WP-Safety

TicketBAI Facturas para WooCommerce Security & Risk Analysis

wordpress.org/plugins/wp-ticketbai

Emite Facturas desde tu WooCommerce a TicketBAI con el código QR desde WordPress, gestiona fácilmente Anulaciones, Rectificatvas, Facturas PDF.

70 active installs v3.45 PHP 7.4+ WP 4.7+ Updated Feb 24, 2026
ticketbai-tbai-batuz-facturas-invoice-pdf-erp-dni-woocommerce
66
C · Use Caution
CVEs total3
Unpatched1
Last CVEJun 9, 2025
Plugin page Download
Safety Verdict

Is TicketBAI Facturas para WooCommerce Safe to Use in 2026?

Use With Caution

Score 66/100

TicketBAI Facturas para WooCommerce has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

3 known CVEs 1 unpatched Last CVE: Jun 9, 2025Updated 1mo ago
Risk Assessment

The wp-ticketbai plugin v3.45 exhibits a mixed security posture. While static analysis shows a zero attack surface from common entry points like AJAX handlers, REST API routes, shortcodes, and cron events, and a high percentage of SQL queries using prepared statements, there are significant concerns regarding output escaping and vulnerability history. The 59% proper output escaping rate is a red flag, suggesting a substantial risk of Cross-Site Scripting (XSS) vulnerabilities in the remaining 41% of outputs. Taint analysis, though limited in scope, did identify one flow with unsanitized paths, which could potentially lead to path traversal issues if not handled carefully, although it was not classified as critical or high severity. The plugin's history of 3 known CVEs, with one still unpatched and including a critical severity vulnerability, is a major indicator of past security weaknesses. The types of past vulnerabilities, including SQL Injection, Missing Authorization, and Path Traversal, align with potential weaknesses hinted at by the taint analysis and output escaping concerns. Therefore, despite some good practices in SQL handling and a seemingly limited direct attack surface, the plugin's vulnerability history and output escaping issues present a notable risk.

Key Concerns

  • Unpatched Critical Vulnerability
  • Unpatched High Vulnerability
  • Unpatched Medium Vulnerability
  • Significant portion of outputs unescaped
  • Taint flow with unsanitized paths
  • Past vulnerability: Missing Authorization
  • Past vulnerability: Path Traversal
  • Past vulnerability: SQL Injection
Vulnerabilities
3

TicketBAI Facturas para WooCommerce Security Vulnerabilities

CVEs by Year

3 CVEs in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Critical
1
High
1
Medium
1

3 total CVEs

CVE-2025-24767high · 7.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

TicketBAI Facturas para WooCommerce <= 3.19 - Unauthenticated SQL Injection

Jun 9, 2025 Patched in 3.21 (10d)
CVE-2025-24762medium · 5.3Missing Authorization

TicketBAI Facturas para WooCommerce <= 3.21 - Missing Authorization

Jun 5, 2025Unpatched
CVE-2025-4564critical · 9.8Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

TicketBAI Facturas para WooCommerce <= 3.18 - Unauthenticated Arbitrary File Deletion

May 14, 2025 Patched in 3.19 (1d)
Code Analysis
Analyzed Mar 16, 2026

TicketBAI Facturas para WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
21 prepared
Unescaped Output
64
91 escaped
Nonce Checks
2
Capability Checks
1
File Operations
15
External Requests
2
Bundled Libraries
0

SQL Query Safety

95% prepared22 total queries

Output Escaping

59% escaped155 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

4 flows1 with unsanitized paths
<wp-ticketbai> (wp-ticketbai.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

