WP-Safety

Simple Fatoora Security & Risk Analysis

wordpress.org/plugins/simple-fatoora

Simple Fatoora is an authorized ZATCA e-invoicing solution provider. Generate fully compliant Phase 2 e‑invoices, QR codes, and secure reporting direc …

0 active installs v1.5.1 PHP 7.4+ WP 5.2+ Updated Jan 30, 2026
invoiceqr-codevatwoocommercezatca
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Simple Fatoora Safe to Use in 2026?

Generally Safe

Score 100/100

Simple Fatoora has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago
Risk Assessment

The 'simple-fatoora' v1.5.1 plugin exhibits a generally good security posture due to its strong use of prepared statements for SQL queries and the presence of nonce and capability checks on its limited entry points. The static analysis indicates that the plugin does not utilize dangerous functions, perform file operations, or include bundled libraries that could introduce vulnerabilities. However, the analysis also reveals concerning signals. Specifically, a significant portion of output (54%) is not properly escaped, which could lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is present in these unescaped outputs. Furthermore, the taint analysis identified one high-severity flow with unsanitized paths, suggesting a potential avenue for exploitation, even if classified as non-critical for now. The lack of any recorded vulnerabilities in its history is a positive indicator of past security maturity. Overall, while the plugin has strengths in core security practices, the unescaped output and the high-severity taint flow present notable risks that require attention.

Key Concerns

  • High severity taint flow with unsanitized path
  • Less than 100% of output is properly escaped
Vulnerabilities
None known

Simple Fatoora Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Simple Fatoora Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
10 prepared
Unescaped Output
93
80 escaped
Nonce Checks
5
Capability Checks
4
File Operations
0
External Requests
3
Bundled Libraries
0

SQL Query Safety

100% prepared10 total queries

Output Escaping

46% escaped173 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

5 flows3 with unsanitized paths
render_tab (includes\class-simpfa-wc-settings-tab.php:22)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Simple Fatoora Attack Surface

Entry Points1
Unprotected0

AJAX Handlers 1

authwp_ajax_simpfa_save_tokenincludes\class-simpfa-wc-settings-tab.php:13
WordPress Hooks 33
filterwoocommerce_checkout_fieldsincludes\class-simpfa-checkout.php:7
actionwoocommerce_checkout_processincludes\class-simpfa-checkout.php:9
actionwoocommerce_checkout_update_order_metaincludes\class-simpfa-checkout.php:11
actionwoocommerce_after_checkout_formincludes\class-simpfa-checkout.php:13
actionwoocommerce_checkout_update_order_metaincludes\class-simpfa-handler.php:19
actionwoocommerce_order_status_completedincludes\class-simpfa-handler.php:30
actionadmin_post_sync_orderincludes\class-simpfa-handler.php:34
actionadmin_noticesincludes\class-simpfa-handler.php:35
actionwoocommerce_order_status_refundedincludes\class-simpfa-handler.php:38
actionwoocommerce_order_refundedincludes\class-simpfa-handler.php:39
actionwoocommerce_order_partially_refundedincludes\class-simpfa-handler.php:40
actionwoocommerce_refund_createdincludes\class-simpfa-handler.php:41
actionadmin_initincludes\class-simpfa-init.php:6
filtermanage_edit-shop_order_columnsincludes\class-simpfa-order-ui.php:10
actionmanage_shop_order_posts_custom_columnincludes\class-simpfa-order-ui.php:11
filtermanage_woocommerce_page_wc-orders_columnsincludes\class-simpfa-order-ui.php:12
actionwoocommerce_admin_order_list_column_order_sync_statusincludes\class-simpfa-order-ui.php:13
actionmanage_woocommerce_page_wc-orders_custom_columnincludes\class-simpfa-order-ui.php:14
actionadmin_enqueue_scriptsincludes\class-simpfa-order-ui.php:15
actionwoocommerce_order_details_after_order_tableincludes\class-simpfa-order-ui.php:17
actionwoocommerce_admin_order_data_after_billing_addressincludes\class-simpfa-order-ui.php:19
actionwoocommerce_admin_order_data_after_order_detailsincludes\class-simpfa-order-ui.php:21
actionwoocommerce_email_after_order_tableincludes\class-simpfa-order-ui.php:22
actionwoocommerce_process_shop_order_metaincludes\class-simpfa-order-ui.php:24
filterwoocommerce_settings_tabs_arrayincludes\class-simpfa-wc-settings-tab.php:6
actionwoocommerce_settings_tabs_simpfaincludes\class-simpfa-wc-settings-tab.php:7
actionwoocommerce_update_options_simpfaincludes\class-simpfa-wc-settings-tab.php:8
actionwoocommerce_settings_save_simpfaincludes\class-simpfa-wc-settings-tab.php:9
actionadmin_enqueue_scriptsincludes\class-simpfa-wc-settings-tab.php:10
actionadmin_post_simpfa_wc_disconnectincludes\class-simpfa-wc-settings-tab.php:11
actionadmin_post_simpfa_wc_saveincludes\class-simpfa-wc-settings-tab.php:12
actionplugins_loadedsimple-fatoora.php:87
actionadmin_noticessimple-fatoora.php:98
Maintenance & Trust

Simple Fatoora Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedJan 30, 2026
PHP min version7.4
Downloads623

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Simple Fatoora Alternatives

ZATCA E-Invoice for WooCommerce

ZATCA E-Invoice for WooCommerce

zatca-e-invoice-for-woocommerce

A
100

Generate ZATCA compliant invoices with QR codes for WooCommerce orders (Free Version).

10 No CVEs
Flexible PDF Invoices for WooCommerce & WordPress

Flexible PDF Invoices for WooCommerce & WordPress

flexible-invoices

A
99

WooCommerce PDF invoices made simple. EU VAT validation, reverse charge invoice, proforma invoices, MOSS / OSS support, invoices in bulk and more.

7K 1 CVE
LT Invoices for WooCommerce

LT Invoices for WooCommerce

lt-invoices-for-woocommerce

A
100

PDF invoices for Lithuania: Proforma and VAT invoices for WooCommerce orders.

20 No CVEs
Posnet Printer Integration Plugin

Posnet Printer Integration Plugin

posnet-printer-for-woocommerce

A
85

Plugin demonstrates a way to integrate Posnet printers with your WordPress/WooCommerce website. Posnet fiscal printers are widely used fiscal printers …

10 No CVEs
Mizzox Invoices

Mizzox Invoices

faktury-mizzox

A
100

Plugin integrating Mizzox application with WooCommerce, enabling automatic Mizzox invoice generation based on WooCommerce orders.

0 No CVEs
Developer Profile

Simple Fatoora Developer Profile

Future Base

1 plugin · 0 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Simple Fatoora

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/simple-fatoora/assets/css/simple-fatoora-admin.css
Version Parameters
simple-fatoora/style.css?ver=simple-fatoora-admin.css?ver=

HTML / DOM Fingerprints

CSS Classes
simpfa-status-wrappersimpfa-statussyncedsync-indicatorgreenview-invoice-buttonsync-order-button
Data Attributes
data-simpfa-sync-nonce
JS Globals
simpfa_sync_noncesimpfa_sync_order_url
REST Endpoints
/wp-json/simpfa/v1/sync-order
FAQ

Frequently Asked Questions about Simple Fatoora