WP-Safety

European VAT Compliance Assistant for WooCommerce Security & Risk Analysis

wordpress.org/plugins/woocommerce-eu-vat-compliance

Assists with EU/UK/Norway/Switzerland VAT compliance for WooCommerce, for the VAT regimes that began in 2015 and were extended in 2021), including the …

3K active installs v1.36.6 PHP 7.1+ WP 5.3+ Updated Jan 24, 2026
eu-vativamossvat-compliancewoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is European VAT Compliance Assistant for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

European VAT Compliance Assistant for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago
Risk Assessment

The WooCommerce EU VAT Compliance plugin v1.36.6 presents a mixed security posture. On the positive side, it has no recorded vulnerability history, indicating a good track record for security. The plugin also demonstrates a relatively good practice with SQL queries, as 73% utilize prepared statements, and it incorporates nonce checks for some functionalities. However, several areas raise significant concerns. The presence of two unprotected AJAX handlers significantly increases the attack surface, as these can be exploited by unauthenticated users. Furthermore, the analysis reveals a concerning 34% rate of properly escaped output, suggesting potential vulnerabilities to cross-site scripting (XSS) attacks. The taint analysis, while showing no critical or high severity flows, does indicate 7 flows with unsanitized paths, which warrants further investigation. The use of the 'unserialize' function, a known risky function, six times also adds to the potential for vulnerabilities if not handled with extreme care and strict input validation.

Key Concerns

  • Unprotected AJAX handlers present
  • Low output escaping rate
  • Unsanitized paths in taint analysis flows
  • Use of 'unserialize' function
Vulnerabilities
None known

European VAT Compliance Assistant for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

European VAT Compliance Assistant for WooCommerce Code Analysis

Dangerous Functions
6
Raw SQL Queries
7
19 prepared
Unescaped Output
228
117 escaped
Nonce Checks
4
Capability Checks
1
File Operations
17
External Requests
13
Bundled Libraries
0

Dangerous Functions Found

unserializeif ('_line_tax_data' === $itemmeta->meta_key && is_serialized($itemmeta->meta_value)) $itemmeta->metincludes\vat-compliance-order-export.php:218
unserializereturn (!is_null($s)) ? unserialize($s) : null;nusoap\class.wsdlcache.php:109
unserialize$current_line_tax_data = empty($r->v) ? array() : unserialize($r->v, array('allowed_classes' => falsreports.php:205
unserialize$cinfo = empty($res->meta_value) ? array() : unserialize($res->meta_value, array('allowed_classes' =reports.php:872
unserialize$vat_paid = empty($res->meta_value) ? array() : unserialize($res->meta_value, array('allowed_classesreports.php:886
unserialize$rates = empty($res->meta_value) ? array() : unserialize($res->meta_value, array('allowed_classes' =reports.php:929

SQL Query Safety

73% prepared26 total queries

Output Escaping

34% escaped345 total outputs
Data Flows
7 unsanitized

Data Flow Analysis

9 flows7 with unsanitized paths
wc_eu_vat_compliance_report (includes\reports-ui.php:241)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

European VAT Compliance Assistant for WooCommerce Attack Surface

Entry Points6
Unprotected2

AJAX Handlers 5

authwp_ajax_wc_eu_vat_cccontrol-centre.php:31
authwp_ajax_wc_vat_get_widget_countrypreselect-country.php:49
noprivwp_ajax_wc_vat_get_widget_countrypreselect-country.php:50
authwp_ajax_wc_vat_get_vat_meta_boxrecord-order-details.php:31
authwp_ajax_wc_vat_get_export_order_inforecord-order-details.php:32

Shortcodes 1

[euvat_country_selector] preselect-country.php:46
WordPress Hooks 54
actionwidgets_initbootstrap.php:30
actioninitbootstrap.php:77
actionbefore_woocommerce_initbootstrap.php:79
actionplugins_loadedbootstrap.php:80
actionwoocommerce_settings_tax_options_endbootstrap.php:82
actionwoocommerce_update_options_taxbootstrap.php:83
filternetwork_admin_plugin_action_linksbootstrap.php:85
filterplugin_action_linksbootstrap.php:86
actionwpo_wcpdf_process_template_orderbootstrap.php:88
filterwpo_wcpdf_footer_settings_textbootstrap.php:90
actionwoocommerce_check_cart_itemsbootstrap.php:92
actionwoocommerce_checkout_processbootstrap.php:93
filterwoocommerce_allow_marketplace_suggestionsbootstrap.php:96
actionplugins_loadedbootstrap.php:100
actionwoocommerce_store_api_cart_update_customer_from_requestbootstrap.php:103
filterwoocommerce_maxmind_geolocation_update_database_periodicallybootstrap.php:1719
filterwoocommerce_geolocation_update_database_periodicallybootstrap.php:1721
filterwoocommerce_adjust_non_base_location_pricesbootstrap.php:1724
actionwoocommerce_checkout_update_order_reviewbootstrap.php:1728
actionadmin_menucontrol-centre.php:28
filterwoocommerce_screen_idscontrol-centre.php:29
filterwoocommerce_reports_screen_idscontrol-centre.php:30
actionwceuvat_background_testscontrol-centre.php:32
actionwoocommerce_admin_field_wcvat_tax_classescontrol-centre.php:33
actionwoocommerce_admin_field_wc_vat_forbid_vatable_checkoutcontrol-centre.php:34
actionwoocommerce_admin_field_wc_vat_regionscontrol-centre.php:35
actionwoocommerce_admin_field_wcvat_tax_class_translationscontrol-centre.php:37
actionadmin_footercontrol-centre.php:574
actionadmin_footercontrol-centre.php:764
actionwoocommerce_settings_euvat_vat_options_endcontrol-centre.php:859
actionbefore_woocommerce_initeu-vat-compliance.php:24
filterallincludes\debug-fragment.php:11
actionwc_eu_vat_compliance_cc_tab_reportsincludes\reports-ui.php:13
actionadmin_initincludes\reports-ui.php:14
filterwoocommerce_admin_reportsincludes\reports-ui.php:21
actioninitnumber-lookups\hmrc.php:37
actionwidgets_initpreselect-country.php:47
filterwoocommerce_get_price_suffixpreselect-country.php:54
filterrest_dispatch_requestpreselect-country.php:57
filterwoocommerce_get_tax_locationpreselect-country.php:62
filterwoocommerce_customer_taxable_addresspreselect-country.php:65
actionwoocommerce_cart_totals_after_order_totalpreselect-country.php:68
actionwoocommerce_after_cart_totalspreselect-country.php:69
actionwp_footerpreselect-country.php:73
filterwoocommerce_countries_base_countrypreselect-country.php:124
actionwp_footerpreselect-country.php:372
actionadmin_initrates.php:31
actionadmin_footerrates.php:51
actionwoocommerce_checkout_create_orderrecord-order-details.php:23
actionwoocommerce_checkout_order_processedrecord-order-details.php:25
actionadd_meta_boxesrecord-order-details.php:27
actionwoocommerce_order_after_calculate_totalsrecord-order-details.php:29
actionadmin_footerrecord-order-details.php:134
actionplugins_loadedreports.php:40

