WP-Safety

Fortnox for WooCommerce Security & Risk Analysis

wordpress.org/plugins/woocommerce-fortnox-integration

Synchronizes all customers, products and orders from WooCommerce to Fortnox. Saves you both sweat and hours of work.

200 active installs v4.6.1 PHP + WP 4.0+ Updated Mar 5, 2026
accountinge-commerceordersyncwoocommerce
98
A · Safe
CVEs total2
Unpatched0
Last CVESep 11, 2025
Plugin page Download
Safety Verdict

Is Fortnox for WooCommerce Safe to Use in 2026?

Generally Safe

Score 98/100

Fortnox for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Sep 11, 2025Updated 29d ago
Risk Assessment

The 'woocommerce-fortnox-integration' v4.6.1 plugin presents a concerning security posture, primarily due to its substantial attack surface lacking proper authorization. With 11 unprotected AJAX handlers, there's a significant risk of unauthorized actions being performed. While the code analysis shows no directly exploitable critical or high severity taint flows, the presence of unsanitized paths in one flow, coupled with only 36% proper output escaping, indicates potential for cross-site scripting (XSS) vulnerabilities if malicious input is not handled rigorously. The plugin also exhibits a history of medium severity vulnerabilities, including XSS and missing authorization, which is particularly worrying given the current lack of authorization checks on its entry points. Although the use of prepared statements for SQL queries is a positive sign, and there are no unpatched CVEs at this time, the plugin's fundamental lack of security on its primary interaction points (AJAX handlers) and its past vulnerability patterns outweigh these strengths, suggesting a need for immediate attention and remediation.

Key Concerns

  • 11 unprotected AJAX handlers
  • 1 flow with unsanitized paths
  • Only 36% properly escaped output
  • 2 known medium CVEs (past issues)
  • Missing authorization on all AJAX handlers
  • Only 2 nonce checks for 11 entry points
Vulnerabilities
2

Fortnox for WooCommerce Security Vulnerabilities

CVEs by Year

2 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2025-47610medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WooCommerce Fortnox Integration <= 4.5.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting

Sep 11, 2025 Patched in 4.5.7 (6d)
CVE-2025-49998medium · 4.3Missing Authorization

WooCommerce Fortnox Integration <= 4.5.5 - Missing Authorization

Jun 19, 2025 Patched in 4.5.6 (9d)
Code Analysis
Analyzed Mar 16, 2026

Fortnox for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
3
2 prepared
Unescaped Output
107
61 escaped
Nonce Checks
2
Capability Checks
11
File Operations
0
External Requests
7
Bundled Libraries
0

SQL Query Safety

40% prepared5 total queries

Output Escaping

36% escaped168 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

5 flows1 with unsanitized paths
fortnox_organization_number (inc\fortnox\class-wf-ajax.php:71)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
11 unprotected

Fortnox for WooCommerce Attack Surface

Entry Points11
Unprotected11

AJAX Handlers 11

authwp_ajax_fortnox_update_settinginc\fortnox\class-wf-ajax.php:30
authwp_ajax_fortnox_logoutinc\fortnox\class-wf-ajax.php:31
authwp_ajax_fortnox_fetch_accountsinc\fortnox\class-wf-ajax.php:32
authwp_ajax_fortnox_bulk_actioninc\fortnox\class-wf-ajax.php:33
authwp_ajax_check_fortnox_license_keyinc\fortnox\class-wf-ajax.php:34
authwp_ajax_check_fortnox_organization_numberinc\fortnox\class-wf-ajax.php:35
authwp_ajax_check_pull_for_result_auth_by_organisation_numberinc\fortnox\class-wf-ajax.php:36
authwp_ajax_check_fortnox_auth_codeinc\fortnox\class-wf-ajax.php:37
authwp_ajax_fortnox_actioninc\fortnox\class-wf-ajax.php:38
authwp_ajax_fetch_delivery_termsinc\fortnox\class-wf-ajax.php:39
authwp_ajax_fetch_revenue_accountsinc\fortnox\class-wf-ajax.php:40
WordPress Hooks 50
actionadmin_noticesinc\admin_views\class-wf-admin-notices.php:18
actionwoocommerce_admin_process_product_objectinc\admin_views\class-wf-product-additional-fields.php:34
actionwoocommerce_save_product_variationinc\admin_views\class-wf-product-additional-fields.php:44
actionwoocommerce_product_options_pricinginc\admin_views\class-wf-product-additional-fields.php:54
actionwoocommerce_product_options_pricinginc\admin_views\class-wf-product-additional-fields.php:83
actionwoocommerce_product_after_variable_attributesinc\admin_views\class-wf-product-additional-fields.php:122
filterhttp_request_timeoutinc\fortnox\api\class-wf-auth.php:141
actionadmin_noticesinc\wetail\class-wf-ng-fortnox-auth.php:18
actionbefore_woocommerce_initplugin.php:36
actionadmin_noticesplugin.php:48
actionplugins_loadedplugin.php:84
actionadmin_noticesplugin.php:88
filterpre_option_fortnox_auto_create_order_invoiceplugin.php:112
actionwf_order_after_create_or_updateplugin.php:121
actionwoocommerce_order_refundedplugin.php:126
actionwoocommerce_order_status_completeplugin.php:132
actioninitplugin.php:144
actionwoocommerce_checkout_update_order_metaplugin.php:146
actionwoocommerce_process_shop_order_metaplugin.php:150
actionwoocommerce_api_create_orderplugin.php:154
actionwoocommerce_deposits_create_orderplugin.php:155
filterwoocommerce_order_numberplugin.php:161
filterwoocommerce_checkout_fieldsplugin.php:164
actionwoocommerce_process_shop_order_metaplugin.php:168
actionwoocommerce_admin_order_data_after_billing_addressplugin.php:173
actionwoocommerce_initplugin.php:184
actionadmin_initplugin.php:188
actionadmin_enqueue_scriptsplugin.php:199
filtermanage_edit-shop_order_columnsplugin.php:202
filterwoocommerce_shop_order_list_table_columnsplugin.php:203
actionmanage_shop_order_posts_custom_columnplugin.php:206
actionwoocommerce_shop_order_list_table_custom_columnplugin.php:210
filtermanage_edit-product_columnsplugin.php:216
actionmanage_product_posts_custom_columnplugin.php:219
actionload-post.phpplugin.php:225
actionload-post-new.phpplugin.php:226
actionsave_postplugin.php:229
filterviews_edit-shop_orderplugin.php:239
actionpre_get_postsplugin.php:240
filterviews_woocommerce_page_wc-ordersplugin.php:243
filterwoocommerce_order_list_table_prepare_items_query_argsplugin.php:244
actionadmin_menuplugin.php:262
actionwoocommerce_customer_loadedplugin.php:266
actionadmin_initplugin.php:267
actionwp_enqueue_scriptsplugin.php:270
actionadmin_print_scriptsplugin.php:274
filterwp_feed_cache_transient_lifetimeplugin.php:298
filterrest_api_initplugin.php:372
filterwoocommerce_my_account_my_orders_actionsplugin.php:373
actionupgrader_process_completeplugin.php:377
Maintenance & Trust

