WP-Safety

WooBillomat Security & Risk Analysis

wordpress.org/plugins/woo-billomat

Connect WooCommerce to Billomat and generate clients, articles and invoices automatically.

100 active installs v2.4.8 PHP + WP 4.8+ Updated Sep 26, 2022
billomatinvoiceinvoicingwoocommerce
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is WooBillomat Safe to Use in 2026?

Generally Safe

Score 85/100

WooBillomat has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago
Risk Assessment

The "woo-billomat" plugin v2.4.8 exhibits several concerning security practices, primarily related to its handling of AJAX requests. A significant portion of the attack surface, specifically all 8 AJAX handlers, lacks authentication checks. This presents a substantial risk, as any unauthenticated user could potentially trigger these handlers, leading to unintended actions or information disclosure if these handlers interact with sensitive data or functionality. Furthermore, the code's reliance on raw SQL queries without prepared statements is a critical weakness, increasing the susceptibility to SQL injection vulnerabilities. While the plugin has no recorded vulnerability history or critical taint flows, the identified code-level issues cannot be ignored. The plugin demonstrates some strengths, such as the absence of dangerous functions and external HTTP requests, and a reasonable number of capability checks and nonce checks are present, albeit not universally applied to AJAX handlers. However, the high proportion of unprotected entry points and the lack of prepared statements in SQL queries significantly detract from its overall security posture.

Key Concerns

  • 8 AJAX handlers without authentication checks
  • 13 SQL queries, 0% using prepared statements
  • 18% of output properly escaped
  • 2 flows with unsanitized paths (taint analysis)
Vulnerabilities
None known

WooBillomat Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

WooBillomat Code Analysis

Dangerous Functions
0
Raw SQL Queries
13
0 prepared
Unescaped Output
18
4 escaped
Nonce Checks
4
Capability Checks
10
File Operations
12
External Requests
0
Bundled Libraries
1

Bundled Libraries

Guzzle

SQL Query Safety

0% prepared13 total queries

Output Escaping

18% escaped22 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths
send_invoice (includes\admin\admin-order-actions.php:125)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
8 unprotected

