WP-Safety

Afterpay Gateway for WooCommerce Security & Risk Analysis

wordpress.org/plugins/afterpay-gateway-for-woocommerce

Provide Afterpay as a payment option for WooCommerce orders.

10K active installs v3.8.8 PHP 7.4+ WP 6.0.3+ Updated Mar 17, 2025
afterpaywoocommerce
91
A · Safe
CVEs total2
Unpatched0
Last CVEDec 9, 2022
Download
Safety Verdict

Is Afterpay Gateway for WooCommerce Safe to Use in 2026?

Generally Safe

Score 91/100

Afterpay Gateway for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Dec 9, 2022Updated 1yr ago
Risk Assessment

The 'afterpay-gateway-for-woocommerce' plugin, version 3.8.8, presents a mixed security posture. While it demonstrates strong practices in areas like SQL query sanitization and output escaping, significant concerns arise from its attack surface. A substantial number of AJAX handlers (9 out of 9) lack authentication checks, creating potential entry points for unauthorized actions if vulnerabilities exist within these handlers. The absence of any taint analysis flows analyzed, while potentially indicating clean code, also means that complex vulnerabilities might have been missed.

The vulnerability history reveals two known medium-severity CVEs, both related to Cross-site Scripting (XSS). The last documented vulnerability was in late 2022. The fact that these are no longer unpatched is positive, but the pattern of XSS vulnerabilities suggests a need for more robust input validation and output encoding in previously identified areas. Overall, the plugin has strengths in its database and output handling, but the large, unprotected AJAX attack surface and past XSS issues warrant careful consideration.

Key Concerns

  • 9 unprotected AJAX handlers
  • 2 medium severity CVEs in history
  • Low number of nonce checks (4)
  • Low number of capability checks (3)
Vulnerabilities
2

Afterpay Gateway for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2021
2021
1 CVE in 2022
2022
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2022-29416medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Afterpay Gateway for WooCommerce <= 3.5.0 - Reflected Cross-Site Scripting

Dec 9, 2022 Patched in 3.5.1 (410d)
WF-86e6a246-557a-42f7-8f1b-b1b914f9f928-afterpay-gateway-for-woocommercemedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Afterpay Gateway for WooCommerce <= 3.2.0 - Reflected Cross-Site Scripting

Aug 16, 2021 Patched in 3.2.1 (890d)
Code Analysis
Analyzed Mar 16, 2026

Afterpay Gateway for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
6
51 escaped
Nonce Checks
4
Capability Checks
3
File Operations
0
External Requests
1
Bundled Libraries
0

Output Escaping

89% escaped57 total outputs
Attack Surface
9 unprotected

Afterpay Gateway for WooCommerce Attack Surface

Entry Points11
Unprotected9

AJAX Handlers 9

authwp_ajax_afterpay_actionafterpay-gateway-for-woocommerce.php:97
authwp_ajax_afterpay_express_startafterpay-gateway-for-woocommerce.php:98
noprivwp_ajax_afterpay_express_startafterpay-gateway-for-woocommerce.php:99
authwp_ajax_afterpay_express_changeafterpay-gateway-for-woocommerce.php:100
noprivwp_ajax_afterpay_express_changeafterpay-gateway-for-woocommerce.php:101
authwp_ajax_afterpay_express_shipping_changeafterpay-gateway-for-woocommerce.php:102
noprivwp_ajax_afterpay_express_shipping_changeafterpay-gateway-for-woocommerce.php:103
authwp_ajax_afterpay_express_completeafterpay-gateway-for-woocommerce.php:104
noprivwp_ajax_afterpay_express_completeafterpay-gateway-for-woocommerce.php:105

