WP-Safety

2Checkout Integration for WordPress – WP Super Pay Security & Risk Analysis

wordpress.org/plugins/2checkout

2Checkout integration for WordPress. Collect donation and payments without any E-commerce programs

10 active installs v1.0 PHP 5.4+ WP 4.0+ Updated Jun 3, 2021
2checkout2checkout-for-wordpresstwoco
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is 2Checkout Integration for WordPress – WP Super Pay Safe to Use in 2026?

Generally Safe

Score 85/100

2Checkout Integration for WordPress – WP Super Pay has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago
Risk Assessment

The 2Checkout plugin v1.0 exhibits a mixed security posture. While it boasts a seemingly small attack surface with no unprotected entry points like AJAX handlers, REST API routes, or shortcodes, and no publicly disclosed vulnerabilities (CVEs), significant concerns arise from the static code analysis. The presence of the dangerous `unserialize` function, coupled with two taint flows identified with unsanitized paths, indicates a high risk of deserialization vulnerabilities. These can lead to remote code execution if an attacker can control the data being unserialized. Furthermore, the absence of nonce checks and capability checks is alarming, as these are fundamental WordPress security mechanisms to prevent Cross-Site Request Forgery (CSRF) and unauthorized actions. The fact that 60% of SQL queries are not using prepared statements also presents a risk of SQL injection. Despite the lack of historical CVEs, the internal code signals suggest a plugin that requires immediate attention to address these inherent security weaknesses before they can be exploited.

Key Concerns

  • Dangerous function: unserialize
  • Taint flows with unsanitized paths (high severity)
  • SQL queries not using prepared statements
  • No nonce checks
  • No capability checks
  • Low output escaping percentage
Vulnerabilities
None known

2Checkout Integration for WordPress – WP Super Pay Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

2Checkout Integration for WordPress – WP Super Pay Code Analysis

Dangerous Functions
2
Raw SQL Queries
1
2 prepared
Unescaped Output
6
4 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
2
Bundled Libraries
0

Dangerous Functions Found

unserialize$post_meta[ $key ] = is_serialized( $value[0] ) ? unserialize( $value[0] ) : $value[0];views\payment-section.php:8
unserialize$custom_fields = unserialize( $custom_fields );views\transactions.php:33

SQL Query Safety

67% prepared3 total queries

Output Escaping

40% escaped10 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
insert_transaction (src\Front.php:61)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

2Checkout Integration for WordPress – WP Super Pay Attack Surface

Entry Points0
Unprotected0

Scheduled Events 1

2checkout_daily
Maintenance & Trust

2Checkout Integration for WordPress – WP Super Pay Maintenance & Trust

Maintenance Signals

WordPress version tested5.7.15
Last updatedJun 3, 2021
PHP min version5.4
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

2Checkout Integration for WordPress – WP Super Pay Alternatives

Payment Gateway – 2Checkout for WooCommerce

Payment Gateway – 2Checkout for WooCommerce

woo-2checkout

A
92

2Checkout Payment Gateway for WooCommerce allow to accept online store payment from Paypal, Credit Card, MasterCard and more.

800 No CVEs
Donate by BestWebSoft – Donations Acception Extention for WordPress

Donate by BestWebSoft – Donations Acception Extention for WordPress

donate-button

A
100

Add PayPal and 2CO donate buttons to receive charity payments.

100 1 CVE
2CPay

2CPay

2cpay

A
85

2CPay is a 2Checkout plugin developed for Woocommerce

10 No CVEs
Accept 2Checkout Payments Using Contact Form 7

Accept 2Checkout Payments Using Contact Form 7

accept-2checkout-payments-using-contact-form-7

A
100

The 2Checkout Payment system provides a secure, simple means of authorizing credit and debit card transactions from your website.

10 No CVEs
Contact Form 7 2Checkout

Contact Form 7 2Checkout

cf7-2checkout

A
85

Twochout payment gateway integrated with contact form 7

10 No CVEs
Developer Profile

2Checkout Integration for WordPress – WP Super Pay Developer Profile

Codexpert, Inc

10 plugins · 41K total installs

75
trust score
Avg Security Score
81/100
Avg Patch Time
39 days
View full developer profile
Detection Fingerprints

How We Detect 2Checkout Integration for WordPress – WP Super Pay

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/2checkout/assets/css/admin.css/wp-content/plugins/2checkout/assets/js/admin.js/wp-content/plugins/2checkout/assets/css/style.css/wp-content/plugins/2checkout/assets/js/scripts.js
Script Paths
/wp-content/plugins/2checkout/assets/js/admin.js/wp-content/plugins/2checkout/assets/js/scripts.js
Version Parameters
2checkout/assets/css/admin.css?ver=2checkout/assets/js/admin.js?ver=2checkout/assets/css/style.css?ver=2checkout/assets/js/scripts.js?ver=

HTML / DOM Fingerprints

CSS Classes
wp-2checkout-shortcodetwocheckout-payment-formcodexpert-plugin
HTML Comments
if accessed directly, exit.Admin facing hooksFront facing hooksShortcode hooks
Data Attributes
data-2checkout-iddata-amountdata-currencydata-product-name
JS Globals
twoCheckout
Shortcode Output
[2checkout
FAQ

Frequently Asked Questions about 2Checkout Integration for WordPress – WP Super Pay