Scheduled Events 1

wceuvat_background_tests
Maintenance & Trust

European VAT Compliance Assistant for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 24, 2026
PHP min version7.1
Downloads228K

Community Trust

Rating96/100
Number of ratings26
Active installs3K
Alternatives

European VAT Compliance Assistant for WooCommerce Alternatives

Connect WooCommerce Shop to ERP/CRM, Verifactu and EU/VAT Compliance

Connect WooCommerce Shop to ERP/CRM, Verifactu and EU/VAT Compliance

woocommerce-es

A
100

Add VAT Fields, Import European Taxes and check VAT compliance. Connect WooCommerce with ERPs and CRMs. Products, Clients and Orders with ERP/CRM.

1K No CVEs
Flexible PDF Invoices for WooCommerce & WordPress

Flexible PDF Invoices for WooCommerce & WordPress

flexible-invoices

A
99

WooCommerce PDF invoices made simple. EU VAT validation, reverse charge invoice, proforma invoices, MOSS / OSS support, invoices in bulk and more.

7K 1 CVE
Viva.com | Smart Checkout for WooCommerce

Viva.com | Smart Checkout for WooCommerce

viva-com-smart-for-woocommerce

A
100

Take secure online payments on your WooCommerce store with Viva.com Smart Checkout. ---

5K No CVEs
EU VAT Assistant for WooCommerce

EU VAT Assistant for WooCommerce

woocommerce-eu-vat-assistant

A
100

Extends the standard WooCommerce sale process and assists in achieving compliance with the new EU VAT regime starting on the 1st of January 2015.

5K No CVEs
WebPlus Gateway for LiqPay on WooCommerce

WebPlus Gateway for LiqPay on WooCommerce

webplus-liqpay-woocommerce

A
100

Плагин LiqPay для WooCommerce

1K No CVEs
Developer Profile

European VAT Compliance Assistant for WooCommerce Developer Profile

David Anderson / Team Updraft

16 plugins · 6.4M total installs

78
trust score
Avg Security Score
98/100
Avg Patch Time
1197 days
View full developer profile
Detection Fingerprints

How We Detect European VAT Compliance Assistant for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/woocommerce-eu-vat-compliance/includes/js/admin.js/wp-content/plugins/woocommerce-eu-vat-compliance/includes/js/frontend.js/wp-content/plugins/woocommerce-eu-vat-compliance/includes/js/checkout.js/wp-content/plugins/woocommerce-eu-vat-compliance/assets/css/admin.css/wp-content/plugins/woocommerce-eu-vat-compliance/assets/css/frontend.css/wp-content/plugins/woocommerce-eu-vat-compliance/assets/css/checkout.css
Script Paths
/wp-content/plugins/woocommerce-eu-vat-compliance/includes/js/admin.js/wp-content/plugins/woocommerce-eu-vat-compliance/includes/js/frontend.js/wp-content/plugins/woocommerce-eu-vat-compliance/includes/js/checkout.js
Version Parameters
woocommerce-eu-vat-compliance/includes/js/admin.js?ver=woocommerce-eu-vat-compliance/includes/js/frontend.js?ver=woocommerce-eu-vat-compliance/includes/js/checkout.js?ver=woocommerce-eu-vat-compliance/assets/css/admin.css?ver=woocommerce-eu-vat-compliance/assets/css/frontend.css?ver=woocommerce-eu-vat-compliance/assets/css/checkout.css?ver=

HTML / DOM Fingerprints

CSS Classes
wc-vat-compliance-vat-block
HTML Comments
<!-- N.B. WooCommerce doesn't check the minor version. So, '3.9.0' means 'the entire 3.9 series' --><!-- This plugin performs various distinct functions. So, we have separated the code accordingly. --><!-- Not all of these files may be present, depending on whether this is the free or premium version or not --><!-- Though the code is separated, some pieces are inter-dependent; the order also matters. So, don't assume you can just change this arbitrarily. -->+3 more
Data Attributes
data-vat_id_labeldata-vat_id_button_textdata-vat_id_error_messagedata-vat_id_help_text
JS Globals
wc_eu_vat_compliance_params
REST Endpoints
/wp-json/wc-eu-vat-compliance/v1/settings
FAQ

Frequently Asked Questions about European VAT Compliance Assistant for WooCommerce