Does PDF Invoices & Packing Slips for WooCommerce – Challan have any unpatched vulnerabilities?

No. All known vulnerabilities in PDF Invoices & Packing Slips for WooCommerce – Challan have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is PDF Invoices & Packing Slips for WooCommerce – Challan compatible with WordPress 6.9.4?

According to WordPress.org data, PDF Invoices & Packing Slips for WooCommerce – Challan 3.7.84 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is PDF Invoices & Packing Slips for WooCommerce – Challan compatible with PHP 7.4+?

PDF Invoices & Packing Slips for WooCommerce – Challan requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

What is PDF Invoices & Packing Slips for WooCommerce – Challan's security score?

PDF Invoices & Packing Slips for WooCommerce – Challan has a WP-Safety security score of 97/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

PDF Invoices & Packing Slips for WooCommerce – Challan Security & Risk Analysis

wordpress.org/plugins/webappick-pdf-invoice-for-woocommerce

WooCommerce PDF invoice generator with automatic email attachment. Create packing slips, shipping labels, credit notes, multilingual.

3K active installs v3.7.84 PHP 7.4+ WP 4.4+ Updated Feb 23, 2026

invoice-generatorpacking-slippdf-invoicewoocommerce-invoicewoocommerce-pdf-invoice

A · Safe

CVEs total2

Unpatched0

Last CVEMay 7, 2025

Plugin page Download

Safety Verdict

Is PDF Invoices & Packing Slips for WooCommerce – Challan Safe to Use in 2026?

Generally Safe

Score 97/100

PDF Invoices & Packing Slips for WooCommerce – Challan has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: May 7, 2025Updated 1mo ago

Risk Assessment

The plugin exhibits a mixed security posture, with some good practices but also significant areas of concern. The presence of one unprotected AJAX handler is a notable risk, as it represents a direct entry point for attackers without any authentication or authorization checks. While the majority of SQL queries use prepared statements and a high percentage of output is properly escaped, indicating a general effort towards secure coding, the single unprotected AJAX endpoint is a critical flaw. The vulnerability history, while currently showing no unpatched CVEs, reveals past issues including high and medium severity vulnerabilities like Cross-Site Request Forgery and Missing Authorization. This historical pattern suggests a recurring tendency for authorization and input validation flaws, which, combined with the current unprotected entry point, raises concerns about the plugin's overall security robustness. The plugin has strengths in its use of prepared statements and output escaping, but these are overshadowed by the immediate risk of the unprotected AJAX handler and the history of authorization-related vulnerabilities.

Key Concerns

Unprotected AJAX handler
Historical high severity vulnerabilities
Historical medium severity vulnerabilities

Vulnerabilities

PDF Invoices & Packing Slips for WooCommerce – Challan Security Vulnerabilities

CVEs by Year

1 CVE in 2022

2022

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

High

Medium

2 total CVEs

CVE-2025-47462high · 8.8Cross-Site Request Forgery (CSRF)

Challan <= 3.7.58 - Cross-Site Request Forgery to Arbitrary Options Update

May 7, 2025 Patched in 3.7.59 (7d)

WF-84003388-c47c-41db-8d2d-4643aa375a89-webappick-pdf-invoice-for-woocommercemedium · 4.3Missing Authorization

Appsero <= 1.2.1 - Missing Authorization

Dec 16, 2022 Patched in 3.4.9 (699d)

Code Analysis

Analyzed Mar 16, 2026

PDF Invoices & Packing Slips for WooCommerce – Challan Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

420 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

67% prepared6 total queries

Output Escaping

86% escaped487 total outputs

Data Flows

All sanitized

Data Flow Analysis

8 flows

<bulk-download-tab> (admin\partials\tabs\bulk-download-tab.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

