POP – European e-invoicing compliance for e-commerce

woopop-electronic-invoice-free · by popdev · wordpress.org ↗ · SVN ↗
Active installs
90
Current version
6.9.5
Added
2019-05-03
Last updated
2026-06-30 (2d ago)
First seen by beacon
2mo ago
Total downloads
15,117

Statistics

2024-06-16 → 2026-06-15 · 730 days
Downloads today
41
7-day total 201
Week over week
▼ -20%
vs prior 7 days
30-day trend
flat
▲ +43% MoM
Abandonment
○○○○○
healthy
Downloads/day Linear trend
11385572802024-062024-102025-022025-062025-102026-022026-06
10176512502026-032026-042026-042026-052026-052026-06
8765442202026-052026-052026-052026-062026-062026-06

Active versions

6.96.83.3
6.9 · 57.6%6.8 · 27.2%3.3 · 15.2%

Ratings

5★
13
4★
1
3★
0
2★
0
1★
0

Support: 0/0 resolved

Alerts (0)

No open alerts.

Show 2 resolved alerts
Critical code_pattern Resolved · fp_pdf_invoice_attachment_not_executed 2026-07-02 12:40:05 (11h ago)
Slugwoopop-electronic-invoice-free
Patterndecode_write_dropper
Kindbuiltin
Version6.9.5
Hit count1
First hit
File
addon/to/aruba/src/Functions/Api.php
Line
797
Snippet
$pdfFile = base64_decode($responseData->pdfFile);
Explanationa runtime decode primitive (`gzuncompress`/`gzinflate`/`gzdecode`/`base64_decode`) feeds a filesystem write (`fwrite`/`file_put_contents`) which is then `include`d/`require`d as a variable path — the textbook dropper shape: ship an encoded payload as data, decode it to disk at activation/admin-init, and execute it. The siteguarding burner `wp-plugin-management` (audit #43) used exactly this: `fwrite($fp, gzuncompress($c)); include($filename);` in its `register_activation_hook` to plant `siteguarding_tools.php`. Near-zero FP because legit caching writes decoded data but never `include`s a computed path it just wrote.
View raw JSON
{
    "slug": "woopop-electronic-invoice-free",
    "pattern": "decode_write_dropper",
    "kind": "builtin",
    "version": "6.9.5",
    "hit_count": 1,
    "first_hit": {
        "file": "addon/to/aruba/src/Functions/Api.php",
        "line": 797,
        "snippet": "$pdfFile = base64_decode($responseData->pdfFile);"
    },
    "explanation": "a runtime decode primitive (`gzuncompress`/`gzinflate`/`gzdecode`/`base64_decode`) feeds a filesystem write (`fwrite`/`file_put_contents`) which is then `include`d/`require`d as a variable path \u2014 the textbook dropper shape: ship an encoded payload as data, decode it to disk at activation/admin-init, and execute it. The siteguarding burner `wp-plugin-management` (audit #43) used exactly this: `fwrite($fp, gzuncompress($c)); include($filename);` in its `register_activation_hook` to plant `siteguarding_tools.php`. Near-zero FP because legit caching writes decoded data but never `include`s a computed path it just wrote."
}
Critical code_scan_delta Resolved · fp_pdf_invoice_attachment_not_executed 2026-07-02 04:07:56 (20h ago)
Slugwoopop-electronic-invoice-free
Previous version6.9.2
Current version6.9.5
New findings
PatternKindFileLineSnippetConfidence
decode_write_dropperbuiltinaddon/to/aruba/src/Functions/Api.php797$pdfFile = base64_decode($responseData->pdfFile);high
base64_decodebuiltinsrc/Functions/CloudApi.php1,209$decoded = base64_decode($base64, true);medium
New finding count2
View raw JSON
{
    "slug": "woopop-electronic-invoice-free",
    "previous_version": "6.9.2",
    "current_version": "6.9.5",
    "new_findings": [
        {
            "pattern": "decode_write_dropper",
            "kind": "builtin",
            "file": "addon/to/aruba/src/Functions/Api.php",
            "line": 797,
            "snippet": "$pdfFile = base64_decode($responseData->pdfFile);",
            "confidence": "high"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "src/Functions/CloudApi.php",
            "line": 1209,
            "snippet": "$decoded = base64_decode($base64, true);",
            "confidence": "medium"
        }
    ],
    "new_finding_count": 2
}

SVN committers (2)

Accounts with actual commit access to woopop-electronic-invoice-free on plugins.svn.wordpress.org, reconstructed from svn log. This is the list that matters for ownership changes — not the readme contributors.

Committer Member since Commits First commit Latest commit
Alfio Piccione 2014-05-07 319 2019-05-03 · r2080082 2026-06-25 · r3586236
plugin-master 2007-03-09 1 2019-05-02 · r2079416 2019-05-02 · r2079416

Readme contributors (4)

Names the plugin's readme declares as contributors. A soft signal — anyone can be listed. The SVN access column is the ground-truth cross-reference: does this contributor actually commit code?

