WP-Safety

Ever Accounting – Accounting & Invoicing Solution for Small Businesses Security & Risk Analysis

wordpress.org/plugins/wp-ever-accounting

Efficiently manage your payments and expenses, and send professional invoices in multiple currencies with ease using Ever Accounting.

1K active installs v2.2.8 PHP 7.4+ WP 5.0+ Updated Feb 17, 2026
accountingbusinesscrmfinanceinvoice
99
A · Safe
CVEs total1
Unpatched0
Last CVEApr 16, 2025
Plugin page Download
Safety Verdict

Is Ever Accounting – Accounting & Invoicing Solution for Small Businesses Safe to Use in 2026?

Generally Safe

Score 99/100

Ever Accounting – Accounting & Invoicing Solution for Small Businesses has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Apr 16, 2025Updated 1mo ago
Risk Assessment

The wp-ever-accounting v2.2.8 plugin exhibits a generally good security posture with several strengths. The absence of unprotected entry points across AJAX handlers, REST API routes, shortcodes, and cron events is a significant positive. The code also demonstrates robust practices with a high percentage of properly escaped outputs and a substantial number of capability checks. The use of prepared statements for a majority of SQL queries further indicates a commitment to secure database interactions.

However, some areas warrant attention. The presence of four flows with unsanitized paths, even if not flagged as critical or high severity in the taint analysis, represents a potential risk. These could be pathways for malicious input to reach sensitive functions. While the plugin has a history of only one medium-severity vulnerability, which is currently patched, the fact that a CSRF vulnerability was previously present suggests a need for continued vigilance in input validation and state-changing operation protection. The bundled Select2 library, while not explicitly stated as outdated, could be a vector if it contains known vulnerabilities.

In conclusion, wp-ever-accounting v2.2.8 appears to be a reasonably secure plugin with strong foundational security practices. The low number of vulnerabilities and the focus on prepared statements and output escaping are commendable. The primary areas for improvement lie in thoroughly sanitizing all identified unsanitized paths and ensuring any bundled libraries are kept up-to-date to mitigate potential risks.

Key Concerns

  • Flows with unsanitized paths detected
  • Bundled library (Select2) may pose a risk
  • History of CSRF vulnerability
Vulnerabilities
1

Ever Accounting – Accounting & Invoicing Solution for Small Businesses Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-39593medium · 4.3Cross-Site Request Forgery (CSRF)

Ever Accounting <= 2.1.5 - Cross-Site Request Forgery

Apr 16, 2025 Patched in 2.1.6 (6d)
Code Analysis
Analyzed Mar 16, 2026

Ever Accounting – Accounting & Invoicing Solution for Small Businesses Code Analysis

Dangerous Functions
0
Raw SQL Queries
90
125 prepared
Unescaped Output
53
1976 escaped
Nonce Checks
33
Capability Checks
225
File Operations
3
External Requests
0
Bundled Libraries
1

Bundled Libraries

Select2

SQL Query Safety

58% prepared215 total queries

Output Escaping

97% escaped2029 total outputs
Data Flows
4 unsanitized

Data Flow Analysis

23 flows4 with unsanitized paths
render (includes\Admin\Reports\Expenses.php:23)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Ever Accounting – Accounting & Invoicing Solution for Small Businesses Attack Surface

Entry Points15
Unprotected0

AJAX Handlers 11

authwp_ajax_eac_json_searchincludes\Admin\Ajax.php:22
authwp_ajax_eac_add_noteincludes\Admin\Ajax.php:23
authwp_ajax_eac_delete_noteincludes\Admin\Ajax.php:24
authwp_ajax_eac_add_invoice_paymentincludes\Admin\Ajax.php:25
authwp_ajax_eac_get_bill_addressincludes\Admin\Ajax.php:26
authwp_ajax_eac_get_recalculated_billincludes\Admin\Ajax.php:27
authwp_ajax_eac_get_invoice_addressincludes\Admin\Ajax.php:28
authwp_ajax_eac_get_recalculated_invoiceincludes\Admin\Ajax.php:29
authwp_ajax_eac_ajax_exportincludes\Admin\Ajax.php:30
authwp_ajax_eac_upload_import_fileincludes\Admin\Ajax.php:31
authwp_ajax_eac_ajax_importincludes\Admin\Ajax.php:32

