Does Wicked Invoicing have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Wicked Invoicing compatible with WordPress 6.9.4?

According to WordPress.org data, Wicked Invoicing 1.1.3 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Wicked Invoicing compatible with PHP 8.0+?

Wicked Invoicing requires PHP 8.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Wicked Invoicing updated?

Wicked Invoicing was last updated on Jan 6, 2026. Frequent updates are generally a positive security signal.

What is Wicked Invoicing's security score?

Wicked Invoicing has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Wicked Invoicing Security & Risk Analysis

wordpress.org/plugins/wicked-invoicing

Simple, friendly invoicing for WordPress. Create and send invoices to your clients directly from your dashboard.

0 active installs v1.1.3 PHP 8.0+ WP 6.0+ Updated Jan 6, 2026

billingclient-invoicesinvoice-managementinvoicesinvoicing

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Wicked Invoicing Safe to Use in 2026?

Generally Safe

Score 100/100

Wicked Invoicing has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago

Risk Assessment

The "wicked-invoicing" v1.1.3 plugin exhibits a generally strong security posture with excellent adherence to secure coding practices. The static analysis shows a complete absence of dangerous functions, all SQL queries are properly prepared, and output is consistently escaped, which significantly mitigates risks of code injection and cross-site scripting. The lack of external HTTP requests and bundled libraries further reduces its attack surface. However, a notable concern is the presence of two unprotected REST API routes, which represent direct entry points into the plugin's functionality that could be exploited if not properly secured at the application level or via WordPress's own authorization mechanisms. The plugin's vulnerability history is clear, with zero recorded CVEs, suggesting a commitment to security and a lack of previously identified critical flaws. This indicates a well-maintained codebase, but the unprotected REST API routes are a specific area of focus for potential exploitation.

Key Concerns

Unprotected REST API routes found

Vulnerabilities

None known

Wicked Invoicing Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Wicked Invoicing Release Timeline

v1.1.3Current

v1.0.5

Code Analysis

Analyzed Apr 16, 2026

Wicked Invoicing Code Analysis

Dangerous Functions

Raw SQL Queries

8 prepared

Unescaped Output

246 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared8 total queries

Output Escaping

100% escaped246 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

2 flows

render_invoice_edit_page (includes/controllers/Wicked_Admin_Controller.php:375)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Wicked Invoicing Attack Surface

Entry Points2

Unprotected2

REST API Routes 2

GET/wp-json/wicked-invoicing/v1/invoices/(?P<id>\d+)/paymentsincludes/controllers/Wicked_Payments_Controller.php:28

GET/wp-json/wicked-invoicing/v1/settingsincludes/controllers/Wicked_Settings_Controller.php:82

WordPress Hooks 59

actionadmin_bar_menuincludes/controllers/Wicked_Admin_Bar_Controller.php:27

actionadmin_menuincludes/controllers/Wicked_Admin_Controller.php:19

actionadmin_enqueue_scriptsincludes/controllers/Wicked_Admin_Controller.php:20

actionadmin_headincludes/controllers/Wicked_Admin_Controller.php:136

filterrest_post_dispatchincludes/controllers/Wicked_Base_Controller.php:341

actioninitincludes/controllers/Wicked_Block_Controller.php:21

filterblock_categories_allincludes/controllers/Wicked_Block_Controller.php:23

filterallowed_block_types_allincludes/controllers/Wicked_Block_Controller.php:24

actionshow_user_profileincludes/controllers/Wicked_Client_Controller.php:32

actionedit_user_profileincludes/controllers/Wicked_Client_Controller.php:33

actionpersonal_options_updateincludes/controllers/Wicked_Client_Controller.php:34

actionedit_user_profile_updateincludes/controllers/Wicked_Client_Controller.php:35

actionrest_api_initincludes/controllers/Wicked_Client_Controller.php:38

actionrest_api_initincludes/controllers/Wicked_Dashboard_Controller.php:29

actiontransition_post_statusincludes/controllers/Wicked_Dashboard_Controller.php:30

