WP-Safety

Silvasoft boekhouden Security & Risk Analysis

wordpress.org/plugins/silvasoft-boekhouden

Koppel WooCommerce aan uw Silvasoft bedrijfssoftware voor automatische boekhouding, orders & facturatie en voorraadbeheer. Automatisch. Eenvoudig.

300 active installs v3.0.7 PHP + WP 5.0+ Updated Mar 31, 2026
boekhoudenboekhoudprogrammafacturerensilvasoft-besilvasoft-nl
57
C · Use Caution
CVEs total2
Unpatched2
Last CVEApr 10, 2025
Plugin page Download
Safety Verdict

Is Silvasoft boekhouden Safe to Use in 2026?

Use With Caution

Score 57/100

Silvasoft boekhouden has 2 unpatched vulnerabilities. Evaluate alternatives or apply available mitigations.

2 known CVEs 2 unpatched Last CVE: Apr 10, 2025Updated 9d ago
Risk Assessment

The silvasoft-boekhouden plugin v3.0.5 presents a mixed security posture. While it demonstrates good practices by utilizing prepared statements for all SQL queries and having no bundled libraries or file operations, significant concerns exist in other areas. The presence of one unprotected AJAX handler is a major red flag, providing an immediate entry point for attackers. This is further compounded by the taint analysis revealing two flows with unsanitized paths, both classified as high severity. These flows, coupled with the unprotected AJAX handler, strongly suggest potential for Cross-Site Scripting (XSS) and SQL Injection vulnerabilities, aligning with the plugin's historical vulnerability types.

The plugin's vulnerability history is concerning, with two currently unpatched medium severity CVEs. These past vulnerabilities, specifically XSS and SQL Injection, reinforce the risks identified in the static and taint analyses. The fact that the last vulnerability was in 2025 indicates potential ongoing issues. While the plugin correctly uses prepared statements for SQL, the lack of proper output escaping for 67% of its outputs and the absence of nonce checks on AJAX handlers create further opportunities for exploitation. The overall security posture is weakened by these critical gaps, despite some positive technical implementations.

Key Concerns

  • Unprotected AJAX handler
  • High severity unsanitized taint flows
  • High severity unsanitized taint flows
  • Unpatched medium severity CVE (x2)
  • Majority of outputs not properly escaped
  • No nonce checks on AJAX handlers
  • Only one capability check found
Vulnerabilities
2

Silvasoft boekhouden Security Vulnerabilities

CVEs by Year

2 CVEs in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2025-32504medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Silvasoft boekhouden <= 3.0.5 - Reflected Cross-Site Scripting

Apr 10, 2025Unpatched
CVE-2025-32125medium · 4.9Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Silvasoft boekhouden <= 3.0.1 - Authenticated (Administrator+) SQL Injection

Apr 4, 2025Unpatched
Version History

Silvasoft boekhouden Release Timeline

v3.0.7Current2 CVEs
CVE-2025-32504 CVE-2025-32125
v3.0.62 CVEs
CVE-2025-32504 CVE-2025-32125
v3.0.52 CVEs
CVE-2025-32504 CVE-2025-32125
v3.0.42 CVEs
CVE-2025-32504 CVE-2025-32125
v3.0.32 CVEs
CVE-2025-32504 CVE-2025-32125
v3.0.22 CVEs
CVE-2025-32504 CVE-2025-32125
v3.0.12 CVEs
CVE-2025-32504 CVE-2025-32125
v3.02 CVEs
CVE-2025-32504 CVE-2025-32125
v2.7.42 CVEs
CVE-2025-32504 CVE-2025-32125
v2.7.32 CVEs
CVE-2025-32504 CVE-2025-32125
v2.7.22 CVEs
CVE-2025-32504 CVE-2025-32125
v2.7.12 CVEs
CVE-2025-32504 CVE-2025-32125
v2.7.02 CVEs
CVE-2025-32504 CVE-2025-32125
v2.6.02 CVEs
CVE-2025-32504 CVE-2025-32125
v2.5.02 CVEs
CVE-2025-32504 CVE-2025-32125
v2.4.92 CVEs
CVE-2025-32504 CVE-2025-32125
v2.4.82 CVEs
CVE-2025-32504 CVE-2025-32125
v2.4.72 CVEs
CVE-2025-32504 CVE-2025-32125
v2.4.62 CVEs
CVE-2025-32504 CVE-2025-32125
v2.4.52 CVEs
CVE-2025-32504 CVE-2025-32125
Code Analysis
Analyzed Mar 16, 2026