Shortcodes 4

[eac_payment] includes\Shortcodes.php:23
[eac_expense] includes\Shortcodes.php:24
[eac_invoice] includes\Shortcodes.php:25
[eac_bill] includes\Shortcodes.php:26
WordPress Hooks 169
filtereac_banking_page_tabsincludes\Admin\Accounts.php:24
actionadmin_post_eac_edit_accountincludes\Admin\Accounts.php:25
actioneac_banking_page_accounts_loadedincludes\Admin\Accounts.php:26
actioneac_banking_page_accounts_contentincludes\Admin\Accounts.php:27
actioneac_account_profile_section_overviewincludes\Admin\Accounts.php:28
actioneac_account_profile_section_paymentsincludes\Admin\Accounts.php:29
actioneac_account_profile_section_expensesincludes\Admin\Accounts.php:30
actioneac_account_profile_section_notesincludes\Admin\Accounts.php:31
actionadmin_initincludes\Admin\Admin.php:21
filteradmin_body_classincludes\Admin\Admin.php:22
filteradmin_footer_textincludes\Admin\Admin.php:23
filterupdate_footerincludes\Admin\Admin.php:24
actionin_admin_headerincludes\Admin\Admin.php:25
filterset-screen-optionincludes\Admin\Admin.php:26
actionadmin_headincludes\Admin\Admin.php:27
actionadmin_footerincludes\Admin\Admin.php:28
filtereac_purchases_page_tabsincludes\Admin\Bills.php:22
actionadmin_post_eac_edit_billincludes\Admin\Bills.php:23
actionadmin_post_eac_bill_mark_receivedincludes\Admin\Bills.php:24
actioneac_purchases_page_bills_loadedincludes\Admin\Bills.php:25
actioneac_purchases_page_bills_contentincludes\Admin\Bills.php:26
actioneac_bill_view_sidebar_contentincludes\Admin\Bills.php:27
filtereac_settings_page_tabsincludes\Admin\Categories.php:22
actionadmin_post_eac_edit_categoryincludes\Admin\Categories.php:23
actioneac_settings_page_categories_contentincludes\Admin\Categories.php:24
actionadmin_initincludes\Admin\Changelog.php:29
filtereac_admin_menusincludes\Admin\Changelog.php:30
filtereac_changelog_page_tabsincludes\Admin\Changelog.php:31
actioneac_changelog_page_changelog_contentincludes\Admin\Changelog.php:32
actionadmin_enqueue_scriptsincludes\Admin\Changelog.php:33
actioneac_settings_field_exchange_ratesincludes\Admin\Currencies.php:19
filtereac_sales_page_tabsincludes\Admin\Customers.php:21
actionadmin_post_eac_edit_customerincludes\Admin\Customers.php:22
actioneac_sales_page_customers_loadedincludes\Admin\Customers.php:23
actioneac_sales_page_customers_contentincludes\Admin\Customers.php:24
actioneac_customer_profile_section_overviewincludes\Admin\Customers.php:25
actioneac_customer_profile_section_paymentsincludes\Admin\Customers.php:26
actioneac_customer_profile_section_invoicesincludes\Admin\Customers.php:27
actioneac_customer_profile_section_notesincludes\Admin\Customers.php:28
actioneac_dashboard_page_contentincludes\Admin\Dashboard.php:24
actioneac_dashboard_overview_widgetsincludes\Admin\Dashboard.php:25
filtereac_dashboard_overview_statsincludes\Admin\Dashboard.php:26
actioneac_dashboard_widgetsincludes\Admin\Dashboard.php:27
actioneac_dashboard_widgetsincludes\Admin\Dashboard.php:28
actioneac_dashboard_widgetsincludes\Admin\Dashboard.php:29
actioneac_dashboard_widgetsincludes\Admin\Dashboard.php:30
actioneac_dashboard_widgetsincludes\Admin\Dashboard.php:31
actioneac_dashboard_widgetsincludes\Admin\Dashboard.php:32
filtereac_purchases_page_tabsincludes\Admin\Expenses.php:20
actionadmin_post_eac_edit_expenseincludes\Admin\Expenses.php:21
actionadmin_post_eac_update_expenseincludes\Admin\Expenses.php:22
actioneac_purchases_page_expenses_loadedincludes\Admin\Expenses.php:23
