Does q-invoice connect for Gravity Forms have any unpatched vulnerabilities?

No. All known vulnerabilities in q-invoice connect for Gravity Forms have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is q-invoice connect for Gravity Forms compatible with WordPress 5.4.19?

According to WordPress.org data, q-invoice connect for Gravity Forms 2.3.2 has been tested up to WordPress 5.4.19. Check the plugin's changelog for the latest compatibility information.

How often is q-invoice connect for Gravity Forms updated?

q-invoice connect for Gravity Forms was last updated on Unknown. Frequent updates are generally a positive security signal.

What is q-invoice connect for Gravity Forms's security score?

q-invoice connect for Gravity Forms has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

q-invoice connect for Gravity Forms Security & Risk Analysis

wordpress.org/plugins/qinvoice-connect-for-gravity-forms

Connects your Gravity Forms forms to q-invoice for automatic invoicing.

10 active installs v2.3.2 PHP + WP 3.0.1+ Updated Unknown

billingestimatesgravity-formsinvoicingquote

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is q-invoice connect for Gravity Forms Safe to Use in 2026?

Generally Safe

Score 100/100

q-invoice connect for Gravity Forms has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs

Risk Assessment

The plugin "qinvoice-connect-for-gravity-forms" v2.3.2 exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries, performing output escaping on a majority of its outputs, and having no recorded historical vulnerabilities, suggesting a generally well-maintained codebase. However, a significant concern arises from the presence of one unprotected AJAX handler, which represents a direct entry point that could be exploited by unauthenticated users. The absence of nonce checks on this handler further exacerbates this risk, making it vulnerable to Cross-Site Request Forgery (CSRF) attacks. While taint analysis showed no issues, the single unprotected AJAX endpoint is a critical oversight that needs immediate attention.

Key Concerns

Unprotected AJAX handler
Missing nonce check on AJAX
Unescaped output percentage concerning

Vulnerabilities

None known

q-invoice connect for Gravity Forms Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

q-invoice connect for Gravity Forms Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

12 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

71% escaped17 total outputs

Attack Surface

1 unprotected

q-invoice connect for Gravity Forms Attack Surface

Entry Points1

Unprotected1

AJAX Handlers 1

authwp_ajax_gf_resend_requestqinvoiceconnect.php:33

WordPress Hooks 8

actionadmin_initclass-gf-qinvoice-connect.php:50

filterplugin_row_metaclass-gf-qinvoice-connect.php:51

actiongform_loadedqinvoiceconnect.php:16

actiongform_post_payment_actionqinvoiceconnect.php:18

actiongform_ideal_fulfillmentqinvoiceconnect.php:22

actiongform_sisow_fulfillmentqinvoiceconnect.php:25

actiongform_entry_detail_sidebar_middleqinvoiceconnect.php:32

actionplugins_loadedqinvoiceconnect.php:41

Maintenance & Trust

q-invoice connect for Gravity Forms Maintenance & Trust

Maintenance Signals

WordPress version tested5.4.19

Last updatedUnknown

PHP min version

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

q-invoice connect for Gravity Forms Alternatives

Client Invoicing by Sprout Invoices – Easy Estimates and Invoices for WordPress

sprout-invoices

The best invoicing plugin for WordPress. See how you can get paid faster without those hidden service fees.

1K 8 CVEs

Gravity Forms + Sprout Invoices – Easy Invoice & Estimate Submissions

sprout-invoices-gravity-forms

100

Dynamic invoicing (and estimates/quotes) from Gravity Form submissions.

90 No CVEs

Quotes Addon for GetPaid

invoicing-quotes

100

Quotes add-on for the WordPress payments plugin GetPaid. Allows you to create quotes, send them to clients and convert them to Invoices when accepted …

700 No CVEs

WP Forms + Sprout Invoices – Easy Invoice & Quote Submissions

sprout-invoices-wp-forms

100

Dynamic invoicing (and estimates/quotes) from WP Form submissions.

400 No CVEs

Formidable Forms + Sprout Invoices – Easy Invoice & Estimate Submissions

sprout-invoices-formidable-forms

100

Dynamic invoicing (and estimates/quotes) from Formidable Form submissions.

200 No CVEs

Developer Profile

q-invoice connect for Gravity Forms Developer Profile

q-invoice.nl

4 plugins · 90 total installs

trust score

Avg Security Score

89/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect q-invoice connect for Gravity Forms

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/qinvoice-connect-for-gravity-forms/css/gf_qinvoiceconnect.css/wp-content/plugins/qinvoice-connect-for-gravity-forms/js/gf_qinvoiceconnect.js

Script Paths

/wp-content/plugins/qinvoice-connect-for-gravity-forms/js/gf_qinvoiceconnect.js

Version Parameters

/wp-content/plugins/qinvoice-connect-for-gravity-forms/css/gf_qinvoiceconnect.css?ver=/wp-content/plugins/qinvoice-connect-for-gravity-forms/js/gf_qinvoiceconnect.js?ver=

HTML / DOM Fingerprints

CSS Classes

gf_qinvoiceconnect_invoice_container

Data Attributes

gf_resend_notifications

JS Globals

gf_qinvoiceconnect

FAQ