Fortnox for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 5, 2026
PHP min version
Downloads30K

Community Trust

Rating100/100
Number of ratings3
Active installs200
Alternatives

Fortnox for WooCommerce Alternatives

Visma for WooCommerce

Visma for WooCommerce

woo-visma-integration

A
100

Visma for WooCommerce är den mest omfattande integrationen mellan WooCommerce och Visma eEkonomi. Pluginet automatiserar hela flödet från webshop till &hellip;

90 No CVEs
Up2pay e-Transactions WooCommerce Payment Gateway

Up2pay e-Transactions WooCommerce Payment Gateway

e-transactions-wc

A
100

This plugin is a Up2pay e-Transactions payment gateway for WooCommerce 4.x

4K No CVEs
GSheetConnector for WC

GSheetConnector for WC

wc-gsheetconnector

A
97

Google Sheet Integration for WooCommerce Plugin, Addon plugin of WooCommerce - Helps to send the orders directly to Google Sheets in a real-time.

3K 3 CVEs
TT Extra Fee Option for WooCommerce

TT Extra Fee Option for WooCommerce

woocommerce-extra-fee-option

A
100

A WooCommerce plugin that add an extra fee to customer order based on conditions.

1K No CVEs
Paybox WooCommerce Payment Gateway

Paybox WooCommerce Payment Gateway

paybox-woocommerce-gateway

A
100

This plugin is a Paybox payment gateway for WooCommerce 4.x

500 No CVEs
Developer Profile

Fortnox for WooCommerce Developer Profile

Wetail

6 plugins · 540 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
8 days
View full developer profile
Detection Fingerprints

How We Detect Fortnox for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/woocommerce-fortnox-integration/assets/css/wf_admin_styles.css/wp-content/plugins/woocommerce-fortnox-integration/assets/css/wf_style.css/wp-content/plugins/woocommerce-fortnox-integration/assets/js/wf_admin.js/wp-content/plugins/woocommerce-fortnox-integration/assets/js/wf_admin_notices.js/wp-content/plugins/woocommerce-fortnox-integration/assets/js/wf_product_fields.js/wp-content/plugins/woocommerce-fortnox-integration/assets/js/wf_settings.js
Script Paths
/wp-content/plugins/woocommerce-fortnox-integration/assets/js/wf_admin.js/wp-content/plugins/woocommerce-fortnox-integration/assets/js/wf_admin_notices.js/wp-content/plugins/woocommerce-fortnox-integration/assets/js/wf_product_fields.js/wp-content/plugins/woocommerce-fortnox-integration/assets/js/wf_settings.js
Version Parameters
/wp-content/plugins/woocommerce-fortnox-integration/assets/css/wf_admin_styles.css?ver=/wp-content/plugins/woocommerce-fortnox-integration/assets/css/wf_style.css?ver=/wp-content/plugins/woocommerce-fortnox-integration/assets/js/wf_admin.js?ver=/wp-content/plugins/woocommerce-fortnox-integration/assets/js/wf_admin_notices.js?ver=/wp-content/plugins/woocommerce-fortnox-integration/assets/js/wf_product_fields.js?ver=/wp-content/plugins/woocommerce-fortnox-integration/assets/js/wf_settings.js?ver=

HTML / DOM Fingerprints

CSS Classes
wf_settings_page
HTML Comments
CU-8697j33beOrder table view filters.clickup https://app.clickup.com/t/8697j33benon-hpos+1 more
REST Endpoints
/wp-json/woocommerce_fortnox/v1/products
FAQ

Frequently Asked Questions about Fortnox for WooCommerce