actioneac_purchases_page_expenses_contentincludes\Admin\Expenses.php:24
actioneac_expense_view_sidebar_contentincludes\Admin\Expenses.php:25
actioneac_expense_view_sidebar_contentincludes\Admin\Expenses.php:26
filtereac_tools_page_tabsincludes\Admin\Exporters.php:21
actionadmin_post_eac_download_exportincludes\Admin\Exporters.php:22
actioneac_tools_page_export_contentincludes\Admin\Exporters.php:23
actioneac_tools_page_export_contentincludes\Admin\Exporters.php:24
actioneac_tools_page_export_contentincludes\Admin\Exporters.php:25
actioneac_tools_page_export_contentincludes\Admin\Exporters.php:26
actioneac_tools_page_export_contentincludes\Admin\Exporters.php:27
actioneac_tools_page_export_contentincludes\Admin\Exporters.php:28
actioneac_tools_page_export_contentincludes\Admin\Exporters.php:29
actioneac_tools_page_export_contentincludes\Admin\Exporters.php:30
actioneac_tools_page_export_contentincludes\Admin\Exporters.php:31
filtereac_tools_page_tabsincludes\Admin\Importers.php:20
actioneac_tools_page_import_contentincludes\Admin\Importers.php:21
actioneac_tools_page_import_contentincludes\Admin\Importers.php:22
actioneac_tools_page_import_contentincludes\Admin\Importers.php:23
actioneac_tools_page_import_contentincludes\Admin\Importers.php:24
actioneac_tools_page_import_contentincludes\Admin\Importers.php:25
actioneac_tools_page_import_contentincludes\Admin\Importers.php:26
actioneac_tools_page_import_contentincludes\Admin\Importers.php:27
actioneac_tools_page_import_contentincludes\Admin\Importers.php:28
actioneac_tools_page_import_contentincludes\Admin\Importers.php:29
filtereac_sales_page_tabsincludes\Admin\Invoices.php:20
actionadmin_post_eac_edit_invoiceincludes\Admin\Invoices.php:21
actionadmin_post_eac_invoice_mark_sentincludes\Admin\Invoices.php:22
actioneac_sales_page_invoices_loadedincludes\Admin\Invoices.php:23
actioneac_sales_page_invoices_contentincludes\Admin\Invoices.php:24
actioneac_invoice_view_sidebar_contentincludes\Admin\Invoices.php:25
filtereac_items_page_tabsincludes\Admin\Items.php:21
actionadmin_post_eac_edit_itemincludes\Admin\Items.php:22
actioneac_items_page_items_loadedincludes\Admin\Items.php:23
actioneac_items_page_items_contentincludes\Admin\Items.php:24
actioneac_item_edit_sidebar_contentincludes\Admin\Items.php:25
actionadmin_menuincludes\Admin\Menus.php:61
filteradmin_titleincludes\Admin\Menus.php:182
actionadmin_initincludes\Admin\Notices.php:21
filtereac_sales_page_tabsincludes\Admin\Payments.php:20
actionadmin_post_eac_edit_paymentincludes\Admin\Payments.php:21
actionadmin_post_eac_update_paymentincludes\Admin\Payments.php:22
actioneac_sales_page_payments_loadedincludes\Admin\Payments.php:23
actioneac_sales_page_payments_contentincludes\Admin\Payments.php:24
actioneac_payment_view_sidebar_contentincludes\Admin\Payments.php:25
actioneac_payment_view_sidebar_contentincludes\Admin\Payments.php:26
filtereac_reports_page_tabsincludes\Admin\Reports.php:19
actioneac_reports_page_sales_contentincludes\Admin\Reports.php:20
actioneac_reports_page_expenses_contentincludes\Admin\Reports.php:21
actioneac_reports_page_profits_contentincludes\Admin\Reports.php:22
actioneac_reports_page_taxes_contentincludes\Admin\Reports.php:23
actionadmin_enqueue_scriptsincludes\Admin\Scripts.php:20
actionadmin_enqueue_scriptsincludes\Admin\Scripts.php:21
filtereac_settings_page_tabsincludes\Admin\Settings.php:27
actioneac_settings_page_loadedincludes\Admin\Settings.php:28
actionadmin_menuincludes\Admin\Setup.php:37
