WP-Safety

SuperFaktura WooCommerce Security & Risk Analysis

wordpress.org/plugins/woocommerce-superfaktura

Connect your WooCommerce eShop with online invoicing system SuperFaktura.

2K active installs v1.51.0 PHP 7.4+ WP 4.4+ Updated Mar 13, 2026
fakturainvoiceproformasuperfakturawoocommerce
100
A · Safe
CVEs total1
Unpatched0
Last CVEFeb 23, 2024
Plugin page Download
Safety Verdict

Is SuperFaktura WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

SuperFaktura WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Feb 23, 2024Updated 22d ago
Risk Assessment

The WooCommerce SuperFaktura plugin v1.52.0 exhibits a mixed security posture. While it demonstrates good practices in output escaping (96% properly escaped) and avoids the use of dangerous functions, several areas raise concerns. The presence of one unprotected AJAX handler significantly expands the attack surface and represents a direct entry point for potential attackers. Furthermore, the analysis of SQL queries indicates a complete lack of prepared statements, meaning all SQL queries are susceptible to injection attacks if not properly sanitized elsewhere. Taint analysis, though not revealing critical or high severity issues, did identify flows with unsanitized paths, which could lead to vulnerabilities if exploited in conjunction with other weaknesses.

The vulnerability history is a significant concern. The plugin has one known medium severity CVE, which was SSRF. While this vulnerability is currently patched, the pattern of past vulnerabilities, particularly SSRF, suggests a recurring need for careful code review and auditing of external interactions and input handling. The plugin's reliance on external HTTP requests (5) could also be a vector for SSRF if not implemented with robust validation and sanitization.

In conclusion, the plugin has strengths in output escaping, but the unprotected AJAX handler, raw SQL queries, and past SSRF vulnerabilities necessitate caution. Developers should prioritize addressing the unprotected entry point and ensuring all SQL queries are parameterized. Continued vigilance regarding external HTTP requests and input validation is crucial given the historical vulnerability patterns.

Key Concerns

  • Unprotected AJAX handler
  • SQL queries without prepared statements
  • Flows with unsanitized paths found
  • Known medium severity vulnerability (SSRF)
Vulnerabilities
1

SuperFaktura WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2024-1758medium · 5.4Server-Side Request Forgery (SSRF)

SuperFaktura WooCommerce <= 1.40.3 - Authenticated (Subscriber+) Blind Server-Side Request Forgery

Feb 23, 2024 Patched in 1.40.4 (68d)
Code Analysis
Analyzed Mar 16, 2026

SuperFaktura WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
0 prepared
Unescaped Output
5
118 escaped
Nonce Checks
2
Capability Checks
2
File Operations
4
External Requests
5
Bundled Libraries
0

SQL Query Safety

0% prepared1 total queries

Output Escaping

96% escaped123 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths
admin_notices (includes\class-wc-sf-admin.php:105)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

SuperFaktura WooCommerce Attack Surface

Entry Points3
Unprotected1

AJAX Handlers 3

authwp_ajax_wc_sf_api_testincludes\class-wc-superfaktura.php:138
authwp_ajax_wc_sf_url_checkincludes\class-wc-superfaktura.php:139
authwp_ajax_wc_sf_generate_secret_keyincludes\class-wc-superfaktura.php:362
WordPress Hooks 38
actionadmin_initincludes\class-wc-sf-admin.php:39
actionadmin_noticesincludes\class-wc-sf-admin.php:40
actionadmin_noticesincludes\class-wc-sf-admin.php:41
actionwoocommerce_settings_wc_superfakturaincludes\class-wc-sf-admin.php:42
actionadmin_enqueue_scriptsincludes\class-wc-sf-admin.php:43
actionadd_meta_boxesincludes\class-wc-sf-admin.php:44
actionadmin_headincludes\class-wc-sf-admin.php:51
actionwoocommerce_get_settings_pagesincludes\class-wc-sf-admin.php:52
filterwoocommerce_admin_order_actionsincludes\class-wc-sf-admin.php:53
actionwoocommerce_blocks_loadedincludes\class-wc-sf-checkout-block.php:39
actionwoocommerce_store_api_checkout_update_order_from_requestincludes\class-wc-sf-checkout-block.php:56
actionwoocommerce_blocks_validate_location_contact_fieldsincludes\class-wc-sf-checkout-block.php:59
actionwp_enqueue_scriptsincludes\class-wc-sf-checkout-block.php:62
filterwoocommerce_get_country_locale_defaultincludes\class-wc-sf-checkout-block.php:115
filterwoocommerce_get_country_localeincludes\class-wc-sf-checkout-block.php:116
actionwoocommerce_email_customer_detailsincludes\class-wc-sf-email.php:34
actionwoocommerce_email_order_metaincludes\class-wc-sf-email.php:35
actionwoocommerce_email_order_metaincludes\class-wc-sf-email.php:36
filterwoocommerce_email_attachmentsincludes\class-wc-sf-email.php:37
filterwoocommerce_settings_tabs_arrayincludes\class-wc-sf-settings.php:50
actioninitincludes\class-wc-superfaktura.php:133
actionplugins_loadedincludes\class-wc-superfaktura.php:134
actionwp_enqueue_scriptsincludes\class-wc-superfaktura.php:136
filterwoocommerce_billing_fieldsincludes\class-wc-superfaktura.php:333
filterwoocommerce_form_fieldincludes\class-wc-superfaktura.php:334
filterwoocommerce_checkout_processincludes\class-wc-superfaktura.php:335
filterwoocommerce_admin_billing_fieldsincludes\class-wc-superfaktura.php:337
actionwoocommerce_process_shop_order_metaincludes\class-wc-superfaktura.php:338
filterwoocommerce_customer_meta_fieldsincludes\class-wc-superfaktura.php:341
filterwoocommerce_ajax_get_customer_detailsincludes\class-wc-superfaktura.php:344
actionwoocommerce_checkout_update_order_metaincludes\class-wc-superfaktura.php:347
filterwoocommerce_my_account_my_orders_actionsincludes\class-wc-superfaktura.php:349
actionwoocommerce_checkout_order_processedincludes\class-wc-superfaktura.php:356
actionwoocommerce_thankyouincludes\class-wc-superfaktura.php:358
actionwp_loadedincludes\class-wc-superfaktura.php:359
actionsf_fetch_related_invoiceincludes\class-wc-superfaktura.php:360
actionsf_retry_generate_invoiceincludes\class-wc-superfaktura.php:361
actionbefore_woocommerce_initwoocommerce-superfaktura.php:46
Maintenance & Trust

