WP-Safety

Acima Digital Payment Gateway Security & Risk Analysis

wordpress.org/plugins/acima-leasing-payment-gateway

Enable Acima Digital's lease-to-own payment option for your WooCommerce store.

80 active installs v3.3.0 PHP 7.4+ WP 4.8+ Updated Dec 11, 2025
acimafinancingpayment-gatewaywoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Acima Digital Payment Gateway Safe to Use in 2026?

Generally Safe

Score 100/100

Acima Digital Payment Gateway has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago
Risk Assessment

The "acima-leasing-payment-gateway" plugin v3.3.0 exhibits a generally good security posture with several positive indicators. The extensive use of prepared statements for SQL queries and a high percentage of properly escaped output significantly reduce the risk of common injection vulnerabilities. The plugin also demonstrates a commitment to security by implementing nonce checks and capability checks on its entry points, and importantly, has no recorded historical vulnerabilities (CVEs).

However, there are specific areas that warrant attention and contribute to a moderate risk level. The presence of two AJAX handlers without authentication checks represents a direct attack vector that could be exploited by unauthenticated users. While the taint analysis shows no critical or high-severity unsanitized flows, the overall attack surface, particularly the unprotected AJAX endpoints, remains a concern. The single file operation and external HTTP requests, while not inherently insecure, are potential points for further scrutiny depending on their implementation and the sensitivity of the data involved.

In conclusion, the plugin has strong foundations in secure coding practices like prepared statements and output escaping, and a clean vulnerability history. The primary weakness lies in the unprotected AJAX endpoints, which, if not carefully implemented to perform necessary checks internally, could expose functionality to unauthorized access. Addressing these unprotected entry points is crucial for further hardening the plugin's security.

Key Concerns

  • Unprotected AJAX handlers
Vulnerabilities
None known

Acima Digital Payment Gateway Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Acima Digital Payment Gateway Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
13 prepared
Unescaped Output
3
133 escaped
Nonce Checks
10
Capability Checks
1
File Operations
1
External Requests
5
Bundled Libraries
0

SQL Query Safety

100% prepared13 total queries

Output Escaping

98% escaped136 total outputs
Data Flows
All sanitized

Data Flow Analysis

3 flows
acima_leasing_init_payment_gateway (inc\class-wc-gateway-acima-credit.php:19)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Acima Digital Payment Gateway Attack Surface

Entry Points15
Unprotected2

AJAX Handlers 8

authwp_ajax_acima_leasing_checkout_successfulinc\class-wc-gateway-acima-credit-ajax-requests.php:189
noprivwp_ajax_acima_leasing_checkout_successfulinc\class-wc-gateway-acima-credit-ajax-requests.php:190
authwp_ajax_acima_leasing_customer_infoinc\class-wc-gateway-acima-credit-ajax-requests.php:258
noprivwp_ajax_acima_leasing_customer_infoinc\class-wc-gateway-acima-credit-ajax-requests.php:259
authwp_ajax_acima_leasing_order_infoinc\class-wc-gateway-acima-credit-ajax-requests.php:362
noprivwp_ajax_acima_leasing_order_infoinc\class-wc-gateway-acima-credit-ajax-requests.php:363
authwp_ajax_acima_cancel_orderinc\class-wc-gateway-acima-credit-refund-handler.php:23
authwp_ajax_download_acima_configinc\class-wc-gateway-acima-credit.php:84

REST API Routes 4

POST/wp-json/wc-acima-credit/v1/process-paymentinc\class-wc-gateway-acima-credit-block.php:71
POST/wp-json/wc-acima-credit/v1/generate-order-nonceinc\class-wc-gateway-acima-credit-block.php:81
POST/wp-json/acima/v1/cancel-checkoutinc\class-wc-gateway-acima-credit-failure-handler.php:60
POST/wp-json/acima/v1/payment/webhookinc\class-wc-gateway-acima-credit-webhook-handler.php:13