actionadmin_initincludes\Admin\Setup.php:38
actionadmin_post_eac_edit_taxincludes\Admin\Taxes.php:21
actioneac_settings_taxes_tab_rates_contentincludes\Admin\Taxes.php:22
filtereac_banking_page_tabsincludes\Admin\Transfers.php:23
filteradmin_post_eac_edit_transferincludes\Admin\Transfers.php:24
actioneac_banking_page_transfers_loadedincludes\Admin\Transfers.php:25
actioneac_banking_page_transfers_contentincludes\Admin\Transfers.php:26
filtereac_purchases_page_tabsincludes\Admin\Vendors.php:21
actionadmin_post_eac_edit_vendorincludes\Admin\Vendors.php:22
actioneac_purchases_page_vendors_loadedincludes\Admin\Vendors.php:23
actioneac_purchases_page_vendors_contentincludes\Admin\Vendors.php:24
actioneac_vendor_profile_section_overviewincludes\Admin\Vendors.php:25
actioneac_vendor_profile_section_expensesincludes\Admin\Vendors.php:26
actioneac_vendor_profile_section_billsincludes\Admin\Vendors.php:27
actioneac_vendor_profile_section_notesincludes\Admin\Vendors.php:28
actioneac_payment_insertedincludes\Banking.php:21
actioneac_payment_deletedincludes\Banking.php:22
actioneac_payment_updatedincludes\Banking.php:23
actioneac_expense_insertedincludes\Banking.php:24
actioneac_expense_updatedincludes\Banking.php:25
actioneac_expense_deletedincludes\Banking.php:26
actioneac_payment_savedincludes\Caches.php:19
actioneac_payment_deletedincludes\Caches.php:20
actioneac_expense_savedincludes\Caches.php:21
actioneac_expense_deletedincludes\Caches.php:22
filterwoocommerce_prevent_admin_accessincludes\Compatibility\Plugins\WooCommerce.php:34
actioneac_hourly_eventincludes\Crons.php:19
filtereac_currenciesincludes\Currencies.php:19
actioneac_payment_insertedincludes\Documents.php:26
actioneac_payment_deletedincludes\Documents.php:27
actioneac_payment_updatedincludes\Documents.php:28
actioneac_hourly_eventincludes\Documents.php:29
actioneac_invoice_status_transitionincludes\Documents.php:30
actioneac_expense_insertedincludes\Documents.php:33
actioneac_expense_deletedincludes\Documents.php:34
actioneac_expense_updatedincludes\Documents.php:35
actioneac_hourly_eventincludes\Documents.php:36
actioneac_bill_status_transitionincludes\Documents.php:37
actioninitincludes\Extensions.php:28
actioneac_page_headerincludes\Frontend\Frontend.php:19
actioneac_page_footerincludes\Frontend\Frontend.php:20
actionwp_enqueue_scriptsincludes\Frontend\Frontend.php:21
actioneac_handle_request_invoiceincludes\Frontend\Frontend.php:22
actioneac_handle_request_billincludes\Frontend\Frontend.php:23
actioneac_handle_request_paymentincludes\Frontend\Frontend.php:24
actioneac_handle_request_expenseincludes\Frontend\Frontend.php:25
filterquery_varsincludes\Frontend\Rewrites.php:19
actioninitincludes\Frontend\Rewrites.php:20
actionparse_requestincludes\Frontend\Rewrites.php:21
actioninitincludes\Installer.php:54
actionadmin_noticesincludes\Installer.php:55
actionadmin_initincludes\Installer.php:56
actioneac_run_update_callbackincludes\Installer.php:57
actioneac_update_db_versionincludes\Installer.php:58
actionplugins_loadedincludes\Plugin.php:117
actionplugins_loadedincludes\Plugin.php:118
actionrest_api_initincludes\Plugin.php:119
filterquery_varsincludes\Shortcodes.php:22
actionever_accounting_payment_savedincludes\Transactions.php:19
actionever_accounting_payment_deletedincludes\Transactions.php:20
actionever_accounting_expense_savedincludes\Transactions.php:21
actionever_accounting_expense_deletedincludes\Transactions.php:22

