WP-Safety

TAX SERVICE Electronic HDM Security & Risk Analysis

wordpress.org/plugins/virtual-hdm-for-taxservice-am

Armenian Electronic Fiscal Data Module (HDM) integration for WooCommerce. Tax compliance for Armenian businesses.

10 active installs v1.2.3 PHP 7.4+ WP 5.0+ Updated Nov 5, 2025
electronic-hdmhdm%d5%b0%d5%a4%d5%b4%d5%a7%d5%ac%d5%a5%d5%af%d5%bf%d6%80%d5%b8%d5%b6%d5%a1%d5%b5%d5%ab%d5%b6-%d5%b0%d5%a4%d5%b4
93
A · Safe
CVEs total2
Unpatched0
Last CVENov 5, 2025
Plugin page Download
Safety Verdict

Is TAX SERVICE Electronic HDM Safe to Use in 2026?

Generally Safe

Score 93/100

TAX SERVICE Electronic HDM has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

2 known CVEsLast CVE: Nov 5, 2025Updated 6mo ago
Risk Assessment

The "virtual-hdm-for-taxservice-am" v1.2.3 plugin exhibits a mixed security posture. While it demonstrates good practices in SQL query handling, with 100% of queries using prepared statements, and a high percentage of output escaping, significant concerns remain regarding its attack surface. The presence of four unprotected AJAX handlers represents a critical security gap, allowing unauthenticated users to potentially trigger plugin functionalities. The `move_uploaded_file` function, flagged as a dangerous function, combined with unsanitized path taint flows, further elevates the risk of arbitrary file upload vulnerabilities if not handled with extreme care. The plugin's vulnerability history, including past critical and high severity issues related to missing authorization and SQL injection, highlights a recurring pattern of insecure coding practices. Although there are currently no unpatched CVEs, the history suggests a tendency to introduce vulnerabilities that require external patching, underscoring the need for more robust internal security controls and development lifecycle integration.

Key Concerns

  • High number of unprotected AJAX handlers
  • Use of dangerous function: move_uploaded_file
  • Taint flows with unsanitized paths
  • Past critical CVE (Missing Authorization)
  • Past high CVE (SQL Injection)
Vulnerabilities
2 published

TAX SERVICE Electronic HDM Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Critical
1
High
1

2 total CVEs

CVE-2025-12061critical · 9.8Missing Authorization

Tax Service Electronic HDM <= 1.2.0 - Unauthenticated Arbitrary SQL Injection

Nov 5, 2025 Patched in 1.2.1 (27d)
CVE-2024-54261high · 7.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

TAX SERVICE Electronic HDM <= 1.1.2 - Unauthenticated SQL Injection

Dec 6, 2024 Patched in 1.2.3 (341d)
Version History

TAX SERVICE Electronic HDM Release Timeline

v1.2.3Current
v1.2.21 CVE
CVE-2024-54261
Code Analysis
Analyzed Apr 16, 2026

TAX SERVICE Electronic HDM Code Analysis

Dangerous Functions
2
Raw SQL Queries
0
30 prepared
Unescaped Output
26
414 escaped
Nonce Checks
4
Capability Checks
5
File Operations
4
External Requests
5
Bundled Libraries
1

Dangerous Functions Found

move_uploaded_filemove_uploaded_file($files['tmp_name'], $taxServiceUploadFilePath);admin/controllers/MainController.php:186
move_uploaded_filemove_uploaded_file($files['tmp_name'], $taxServiceUploadFilePath);admin/controllers/MainController.php:202

Bundled Libraries

jQuery

SQL Query Safety

100% prepared30 total queries

Output Escaping

94% escaped440 total outputs
Data Flows · Security
3 unsanitized

Data Flow Analysis

6 flows3 with unsanitized paths
importTaxServiceData (admin/controllers/ImportController.php:3)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

