WP-Safety

Sliced Invoices – WordPress Invoice Plugin Security & Risk Analysis

wordpress.org/plugins/sliced-invoices

A WordPress invoicing plugin for creating invoices and quotes. Online payments, manage clients, reports, exports, taxes & more.

5K active installs v3.10.0 PHP 5.5+ WP 4.0+ Updated Dec 12, 2025
invioceinvoiceinvoicingpdf-invoicequote
74
B · Generally Safe
CVEs total4
Unpatched1
Last CVEMar 31, 2025
Plugin page Download
Safety Verdict

Is Sliced Invoices – WordPress Invoice Plugin Safe to Use in 2026?

Mostly Safe

Score 74/100

Sliced Invoices – WordPress Invoice Plugin is generally safe to use. 4 past CVEs were resolved. Keep it updated.

4 known CVEs 1 unpatched Last CVE: Mar 31, 2025Updated 3mo ago
Risk Assessment

The Sliced Invoices plugin, version 3.10.0, presents a mixed security posture. While it demonstrates some good practices such as a significant percentage of properly escaped outputs and the use of prepared statements in a majority of its SQL queries, notable concerns exist. The static analysis reveals a substantial attack surface with 9 AJAX handlers, 6 of which lack authentication checks, indicating a potential for unauthorized actions. The taint analysis found several flows with unsanitized paths, though thankfully none reached critical or high severity levels in this version. The plugin's vulnerability history is a significant red flag, with 4 known CVEs and one high-severity, currently unpatched vulnerability. The pattern of past vulnerabilities, including missing authorization, XSS, and SQL injection, further emphasizes the need for vigilance.

Key Concerns

  • Unpatched High Severity CVE
  • High percentage of AJAX handlers without auth checks
  • Taint flows with unsanitized paths
  • SQL queries with missing prepared statements
  • History of common vulnerability types
Vulnerabilities
4

Sliced Invoices – WordPress Invoice Plugin Security Vulnerabilities

CVEs by Year

2 CVEs in 2019
2019
1 CVE in 2024
2024
1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

High
1
Medium
3

4 total CVEs

CVE-2025-31628medium · 5.3Missing Authorization

Sliced Invoices <= 3.9.5 - Missing Authorization

Mar 31, 2025Unpatched
CVE-2024-30517medium · 4.3Missing Authorization

Sliced Invoices <= 3.9.2 - Missing Authorization

Mar 28, 2024 Patched in 3.9.3 (7d)
WF-e0e70739-88c2-498e-b96c-1f27b8641cb8-sliced-invoicesmedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Sliced Invoices <= 3.8.2 - Reflected Cross-Site Scripting

Oct 22, 2019 Patched in 3.8.3 (1554d)
CVE-2020-20625high · 7.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Sliced Invoices < 3.8.4 - Authenticated SQL Injection

Oct 17, 2019 Patched in 3.8.4 (1559d)
Code Analysis
Analyzed Mar 16, 2026

Sliced Invoices – WordPress Invoice Plugin Code Analysis

Dangerous Functions
0
Raw SQL Queries
9
12 prepared
Unescaped Output
106
357 escaped
Nonce Checks
19
Capability Checks
23
File Operations
9
External Requests
4
Bundled Libraries
0

SQL Query Safety

57% prepared21 total queries

Output Escaping

77% escaped463 total outputs
Data Flows
9 unsanitized

Data Flow Analysis

20 flows9 with unsanitized paths
show_filters (admin\includes\sliced-admin-columns.php:430)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
6 unprotected

