WP-Safety

Workadu invoicing for WooCommerce Security & Risk Analysis

wordpress.org/plugins/workadu-invoicing

Get your invoices going, simple and easy through workadu invoicing plugin.

0 active installs v1.0.5 PHP + WP 5.2+ Updated Jan 26, 2024
aadeinvoicesinvoicingmydataworkadu
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Workadu invoicing for WooCommerce Safe to Use in 2026?

Generally Safe

Score 85/100

Workadu invoicing for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago
Risk Assessment

The "workadu-invoicing" plugin v1.0.5 demonstrates a generally good security posture with several strengths. The static analysis reveals no directly exploitable vulnerabilities like unescaped output, raw SQL queries, or dangerous file operations. Crucially, all SQL queries are properly prepared, and all identified output is correctly escaped, which are fundamental security practices. The plugin also makes good use of nonces and capability checks for its entry points, indicating an understanding of WordPress security mechanisms.

However, there are areas for improvement and potential underlying risks. The presence of the `ini_set` function, while not inherently a vulnerability, can be a point of concern if not used carefully, as it can modify PHP's runtime configuration which might have security implications in certain contexts. Furthermore, the taint analysis shows one flow with an unsanitized path, which, though not rated as critical or high severity, warrants investigation to understand its potential impact. The plugin also makes five external HTTP requests, which could be a vector for supply chain attacks or information leakage if not handled securely.

The lack of any recorded vulnerabilities in its history is a positive sign, suggesting consistent development practices. However, this does not guarantee future security, especially given the minor concerns identified in the static analysis. Overall, the plugin is built on a solid foundation, but the identified unsanitized path and the use of `ini_set` suggest that a thorough code review for these specific areas is advisable to ensure no subtle vulnerabilities exist.

Key Concerns

  • Taint flow with unsanitized path
  • Use of dangerous function (ini_set)
  • External HTTP requests
Vulnerabilities
None known

Workadu invoicing for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Workadu invoicing for WooCommerce Release Timeline

v1.0.5Current
v1.0.4
v1.0.3
v1.0.2
v1.0.1
v1.0.0
Code Analysis
Analyzed Apr 16, 2026

Workadu invoicing for WooCommerce Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
1 prepared
Unescaped Output
0
70 escaped
Nonce Checks
2
Capability Checks
1
File Operations
0
External Requests
5
Bundled Libraries
0

Dangerous Functions Found

ini_setini_set('display_errors', 1);workadu-invoicing.php:464

SQL Query Safety

100% prepared1 total queries

Output Escaping

100% escaped70 total outputs
Data Flows · Security
1 unsanitized

Data Flow Analysis

3 flows1 with unsanitized paths
workadu_custom_bulk_action_admin_notice (workadu-invoicing.php:688)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Workadu invoicing for WooCommerce Attack Surface

Entry Points2
Unprotected0

AJAX Handlers 2

authwp_ajax_update_order_metaworkadu-invoicing.php:762
noprivwp_ajax_update_order_metaworkadu-invoicing.php:763
WordPress Hooks 16
actionplugins_loadedworkadu-invoicing.php:35
filterplugin_row_metaworkadu-invoicing.php:47
filterwoocommerce_settings_tabs_arrayworkadu-invoicing.php:101
actionwoocommerce_settings_tabs_workaduworkadu-invoicing.php:158
actionwoocommerce_update_options_workaduworkadu-invoicing.php:342
actioninitworkadu-invoicing.php:409
filterwc_order_statusesworkadu-invoicing.php:410
filtermanage_woocommerce_page_wc-orders_columnsworkadu-invoicing.php:412
actionmanage_woocommerce_page_wc-orders_custom_columnworkadu-invoicing.php:423
filterbulk_actions-woocommerce_page_wc-ordersworkadu-invoicing.php:467
filterhandle_bulk_actions-woocommerce_page_wc-ordersworkadu-invoicing.php:473
filteradmin_noticesworkadu-invoicing.php:678
actionadmin_noticesworkadu-invoicing.php:687
actionadmin_enqueue_scriptsworkadu-invoicing.php:724
actionadmin_enqueue_scriptsworkadu-invoicing.php:731
actionwoocommerce_new_orderworkadu-invoicing.php:735
Maintenance & Trust

Workadu invoicing for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.4.8
Last updatedJan 26, 2024
PHP min version
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Workadu invoicing for WooCommerce Alternatives

Oxygen MyData for WooCommerce

Oxygen MyData for WooCommerce

oxygen-mydata

A
97

Automate your WooCommerce store and accounting by syncing orders and more between WooCommerce and Oxygen Suite.

300 1 CVE
Primer MyData for Woocommerce

Primer MyData for Woocommerce

primer-mydata

A
95

Issue legal receipts automatically directly from your wordpress using MyData provider Services.

100 4 CVEs
Invoices Online Integration

Invoices Online Integration

invoicesonline

A
100

Provides integration between https://www.invoicesonline.co.za and the woocommerce wordpress plugin.

10 No CVEs
Invoct – PDF Invoices & Billing for WooCommerce

Invoct – PDF Invoices & Billing for WooCommerce

kirilkirkov-pdf-invoice-manager

A
99

Professional PDF invoicing & billing for WooCommerce and WordPress, with Stripe payments and automated VAT/tax handling.

0 1 CVE
Račun123 for WooCommerce

Račun123 for WooCommerce

racun123-for-woocommerce

A
100

Connect WooCommerce with Račun123 and automatically create invoices from completed orders.

0 No CVEs
Developer Profile

Workadu invoicing for WooCommerce Developer Profile

babisworkadu

1 plugin · 0 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Workadu invoicing for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/workadu-invoicing/inc/src/banner-772x250.png/wp-content/plugins/workadu-invoicing/inc/src/icon-128x128.png/wp-content/plugins/workadu-invoicing/inc/src/screenshot-1.png/wp-content/plugins/workadu-invoicing/inc/src/screenshot-2.png/wp-content/plugins/workadu-invoicing/inc/src/screenshot-3.png/wp-content/plugins/workadu-invoicing/inc/src/screenshot-4.png/wp-content/plugins/workadu-invoicing/inc/src/screenshot-5.png

HTML / DOM Fingerprints

HTML Comments
<!-- Workadu invoicing is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 2 of the License, or any later version. Workadu invoicing is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with Workadu invoicing. --><!-- Add more screenshots as needed -->
Data Attributes
name="workadu_api_key"name="workadu_receipt_series"name="workadu_payment_types"data-workadu-id
JS Globals
window.workadu_global_series_optionswindow.workadu_global_payment_type_optionswindow.workadu_global_meta_post_data
REST Endpoints
/wp-json/workadu-invoicing/v1/settings
FAQ

Frequently Asked Questions about Workadu invoicing for WooCommerce