actioninitincludes/controllers/Wicked_Invoice_Controller.php:27

actioninitincludes/controllers/Wicked_Invoice_Controller.php:28

actioninitincludes/controllers/Wicked_Invoice_Controller.php:29

actionrest_api_initincludes/controllers/Wicked_Invoice_Controller.php:30

actionrest_api_initincludes/controllers/Wicked_Log_Controller.php:19

actionwicked_invoicing_infoincludes/controllers/Wicked_Log_Controller.php:21

actionwicked_invoicing_errorincludes/controllers/Wicked_Log_Controller.php:22

actionwicked_invoicing_debugincludes/controllers/Wicked_Log_Controller.php:23

filtercron_schedulesincludes/controllers/Wicked_Notifications_Controller.php:32

actioninitincludes/controllers/Wicked_Notifications_Controller.php:33

actiontransition_post_statusincludes/controllers/Wicked_Notifications_Controller.php:37

actionwicked_invoicing_notifications_settings_savedincludes/controllers/Wicked_Notifications_Controller.php:40

actionrest_api_initincludes/controllers/Wicked_Notifications_Controller.php:46

actionadmin_post_wicked_invoicing_resend_notificationsincludes/controllers/Wicked_Notifications_Controller.php:49

actionwicked_invoicing_Invoice_createdincludes/controllers/Wicked_Notifications_Controller.php:51

actionwicked_invoicing_status_setincludes/controllers/Wicked_Notifications_Controller.php:64

actionrest_api_initincludes/controllers/Wicked_Payments_Controller.php:24

actionrest_api_initincludes/controllers/Wicked_Payments_REST_Controller.php:31

actionrest_api_initincludes/controllers/Wicked_Roles_Controller.php:15

filterlogin_redirectincludes/controllers/Wicked_Roles_Controller.php:18

actioninitincludes/controllers/Wicked_Settings_Controller.php:28

actionrest_api_initincludes/controllers/Wicked_Settings_Controller.php:29

actionshutdownincludes/controllers/Wicked_Settings_Controller.php:179

actioninitincludes/controllers/Wicked_Template_Controller.php:23

actioninitincludes/controllers/Wicked_Template_Controller.php:24

filterquery_varsincludes/controllers/Wicked_Template_Controller.php:25

actioninitincludes/controllers/Wicked_Template_Controller.php:27

actioninitincludes/controllers/Wicked_Template_Controller.php:28

actionadd_meta_boxesincludes/controllers/Wicked_Template_Controller.php:30

actionsave_post_pageincludes/controllers/Wicked_Template_Controller.php:31

filterbody_classincludes/controllers/Wicked_Template_Controller.php:32

filterdefault_contentincludes/controllers/Wicked_Template_Controller.php:35

filterrest_prepare_pageincludes/controllers/Wicked_Template_Controller.php:36

filtertemplate_includeincludes/controllers/Wicked_Template_Controller.php:40

filterredirect_canonicalincludes/controllers/Wicked_Template_Controller.php:42

actionparse_requestincludes/controllers/Wicked_Template_Controller.php:43

actionwp_enqueue_scriptsincludes/controllers/Wicked_Template_Controller.php:45

filterredirect_canonicalincludes/controllers/Wicked_Template_Controller.php:151

actionrest_api_initincludes/controllers/Wicked_UI_Controller.php:29

actionparse_queryincludes/functions.php:40

filterpre_get_document_titleincludes/functions.php:50

filterredirect_canonicalincludes/functions.php:61

actioninitwicked-invoicing.php:43

actionplugins_loadedwicked-invoicing.php:92

Maintenance & Trust

Wicked Invoicing Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 6, 2026

PHP min version8.0

Downloads138

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Wicked Invoicing Alternatives

Invoct – PDF Invoices & Billing for WooCommerce

kirilkirkov-pdf-invoice-manager

Professional PDF invoicing & billing for WooCommerce and WordPress, with Stripe payments and automated VAT/tax handling.

0 1 CVE

WeoInvoice

weoinvoice

100

Automatically generate invoices for WooCommerce orders using the WeoInvoice platform.

0 No CVEs

Client Invoicing by Sprout Invoices – Easy Estimates and Invoices for WordPress

sprout-invoices

The best invoicing plugin for WordPress. See how you can get paid faster without those hidden service fees.