Contributor Member since SVN access Status
Alfio Piccione 2014-05-07 319 commits Active
Babini Mazzari 2025-08-01 Active
Mirco Babini 2013-06-24 Active
POP 2024-10-01 Active

Versions (96 most recent)

Version Released Download
6.9.5 zip
6.9.4 zip
6.9.3 zip
6.9.2 2026-06-05 · 27d ago zip
6.9.1 2026-06-03 · 29d ago zip
6.9.0 2026-05-27 · 1mo ago zip
6.8.9 2026-05-25 · 1mo ago zip
6.8.8 2026-05-19 · 1mo ago zip
6.8.7 2026-05-08 · 1mo ago
6.8.6 2026-05-07 · 1mo ago
6.8.5 2026-04-28 · 2mo ago zip
6.8.4 2026-04-27 · 2mo ago zip
6.8.3 2026-04-10 · 2mo ago zip
6.8.2 2026-04-07 · 2mo ago zip
6.8.1 2026-04-07 · 2mo ago zip
6.8.0 2026-03-13 · 3mo ago zip
6.7.5 2026-03-11 · 3mo ago zip
6.7.4 2026-03-11 · 3mo ago zip
6.7.3 2026-03-04 · 4mo ago zip
6.7.2 2026-02-25 · 4mo ago zip
6.7.1 2026-02-18 · 4mo ago zip
6.5.2 2026-02-14 · 4mo ago zip
6.6.2 2026-02-14 · 4mo ago zip
6.6.1 2026-02-12 · 4mo ago zip
6.6.0 2026-01-23 · 5mo ago zip
6.5.9 2026-01-22 · 5mo ago zip
6.5.8 2026-01-08 · 5mo ago zip
6.5.7 2025-12-23 · 6mo ago zip
6.5.6 2025-12-12 · 6mo ago zip
6.5.5 2025-12-03 · 7mo ago zip
6.5.4 2025-12-03 · 7mo ago zip
6.5.3 2025-12-03 · 7mo ago zip
6.5.1 2025-10-22 · 8mo ago zip
6.5.0 2025-10-22 · 8mo ago zip
6.4.0 2025-10-01 · 9mo ago zip
6.3.9 2025-09-29 · 9mo ago zip
6.3.8 2025-09-23 · 9mo ago zip
6.3.7 2025-09-04 · 10mo ago zip
6.3.6 2025-09-01 · 10mo ago zip
6.3.5 2025-08-29 · 10mo ago zip
6.3.4 2025-08-28 · 10mo ago zip
6.3.3 2025-08-28 · 10mo ago zip
6.3.2 2025-08-09 · 10mo ago zip
6.3.1 2025-08-07 · 10mo ago zip
6.3.0 2025-08-07 · 10mo ago zip
6.2.5 2025-07-14 · 11mo ago zip
6.2.4 2025-07-09 · 11mo ago zip
6.2.3 2025-07-08 · 11mo ago zip
6.2.2 2025-07-07 · 12mo ago zip
6.2.1 2025-07-07 · 12mo ago zip
6.2.0 2025-07-01 · 1y ago zip
6.1.9 2025-06-04 · 1y ago zip
6.1.8 2025-05-29 · 1y ago zip
6.1.7 2025-05-21 · 1y ago zip
6.1.6 2025-05-19 · 1y ago zip
6.1.5 2025-04-29 · 1y ago zip
6.1.4 2025-04-22 · 1y ago zip
6.1.3 2025-04-11 · 1y ago zip
6.1.2 2025-04-10 · 1y ago zip
6.1.1 2025-04-09 · 1y ago zip
6.1.0 2025-04-01 · 1y ago zip
6.0.5 2025-03-20 · 1y ago zip
6.0.4 2025-03-10 · 1y ago zip
6.0.3 2025-03-07 · 1y ago zip
6.0.2 2025-03-06 · 1y ago zip
6.0.1 2025-02-28 · 1y ago zip
6.0.0 2025-02-28 · 1y ago zip
3.3.4 2025-01-27 · 1y ago zip
3.3.3 2024-10-29 · 1y ago zip
3.3.2 2024-10-12 · 1y ago zip
3.3.1 2023-11-18 · 2y ago zip
3.3.0 2023-10-30 · 2y ago zip
3.2.2 2023-09-11 · 2y ago zip
3.2.1 2023-07-08 · 2y ago zip
3.2.0 2023-02-17 · 3y ago zip
3.1.3 2022-11-28 · 3y ago zip
3.1.2 2022-11-27 · 3y ago zip
3.1.1 2022-10-28 · 3y ago zip
3.1.0 2022-10-20 · 3y ago zip
3.0.4 2022-10-10 · 3y ago zip
3.0.3 2022-09-14 · 3y ago zip
3.0.2 2022-07-24 · 3y ago zip
3.0.1 2022-07-15 · 3y ago zip
3.0.0 2022-06-24 · 4y ago zip
2.0.4 2022-05-25 · 4y ago zip
2.0.3 2022-05-24 · 4y ago zip
2.0.2 2022-05-22 · 4y ago zip
2.0.0 2022-05-22 · 4y ago zip
2.0.1 2022-05-22 · 4y ago zip
1.3.3 2021-11-17 · 4y ago zip
1.3.2 2021-09-01 · 4y ago zip
1.3.1 2021-05-19 · 5y ago zip
1.3.0 2021-05-08 · 5y ago zip
1.2.0 2020-04-01 · 6y ago zip
1.1.1 2019-06-05 · 7y ago zip
1.1.0 2019-05-08 · 7y ago zip