Does VoucherPress have any unpatched vulnerabilities?

Yes — VoucherPress currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is VoucherPress compatible with WordPress 4.7.32?

According to WordPress.org data, VoucherPress 1.5.7 has been tested up to WordPress 4.7.32. Check the plugin's changelog for the latest compatibility information.

How often is VoucherPress updated?

VoucherPress was last updated on Feb 6, 2016. Frequent updates are generally a positive security signal.

What is VoucherPress's security score?

VoucherPress has a WP-Safety security score of 63/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

VoucherPress Security & Risk Analysis

wordpress.org/plugins/voucherpress

VoucherPress is a Wordpress plugin that allows you to give downloadable, printable vouchers/coupons in PDF format away on your site.

200 active installs v1.5.7 PHP + WP 2.8+ Updated Feb 6, 2016

buddypresspdfprintvouchervouchers

C · Use Caution

CVEs total1

Unpatched1

Last CVESep 22, 2025

Plugin page Download

Safety Verdict

Is VoucherPress Safe to Use in 2026?

Use With Caution

Score 63/100

VoucherPress has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Sep 22, 2025Updated 10yr ago

Risk Assessment

The VoucherPress plugin version 1.5.7 exhibits a mixed security posture. While it has a relatively small attack surface with no identified unprotected entry points and a decent number of nonce checks, several concerning patterns emerge from the code analysis. A significant concern is the low percentage of properly escaped output (19%), coupled with a substantial number of taint flows with unsanitized paths (6 out of 9 analyzed), indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities despite no critical or high severity taint flows being reported. The plugin also utilizes a bundled, outdated library, TCPDF v5.9.028, which could harbor known vulnerabilities. The vulnerability history further exacerbates these concerns, with a single known medium severity CVE that remains unpatched. This indicates a recurring pattern of input handling issues and a lack of timely patching, suggesting that users of this plugin should exercise caution.

Key Concerns

Unpatched CVE (Medium Severity)
Low output escaping percentage (19%)
Taint flows with unsanitized paths (6/9)
Bundled outdated library (TCPDF v5.9.028)
Low capability check usage

Vulnerabilities

VoucherPress Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-58223medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

VoucherPress <= 1.5.7 - Authenticated (Author+) Stored Cross-Site Scripting

Sep 22, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

VoucherPress Code Analysis

Dangerous Functions

Raw SQL Queries

50 prepared

Unescaped Output

113

26 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

TCPDF5.9.028

SQL Query Safety

54% prepared93 total queries

Output Escaping

19% escaped139 total outputs

Data Flows

6 unsanitized

Data Flow Analysis

9 flows6 with unsanitized paths

voucherpress_template (voucherpress.php:71)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

VoucherPress Attack Surface

Entry Points3

Unprotected0

Shortcodes 3

[voucher] voucherpress.php:58

[voucherform] voucherpress.php:60

[voucherlist] voucherpress.php:62

WordPress Hooks 11

actionadmin_noticesplugin-register.class.php:38

actioninitvoucherpress.php:36

actiontemplate_redirectvoucherpress.php:38

actionadmin_menuvoucherpress.php:40

actionadmin_menuvoucherpress.php:42

actionadmin_menuvoucherpress.php:44

actionadmin_menuvoucherpress.php:46

actionadmin_menuvoucherpress.php:48

actionadmin_menuvoucherpress.php:50

actionadmin_headvoucherpress.php:53

actionadmin_headvoucherpress.php:54

Maintenance & Trust

VoucherPress Maintenance & Trust

Maintenance Signals

WordPress version tested4.7.32

Last updatedFeb 6, 2016

PHP min version

Downloads47K

Community Trust

Rating66/100

Number of ratings17

Active installs200

Alternatives

VoucherPress Alternatives

WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes & Shipping Labels

print-invoices-packing-slip-labels-for-woocommerce

Auto-generate and attach WooCommerce PDF invoices and packing slips to order emails with customizable templates & bulk print options.

60K 6 CVEs

Print Invoice & Delivery Notes for WooCommerce

woocommerce-delivery-notes

Create and print PDF invoices, delivery notes and receipts for your WooCommerce orders. Choose your document format from multiple templates.

30K 9 CVEs

Print, PDF, Email by PrintFriendly

printfriendly

The #1 Print, PDF, Email button. Stylish, full featured, customizable. Add custom header, footer, and more.

20K 2 CVEs

PW WooCommerce Gift Cards

pw-woocommerce-gift-cards

100

Sell gift cards to your WooCommerce store, in just a few minutes!

20K No CVEs

PDF & Print by BestWebSoft – WordPress Posts and Pages PDF Generator Plugin

pdf-print

Generate PDF files and print WordPress posts/pages. Customize document header/footer styles and appearance.

10K 3 CVEs

Developer Profile

VoucherPress Developer Profile

Chris Taylor

11 plugins · 460 total installs

trust score

Avg Security Score

81/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect VoucherPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/voucherpress/js/voucherpress.js/wp-content/plugins/voucherpress/css/voucherpress.css/wp-content/plugins/voucherpress/css/voucherpress_admin.css/wp-content/plugins/voucherpress/js/voucherpress_admin.js/wp-content/plugins/voucherpress/js/voucherpress_colorbox.js/wp-content/plugins/voucherpress/js/voucherpress_colorbox.css

Script Paths

/wp-content/plugins/voucherpress/js/voucherpress.js/wp-content/plugins/voucherpress/js/voucherpress_admin.js/wp-content/plugins/voucherpress/js/voucherpress_colorbox.js

Version Parameters

voucherpress.css?ver=voucherpress.js?ver=voucherpress_admin.css?ver=voucherpress_admin.js?ver=voucherpress_colorbox.js?ver=voucherpress_colorbox.css?ver=

HTML / DOM Fingerprints

CSS Classes

voucherpress-register-formvoucherpress-download-linkvoucherpress-list-itemvoucherpress-voucher-previewvoucherpress-form-row

HTML Comments

+2 more

Data Attributes

data-voucherpress-iddata-voucherpress-action

JS Globals

voucherpress_ajax_objectVoucherPressConfig

REST Endpoints

/wp-json/voucherpress/v1/voucher//wp-json/voucherpress/v1/register/

Shortcode Output

<div class="voucherpress-register-form"><div class="voucherpress-download-link"><ul class="voucherpress-list"><li class="voucherpress-list-item">

FAQ