Sliced Invoices – WordPress Invoice Plugin Attack Surface

Entry Points9
Unprotected6

AJAX Handlers 9

authwp_ajax_sliced_hide_noticeadmin\includes\sliced-admin-notices.php:44
authwp_ajax_sliced_sure_to_emailadmin\includes\sliced-admin-notifications.php:81
authwp_ajax_sliced-send-emailadmin\includes\sliced-admin-notifications.php:82
authwp_ajax_sliced-search-clientscore\class-sliced.php:204
authwp_ajax_sliced-search-non-clientscore\class-sliced.php:205
authwp_ajax_sliced-create-usercore\class-sliced.php:206
authwp_ajax_sliced-update-usercore\class-sliced.php:207
authwp_ajax_sliced-get-clientcore\class-sliced.php:208
authwp_ajax_sliced-update-clientcore\class-sliced.php:209
WordPress Hooks 156
actionsave_postadmin\class-sliced-admin.php:1289
actionadmin_initadmin\includes\sliced-admin-columns.php:33
actionpre_get_postsadmin\includes\sliced-admin-columns.php:48
actionpre_get_postsadmin\includes\sliced-admin-columns.php:50
filterrequestadmin\includes\sliced-admin-columns.php:52
actionrestrict_manage_postsadmin\includes\sliced-admin-columns.php:54
filtermanage_edit-sliced_quote_columnsadmin\includes\sliced-admin-columns.php:57
filtermanage_edit-sliced_invoice_columnsadmin\includes\sliced-admin-columns.php:58
actionmanage_sliced_quote_posts_custom_columnadmin\includes\sliced-admin-columns.php:59
actionmanage_sliced_invoice_posts_custom_columnadmin\includes\sliced-admin-columns.php:60
filtermanage_edit-sliced_quote_sortable_columnsadmin\includes\sliced-admin-columns.php:61
filtermanage_edit-sliced_invoice_sortable_columnsadmin\includes\sliced-admin-columns.php:62
filterget_the_termsadmin\includes\sliced-admin-columns.php:65
filterviews_edit-sliced_quoteadmin\includes\sliced-admin-columns.php:68
filterviews_edit-sliced_invoiceadmin\includes\sliced-admin-columns.php:69
filterget_search_queryadmin\includes\sliced-admin-columns.php:603
actionload-users.phpadmin\includes\sliced-admin-columns.php:666
actionmanage_users_custom_columnadmin\includes\sliced-admin-columns.php:678
filtermanage_users_columnsadmin\includes\sliced-admin-columns.php:679
filtermanage_users_sortable_columnsadmin\includes\sliced-admin-columns.php:680
actionpre_user_queryadmin\includes\sliced-admin-columns.php:681
actioninitadmin\includes\sliced-admin-help.php:22
actionload-edit.phpadmin\includes\sliced-admin-help.php:36
actionload-post.phpadmin\includes\sliced-admin-help.php:37
actionload-post-new.phpadmin\includes\sliced-admin-help.php:38
actionsliced_loadedadmin\includes\sliced-admin-logs.php:12
actionpublish_sliced_invoiceadmin\includes\sliced-admin-logs.php:31
actionpublish_sliced_quoteadmin\includes\sliced-admin-logs.php:32
actionset_object_termsadmin\includes\sliced-admin-logs.php:35
actionset_object_termsadmin\includes\sliced-admin-logs.php:36
actionsliced_client_declined_quoteadmin\includes\sliced-admin-logs.php:39
actionsliced_client_accepted_quoteadmin\includes\sliced-admin-logs.php:42
actionsliced_client_accepted_quoteadmin\includes\sliced-admin-logs.php:43
actionsliced_invoices_admin_after_convert_quote_to_invoiceadmin\includes\sliced-admin-logs.php:44
actionsliced_payment_madeadmin\includes\sliced-admin-logs.php:47
actionsliced_quote_available_email_sentadmin\includes\sliced-admin-logs.php:50
actionsliced_invoice_available_email_sentadmin\includes\sliced-admin-logs.php:51
actionsliced_invoice_payment_reminder_email_sentadmin\includes\sliced-admin-logs.php:52
actionsliced_invoice_payment_received_email_sentadmin\includes\sliced-admin-logs.php:53
actionshutdownadmin\includes\sliced-admin-logs.php:56
