WP-Safety

Swiss QR Bill Security & Risk Analysis

wordpress.org/plugins/swiss-qr-bill

Swiss QR Bill extends WooCommerce with a new payment method, allowing you to easily send automated and standardized Swiss QR bills to your clients.

100 active installs v1.2.4 PHP 7.0+ WP 4.6+ Updated May 31, 2022
qrqr-billswissswitzerlandwoocommerce
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Swiss QR Bill Safe to Use in 2026?

Generally Safe

Score 85/100

Swiss QR Bill has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago
Risk Assessment

The "swiss-qr-bill" plugin v1.2.4 exhibits a mixed security posture. While the absence of known CVEs and the use of prepared statements for all SQL queries are positive indicators, significant concerns arise from the static analysis. The plugin has a single identified entry point via an AJAX handler that lacks any authentication checks, presenting a direct attack vector. Furthermore, the presence of two instances of the `unserialize` function, a notoriously dangerous function if used with untrusted input, coupled with a low output escaping rate (66%), increases the risk of remote code execution or data manipulation vulnerabilities.

The lack of recorded vulnerabilities in its history is encouraging, but this could be due to a lack of rigorous testing or exploitation attempts rather than inherent security. The bundled TCPDF v1.0.004 library is also outdated, which could contain known vulnerabilities. The plugin's overall security is weakened by the critical unprotected AJAX endpoint and the potentially dangerous use of `unserialize` without clear input validation. While the absence of complex taint flows is a positive sign, the identified issues warrant careful consideration and remediation.

Key Concerns

  • Unprotected AJAX handler
  • Use of unserialize function
  • Low output escaping rate
  • Bundled outdated library (TCPDF)
Vulnerabilities
None known

Swiss QR Bill Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Swiss QR Bill Code Analysis

Dangerous Functions
2
Raw SQL Queries
0
0 prepared
Unescaped Output
33
64 escaped
Nonce Checks
4
Capability Checks
0
File Operations
32
External Requests
2
Bundled Libraries
1

Dangerous Functions Found

unserializedo_action('invoice_generate', sanitize_text_field($order->get_id()), unserialize($gateway_options));admin\class-wc-swiss-qr-bill-admin.php:331
unserializedo_action('invoice_generate', sanitize_text_field($order->get_id()), unserialize($gateway_options));includes\gateway\abstract-wc-gateway-swiss-qr-bill.php:330

Bundled Libraries

TCPDF1.0.004

Output Escaping

66% escaped97 total outputs
Attack Surface
1 unprotected

Swiss QR Bill Attack Surface

Entry Points1
Unprotected1

AJAX Handlers 1

authwp_ajax_view_swiss_qr_billadmin\class-wc-swiss-qr-bill-admin.php:77
WordPress Hooks 22
actionproduct_cat_add_form_fieldsadmin\class-settings-wsqb-product-cat.php:15
actionproduct_cat_edit_form_fieldsadmin\class-settings-wsqb-product-cat.php:16
actioncreated_product_catadmin\class-settings-wsqb-product-cat.php:18
actionedited_product_catadmin\class-settings-wsqb-product-cat.php:19
actionadmin_initadmin\class-wc-swiss-qr-bill-admin.php:60
actionadmin_initadmin\class-wc-swiss-qr-bill-admin.php:61
actionpre_update_option_woocommerce_default_countryadmin\class-wc-swiss-qr-bill-admin.php:62
filteradmin_noticesadmin\class-wc-swiss-qr-bill-admin.php:63
filterwoocommerce_payment_gatewaysadmin\class-wc-swiss-qr-bill-admin.php:66
actionadd_meta_boxes_shop_orderadmin\class-wc-swiss-qr-bill-admin.php:75
actionadmin_noticesadmin\class-wc-swiss-qr-bill-admin.php:150
actionadmin_enqueue_scriptsincludes\class-wc-swiss-qr-bill.php:150
actionadmin_enqueue_scriptsincludes\class-wc-swiss-qr-bill.php:151
filteradmin_noticesincludes\class-wc-swiss-qr-bill.php:157
filterwoocommerce_payment_complete_order_statusincludes\gateway\abstract-wc-gateway-swiss-qr-bill.php:47
actionwoocommerce_email_before_order_tableincludes\gateway\abstract-wc-gateway-swiss-qr-bill.php:50
filterwoocommerce_my_account_my_orders_actionsincludes\gateway\abstract-wc-gateway-swiss-qr-bill.php:53
actionwoocommerce_before_resend_order_emailsincludes\gateway\abstract-wc-gateway-swiss-qr-bill.php:56
actionwoocommerce_after_resend_order_emailincludes\gateway\abstract-wc-gateway-swiss-qr-bill.php:57
actioninvoice_generateincludes\gateway\class-wc-swiss-qr-bill-generate.php:39
filterwoocommerce_email_attachmentsincludes\gateway\class-wc-swiss-qr-bill-generate.php:40
actionplugins_loadedswiss-qr-bill.php:82
Maintenance & Trust

Swiss QR Bill Maintenance & Trust

Maintenance Signals

WordPress version tested5.8.13
Last updatedMay 31, 2022
PHP min version7.0
Downloads6K

Community Trust

Rating100/100
Number of ratings4
Active installs100
Alternatives

Swiss QR Bill Alternatives

Swiss 5-cent Rounding

Swiss 5-cent Rounding

swiss-5-cent-rounding

A
85

Swiss 5-cent Rounding allows you to easily apply rounding to the nearest 0.05 interval for discount and VAT amounts in your WooCommerce shop.

100 No CVEs
Kaya QR Code Generator

Kaya QR Code Generator

kaya-qr-code-generator

A
99

Generate QR Code through Widgets and Shortcodes, without any dependencies.

20K 2 CVEs
UPI QR Code Payment Gateway for WooCommerce

UPI QR Code Payment Gateway for WooCommerce

upi-qr-code-payment-for-woocommerce

A
99

This Plugin enables WooCommerce shop owners to get direct and instant payments through UPI apps like BHIM, GooglePay, PhonePe or any banking UPI app.

20K 1 CVE
Bangladeshi Payment Gateways – Make Payment Using QR Code

Bangladeshi Payment Gateways – Make Payment Using QR Code

bangladeshi-payment-gateways

A
100

Bangladeshi Payment Gateways for WooCommerce.

5K 1 CVE
WPify Woo Czech

WPify Woo Czech

wpify-woo

A
98

Adds Czech and Slovak features to WooCommerce: Heureka, CRN/VAT fields, free shipping notice, QR payments, async emails and more.

5K 3 CVEs
Developer Profile

Swiss QR Bill Developer Profile

swissplugins

2 plugins · 200 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Swiss QR Bill

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/swiss-qr-bill/admin/css/wc-swiss-qr-bill-admin.css
Script Paths
/wp-content/plugins/swiss-qr-bill/admin/js/wc-swiss-qr-bill-admin.js
Version Parameters
wc-swiss-qr-bill-admin.css?ver=wc-swiss-qr-bill-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
woocommerce_wc_swiss_qr_bill_qr_ibanwoocommerce_wc_swiss_qr_bill_shop_logowoocommerce_wc_swiss_qr_bill_login_restriction
Data Attributes
data-orig-valuedata-orig-name
JS Globals
wsqb_translationwsqb_data
FAQ

Frequently Asked Questions about Swiss QR Bill