PDF Builder for WooCommerce. Create invoices,packing slips and more Security & Risk Analysis
wordpress.org/plugins/woo-pdf-invoice-builderCreate WooCommerce pdf invoices, packing slips, certificates and more, customized them as you want them with the best drag-drop builder.
Is PDF Builder for WooCommerce. Create invoices,packing slips and more Safe to Use in 2026?
Generally Safe
Score 94/100PDF Builder for WooCommerce. Create invoices,packing slips and more has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.
The 'woo-pdf-invoice-builder' plugin exhibits a mixed security posture. While it demonstrates good practices in SQL query preparation and a significant portion of output escaping, several concerning areas warrant attention. The static analysis reveals a substantial attack surface with 25 AJAX handlers, 11 of which lack authentication checks. This is further exacerbated by the taint analysis, which identified 6 high-severity flows with unsanitized paths. These findings suggest potential vulnerabilities related to input validation and authorization that could be exploited by attackers.
The plugin's vulnerability history is also a significant concern. With 10 known CVEs, including one high-severity and nine medium-severity issues, the historical pattern points to recurring security weaknesses such as CSRF, XSS, missing authorization, and SQL injection. Although no unpatched CVEs are currently listed, the prevalence of past vulnerabilities suggests a need for more robust security development practices and thorough testing. The presence of bundled libraries like dompdf, Select2, TinyMCE, and TCPDF, while common, also introduces potential risks if they are not kept updated to their latest secure versions.
In conclusion, while the plugin shows strengths in certain areas like SQL preparation, the numerous unprotected AJAX handlers, high-severity unsanitized taint flows, and a history of multiple CVEs indicate significant security risks. The plugin is not recommended for use without a thorough review of its current implementation and a plan to address the identified areas of concern.
Key Concerns
- Unprotected AJAX handlers
- High severity unsanitized taint flows
- History of high severity CVE
- History of medium severity CVEs
- Low output escaping percentage
- Limited capability checks
PDF Builder for WooCommerce. Create invoices,packing slips and more Security Vulnerabilities
CVEs by Year
Severity Breakdown
10 total CVEs
WooCommerce PDF Invoice Builder <= 1.2.150 - Missing Authorization
WooCommerce PDF Invoice Builder <= 1.2.148 - Cross-Site Request Forgery
PDF Builder for WooCommerce. Create invoices,packing slips and more <= 1.2.136 - Reflected Cross-Site Scripting
WooCommerce PDF Invoice Builder <= 1.2.101 - Cross-Site Request Forgery
WooCommerce PDF Invoice Builder <= 1.2.103 - Reflected Cross-Site Scripting
WooCommerce PDF Invoice Builder <= 1.2.89 - Missing Authorization to Sensitive Information Exposure
WooCommerce PDF Invoice Builder <= 1.2.90 - Authenticated (Administrator+) Cross-Site Scripting
WooCommerce PDF Invoice Builder <= 1.2.90 - Cross-Site Request Forgery to Custom Field Creation
WooCommerce PDF Invoice Builder <= 1.2.89 - Authenticated (Subscriber+) SQL Injection via Export
WooCommerce PDF Invoice Builder <= 1.2.90 - Cross-Site Request Forgery via Save
PDF Builder for WooCommerce. Create invoices,packing slips and more Release Timeline
PDF Builder for WooCommerce. Create invoices,packing slips and more Code Analysis
Bundled Libraries
SQL Query Safety
Output Escaping
Data Flow Analysis
PDF Builder for WooCommerce. Create invoices,packing slips and more Attack Surface
AJAX Handlers 25
WordPress Hooks 21
Maintenance & Trust
PDF Builder for WooCommerce. Create invoices,packing slips and more Maintenance & Trust
Maintenance Signals
Community Trust
PDF Builder for WooCommerce. Create invoices,packing slips and more Alternatives
WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes & Shipping Labels
print-invoices-packing-slip-labels-for-woocommerce
Auto-generate and attach WooCommerce PDF invoices and packing slips to order emails with customizable templates & bulk print options.
Flexible PDF Invoices for WooCommerce & WordPress
flexible-invoices
WooCommerce PDF invoices made simple. EU VAT validation, reverse charge invoice, proforma invoices, MOSS / OSS support, invoices in bulk and more.