actionshutdownadmin\includes\sliced-admin-logs.php:57
actionsliced_loadedadmin\includes\sliced-admin-metaboxes.php:16
actioncmb2_admin_initadmin\includes\sliced-admin-metaboxes.php:40
actioncmb2_admin_initadmin\includes\sliced-admin-metaboxes.php:41
actioncmb2_admin_initadmin\includes\sliced-admin-metaboxes.php:42
actioncmb2_admin_initadmin\includes\sliced-admin-metaboxes.php:43
actioncmb2_admin_initadmin\includes\sliced-admin-metaboxes.php:44
actiondo_meta_boxesadmin\includes\sliced-admin-metaboxes.php:45
actionpost_submitbox_misc_actionsadmin\includes\sliced-admin-metaboxes.php:48
filterget_termsadmin\includes\sliced-admin-metaboxes.php:52
actionswitch_themeadmin\includes\sliced-admin-notices.php:35
actionsliced_activatedadmin\includes\sliced-admin-notices.php:36
actionwp_loadedadmin\includes\sliced-admin-notices.php:37
actionshutdownadmin\includes\sliced-admin-notices.php:38
actionadmin_print_stylesadmin\includes\sliced-admin-notices.php:41
actionadmin_noticesadmin\includes\sliced-admin-notices.php:193
actionadmin_noticesadmin\includes\sliced-admin-notices.php:195
actioninitadmin\includes\sliced-admin-notifications.php:14
filtersliced_actions_columnadmin\includes\sliced-admin-notifications.php:76
actionadmin_footeradmin\includes\sliced-admin-notifications.php:79
actionsliced_send_payment_notificationadmin\includes\sliced-admin-notifications.php:86
actionsliced_send_payment_notificationadmin\includes\sliced-admin-notifications.php:87
actionsliced_send_payment_reminder_notificationadmin\includes\sliced-admin-notifications.php:88
actionsliced_client_accepted_quoteadmin\includes\sliced-admin-notifications.php:89
actionsliced_client_declined_quoteadmin\includes\sliced-admin-notifications.php:90
filtersliced_get_email_subjectadmin\includes\sliced-admin-notifications.php:93
filtersliced_get_email_contentadmin\includes\sliced-admin-notifications.php:94
actionsliced_quote_available_email_sentadmin\includes\sliced-admin-notifications.php:97
actionsliced_invoice_available_email_sentadmin\includes\sliced-admin-notifications.php:98
filterwp_mail_content_typeadmin\includes\sliced-admin-notifications.php:496
actionadmin_initadmin\includes\sliced-admin-options.php:54
actionadmin_menuadmin\includes\sliced-admin-options.php:55
actionnetwork_admin_menuadmin\includes\sliced-admin-options.php:56
actionsliced_loadedadmin\includes\sliced-admin-quick-edit.php:17
actionquick_edit_custom_boxadmin\includes\sliced-admin-quick-edit.php:31
actionsave_postadmin\includes\sliced-admin-quick-edit.php:32
actionadmin_head-edit.phpadmin\includes\sliced-admin-quick-edit.php:33
actionadmin_initadmin\includes\sliced-admin-reports.php:22
actionsliced_tools_tab_system_infoadmin\includes\sliced-admin-tools.php:18
actionsliced_tools_tab_importeradmin\includes\sliced-admin-tools.php:19
actionsliced_tools_tab_exporteradmin\includes\sliced-admin-tools.php:20
actionadmin_initadmin\includes\sliced-admin-tools.php:21
actionadmin_enqueue_scriptscore\class-sliced.php:186
actionadmin_enqueue_scriptscore\class-sliced.php:187
filtercmb2_script_dependenciescore\class-sliced.php:189
actioninitcore\class-sliced.php:191
actioninitcore\class-sliced.php:192
actioninitcore\class-sliced.php:193
actioninitcore\class-sliced.php:194
actioninitcore\class-sliced.php:195
actioninitcore\class-sliced.php:196
actioninitcore\class-sliced.php:197
filteradmin_body_classcore\class-sliced.php:199
filteradd_meta_boxescore\class-sliced.php:200
actionadmin_footer-post-new.phpcore\class-sliced.php:210
actionadmin_footer-post.phpcore\class-sliced.php:211
