Woocommerce Attack Surface

Entry Points38
Unprotected34

AJAX Handlers 36

authwp_ajax_primer_make_full_refundadmin\class-primer-admin.php:1516
authwp_ajax_create_primer_the_zip_fileadmin\includes\primer-admin-options.php:48
authwp_ajax_primer_export_receipt_to_htmladmin\includes\primer-admin-options.php:49
authwp_ajax_primer_resend_receipt_to_customeradmin\includes\primer-admin-options.php:50
authwp_ajax_primer_cancel_invoiceadmin\includes\primer-admin-options.php:51
authwp_ajax_primer_smtp_settingsadmin\includes\primer-admin-options.php:52
authwp_ajax_primer_system_settingsadmin\includes\primer-admin-options.php:53
authwp_ajax_primer_insert_licenseadmin\includes\primer-admin-options.php:54
authwp_ajax_first_time_actadmin\includes\primer-admin-options.php:55
authwp_ajax_primer_get_seriesadmin\includes\primer-admin-options.php:56
authwp_ajax_company_activation_calladmin\includes\primer-admin-options.php:57
authwp_ajax_company_vat_calladmin\includes\primer-admin-options.php:58
authwp_ajax_change_subsidiaryadmin\includes\primer-admin-options.php:59
authwp_ajax_primer_license_remainingadmin\includes\primer-admin-options.php:60
authwp_ajax_primer_user_picture_uploadadmin\includes\primer-admin-options.php:61
authwp_ajax_primer_export_receipt_to_htmladmin\includes\primer-admin-options.php:63
noprivwp_ajax_primer_export_receipt_to_htmladmin\includes\primer-admin-options.php:64
authwp_ajax_convert_select_ordersadmin\includes\primer-admin-table.php:506
authwp_ajax_primer_fire_cronincludes\class-primer-cron.php:21
authwp_ajax_export_invoice_to_reportincludes\class-primer-cron.php:24
authwp_ajax_primer_get_woocommerce_tax_ratesincludes\class-primer-cron.php:25
authwp_ajax_primer_validate_binpayments\class-primer-payment-gateway.php:73
noprivwp_ajax_primer_validate_binpayments\class-primer-payment-gateway.php:74
authwp_ajax_primer_piraeus_transactionspayments\includes\class-primer-payments-gateway-actions.php:7
authwp_ajax_continue_3ds_methodpayments\includes\class-primer-payments-gateway-functions.php:20
noprivwp_ajax_continue_3ds_methodpayments\includes\class-primer-payments-gateway-functions.php:21
authwp_ajax_finalize_3ds_methodpayments\includes\class-primer-payments-gateway-functions.php:22
noprivwp_ajax_finalize_3ds_methodpayments\includes\class-primer-payments-gateway-functions.php:23
authwp_ajax_process_payment_with_token_3dspayments\includes\class-primer-payments-gateway-functions.php:24
noprivwp_ajax_process_payment_with_token_3dspayments\includes\class-primer-payments-gateway-functions.php:25
authwp_ajax_vat_number_validationprimer.php:110
noprivwp_ajax_vat_number_validationprimer.php:111
authwp_ajax_reset_of_the_tax_from_viesprimer.php:193
noprivwp_ajax_reset_of_the_tax_from_viesprimer.php:194
authwp_ajax_primer_timologio_for_wc_aade_fillprimer.php:227
noprivwp_ajax_primer_timologio_for_wc_aade_fillprimer.php:228

