WP-Safety

WFatture for WooCommerce Fattureincloud Security & Risk Analysis

wordpress.org/plugins/woo-fattureincloud

WooCommerce Fattureincloud by Woofatture trasforma gli ordini in fatture su fattureincloud.it WFatture for WooCommerce Fattureincloud

800 active installs v2.7.4 PHP 7.4+ WP 5.0+ Updated Mar 5, 2026
cloudfattura-elettronicafatturazione-elettronicafatturefattureincloud
99
A · Safe
CVEs total1
Unpatched0
Last CVEMar 27, 2025
Plugin page Download
Safety Verdict

Is WFatture for WooCommerce Fattureincloud Safe to Use in 2026?

Generally Safe

Score 99/100

WFatture for WooCommerce Fattureincloud has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Mar 27, 2025Updated 1mo ago
Risk Assessment

The "woo-fattureincloud" v2.7.4 plugin exhibits a generally strong security posture with no critical or high severity vulnerabilities identified in the static analysis or recent history. The absence of dangerous functions, raw SQL queries, and file operations are positive indicators. The plugin also demonstrates good practices by utilizing prepared statements for all SQL queries and implementing nonce checks and capability checks, albeit limited in scope.

However, there are areas for improvement. While the attack surface appears to be zero in terms of exposed AJAX, REST API, shortcodes, and cron events, this is a very positive indicator. A notable concern is the output escaping, where 30% of outputs are not properly escaped, leaving room for potential Cross-Site Scripting (XSS) vulnerabilities. The plugin also makes a significant number of external HTTP requests, which, while not inherently a vulnerability, can introduce risks if not handled with proper validation and sanitization of data being sent and received. The presence of a past medium vulnerability for XSS also suggests a need for continuous vigilance in output handling.

In conclusion, the "woo-fattureincloud" plugin is in a relatively secure state, particularly concerning its direct attack surface and data handling with SQL. The primary area of concern lies in the potential for XSS due to incomplete output escaping. Continued monitoring of its vulnerability history and a focus on improving output sanitization would further strengthen its security.

Key Concerns

  • Unescaped output (30%)
  • Medium vulnerability in history (1)
Vulnerabilities
1

WFatture for WooCommerce Fattureincloud Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-30837medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WooCommerce Fattureincloud <= 2.6.7 - Reflected Cross-Site Scripting

Mar 27, 2025 Patched in 2.6.8 (7d)
Code Analysis
Analyzed Mar 16, 2026

WFatture for WooCommerce Fattureincloud Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
76
179 escaped
Nonce Checks
12
Capability Checks
2
File Operations
0
External Requests
14
Bundled Libraries
0

Output Escaping

70% escaped255 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
woo_fattureincloud_setup_page_display (inc\setup_page_display.php:9)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

WFatture for WooCommerce Fattureincloud Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 30
actionadmin_initinc\notice_recensione.php:75
actionadmin_initinc\notice_recensione.php:97
actionadmin_initinc\notice_recensione.php:103
actionadmin_noticesinc\notice_recensione.php:126
filterwoocommerce_customer_meta_fieldsinc\vat_number.php:123
filterwoocommerce_customer_meta_fieldsinc\vat_number.php:132
filterwoocommerce_customer_meta_fieldsinc\vat_number.php:141
filterwoocommerce_customer_meta_fieldsinc\vat_number.php:150
actionwoocommerce_edit_account_forminc\vat_number.php:162
actionwoocommerce_save_account_detailsinc\vat_number.php:174
actionwoocommerce_edit_account_forminc\vat_number.php:190
actionwoocommerce_save_account_detailsinc\vat_number.php:202
actionwoocommerce_edit_account_forminc\vat_number.php:214
actionwoocommerce_save_account_detailsinc\vat_number.php:226
actionwoocommerce_edit_account_forminc\vat_number.php:238
actionwoocommerce_save_account_detailsinc\vat_number.php:250
actioninitwoo-fattureincloud.php:34
actionadmin_noticeswoo-fattureincloud.php:57
actionadmin_enqueue_scriptswoo-fattureincloud.php:83
actionadmin_menuwoo-fattureincloud.php:85
actionadmin_menuwoo-fattureincloud.php:87
actionwoocommerce_order_status_completedwoo-fattureincloud.php:89
actionwp_footerwoo-fattureincloud.php:91
actionadmin_noticeswoo-fattureincloud.php:93
actionadmin_noticeswoo-fattureincloud.php:95
actionbefore_woocommerce_initwoo-fattureincloud.php:97
filterwoocommerce_admin_billing_fieldswoo-fattureincloud.php:116
filterwoocommerce_billing_fieldswoo-fattureincloud.php:119
actionwoocommerce_checkout_update_order_metawoo-fattureincloud.php:122
actionwoocommerce_checkout_before_customer_detailswoo-fattureincloud.php:126
Maintenance & Trust

WFatture for WooCommerce Fattureincloud Maintenance & Trust

Maintenance Signals

WordPress version tested7.0
Last updatedMar 5, 2026
PHP min version7.4
Downloads34K

Community Trust

Rating100/100
Number of ratings33
Active installs800
Alternatives

WFatture for WooCommerce Fattureincloud Alternatives

POP – Free European electronic invoicing for e-commerce (ex-WooPop)

POP – Free European electronic invoicing for e-commerce (ex-WooPop)

woopop-electronic-invoice-free

A
100

Automate European e-invoicing for e-commerce: generate XML & PDF invoices, send via SdI and PEPPOL, manage compliance with API credits.

100 No CVEs
Ficoo – Fatture in Cloud per WooCommerce

Ficoo – Fatture in Cloud per WooCommerce

ficoo-smart-connector-core

A
100

Connetti WooCommerce a Fatture in Cloud, crea documenti e gestisci l'inventario. Compatibile con WooCommerce 10.4.x Nuove opzioni disponibili! Co &hellip;

90 No CVEs
Fattura24

Fattura24

fattura24

A
100

The official Fattura24 plugin allows the creation of electronic invoices, orders, traditional invoices and receipts via Fattura24

500 1 CVE
Easy Fattura Elettronica FREE

Easy Fattura Elettronica FREE

easy-fattura-elettronica-free

A
100

Compatibile con la versione 1.7.1 delle specifiche tecniche dell'Agenzia delle Entrate in vigore dal 1° ottobre 2022.

100 No CVEs
CRM in Cloud for WooCommerce

CRM in Cloud for WooCommerce

crm-in-cloud-for-wc

A
100

Synchronize your WordPress/ WooCommerce site with CRM in Cloud exporting users and orders in real time

10 No CVEs
Developer Profile

WFatture for WooCommerce Fattureincloud Developer Profile

Cristiano Zanca

1 plugin · 800 total installs

99
trust score
Avg Security Score
99/100
Avg Patch Time
7 days
View full developer profile
Detection Fingerprints

How We Detect WFatture for WooCommerce Fattureincloud

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/woo-fattureincloud/assets/js/woo_fic_cf.js

HTML / DOM Fingerprints

Data Attributes
data-wfic-nonce
JS Globals
woofic_Data
FAQ

Frequently Asked Questions about WFatture for WooCommerce Fattureincloud