Scheduled Events 1

eac_hourly_event
Maintenance & Trust

Ever Accounting – Accounting & Invoicing Solution for Small Businesses Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 17, 2026
PHP min version7.4
Downloads45K

Community Trust

Rating98/100
Number of ratings22
Active installs1K
Alternatives

Ever Accounting – Accounting & Invoicing Solution for Small Businesses Alternatives

Ultimate Business Dashboard

Ultimate Business Dashboard

ultimate-business-dashboard

A
100

🌟 Save time managing your business finances with seamless Dext and QuickBooks integration, flexible CSV imports, and insightful reports in your WordPr &hellip;

0 No CVEs
ERP: Complete HR, Accounting & CRM Suite with WooCommerce CRM Support

ERP: Complete HR, Accounting & CRM Suite with WooCommerce CRM Support

erp

A
88

Manage your business with a complete ERP system featuring powerful HR management, CRM tools, accounting, and seamless WooCommerce CRM integration.

6K 20 CVEs
Morning for WooCommerce

Morning for WooCommerce

wc-gateway-greeninvoice

A
100

Morning (Green Invoice) add-on for WooCommerce enables an easy and convenient connection between your morning account to your online store.

1K No CVEs
PostFinance Checkout

PostFinance Checkout

woo-postfinance-checkout

A
100

Accept payments in WooCommerce with PostFinance Checkout.

1K No CVEs
Agile CRM

Agile CRM

agile-crm-lead-management

A
85

Agile CRM is an all-in-one, affordable and next-gen Customer Relationship Management (CRM) software with marketing, sales and service automation

600 No CVEs
Developer Profile

Ever Accounting – Accounting & Invoicing Solution for Small Businesses Developer Profile

EverAccounting

1 plugin · 1K total installs

99
trust score
Avg Security Score
99/100
Avg Patch Time
6 days
View full developer profile
Detection Fingerprints

How We Detect Ever Accounting – Accounting & Invoicing Solution for Small Businesses