Shortcodes 3

[acima_credit_pre_approval_button] inc\class-wc-gateway-acima-credit-custom-shortcodes.php:52
[no_credit_needed_text_link] inc\class-wc-gateway-acima-credit-custom-shortcodes.php:90
[no_credit_financing_text_link] inc\class-wc-gateway-acima-credit-custom-shortcodes.php:130
WordPress Hooks 24
actioninitacima-credit.php:96
actionplugins_loadedacima-credit.php:99
actionadmin_initacima-credit.php:145
actionwp_enqueue_scriptsinc\class-wc-gateway-acima-credit-block.php:28
actionrest_api_initinc\class-wc-gateway-acima-credit-block.php:29
actionwp_enqueue_scriptsinc\class-wc-gateway-acima-credit-cfw-redirect-fix.php:19
filtercfw_update_checkout_redirectinc\class-wc-gateway-acima-credit-cfw-redirect-fix.php:60
filterwidget_textinc\class-wc-gateway-acima-credit-custom-shortcodes.php:133
actionrest_api_initinc\class-wc-gateway-acima-credit-failure-handler.php:20
actionwp_headinc\class-wc-gateway-acima-credit-head.php:37
actionwp_footerinc\class-wc-gateway-acima-credit-iframe.php:264
actionwoocommerce_admin_order_data_after_order_detailsinc\class-wc-gateway-acima-credit-refund-handler.php:21
actionwoocommerce_order_refundedinc\class-wc-gateway-acima-credit-refund-handler.php:22
actionadmin_enqueue_scriptsinc\class-wc-gateway-acima-credit-refund-handler.php:24
actionwp_enqueue_scriptsinc\class-wc-gateway-acima-credit-static-files.php:226
actionrest_api_initinc\class-wc-gateway-acima-credit-webhook-handler.php:9
actionwoocommerce_admin_field_acima_download_buttoninc\class-wc-gateway-acima-credit.php:82
actionadmin_enqueue_scriptsinc\class-wc-gateway-acima-credit.php:86
actionplugins_loadedinc\class-wc-gateway-acima-credit.php:637
filterwoocommerce_payment_gatewaysinc\class-wc-gateway-acima-credit.php:651
actionwoocommerce_order_status_changedinc\class-wc-gateway-acima-credit.php:712
actionbefore_woocommerce_initinc\class-wc-gateway-acima-credit.php:724
actionwoocommerce_blocks_payment_method_type_registrationinc\class-wc-gateway-acima-credit.php:742
actionwoocommerce_blocks_loadedinc\class-wc-gateway-acima-credit.php:750
Maintenance & Trust

Acima Digital Payment Gateway Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 11, 2025
PHP min version7.4
Downloads1K

Community Trust

Rating80/100
Number of ratings1
Active installs80
Alternatives

Acima Digital Payment Gateway Alternatives

Paystack WooCommerce Payment Gateway

Paystack WooCommerce Payment Gateway

woo-paystack

A
100

Paystack for WooCommerce allows your WooCommerce store to accept secure payments from multiple local and global payment channels.

30K No CVEs
Montonio for WooCommerce

Montonio for WooCommerce

montonio-for-woocommerce

A
100

Montonio is a complete checkout solution for online stores that includes all popular payment methods (local banks, card payments, Apple Pay, Google Pa …

10K No CVEs
NETOPIA Payments Payment Gateway

NETOPIA Payments Payment Gateway

netopia-payments-payment-gateway

A
92

NETOPIA Payments Payment Gateway extends WooCommerce payment options by adding NETOPIA's Payment Gateway options.

10K No CVEs
SumUp Payment Gateway For WooCommerce

SumUp Payment Gateway For WooCommerce

sumup-payment-gateway-for-woocommerce

A
99

The SumUp plugin for WooCommerce allows businesses to securely process payments online. Accept payments from customers using a range of payment method …

10K 1 CVE
Pledged Plugins Secure Gateway for Authorize.net and WooCommerce

Pledged Plugins Secure Gateway for Authorize.net and WooCommerce

woo-authorize-net-gateway-aim

A
100

Authorize.net payment gateway integration for WooCommerce to accept credit cards directly on WordPress e-commerce websites.

10K No CVEs
Developer Profile

Acima Digital Payment Gateway Developer Profile

Acima Integration Support

1 plugin · 80 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Acima Digital Payment Gateway

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/acima-leasing-payment-gateway/assets/css/acima-credit-checkout.css/wp-content/plugins/acima-leasing-payment-gateway/assets/js/acima-credit-block.js/wp-content/plugins/acima-leasing-payment-gateway/assets/js/acima-credit-checkout.js/wp-content/plugins/acima-leasing-payment-gateway/assets/js/acima-credit-payment-request.js/wp-content/plugins/acima-leasing-payment-gateway/assets/js/acima-credit-checkout-form.js
Script Paths
/wp-content/plugins/acima-leasing-payment-gateway/assets/js/acima-credit-block.js/wp-content/plugins/acima-leasing-payment-gateway/assets/js/acima-credit-checkout.js/wp-content/plugins/acima-leasing-payment-gateway/assets/js/acima-credit-payment-request.js/wp-content/plugins/acima-leasing-payment-gateway/assets/js/acima-credit-checkout-form.js
Version Parameters
acima-leasing-payment-gateway/assets/css/acima-credit-checkout.css?ver=acima-leasing-payment-gateway/assets/js/acima-credit-block.js?ver=acima-leasing-payment-gateway/assets/js/acima-credit-checkout.js?ver=acima-leasing-payment-gateway/assets/js/acima-credit-payment-request.js?ver=acima-leasing-payment-gateway/assets/js/acima-credit-checkout-form.js?ver=

HTML / DOM Fingerprints

CSS Classes
acima-credit-checkoutacima-credit-checkout-iframe
Data Attributes
data-acima-credit-checkoutdata-acima-credit-iframe-id
JS Globals
window.wc_acima_credit_checkout_paramswindow.wc_acima_credit_payment_request_paramswindow.acima_credit_checkout_configwindow.AcimaCreditCheckoutwindow.AcimaCreditPaymentRequestwindow.AcimaCreditCheckoutForm
REST Endpoints
/wc-acima-credit/v1/process-payment/wc-acima-credit/v1/generate-order-nonce
FAQ

Frequently Asked Questions about Acima Digital Payment Gateway