actionadmin_footer_textcore\class-sliced.php:212
actionadmin_action_duplicate_quote_invoicecore\class-sliced.php:214
filterpost_row_actionscore\class-sliced.php:215
filterpage_row_actionscore\class-sliced.php:216
filterpost_updated_messagescore\class-sliced.php:218
actionadmin_noticescore\class-sliced.php:219
filterenter_title_herecore\class-sliced.php:220
actionload-edit.phpcore\class-sliced.php:222
actionadmin_initcore\class-sliced.php:223
filteradmin_action_convert_quote_to_invoicecore\class-sliced.php:224
filteradmin_action_create_invoice_from_quotecore\class-sliced.php:225
filterwp_insert_post_datacore\class-sliced.php:226
actionsave_postcore\class-sliced.php:227
actionsave_postcore\class-sliced.php:228
actionpost_updatedcore\class-sliced.php:229
actionsliced_invoices_hourly_taskscore\class-sliced.php:234
actionsliced_headcore\class-sliced.php:249
actionsliced_invoice_headcore\class-sliced.php:251
actionsliced_invoice_headcore\class-sliced.php:252
actionsliced_quote_headcore\class-sliced.php:254
actionsliced_quote_headcore\class-sliced.php:255
actionsliced_quote_footercore\class-sliced.php:257
actionscript_loader_tagcore\class-sliced.php:259
filtersingle_templatecore\class-sliced.php:261
filterpage_templatecore\class-sliced.php:262
filterprivate_title_formatcore\class-sliced.php:264
filterprotected_title_formatcore\class-sliced.php:265
actionsliced_invoice_after_bodycore\class-sliced.php:267
actionsliced_quote_after_bodycore\class-sliced.php:268
actionsliced_loadedincludes\class-sliced-shared.php:15
actionsliced_loadedincludes\gateways\sliced-gateway-paypal.php:13
actionadmin_headincludes\gateways\sliced-gateway-paypal.php:39
filtersliced_payment_option_fieldsincludes\gateways\sliced-gateway-paypal.php:40
filtersliced_register_payment_methodincludes\gateways\sliced-gateway-paypal.php:41
actionsliced_do_paymentincludes\gateways\sliced-gateway-paypal.php:42
actionsliced_do_paymentincludes\gateways\sliced-gateway-paypal.php:43
actionhttp_api_curlincludes\gateways\sliced-gateway-paypal.php:44
actionsliced_loadedincludes\invoice\class-sliced-invoice.php:13
actionwp_insert_postincludes\invoice\class-sliced-invoice.php:45
actionsliced_loadedincludes\payments\sliced-shared-payments.php:13
actionsliced_invoice_top_bar_leftincludes\payments\sliced-shared-payments.php:33
filtersliced_invoice_footerincludes\payments\sliced-shared-payments.php:34
actionsliced_quote_top_bar_leftincludes\payments\sliced-shared-payments.php:36
filtersliced_quote_footerincludes\payments\sliced-shared-payments.php:37
filtersliced_quote_footerincludes\payments\sliced-shared-payments.php:38
actionsliced_payment_madeincludes\payments\sliced-shared-payments.php:40
actionsliced_do_paymentincludes\payments\sliced-shared-payments.php:42
actionsliced_do_paymentincludes\payments\sliced-shared-payments.php:43
actionsliced_loadedincludes\quote\class-sliced-quote.php:13
actionwp_insert_postincludes\quote\class-sliced-quote.php:42
filtercomment_post_redirectpublic\class-sliced-public.php:58
filterpre_comment_approvedpublic\class-sliced-public.php:59
filterwp_sitemaps_post_typespublic\class-sliced-public.php:62
actionplugins_loadedsliced-invoices.php:75
actioninitsliced-invoices.php:443
filterautoptimize_filter_noptimizesliced-invoices.php:456
actioninitsliced-invoices.php:506
actionget_template_part_sliced-invoice-displaysliced-invoices.php:553
actionget_template_part_sliced-quote-displaysliced-invoices.php:554
actionget_template_part_sliced-payment-displaysliced-invoices.php:555

