Does Web:D Accounts have any unpatched vulnerabilities?

No. All known vulnerabilities in Web:D Accounts have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Web:D Accounts compatible with WordPress 6.9.4?

According to WordPress.org data, Web:D Accounts 1.9.7 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Web:D Accounts compatible with PHP 6.2+?

Web:D Accounts requires PHP 6.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Web:D Accounts updated?

Web:D Accounts was last updated on Unknown. Frequent updates are generally a positive security signal.

What is Web:D Accounts's security score?

Web:D Accounts has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Web:D Accounts Security & Risk Analysis

wordpress.org/plugins/wp-accounts

Manage your Clients, Invoices, Receipts and Payments. Send Invoices and Receipts to clients via email.

10 active installs v1.9.7 PHP 6.2+ WP 4.6+ Updated Unknown

accountingbookkeepinginvoicespaymentsreceipts

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Web:D Accounts Safe to Use in 2026?

Generally Safe

Score 100/100

Web:D Accounts has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs

Risk Assessment

The "wp-accounts" v1.9.7 plugin exhibits a generally good security posture with a strong emphasis on secure coding practices. The high percentage of prepared statements for SQL queries and proper output escaping are commendable, indicating developer awareness of common web vulnerabilities. The plugin also incorporates a healthy number of nonce and capability checks, further bolstering its defenses. However, a significant concern arises from the presence of an unprotected AJAX handler, which represents a direct entry point for potential attacks if not properly validated. The taint analysis reveals three high-severity flows with unsanitized paths, suggesting potential vulnerabilities where user-supplied input could be processed in an unsafe manner, leading to risks like path traversal or command injection if exploited.

The plugin's vulnerability history is currently clear, with no recorded CVEs. This absence of past publicly disclosed vulnerabilities is a positive sign and suggests a proactive approach to security by the developers or a lack of historical targeting. Despite the absence of known vulnerabilities, the identified unprotected AJAX handler and high-severity taint flows warrant immediate attention and remediation. Overall, while the plugin demonstrates many strengths in secure development, these specific weaknesses create exploitable avenues that need to be addressed to maintain a robust security profile.

Key Concerns

Unprotected AJAX handler
High severity unsanitized paths in taint analysis (3 flows)

Vulnerabilities

None known

Web:D Accounts Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Web:D Accounts Code Analysis

Dangerous Functions

Raw SQL Queries

76 prepared

Unescaped Output

796 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

78% prepared98 total queries

Output Escaping

90% escaped881 total outputs

Data Flows

4 unsanitized

Data Flow Analysis

12 flows4 with unsanitized paths

wpa_invoices_action (wp-accounts.php:1427)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Web:D Accounts Attack Surface

Entry Points3

Unprotected1

AJAX Handlers 2

authwp_ajax_wpa_get_attachment_urlwp-accounts.php:38

authwp_ajax_dismiss_wp_accounts_notice_handlerwp-accounts.php:44

Shortcodes 1

[wpa-statement] wp-accounts.php:55

WordPress Hooks 23

filterplugin_row_metaincludes\class-wpa-common.php:293

actionadmin_initwp-accounts.php:35

actionwp_before_admin_bar_renderwp-accounts.php:36

actionadmin_menuwp-accounts.php:37

actionadmin_noticeswp-accounts.php:43

actionshow_user_profilewp-accounts.php:46

actionedit_user_profilewp-accounts.php:47

actionpersonal_options_updatewp-accounts.php:48

actionedit_user_profile_updatewp-accounts.php:49

actionwp_dashboard_setupwp-accounts.php:51

actionwoocommerce_initwp-accounts.php:57

actiontemplate_redirectwp-accounts.php:58

actionwoocommerce_before_cartwp-accounts.php:59

filterwc_empty_cart_messagewp-accounts.php:60

actionwoocommerce_before_calculate_totalswp-accounts.php:61

filterwoocommerce_email_enabled_customer_on_hold_orderwp-accounts.php:65

filterwoocommerce_email_enabled_customer_processing_orderwp-accounts.php:66

filterwoocommerce_email_enabled_customer_completed_orderwp-accounts.php:67

filterwoocommerce_email_enabled_customer_invoicewp-accounts.php:68

filterwoocommerce_email_enabled_customer_invoice_paidwp-accounts.php:69

actionadmin_initwp-accounts.php:369

filterwp_mail_content_typewp-accounts.php:3464

filterphpmailer_initwp-accounts.php:3465

Maintenance & Trust

Web:D Accounts Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedUnknown

PHP min version6.2

Downloads7K

Community Trust

Rating74/100

Number of ratings3

Active installs10

Alternatives

Web:D Accounts Alternatives

Akaunting for WooCommerce

akaunting-for-woocommerce

Akaunting is a free, open source and online accounting software for small businesses and freelancers.

100 No CVEs

Peki – Fiken Integration for WooCommerce

peki-fiken-integration-for-woocommerce

100

Automate your bookkeeping by connecting WooCommerce to Fiken. Export orders automatically and save time on manual accounting tasks.

30 No CVEs

Peki Tripletex Integration for WooCommerce

peki-tripletex-integration-for-woocommerce

100

Integrate WooCommerce with Tripletex. Automatically transfer orders and refunds to Tripletex via the Peki service. Learn more on our Tripletex plugin …

0 No CVEs

Accounting for WooCommerce

accounting-for-woocommerce

All you need to transfer accounting data from Woocommerce to accounting softwares!

600 3 CVEs

Payday

payday

This plugin integrates WooCommerce with your Payday bookkeeping solution.

100 1 unpatched

Developer Profile

Web:D Accounts Developer Profile

Oliver Campion

12 plugins · 43K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

869 days

View full developer profile

Detection Fingerprints

How We Detect Web:D Accounts

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-accounts/css/jquery-ui.css/wp-content/plugins/wp-accounts/js/date-pickers.js/wp-content/plugins/wp-accounts/js/settings-pickers.js

Version Parameters

wp-accounts/js/date-pickers.js?ver=wp-accounts/js/settings-pickers.js?ver=

HTML / DOM Fingerprints

CSS Classes

wpa-client-company-fieldwpa-client-address1-fieldwpa-client-address2-fieldwpa-client-address3-fieldwpa-client-town-fieldwpa-client-county-fieldwpa-client-postcode-fieldwpa-client-country-field+54 more

HTML Comments

+14 more

Data Attributes

data-wpa-client-companydata-wpa-client-address1data-wpa-client-address2data-wpa-client-address3data-wpa-client-towndata-wpa-client-county+56 more

JS Globals

wpaCommon

Shortcode Output

[wpa-statement]

FAQ