WP-Safety

Sliced Invoices & Gravity Forms Security & Risk Analysis

wordpress.org/plugins/sliced-invoices-gravity-forms

Create an invoice or quote request form using Gravity Forms. Each form entry then creates a quote (or an invoice) using the Sliced Invoices plugin.

100 active installs v1.13.1 PHP + WP 4.0+ Updated May 27, 2022
gravity-formsgravity-forms-add-ongravity-forms-estimategravity-forms-invoicegravity-invoice
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Sliced Invoices & Gravity Forms Safe to Use in 2026?

Generally Safe

Score 85/100

Sliced Invoices & Gravity Forms has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago
Risk Assessment

The static analysis of "sliced-invoices-gravity-forms" v1.13.1 reveals a generally positive security posture with no identified vulnerabilities in its history. The plugin demonstrates good practices by exclusively using prepared statements for SQL queries and having a high percentage of properly escaped output. Furthermore, the absence of external HTTP requests, file operations, and a limited attack surface are all favorable indicators.

However, the presence of the `unserialize` function is a notable concern. While the static analysis did not reveal any exploitable taint flows or specific critical issues stemming from it, the function itself is inherently risky if used with untrusted input, potentially leading to object injection vulnerabilities. The lack of nonce checks and capability checks across the identified entry points, although currently zero, suggests a potential area for future security weaknesses if new entry points are introduced without proper authorization mechanisms.

Given the clean vulnerability history and strong adherence to secure coding practices in most areas, the plugin appears to be well-maintained. The primary risk lies in the potential misuse of `unserialize` and the absence of robust authorization checks on future code additions. Mitigating these concerns would significantly enhance the plugin's security.

Key Concerns

  • Use of unserialize function
  • No nonce checks on entry points
  • No capability checks on entry points
Vulnerabilities
None known

Sliced Invoices & Gravity Forms Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Sliced Invoices & Gravity Forms Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
0 prepared
Unescaped Output
2
23 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$items = unserialize( rgar( $entry, $mapped_line_items ) ); // unserialize the arrayclass-sliced-invoices-gf.php:523

Output Escaping

92% escaped25 total outputs
Attack Surface

Sliced Invoices & Gravity Forms Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 7
actiongform_field_css_classclass-sliced-invoices-gf.php:54
filtergform_field_value_sliced_line_itemsclass-sliced-invoices-gf.php:55
actionsliced_client_headclass-sliced-invoices-gf.php:56
actioninitsliced-invoices-gravity-forms.php:26
actionadmin_noticessliced-invoices-gravity-forms.php:44
actionadmin_noticessliced-invoices-gravity-forms.php:49
actiongform_loadedsliced-invoices-gravity-forms.php:57
Maintenance & Trust

Sliced Invoices & Gravity Forms Maintenance & Trust

Maintenance Signals

WordPress version tested6.0.11
Last updatedMay 27, 2022
PHP min version
Downloads14K

Community Trust

Rating68/100
Number of ratings5
Active installs100
Alternatives

Sliced Invoices & Gravity Forms Alternatives

Gravity Forms Disable Autofill Add-On

Gravity Forms Disable Autofill Add-On

gravity-forms-disable-autofill-add-on

A
85

Disable the browser's ability to autofill forms and input fields on selected Gravity Forms. Ideal for forms with sensitive information and provid …

50 No CVEs
Gravity Forms Zero Spam

Gravity Forms Zero Spam

gravity-forms-zero-spam

A
100

Enhance your Gravity Forms to include anti-spam measures originally based on the work of David Walsh's "Zero Spam" technique.

100K No CVEs
Gravity Booster – Styles & Layouts for Gravity Forms

Gravity Booster – Styles & Layouts for Gravity Forms

styles-and-layouts-for-gravity-forms

A
100

Gravity Booster - Styles and Layouts for Gravity Forms plugin lets you design and style Gravity Forms without CSS coding. You can also use it for addi …

40K No CVEs
Advanced Custom Fields: Gravity Forms Add-on

Advanced Custom Fields: Gravity Forms Add-on

acf-gravityforms-add-on

A
100

Provides an Advanced Custom Field which allows a WordPress user to select a Gravity Form as part of a field group configuration.

30K No CVEs
Event Tracking for Gravity Forms

Event Tracking for Gravity Forms

gravity-forms-google-analytics-event-tracking

A
92

Easily add event tracking using Gravity Forms and your Google Analytics or Google Tag Manager account. Supports Google Analytics v3 and Gravity Forms …

20K No CVEs
Developer Profile

Sliced Invoices & Gravity Forms Developer Profile

SlicedInvoices

4 plugins · 5K total installs

66
trust score
Avg Security Score
82/100
Avg Patch Time
1040 days
View full developer profile
Detection Fingerprints

How We Detect Sliced Invoices & Gravity Forms

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/sliced-invoices-gravity-forms/includes/js/line-items.js
Version Parameters
sliced-invoices-gravity-forms/includes/js/line-items.js?ver=1.13.1

HTML / DOM Fingerprints

CSS Classes
sliced_line_items
Data Attributes
data-plugin-slug="sliced-invoices-gravity-forms"
JS Globals
window.SlicedInvoicesGFvar SlicedInvoicesGF
FAQ

Frequently Asked Questions about Sliced Invoices & Gravity Forms