Scheduled Events 2

sliced_invoices_hourly_tasks
sliced_invoices_hourly_tasks
Maintenance & Trust

Sliced Invoices – WordPress Invoice Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 12, 2025
PHP min version5.5
Downloads253K

Community Trust

Rating92/100
Number of ratings117
Active installs5K
Alternatives

Sliced Invoices – WordPress Invoice Plugin Alternatives

Client Invoicing by Sprout Invoices – Easy Estimates and Invoices for WordPress

Client Invoicing by Sprout Invoices – Easy Estimates and Invoices for WordPress

sprout-invoices

A
89

The best invoicing plugin for WordPress. See how you can get paid faster without those hidden service fees.

1K 8 CVEs
Quotes Addon for GetPaid

Quotes Addon for GetPaid

invoicing-quotes

A
100

Quotes add-on for the WordPress payments plugin GetPaid. Allows you to create quotes, send them to clients and convert them to Invoices when accepted &hellip;

700 No CVEs
Easy Invoice – Professional Invoice & Quote Generator

Easy Invoice – Professional Invoice & Quote Generator

easy-invoice

A
96

WordPress invoicing solution for freelancers & businesses. Create invoices, PDF quotes, accept payments, and automate billing—all in one plugin.

500 2 CVEs
WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes & Shipping Labels

WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes & Shipping Labels

print-invoices-packing-slip-labels-for-woocommerce

A
96

Auto-generate and attach WooCommerce PDF invoices and packing slips to order emails with customizable templates & bulk print options.

60K 6 CVEs
Print Invoice & Delivery Notes for WooCommerce

Print Invoice & Delivery Notes for WooCommerce

woocommerce-delivery-notes

A
89

Create and print PDF invoices, delivery notes and receipts for your WooCommerce orders. Choose your document format from multiple templates.

30K 8 CVEs
Developer Profile

Sliced Invoices – WordPress Invoice Plugin Developer Profile

SlicedInvoices

4 plugins · 5K total installs

66
trust score
Avg Security Score
82/100
Avg Patch Time
1040 days
View full developer profile
Detection Fingerprints

How We Detect Sliced Invoices – WordPress Invoice Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/sliced-invoices/assets/css/admin-menu.css/wp-content/plugins/sliced-invoices/assets/css/admin-page.css/wp-content/plugins/sliced-invoices/assets/css/editor.css/wp-content/plugins/sliced-invoices/assets/css/frontend.css/wp-content/plugins/sliced-invoices/assets/css/invoices.css/wp-content/plugins/sliced-invoices/assets/css/quotes.css/wp-content/plugins/sliced-invoices/assets/css/shared.css/wp-content/plugins/sliced-invoices/assets/js/admin-menu.js+6 more
Generator Patterns
Sliced Invoices
Script Paths
assets/js/admin-menu.jsassets/js/admin-page.jsassets/js/editor.jsassets/js/frontend.jsassets/js/invoices.jsassets/js/quotes.js+1 more
Version Parameters
sliced-invoices/assets/css/admin-menu.css?ver=sliced-invoices/assets/css/admin-page.css?ver=sliced-invoices/assets/css/editor.css?ver=sliced-invoices/assets/css/frontend.css?ver=sliced-invoices/assets/css/invoices.css?ver=sliced-invoices/assets/css/quotes.css?ver=sliced-invoices/assets/css/shared.css?ver=sliced-invoices/assets/js/admin-menu.js?ver=sliced-invoices/assets/js/admin-page.js?ver=sliced-invoices/assets/js/editor.js?ver=sliced-invoices/assets/js/frontend.js?ver=sliced-invoices/assets/js/invoices.js?ver=sliced-invoices/assets/js/quotes.js?ver=sliced-invoices/assets/js/shared.js?ver=

HTML / DOM Fingerprints

CSS Classes
sliced-invoices-admin-menusliced-invoices-admin-pagesliced-invoices-editorsliced-invoices-frontendsliced-invoices-invoicessliced-invoices-quotessliced-invoices-sharedsliced_invoice_template
HTML Comments
<!-- Sliced Invoices --><!-- Sliced Invoices Database Updates -->
Data Attributes
data-sliced-invoices-id
JS Globals
SlicedAdminMenuSlicedAdminPageSlicedEditorSlicedFrontendSlicedInvoicesSlicedQuotes+1 more
REST Endpoints
/wp-json/sliced-invoices/v1/quotes/wp-json/sliced-invoices/v1/invoices
Shortcode Output
[sliced_invoices][sliced_quotes]
FAQ

Frequently Asked Questions about Sliced Invoices – WordPress Invoice Plugin