SuperFaktura WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 13, 2026
PHP min version7.4
Downloads123K

Community Trust

Rating98/100
Number of ratings15
Active installs2K
Alternatives

SuperFaktura WooCommerce Alternatives

Invoicing Integration for inFakt and WooCommerce

Invoicing Integration for inFakt and WooCommerce

invoicing-integration-for-infakt-and-woocommerce

A
100

WooCommerce integration with inFakt accounting system.

10 No CVEs
PDF Invoices & Packing Slips for WooCommerce

PDF Invoices & Packing Slips for WooCommerce

woocommerce-pdf-invoices-packing-slips

A
88

Create, print & automatically email PDF or XML Invoices & PDF Packing Slips for WooCommerce orders.

300K 12 CVEs
WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes & Shipping Labels

WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes & Shipping Labels

print-invoices-packing-slip-labels-for-woocommerce

A
96

Auto-generate and attach WooCommerce PDF invoices and packing slips to order emails with customizable templates & bulk print options.

60K 6 CVEs
Print Invoice & Delivery Notes for WooCommerce

Print Invoice & Delivery Notes for WooCommerce

woocommerce-delivery-notes

A
89

Create and print PDF invoices, delivery notes and receipts for your WooCommerce orders. Choose your document format from multiple templates.

30K 9 CVEs
Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools

Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools

woocommerce-jetpack

B
82

Supercharge WooCommerce with FREE Abandoned Cart Recovery, Product Variation Swatches, PDF Invoices & 100+ tools. Boost sales & save time.

30K 32 CVEs
Developer Profile

SuperFaktura WooCommerce Developer Profile

superfaktura

1 plugin · 2K total installs

88
trust score
Avg Security Score
100/100
Avg Patch Time
68 days
View full developer profile
Detection Fingerprints

How We Detect SuperFaktura WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/woocommerce-superfaktura/assets/css/admin.css/wp-content/plugins/woocommerce-superfaktura/assets/js/admin.js/wp-content/plugins/woocommerce-superfaktura/assets/css/wc_sf_checkout.css/wp-content/plugins/woocommerce-superfaktura/assets/js/wc_sf_checkout.js
Script Paths
/wp-content/plugins/woocommerce-superfaktura/assets/js/admin.js/wp-content/plugins/woocommerce-superfaktura/assets/js/wc_sf_checkout.js
Version Parameters
woocommerce-superfaktura/assets/css/admin.css?ver=woocommerce-superfaktura/assets/js/admin.js?ver=woocommerce-superfaktura/assets/css/wc_sf_checkout.css?ver=woocommerce-superfaktura/assets/js/wc_sf_checkout.js?ver=

HTML / DOM Fingerprints

CSS Classes
sf-proforma-buttonsf-regular-invoice-buttonsf-cancel-invoice-buttonsf-button-proformasf-button-regularsf-button-cancelsf_admin_noticewoocommerce-sf-order-number-notice+1 more
HTML Comments
<!-- Created by SuperFaktura WooComerce -->
Data Attributes
data-sf-invoice-iddata-sf-order-id
JS Globals
sf_langwc_sf_checkout_paramswc_sf_params
FAQ

Frequently Asked Questions about SuperFaktura WooCommerce