REST API Routes 2

GET/wp-json/piraeussend3dsMethodNotificationpayments\includes\class-primer-payments-gateway-actions.php:22
GET/wp-json/piraeussendTermspayments\includes\class-primer-payments-gateway-actions.php:31
WordPress Hooks 78
actionadmin_headadmin\class-primer-admin.php:1410
actionadmin_menuadmin\includes\primer-admin-options.php:46
actionwp_print_scriptsadmin\includes\primer-admin-options.php:47
actioncmb2_render_email_wildcardsadmin\includes\primer-admin-options.php:62
actionwp_print_scriptsadmin\includes\primer-admin-receipt-log-automation-table.php:23
actionwp_print_scriptsadmin\includes\primer-admin-receipt-log-table.php:21
actionwp_print_scriptsadmin\includes\primer-admin-receipt-table.php:21
actionwp_print_scriptsadmin\includes\primer-admin-table.php:27
actionadmin_footeradmin\includes\primer-admin-table.php:1066
actionprimer_cron_save_settingsincludes\class-primer-cron.php:17
actionprimer_cron_processincludes\class-primer-cron.php:18
actionprimer_cron_process_failedincludes\class-primer-cron.php:19
actionprimer_cron_process_credit_failedincludes\class-primer-cron.php:20
actionprimer_cron_save_settingsincludes\class-primer-cron.php:22
actionprimer_cron_export_processincludes\class-primer-cron.php:23
actionprimer_cron_primer_license_remainingincludes\class-primer-cron.php:26
actionprimer_loadedincludes\class-primer-settings.php:15
actionadmin_noticesincludes\class-primer-smtp.php:16
actionwp_mail_failedincludes\class-primer-smtp.php:17
actionadmin_enqueue_scriptsincludes\class-primer.php:180
actionadmin_enqueue_scriptsincludes\class-primer.php:181
filtercmb2_script_dependenciesincludes\class-primer.php:182
filteradmin_body_classincludes\class-primer.php:183
actioninitincludes\class-primer.php:185
actioninitincludes\class-primer.php:186
actioninitincludes\class-primer.php:187
actioninitincludes\class-primer.php:188
actioninitincludes\class-primer.php:189
actioninitincludes\class-primer.php:190
actioninitincludes\class-primer.php:191
actionadmin_enqueue_scriptsincludes\class-primer.php:192
actionwp_enqueue_scriptsincludes\class-primer.php:193
filterwoocommerce_admin_billing_fieldsincludes\class-primer.php:195
actionwoocommerce_admin_order_data_after_order_detailsincludes\class-primer.php:196
actionwoocommerce_process_shop_order_metaincludes\class-primer.php:197
filterwoocommerce_found_customer_detailsincludes\class-primer.php:198
filterwoocommerce_customer_meta_fieldsincludes\class-primer.php:199
filterwoocommerce_order_formatted_billing_addressincludes\class-primer.php:200
filterwoocommerce_formatted_address_replacementsincludes\class-primer.php:201
filterdefault_checkout_shipping_countryincludes\class-primer.php:202
filterwoocommerce_my_account_my_orders_actionsincludes\class-primer.php:203
actionmanage_shop_order_posts_custom_columnincludes\class-primer.php:204
actionmanage_woocommerce_page_wc-orders_custom_columnincludes\class-primer.php:205
actionadmin_initincludes\class-primer.php:206
filteradmin_noticesincludes\class-primer.php:207
filterwp_delete_postincludes\class-primer.php:208
filtercron_schedulesincludes\class-primer.php:209
actionwoocommerce_new_orderincludes\class-primer.php:210
filterwoocommerce_get_wp_query_argsincludes\class-primer.php:211
actionwoocommerce_thankyouincludes\class-primer.php:221
actionwoocommerce_thankyouincludes\class-primer.php:222
actionwoocommerce_checkout_processincludes\class-primer.php:223
actionwoocommerce_new_orderincludes\class-primer.php:224
actionwoocommerce_new_orderincludes\class-primer.php:225
filterwoocommerce_billing_fieldsincludes\class-primer.php:251
actioncmb2_save_fieldincludes\class-primer.php:256
actionprimer_headincludes\class-primer.php:300
actionwp_enqueue_scriptsincludes\class-primer.php:301
actionwp_enqueue_scriptsincludes\class-primer.php:302
filtersingle_templateincludes\class-primer.php:305
actioninitincludes\class-primer.php:349
actionprimer_loadedincludes\receipt\class-primer-invoice.php:11
filterwoocommerce_my_subscriptions_payment_methodpayments\class-primer-payment-gateway.php:68
actionwp_enqueue_scriptspayments\class-primer-payment-gateway.php:69
actionwppayments\class-primer-payment-gateway.php:71
filterwoocommerce_thankyou_order_received_textpayments\class-primer-payment-gateway.php:121
actionrest_api_initpayments\includes\class-primer-payments-gateway-actions.php:6
filterwoocommerce_payment_gatewayspayments\includes\class-primer-payments-gateway-actions.php:8
actionadmin_enqueue_scriptspayments\includes\class-primer-payments-gateway-actions.php:9
actionwoocommerce_api_wc_piraeusbank_gatewaypayments\includes\class-primer-payments-gateway-functions.php:26
filterwoocommerce_subscription_payment_metapayments\includes\class-primer-payments-gateway-helpers.php:6
actionwppayments\includes\class-primer-payments-gateway-helpers.php:7
filterwoocommerce_thankyou_order_received_textpayments\includes\class-primer-payments-gateway-helpers.php:309
actionplugins_loadedprimer.php:91
actionadmin_noticesprimer.php:93
actionwoocommerce_checkout_processprimer.php:348
actionwoocommerce_product_options_general_product_dataprimer.php:358
actionwoocommerce_process_product_metaprimer.php:377

Scheduled Events 14

primer_cron_process_failed
primer_cron_process_credit_failed
primer_cron_primer_license_remaining
primer_cron_process
primer_cron_process
primer_cron_process
primer_cron_export_process
primer_cron_export_process
primer_cron_export_process
primer_cron_process
primer_cron_process_failed
primer_cron_process_credit_failed
primer_cron_primer_license_remaining
primer_cron_export_process
Maintenance & Trust

Primer MyData for Woocommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 18, 2025
PHP min version7.4
Downloads8K

Community Trust

Rating84/100
Number of ratings11
Active installs100
Alternatives

Primer MyData for Woocommerce Alternatives

Oxygen MyData for WooCommerce

Oxygen MyData for WooCommerce

oxygen-mydata

A
95

Automate your WooCommerce store and accounting by syncing orders and more between WooCommerce and Oxygen Suite.