PDF Invoices & Packing Slips for WooCommerce – Challan Attack Surface

Entry Points9

Unprotected1

AJAX Handlers 9

authwp_ajax_wpifw_generate_invoiceincludes\class-woo-invoice-hooks.php:106

authwp_ajax_wpifw_generate_invoice_packing_slipincludes\class-woo-invoice-hooks.php:108

authwp_ajax_wpifw_generate_delivery_addressincludes\class-woo-invoice-hooks.php:110

authwp_ajax_wpifw_get_product_column_showincludes\class-woo-invoice-hooks.php:113

authwp_ajax_wpifw_select_product_columnincludes\class-woo-invoice-hooks.php:122

authwp_ajax_wpifw_save_pdf_templateincludes\class-woo-invoice-hooks.php:140

authwp_ajax_woo_invoice_save_review_noticeincludes\notices\admin-notice-for-review.php:49

authwp_ajax_woo_invoice_hide_noticeincludes\notices\admin-notice-for-review.php:50

authwp_ajax_prepare_fontsincludes\rest-api\font-downloader-api.php:268

WordPress Hooks 45

filterwoocommerce_email_attachmentsincludes\class-woo-invoice-hooks.php:45

actionadd_meta_boxesincludes\class-woo-invoice-hooks.php:55

filterbulk_actions-edit-shop_orderincludes\class-woo-invoice-hooks.php:62

filterbulk_actions-woocommerce_page_wc-ordersincludes\class-woo-invoice-hooks.php:63

filterbulk_actions-edit-shop_orderincludes\class-woo-invoice-hooks.php:66

filterbulk_actions-woocommerce_page_wc-ordersincludes\class-woo-invoice-hooks.php:67

filterhandle_bulk_actions-edit-postincludes\class-woo-invoice-hooks.php:69

filterhandle_bulk_actions-woocommerce_page_wc-ordersincludes\class-woo-invoice-hooks.php:70

actionwoocommerce_admin_order_actions_endincludes\class-woo-invoice-hooks.php:77

filterwoocommerce_my_account_my_orders_actionsincludes\class-woo-invoice-hooks.php:88

actionwoocommerce_after_account_ordersincludes\class-woo-invoice-hooks.php:92

actionwoocommerce_order_details_after_order_tableincludes\class-woo-invoice-hooks.php:97

actionwoocommerce_new_orderincludes\class-woo-invoice-hooks.php:136

actionadmin_footerincludes\class-woo-invoice-hooks.php:138

actionplugins_loadedincludes\class-woo-invoice.php:199

actionadmin_enqueue_scriptsincludes\class-woo-invoice.php:213

actionadmin_enqueue_scriptsincludes\class-woo-invoice.php:214

actionadmin_menuincludes\class-woo-invoice.php:215

filterwoo_invoice_mpdf_settingsincludes\filters\add-temp-dir-for-mpdf-using-add-filter.php:18

filterwoo_invoice_mpdf_settingsincludes\filters\fix-font-name-for-mpdf-using-add-filter.php:18

actionwoo_invoice_switch_languageincludes\hooks.php:14

actionwoo_invoice_restore_languageincludes\hooks.php:15

actionchange_localeincludes\hooks.php:16

actionadmin_noticesincludes\notices\admin-notice-downloading-font-background-process-in-progress-info.php:36

actionadmin_noticesincludes\notices\admin-notice-for-review.php:24

actionadmin_noticesincludes\notices\admin-notice-for-review.php:28

actionadmin_noticesincludes\notices\admin-notice-for-review.php:46

actionadmin_print_footer_scriptsincludes\notices\admin-notice-for-review.php:115

actionadmin_print_footer_scriptsincludes\notices\admin-notice-for-review.php:209

actionadmin_print_footer_scriptsincludes\notices\admin-notice-for-review.php:272

actionadmin_print_footer_scriptsincludes\notices\admin-notice-for-review.php:320

actionadmin_print_footer_scriptsincludes\notices\admin-notice-for-review.php:383

actionadmin_noticesincludes\notices\admin-notice-invoice-dir-is-not-writeable-error.php:39

actionadmin_noticesincludes\notices\admin-notice-woocommerce-is-not-installed-error.php:51

actionadmin_noticesincludes\notices\admin-notice-wp-content-dir-is-not-writeable-error.php:44

actionrest_api_initincludes\rest-api\font-downloader-api.php:254

actionadmin_noticesincludes\settings.php:50

actionupgrader_process_completeincludes\upgrader\download-admin-ui-fonts-on-plugin-upgrade.php:22