1K 10 CVEs

WP Forms + Sprout Invoices – Easy Invoice & Quote Submissions

sprout-invoices-wp-forms

100

Dynamic invoicing (and estimates/quotes) from WP Form submissions.

400 No CVEs

Declarando – Invoice Management

declarando-gestion-facturas

100

Automatically integrate your online store with Declarando to manage invoices, sync orders, and keep your accounting up to date.

300 No CVEs

Developer Profile

Wicked Invoicing Developer Profile

wickedinvoicing

1 plugin · 0 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Wicked Invoicing

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wicked-invoicing/build/admin.css/wp-content/plugins/wicked-invoicing/build/admin.js/wp-content/plugins/wicked-invoicing/build/frontend.css/wp-content/plugins/wicked-invoicing/build/frontend.js/wp-content/plugins/wicked-invoicing/build/invoice-builder.css/wp-content/plugins/wicked-invoicing/build/invoice-builder.js/wp-content/plugins/wicked-invoicing/build/invoice-editor.css/wp-content/plugins/wicked-invoicing/build/invoice-editor.js+17 more

Script Paths

/wp-content/plugins/wicked-invoicing/build/admin.js/wp-content/plugins/wicked-invoicing/build/frontend.js/wp-content/plugins/wicked-invoicing/build/invoice-builder.js/wp-content/plugins/wicked-invoicing/build/invoice-editor.js/wp-content/plugins/wicked-invoicing/build/invoice-preview.js/wp-content/plugins/wicked-invoicing/build/settings.js+7 more

Version Parameters

wicked-invoicing/build/admin.css?ver=wicked-invoicing/build/admin.js?ver=wicked-invoicing/build/frontend.css?ver=wicked-invoicing/build/frontend.js?ver=wicked-invoicing/build/invoice-builder.css?ver=wicked-invoicing/build/invoice-builder.js?ver=wicked-invoicing/build/invoice-editor.css?ver=wicked-invoicing/build/invoice-editor.js?ver=wicked-invoicing/build/invoice-preview.css?ver=wicked-invoicing/build/invoice-preview.js?ver=wicked-invoicing/build/settings.css?ver=wicked-invoicing/build/settings.js?ver=wicked-invoicing/assets/css/admin.css?ver=wicked-invoicing/assets/css/frontend.css?ver=wicked-invoicing/assets/css/invoice-builder.css?ver=wicked-invoicing/assets/css/invoice-editor.css?ver=wicked-invoicing/assets/css/invoice-preview.css?ver=wicked-invoicing/assets/css/settings.css?ver=wicked-invoicing/assets/js/admin.js?ver=wicked-invoicing/assets/js/frontend.js?ver=wicked-invoicing/assets/js/invoice-builder.js?ver=wicked-invoicing/assets/js/invoice-editor.js?ver=wicked-invoicing/assets/js/invoice-preview.js?ver=wicked-invoicing/assets/js/settings.js?ver=wicked-invoicing/assets/js/vendor/marked.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

wicked-invoicing-adminwicked-invoice-form-containerwicked-invoice-form-wrapperwicked-invoice-form-contentwicked-add-new-invoice-formwicked-invoice-billing-address-blockwicked-invoice-shipping-address-blockwicked-invoice-line-item-table+2 more

HTML Comments

+1 more

Data Attributes

data-wicked-invoice-iddata-wicked-invoice-statedata-wicked-client-iddata-wicked-invoice-template-iddata-wicked-payment-gatewaydata-wicked-line-item-id+2 more

JS Globals

wickedInvoicingAdminwickedInvoicingFrontendwickedInvoiceBuilderwickedInvoiceEditorwickedInvoicePreviewwickedSettings

REST Endpoints

/wp-json/wicked-invoicing/v1/invoices/wp-json/wicked-invoicing/v1/clients/wp-json/wicked-invoicing/v1/settings/wp-json/wicked-invoicing/v1/payments/wp-json/wicked-invoicing/v1/templates/wp-json/wicked-invoicing/v1/line-items/wp-json/wicked-invoicing/v1/admin-bar

Shortcode Output

[wicked_invoices][wicked_invoice_form][wicked_invoice_preview][wicked_client_list]

FAQ