Invoice Manager for WooCommerce
wc-invoice-manager
Manage WooCommerce invoices with the first Gutenberg-based editor; it's user-friendly, and ensures professional, accurate billing.
Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools
woocommerce-jetpack
Supercharge WooCommerce with FREE Abandoned Cart Recovery, Product Variation Swatches, PDF Invoices & 100+ tools. Boost sales & save time.
PDF Invoices & Packing Slips for WooCommerce – Challan
webappick-pdf-invoice-for-woocommerce
WooCommerce PDF invoice generator with automatic email attachment. Create packing slips, shipping labels, credit notes, multilingual.
PDF Builder for WooCommerce. Create invoices,packing slips and more Developer Profile
19 plugins · 12K total installs
How We Detect PDF Builder for WooCommerce. Create invoices,packing slips and more
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/woo-pdf-invoice-builder/css/admin.css/wp-content/plugins/woo-pdf-invoice-builder/js/dist/invoice_builder_bundle.js/wp-content/plugins/woo-pdf-invoice-builder/js/lib/jquery.dd.js/wp-content/plugins/woo-pdf-invoice-builder/js/lib/jquery-ui.js/wp-content/plugins/woo-pdf-invoice-builder/js/lib/jquery.base64.js/wp-content/plugins/woo-pdf-invoice-builder/js/lib/jquery.tablecloth.js/wp-content/plugins/woo-pdf-invoice-builder/js/lib/bootstrap.js/wp-content/plugins/woo-pdf-invoice-builder/js/lib/angular/angular.js+7 more/wp-content/plugins/woo-pdf-invoice-builder/js/dist/invoice_builder_bundle.js/wp-content/plugins/woo-pdf-invoice-builder/js/lib/jquery.dd.js/wp-content/plugins/woo-pdf-invoice-builder/js/lib/jquery-ui.js/wp-content/plugins/woo-pdf-invoice-builder/js/lib/jquery.base64.js/wp-content/plugins/woo-pdf-invoice-builder/js/lib/jquery.tablecloth.js/wp-content/plugins/woo-pdf-invoice-builder/js/lib/bootstrap.js+8 more/wp-content/plugins/woo-pdf-invoice-builder/css/admin.css?ver=/wp-content/plugins/woo-pdf-invoice-builder/js/dist/invoice_builder_bundle.js?ver=/wp-content/plugins/woo-pdf-invoice-builder/js/lib/jquery.dd.js?ver=/wp-content/plugins/woo-pdf-invoice-builder/js/lib/jquery-ui.js?ver=/wp-content/plugins/woo-pdf-invoice-builder/js/lib/jquery.base64.js?ver=/wp-content/plugins/woo-pdf-invoice-builder/js/lib/jquery.tablecloth.js?ver=/wp-content/plugins/woo-pdf-invoice-builder/js/lib/bootstrap.js?ver=/wp-content/plugins/woo-pdf-invoice-builder/js/lib/angular/angular.js?ver=/wp-content/plugins/woo-pdf-invoice-builder/js/lib/angular/angular-route.js?ver=/wp-content/plugins/woo-pdf-invoice-builder/js/lib/angular/angular-sanitize.js?ver=/wp-content/plugins/woo-pdf-invoice-builder/js/lib/angular-ui-sortable.js?ver=/wp-content/plugins/woo-pdf-invoice-builder/js/lib/angular-file-upload.min.js?ver=/wp-content/plugins/woo-pdf-invoice-builder/js/lib/tinymce/tinymce.min.js?ver=/wp-content/plugins/woo-pdf-invoice-builder/js/dist/metabox_bundle.js?ver=/wp-content/plugins/woo-pdf-invoice-builder/js/lib/Translator/RNTranslator.js?ver=HTML / DOM Fingerprints
pdf-invoice-builder-wrapperrn-invoice-builderpdf-invoice-designer-containerrnwcinv-metabox-section<!-- RnwPdfi Meta Box --><!-- invoice_id--><!-- invoice_name --><!-- invoice_number -->+7 morernwcinv-template-editorng-controller="InvoiceBuilderController"ng-init="Init('invoice_builder_data', 'product_data', '{{$product_data|json_encode|safe_escape_js}}', { 'order_id': {{order_id|json_encode|safe_escape_js}} })"rnwcinv-metaboxInvoiceBuilderDataRNTranslatorDictionaryrnwcinv_optionsRednaoWooCommercePDFInvoice