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-ever-accounting/dist/app.css/wp-content/plugins/wp-ever-accounting/dist/app.js/wp-content/plugins/wp-ever-accounting/dist/admin.css/wp-content/plugins/wp-ever-accounting/dist/admin.js/wp-content/plugins/wp-ever-accounting/dist/frontend.css/wp-content/plugins/wp-ever-accounting/dist/frontend.js/wp-content/plugins/wp-ever-accounting/assets/css/frontend/dashboard.css/wp-content/plugins/wp-ever-accounting/assets/css/vendor/select2.min.css+18 more
Script Paths
/wp-content/plugins/wp-ever-accounting/dist/app.js/wp-content/plugins/wp-ever-accounting/dist/admin.js/wp-content/plugins/wp-ever-accounting/dist/frontend.js/wp-content/plugins/wp-ever-accounting/assets/js/vendor/sortable.min.js/wp-content/plugins/wp-ever-accounting/assets/js/vendor/vue-multiselect.min.js/wp-content/plugins/wp-ever-accounting/assets/js/vendor/chart.min.js+13 more
Version Parameters
/wp-content/plugins/wp-ever-accounting/dist/app.css?ver=/wp-content/plugins/wp-ever-accounting/dist/app.js?ver=/wp-content/plugins/wp-ever-accounting/dist/admin.css?ver=/wp-content/plugins/wp-ever-accounting/dist/admin.js?ver=/wp-content/plugins/wp-ever-accounting/dist/frontend.css?ver=/wp-content/plugins/wp-ever-accounting/dist/frontend.js?ver=/wp-content/plugins/wp-ever-accounting/assets/css/frontend/dashboard.css?ver=/wp-content/plugins/wp-ever-accounting/assets/css/vendor/select2.min.css?ver=/wp-content/plugins/wp-ever-accounting/assets/css/vendor/flatpickr.min.css?ver=/wp-content/plugins/wp-ever-accounting/assets/css/vendor/animate.min.css?ver=/wp-content/plugins/wp-ever-accounting/assets/js/vendor/sortable.min.js?ver=/wp-content/plugins/wp-ever-accounting/assets/js/vendor/vue-multiselect.min.js?ver=/wp-content/plugins/wp-ever-accounting/assets/js/vendor/chart.min.js?ver=/wp-content/plugins/wp-ever-accounting/assets/js/vendor/sweetalert.min.js?ver=/wp-content/plugins/wp-ever-accounting/assets/js/vendor/sortable.vue.min.js?ver=/wp-content/plugins/wp-ever-accounting/assets/js/vendor/axios.min.js?ver=/wp-content/plugins/wp-ever-accounting/assets/js/vendor/vue-i18n.min.js?ver=/wp-content/plugins/wp-ever-accounting/assets/js/vendor/vue.min.js?ver=/wp-content/plugins/wp-ever-accounting/assets/js/vendor/vue-router.min.js?ver=/wp-content/plugins/wp-ever-accounting/assets/js/vendor/vuex.min.js?ver=/wp-content/plugins/wp-ever-accounting/assets/js/vendor/flatpickr.min.js?ver=/wp-content/plugins/wp-ever-accounting/assets/js/vendor/vue-select.js?ver=/wp-content/plugins/wp-ever-accounting/assets/js/vendor/moment.min.js?ver=/wp-content/plugins/wp-ever-accounting/assets/js/vendor/accounting.min.js?ver=/wp-content/plugins/wp-ever-accounting/assets/js/vendor/vue-chartjs.min.js?ver=/wp-content/plugins/wp-ever-accounting/assets/js/vendor/select2.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
eac-customer-profileeac-customer-addeac-customer-editeac-customer-listeac-data-tableeac-form-roweac-page-headereac-nav-tabs+10 more
HTML Comments
<!-- Customers list --><!-- Customer edit form --><!-- Customer view --><!-- This is a payment form -->+3 more
Data Attributes
data-eac-vue-appdata-eac-fielddata-eac-componentdata-eac-modal-triggerdata-eac-customer-iddata-eac-action+1 more
JS Globals
EACeac_vue_paramseac_admin_settingseac_chart_dataeac_customer_vue_paramseac_invoice_vue_params+3 more
REST Endpoints
/wp-json/eac/v1/customers/wp-json/eac/v1/customers/(?P<id>\d+)/wp-json/eac/v1/transactions/wp-json/eac/v1/transactions/(?P<id>\d+)/wp-json/eac/v1/categories/wp-json/eac/v1/categories/(?P<id>\d+)/wp-json/eac/v1/accounts/wp-json/eac/v1/accounts/(?P<id>\d+)/wp-json/eac/v1/revenues/wp-json/eac/v1/revenues/(?P<id>\d+)/wp-json/eac/v1/expenses/wp-json/eac/v1/expenses/(?P<id>\d+)/wp-json/eac/v1/invoices/wp-json/eac/v1/invoices/(?P<id>\d+)/wp-json/eac/v1/estimates/wp-json/eac/v1/estimates/(?P<id>\d+)/wp-json/eac/v1/reports/revenue/wp-json/eac/v1/reports/expense/wp-json/eac/v1/reports/profit-loss/wp-json/eac/v1/reports/balance-sheet/wp-json/eac/v1/settings/wp-json/eac/v1/currency
Shortcode Output
[ever_accounting_dashboard][ever_accounting_invoices][ever_accounting_transactions][ever_accounting_customers]
FAQ

Frequently Asked Questions about Ever Accounting – Accounting & Invoicing Solution for Small Businesses