WooBillomat Attack Surface

Entry Points8
Unprotected8

AJAX Handlers 8

authwp_ajax_wcb_complete_invoiceincludes\admin\admin-order-actions.php:19
authwp_ajax_wcb_download_invoiceincludes\admin\admin-order-actions.php:20
noprivwp_ajax_wcb_download_invoiceincludes\admin\admin-order-actions.php:21
authwp_ajax_wcb_send_invoiceincludes\admin\admin-order-actions.php:22
authwp_ajax_wcb_download_delivery_noteincludes\admin\admin-order-actions.php:23
authwp_ajax_wcb_create_delivery_noteincludes\admin\admin-order-actions.php:24
authwp_ajax_wcb_send_delivery_noteincludes\admin\admin-order-actions.php:25
authwp_ajax_wcb_remove_admin_noticeincludes\admin\class-wcb-notices-controller.php:27
WordPress Hooks 40
actionwoocommerce_admin_order_actions_endincludes\admin\admin-order-actions.php:18
actionadd_meta_boxesincludes\admin\class-wcb-article-meta-box.php:8
actionsave_postincludes\admin\class-wcb-article-meta-box.php:9
actionadmin_noticesincludes\admin\class-wcb-notices-controller.php:26
actionedit_user_profileincludes\admin\class-wcb-user-fields.php:8
actionedit_user_profile_updateincludes\admin\class-wcb-user-fields.php:9
actionwoocommerce_product_after_variable_attributesincludes\admin\class-wcb-variation-fields.php:8
actionwoocommerce_save_product_variationincludes\admin\class-wcb-variation-fields.php:9
actionadd_meta_boxesincludes\admin\order-meta-box.php:9
actionsave_postincludes\admin\order-meta-box.php:10
filterwoocommerce_settings_tabs_arrayincludes\admin\settings.php:18
actionwoocommerce_settings_tabs_billomatincludes\admin\settings.php:19
actionwoocommerce_update_options_billomatincludes\admin\settings.php:20
actionwoocommerce_created_customerincludes\class-wcb-customer-updater.php:27
actionwoocommerce_update_customerincludes\class-wcb-customer-updater.php:28
actionprofile_updateincludes\class-wcb-customer-updater.php:29
actionadmin_post_nopriv_wcb_update_customerincludes\class-wcb-customer-updater.php:32
actionadmin_post_nopriv_wcb_delete_customerincludes\class-wcb-customer-updater.php:33
actionwoocommerce_order_status_pendingincludes\class-wcb-order-updater.php:29
actionwoocommerce_order_status_on-holdincludes\class-wcb-order-updater.php:30
actionwoocommerce_order_status_processingincludes\class-wcb-order-updater.php:31
actionwoocommerce_order_status_completedincludes\class-wcb-order-updater.php:32
actionwoocommerce_order_status_cancelledincludes\class-wcb-order-updater.php:34
filterwoocommerce_email_attachmentsincludes\class-wcb-order-updater.php:35
actionadmin_post_nopriv_wcb_delete_invoiceincludes\class-wcb-order-updater.php:38
actionadmin_post_nopriv_wcb_change_invoice_statusincludes\class-wcb-order-updater.php:39
actionadmin_post_nopriv_wcb_change_invoice_statusincludes\class-wcb-order-updater.php:40
actionadmin_post_nopriv_wcb_add_delivery_noteincludes\class-wcb-order-updater.php:41
actionadmin_post_nopriv_wcb_delete_delivery_noteincludes\class-wcb-order-updater.php:42
actionsave_postincludes\class-wcb-product-updater.php:58
actionwoocommerce_save_product_variationincludes\class-wcb-product-updater.php:59
actionbefore_delete_postincludes\class-wcb-product-updater.php:60
actionwoocommerce_product_duplicateincludes\class-wcb-product-updater.php:61
actionadmin_post_nopriv_wcb_update_productincludes\class-wcb-product-updater.php:64
actionadmin_post_nopriv_wcb_delete_productincludes\class-wcb-product-updater.php:65
actionwoocommerce_my_account_my_orders_actionsincludes\frontend\frontend-order-actions.php:19
actionwoocommerce_order_details_after_order_tableincludes\frontend\frontend-order-actions.php:23
actionplugins_loadedwoocommerce-billomat.php:84
actioninitwoocommerce-billomat.php:85
actionadmin_enqueue_scriptswoocommerce-billomat.php:86
Maintenance & Trust

WooBillomat Maintenance & Trust

Maintenance Signals

WordPress version tested6.0.11
Last updatedSep 26, 2022
PHP min version
Downloads80K

Community Trust

Rating60/100
Number of ratings2
Active installs100
Alternatives

WooBillomat Alternatives

TOConline for WooCommerce

TOConline for WooCommerce

toconline-for-woocommerce

A
100

TOConline for WooCommerce is a WordPress plugin that automates invoicing with TOConline.

100 No CVEs
E-Invoicing For WooCommerce

E-Invoicing For WooCommerce

einvoicing-for-woocommerce

A
100

Easily Customize WooCommerce PDF invoices and comply with Factur-X, UBL, and other e-invoicing standards.

90 No CVEs
Invoices Online Integration

Invoices Online Integration

invoicesonline

A
100

Provides integration between https://www.invoicesonline.co.za and the woocommerce wordpress plugin.

10 No CVEs
Sequential Invoice numbers

Sequential Invoice numbers

sequential-invoice-numbers

A
85

Adds sequential invoice numbers to woocommerce orders.

10 No CVEs
GESTIX ERP/CRM API

GESTIX ERP/CRM API

gestix-api

A
85

Gestix API

0 No CVEs
Developer Profile

WooBillomat Developer Profile

billomatcom

1 plugin · 100 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect WooBillomat

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/woo-billomat/admin-v2.css/wp-content/plugins/woo-billomat/admin-v2.js
Script Paths
/wp-content/plugins/woo-billomat/admin-v2.js
Version Parameters
woo-billomat/admin-v2.css?ver=woo-billomat/admin-v2.js?ver=

HTML / DOM Fingerprints

CSS Classes
viewinvoice
Data Attributes
data-tip
JS Globals
wcb
FAQ

Frequently Asked Questions about WooBillomat