TicketBAI Facturas para WooCommerce Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 38
actionwoocommerce_thankyouFTBAI_custom_order.php:7
filtermanage_edit-shop_order_columnsFTBAI_custom_order.php:19
actionmanage_shop_order_posts_custom_columnFTBAI_custom_order.php:24
filterwoocommerce_account_orders_columnsFTBAI_custom_order.php:60
actionwoocommerce_my_account_my_orders_column_custom-columnFTBAI_custom_order.php:66
actionwoocommerce_my_account_my_orders_column_custom-column-estadoFTBAI_custom_order.php:92
filterwoocommerce_account_menu_itemsFTBAI_custom_order.php:105
actionwoocommerce_checkout_update_order_metaFTBAI_custom_order.php:112
filtermanage_users_columnsFTBAI_custom_users.php:7
filtermanage_users_custom_columnFTBAI_custom_users.php:16
filterwoocommerce_checkout_fieldsFTBAI_custom_users.php:67
actionwoocommerce_checkout_update_order_metaFTBAI_custom_users.php:94
actionwoocommerce_checkout_processFTBAI_custom_users.php:96
actionwoocommerce_admin_order_data_after_billing_addressFTBAI_custom_users.php:170
actionwoocommerce_process_shop_order_metaFTBAI_custom_users.php:173
actionwoocommerce_edit_account_formFTBAI_custom_users.php:182
actionwoocommerce_save_account_detailsFTBAI_custom_users.php:201
actionadmin_headFTBAI_facturas.php:470
filterwpo_wcpdf_external_invoice_number_enabledFTBAI_wcpdf.php:4
filterwpo_wcpdf_external_invoice_numberFTBAI_wcpdf.php:5
filterwpo_wcpdf_billing_addressFTBAI_wcpdf.php:48
filterwpo_wcpdf_invoice_titleFTBAI_wcpdf.php:63
filterwpo_wcpdf_get_htmlFTBAI_wcpdf.php:65
actionwpo_wcpdf_after_order_detailsFTBAI_wcpdf.php:93
actionwpo_wcpdf_after_footerFTBAI_wcpdf.php:95
actionadmin_enqueue_scriptsFTBAI_wcpdf.php:147
filterwpo_wcpdf_document_is_allowedFTBAI_wcpdf.php:149
actionadmin_noticeswp-ticketbai.php:20
actionadmin_initwp-ticketbai.php:32
actioninitwp-ticketbai.php:36
actionplugins_loadedwp-ticketbai.php:54
actionadmin_enqueue_scriptswp-ticketbai.php:72
actionwp_enqueue_scriptswp-ticketbai.php:73
actionadmin_menuwp-ticketbai.php:76
actionwoocommerce_process_shop_order_metawp-ticketbai.php:156
actionsave_postwp-ticketbai.php:159
actionwoocommerce_order_status_changedwp-ticketbai.php:208
actioninitwp-ticketbai.php:310
Maintenance & Trust

TicketBAI Facturas para WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 24, 2026
PHP min version7.4
Downloads8K

Community Trust

Rating100/100
Number of ratings2
Active installs70
Alternatives

TicketBAI Facturas para WooCommerce Alternatives

No alternatives data available yet.

Developer Profile

TicketBAI Facturas para WooCommerce Developer Profile

facturaone

2 plugins · 100 total installs

88
trust score
Avg Security Score
83/100
Avg Patch Time
6 days
View full developer profile
Detection Fingerprints

How We Detect TicketBAI Facturas para WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-ticketbai/assets/FTBAI_main.css/wp-content/plugins/wp-ticketbai/assets/sweetalert/sweetalert2.min.css/wp-content/plugins/wp-ticketbai/assets/sweetalert/sweetalert2.all.min.js/wp-content/plugins/wp-ticketbai/js/FTBAI_procesos.js/wp-content/plugins/wp-ticketbai/js/FTBAI_verpdf.js
Script Paths
/wp-content/plugins/wp-ticketbai/assets/FTBAI_main.css/wp-content/plugins/wp-ticketbai/assets/sweetalert/sweetalert2.min.css/wp-content/plugins/wp-ticketbai/assets/sweetalert/sweetalert2.all.min.js/wp-content/plugins/wp-ticketbai/js/FTBAI_procesos.js/wp-content/plugins/wp-ticketbai/js/FTBAI_verpdf.js
Version Parameters
FTBAI_styleFTBAI_sweetalert-cssFTBAI_sweetalert-jsFTBAI_procesos-jsFTBAI_verpdf-js

HTML / DOM Fingerprints

JS Globals
ftba_vars
FAQ

Frequently Asked Questions about TicketBAI Facturas para WooCommerce