200 1 CVE
Web:D Accounts

Web:D Accounts

wp-accounts

A
100

Manage your Clients, Invoices, Receipts and Payments. Send Invoices and Receipts to clients via email.

10 No CVEs
Kitgenix PDF Invoicing for WooCommerce

Kitgenix PDF Invoicing for WooCommerce

kitgenix-pdf-invoicing-for-woocommerce

A
100

Generate PDF invoices, receipts, packing slips and credit notes for WooCommerce. Overrides, customer downloads, and configurable email attachments.

0 No CVEs
PDF Invoices & Packing Slips for WooCommerce

PDF Invoices & Packing Slips for WooCommerce

woocommerce-pdf-invoices-packing-slips

A
88

Create, print & automatically email PDF or XML Invoices & PDF Packing Slips for WooCommerce orders.

300K 12 CVEs
WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes & Shipping Labels

WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes & Shipping Labels

print-invoices-packing-slip-labels-for-woocommerce

A
96

Auto-generate and attach WooCommerce PDF invoices and packing slips to order emails with customizable templates & bulk print options.

60K 6 CVEs
Developer Profile

Primer MyData for Woocommerce Developer Profile

primersoftware

1 plugin · 100 total installs

97
trust score
Avg Security Score
95/100
Avg Patch Time
6 days
View full developer profile
Detection Fingerprints

How We Detect Primer MyData for Woocommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/primer-mydata/assets/css/primer-mydata-public.css/wp-content/plugins/primer-mydata/assets/js/primer-mydata-public.js/wp-content/plugins/primer-mydata/assets/css/bootstrap.min.css/wp-content/plugins/primer-mydata/assets/js/bootstrap.min.js/wp-content/plugins/primer-mydata/assets/js/bootstrap.bundle.min.js/wp-content/plugins/primer-mydata/assets/js/moment.min.js/wp-content/plugins/primer-mydata/assets/js/moment-with-locales.min.js/wp-content/plugins/primer-mydata/assets/js/primer-mydata-admin.js+4 more
Script Paths
/wp-content/plugins/primer-mydata/assets/js/primer-mydata-public.js/wp-content/plugins/primer-mydata/assets/js/bootstrap.bundle.min.js/wp-content/plugins/primer-mydata/assets/js/moment.min.js/wp-content/plugins/primer-mydata/assets/js/moment-with-locales.min.js/wp-content/plugins/primer-mydata/assets/js/primer-mydata-admin.js/wp-content/plugins/primer-mydata/assets/js/primer-mydata-frontend.js
Version Parameters
primer-mydata/assets/css/primer-mydata-public.css?ver=primer-mydata/assets/js/primer-mydata-public.js?ver=primer-mydata/assets/css/bootstrap.min.css?ver=primer-mydata/assets/js/bootstrap.min.js?ver=primer-mydata/assets/js/bootstrap.bundle.min.js?ver=primer-mydata/assets/js/moment.min.js?ver=primer-mydata/assets/js/moment-with-locales.min.js?ver=primer-mydata/assets/js/primer-mydata-admin.js?ver=primer-mydata/assets/css/primer-mydata-admin.css?ver=primer-mydata/assets/css/bootstrap-grid.min.css?ver=primer-mydata/assets/css/primer-mydata-frontend.css?ver=primer-mydata/assets/js/primer-mydata-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
primer-mydata-custom-input
Data Attributes
data-vat-numberdata-vat-country
JS Globals
primer_mydata_ajax_objectprimer_mydata_admin_ajax_objectprimer_mydata_frontend_ajax_object
REST Endpoints
/wp-json/primer/v1/settings/wp-json/primer/v1/get_customer_data/wp-json/primer/v1/get_order_details/wp-json/primer/v1/get_product_details/wp-json/primer/v1/send_invoice/wp-json/primer/v1/sync_data/wp-json/primer/v1/update_settings/wp-json/primer/v1/get_invoices/wp-json/primer/v1/get_receipts/wp-json/primer/v1/search_customers/wp-json/primer/v1/get_customer_data_by_id
FAQ

Frequently Asked Questions about Primer MyData for Woocommerce