TAX SERVICE Electronic HDM Attack Surface

Entry Points5
Unprotected4

AJAX Handlers 5

authwp_ajax_exportTaxServiceindex.php:74
authwp_ajax_importTaxServiceindex.php:75
authwp_ajax_checkTaxServiceVerificationindex.php:79
authwp_ajax_print_hdm_manuallypayment/WCHKDTaxServicePaymentController.php:57
authwp_ajax_getPrintBodypayment/WCHKDTaxServicePaymentController.php:64
WordPress Hooks 26
filteradmin_footer_textadmin/controllers/MainController.php:57
filterwoocommerce_product_data_tabsadmin/controllers/ProductSettingsController.php:18
actionwoocommerce_product_data_panelsadmin/controllers/ProductSettingsController.php:21
actionwoocommerce_process_product_metaadmin/controllers/ProductSettingsController.php:24
actionwoocommerce_thankyoucheckout/checkout.php:2
actionadmin_initincludes/activate.php:2
actionadmin_menuindex.php:23
actioninitindex.php:36
actioninitindex.php:52
actionadmin_initindex.php:61
actionwoocommerce_order_status_changedpayment/WCHKDTaxServicePaymentController.php:55
actionwoocommerce_order_edit_statuspayment/WCHKDTaxServicePaymentController.php:56
filtermanage_edit-shop_order_columnspayment/WCHKDTaxServicePaymentController.php:58
actionmanage_shop_order_posts_custom_columnpayment/WCHKDTaxServicePaymentController.php:59
filterwoocommerce_shop_order_list_table_columnspayment/WCHKDTaxServicePaymentController.php:60
actionwoocommerce_shop_order_list_table_custom_columnpayment/WCHKDTaxServicePaymentController.php:61
filterwp_mail_content_typepayment/WCHKDTaxServicePaymentController.php:375
filterwp_mail_charsetpayment/WCHKDTaxServicePaymentController.php:379
filterwp_mail_content_typepayment/WCHKDTaxServicePaymentController.php:394
filterwp_mail_charsetpayment/WCHKDTaxServicePaymentController.php:397
filterwp_mail_content_typepayment/WCHKDTaxServicePaymentController.php:533
filterwp_mail_charsetpayment/WCHKDTaxServicePaymentController.php:537
filterwp_mail_content_typepayment/WCHKDTaxServicePaymentController.php:553
filterwp_mail_charsetpayment/WCHKDTaxServicePaymentController.php:557
filterwp_mail_content_typepayment/WCHKDTaxServicePaymentController.php:623
filterwp_mail_charsetpayment/WCHKDTaxServicePaymentController.php:627
Maintenance & Trust

TAX SERVICE Electronic HDM Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedNov 5, 2025
PHP min version7.4
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

TAX SERVICE Electronic HDM Alternatives

No alternatives data available yet.

Developer Profile

TAX SERVICE Electronic HDM Developer Profile

HK Digital Agency LLC

13 plugins · 690 total installs

73
trust score
Avg Security Score
91/100
Avg Patch Time
275 days
View full developer profile
Detection Fingerprints

How We Detect TAX SERVICE Electronic HDM

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/virtual-hdm-for-taxservice-am/assets/css/admin.css/wp-content/plugins/virtual-hdm-for-taxservice-am/assets/css/main.css/wp-content/plugins/virtual-hdm-for-taxservice-am/assets/js/admin.js/wp-content/plugins/virtual-hdm-for-taxservice-am/assets/js/main.js
Script Paths
/wp-content/plugins/virtual-hdm-for-taxservice-am/assets/js/admin.js/wp-content/plugins/virtual-hdm-for-taxservice-am/assets/js/main.js
Version Parameters
virtual-hdm-for-taxservice-am/assets/css/admin.css?ver=virtual-hdm-for-taxservice-am/assets/css/main.css?ver=virtual-hdm-for-taxservice-am/assets/js/admin.js?ver=virtual-hdm-for-taxservice-am/assets/js/main.js?ver=

HTML / DOM Fingerprints

CSS Classes
hkd_tax_service_admin_wraphkd_tax_service_admin_mainhkd_tax_service_admin_itemhkd_tax_service_admin_rowhkd_tax_service_admin_labelhkd_tax_service_admin_controlhkd_tax_service_admin_btnhkd_tax_service_admin_header+59 more
Data Attributes
data-hkd-tax-service-verification-iddata-hkd-tax-service-owner-site-urldata-hkd-tax-service-plugin-urldata-hkd-tax-service-pagedata-hkd-tax-service-dirnamedata-hkd-tax-service-api-url
JS Globals
virtualHDMTaxServiceAdminvirtualHDMTaxServiceMain
REST Endpoints
/wp-json/virtual-hdm-for-taxservice-am/v1/settings
FAQ

Frequently Asked Questions about TAX SERVICE Electronic HDM