actionupgrader_process_completeincludes\upgrader\download-default-fonts-for-mpdf-on-plugin-upgrade.php:22

actionupgrader_process_completeincludes\upgrader\download-mpdf-lib-on-plugin-upgrade.php:20

actionwp_dashboard_setupincludes\widget.php:27

actioninitwoo-invoice.php:124

actioninitwoo-invoice.php:194

actionplugins_loadedwoo-invoice.php:199

actionbefore_woocommerce_initwoo-invoice.php:203

Maintenance & Trust

PDF Invoices & Packing Slips for WooCommerce – Challan Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 23, 2026

PHP min version7.4

Downloads359K

Community Trust

Rating90/100

Number of ratings44

Active installs3K

Alternatives

PDF Invoices & Packing Slips for WooCommerce – Challan Alternatives

WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes & Shipping Labels

print-invoices-packing-slip-labels-for-woocommerce

Auto-generate and attach WooCommerce PDF invoices and packing slips to order emails with customizable templates & bulk print options.

60K 6 CVEs

Flexible PDF Invoices for WooCommerce & WordPress

flexible-invoices

WooCommerce PDF invoices made simple. EU VAT validation, reverse charge invoice, proforma invoices, MOSS / OSS support, invoices in bulk and more.

7K 1 CVE

PDF Builder for WooCommerce. Create invoices,packing slips and more

woo-pdf-invoice-builder

Create WooCommerce pdf invoices, packing slips, certificates and more, customized them as you want them with the best drag-drop builder.

2K 10 CVEs

Invoice Manager for WooCommerce

wc-invoice-manager

100

Manage WooCommerce invoices with the first Gutenberg-based editor; it's user-friendly, and ensures professional, accurate billing.

30 No CVEs

Invoize – PDF Invoices, Packing Slips, Quotations & WooCommerce Invoicing

invoize

100

Create,print,edit invoice and quotation with or without woocomerce, converts quotes to invoices in one click, and actually gets you paid faster with o …

10 No CVEs

Developer Profile

PDF Invoices & Packing Slips for WooCommerce – Challan Developer Profile

WebAppick

3 plugins · 74K total installs

trust score

Avg Security Score

96/100

Avg Patch Time

396 days

View full developer profile

Detection Fingerprints

How We Detect PDF Invoices & Packing Slips for WooCommerce – Challan

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/webappick-pdf-invoice-for-woocommerce/assets/css/admin.css/wp-content/plugins/webappick-pdf-invoice-for-woocommerce/assets/css/frontend.css/wp-content/plugins/webappick-pdf-invoice-for-woocommerce/assets/css/invoice.css/wp-content/plugins/webappick-pdf-invoice-for-woocommerce/assets/js/admin.js/wp-content/plugins/webappick-pdf-invoice-for-woocommerce/assets/js/frontend.js/wp-content/plugins/webappick-pdf-invoice-for-woocommerce/assets/js/invoice.js

Script Paths

/wp-content/plugins/webappick-pdf-invoice-for-woocommerce/assets/js/admin.js/wp-content/plugins/webappick-pdf-invoice-for-woocommerce/assets/js/frontend.js/wp-content/plugins/webappick-pdf-invoice-for-woocommerce/assets/js/invoice.js

Version Parameters

webappick-pdf-invoice-for-woocommerce/assets/css/admin.css?ver=webappick-pdf-invoice-for-woocommerce/assets/css/frontend.css?ver=webappick-pdf-invoice-for-woocommerce/assets/css/invoice.css?ver=webappick-pdf-invoice-for-woocommerce/assets/js/admin.js?ver=webappick-pdf-invoice-for-woocommerce/assets/js/frontend.js?ver=webappick-pdf-invoice-for-woocommerce/assets/js/invoice.js?ver=

HTML / DOM Fingerprints

CSS Classes

challan-pdf-invoicewinvoice_docs

HTML Comments

+2 more

JS Globals

challan_free_invoice_config

REST Endpoints

/wp-json/webappick-pdf-invoice-for-woocommerce/v1/templates

FAQ