Silvasoft boekhouden Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
2 prepared
Unescaped Output
55
27 escaped
Nonce Checks
0
Capability Checks
1
File Operations
0
External Requests
3
Bundled Libraries
0

SQL Query Safety

100% prepared2 total queries

Output Escaping

33% escaped82 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths
resendOrderToSilvasoft (admin\class-silvasoft-log.php:61)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Silvasoft boekhouden Attack Surface

Entry Points1
Unprotected1

AJAX Handlers 1

authwp_ajax_sendordertosilvaincludes\class-silvasoft.php:117
WordPress Hooks 17
actionadmin_headadmin\class-silvasoft-log.php:30
actionadmin_initadmin\class-silvasoft-settings.php:17
actionadmin_headadmin\class-silvasoft-status.php:28
actionadmin_enqueue_scriptsincludes\class-silvasoft.php:94
actionadmin_enqueue_scriptsincludes\class-silvasoft.php:95
actionadmin_menuincludes\class-silvasoft.php:98
actionplugins_loadedincludes\class-silvasoft.php:101
actionwoocommerce_order_status_changedincludes\class-silvasoft.php:104
filterwoocommerce_admin_order_actionsincludes\class-silvasoft.php:107
filterbulk_actions-edit-shop_orderincludes\class-silvasoft.php:110
filterhandle_bulk_actions-edit-shop_orderincludes\class-silvasoft.php:111
actionadmin_noticesincludes\class-silvasoft.php:112
actionadmin_headincludes\class-silvasoft.php:115
actionsilvasoft_woo_cronincludes\class-silvasoft.php:119
actionsilvasoft_woo_cron_stockincludes\class-silvasoft.php:120
actionadmin_noticesincludes\class-silvasoft.php:128
filtercron_schedulessilvasoft.php:82

Scheduled Events 2

silvasoft_woo_cron
silvasoft_woo_cron_stock
Maintenance & Trust

Silvasoft boekhouden Maintenance & Trust

Maintenance Signals

WordPress version tested7.0
Last updatedMar 31, 2026
PHP min version
Downloads10K

Community Trust

Rating100/100
Number of ratings2
Active installs300
Alternatives

Silvasoft boekhouden Alternatives

e-Boekhouden.nl

e-Boekhouden.nl

e-boekhoudennl-connector

C
63

A plugin which exports orders to e-Boekhouden.nl

100 1 unpatched
EenvoudigFactureren for WooCommerce

EenvoudigFactureren for WooCommerce

eenvoudigfactureren-for-woocommerce

A
100

Generate invoices in EenvoudigFactureren for WooCommerce orders.

50 No CVEs
Combidesk – e-Boekhouden voor WooCommerce

Combidesk – e-Boekhouden voor WooCommerce

combidesk-eboekhouden

A
100

This integration automatically exchanges important data between WooCommerce and e-Boekhouden. This saves time, you never have to do duplicate work aga &hellip;

10 No CVEs
Developer Profile

Silvasoft boekhouden Developer Profile

silvasoft

1 plugin · 300 total installs

64
trust score
Avg Security Score
57/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Silvasoft boekhouden

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/silvasoft-boekhouden/admin/css/silvasoft-admin.css/wp-content/plugins/silvasoft-boekhouden/admin/js/silvasoft-admin.js
Version Parameters
/wp-content/plugins/silvasoft-boekhouden/admin/css/silvasoft-admin.css?ver=/wp-content/plugins/silvasoft-boekhouden/admin/js/silvasoft-admin.js?ver=

HTML / DOM Fingerprints

FAQ

Frequently Asked Questions about Silvasoft boekhouden