Shortcodes 2

[afterpay_product_logo] afterpay-gateway-for-woocommerce.php:129
[afterpay_paragraph] afterpay-gateway-for-woocommerce.php:130
WordPress Hooks 22
actionadmin_noticesafterpay-gateway-for-woocommerce.php:87
actionadmin_enqueue_scriptsafterpay-gateway-for-woocommerce.php:88
actionafterpay_do_cron_jobsafterpay-gateway-for-woocommerce.php:89
actionwoocommerce_cart_totals_after_order_totalafterpay-gateway-for-woocommerce.php:93
actionwoocommerce_proceed_to_checkoutafterpay-gateway-for-woocommerce.php:94
actionwoocommerce_order_status_changedafterpay-gateway-for-woocommerce.php:95
actionwp_enqueue_scriptsafterpay-gateway-for-woocommerce.php:96
actionwoocommerce_api_wc_gateway_afterpayafterpay-gateway-for-woocommerce.php:106
filtercron_schedulesafterpay-gateway-for-woocommerce.php:112
filterwoocommerce_payment_gatewaysafterpay-gateway-for-woocommerce.php:113
filterwoocommerce_get_price_htmlafterpay-gateway-for-woocommerce.php:114
filterwoocommerce_gateway_iconafterpay-gateway-for-woocommerce.php:115
filter__experimental_woocommerce_blocks_add_data_attributes_to_namespaceafterpay-gateway-for-woocommerce.php:116
actionwoocommerce_blocks_payment_method_type_registrationafterpay-gateway-for-woocommerce.php:443
actionadmin_noticesafterpay-gateway-for-woocommerce.php:529
actioninitafterpay-gateway-for-woocommerce.php:546
actionplugins_loadedafterpay-gateway-for-woocommerce.php:547
actionplugins_loadedafterpay-gateway-for-woocommerce.php:548
actionupgrader_process_completeafterpay-gateway-for-woocommerce.php:549
actionwoocommerce_blocks_loadedafterpay-gateway-for-woocommerce.php:550
actionwoocommerce_blocks_loadedafterpay-gateway-for-woocommerce.php:551
actionbefore_woocommerce_initafterpay-gateway-for-woocommerce.php:553

Scheduled Events 1

afterpay_do_cron_jobs
Maintenance & Trust

Afterpay Gateway for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedMar 17, 2025
PHP min version7.4
Downloads486K

Community Trust

Rating72/100
Number of ratings45
Active installs10K
Alternatives

Afterpay Gateway for WooCommerce Alternatives

Riverty Payments for Woocommerce

Riverty Payments for Woocommerce

afterpay-payment-gateway-for-woocommerce

A
100

Riverty is the most consumer-friendly BNPL payment method in Germany, Austria, Switzerland, the Nordics, Netherlands and Belgium.

100 No CVEs
Essential Addons for Elementor – Popular Elementor Templates & Widgets

Essential Addons for Elementor – Popular Elementor Templates & Widgets

essential-addons-for-elementor-lite

B
76

Elementor addon offering 110+ widgets and templates — Elementor Gallery, Slider, Form, Post Grid, Menu, Accordion, WooCommerce & more.

2.0M 56 CVEs
Google for WooCommerce

Google for WooCommerce

google-listings-and-ads

A
99

Native integration with Google that allows merchants to easily display their products across Google’s network.

900K 1 CVE
WooPayments: Integrated WooCommerce Payments

WooPayments: Integrated WooCommerce Payments

woocommerce-payments

A
97

Securely accept credit and debit cards on your WooCommerce store. Manage payments without leaving your WordPress dashboard. Only with WooPayments.

900K 6 CVEs
WooCommerce PayPal Payments

WooCommerce PayPal Payments

woocommerce-paypal-payments

A
100

PayPal's latest payment processing solution. Accept PayPal, Pay Later, credit/debit cards, alternative digital wallets and bank accounts.

800K 1 CVE
Developer Profile

Afterpay Gateway for WooCommerce Developer Profile

Afterpay

1 plugin · 10K total installs

73
trust score
Avg Security Score
91/100
Avg Patch Time
650 days
View full developer profile
Detection Fingerprints

How We Detect Afterpay Gateway for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/afterpay-gateway-for-woocommerce/build/afterpay-checkout-v2.js/wp-content/plugins/afterpay-gateway-for-woocommerce/build/afterpay-express-checkout.js/wp-content/plugins/afterpay-gateway-for-woocommerce/build/afterpay-express-checkout.css/wp-content/plugins/afterpay-gateway-for-woocommerce/build/afterpay-gateway.js/wp-content/plugins/afterpay-gateway-for-woocommerce/build/afterpay-gateway.css/wp-content/plugins/afterpay-gateway-for-woocommerce/class/Frontend/Assets/css/afterpay-styles.css
Script Paths
https://js.afterpay.com/v2/afterpay.js
Version Parameters
/wp-content/plugins/afterpay-gateway-for-woocommerce/build/afterpay-checkout-v2.js?ver=/wp-content/plugins/afterpay-gateway-for-woocommerce/build/afterpay-express-checkout.js?ver=/wp-content/plugins/afterpay-gateway-for-woocommerce/build/afterpay-express-checkout.css?ver=/wp-content/plugins/afterpay-gateway-for-woocommerce/build/afterpay-gateway.js?ver=/wp-content/plugins/afterpay-gateway-for-woocommerce/build/afterpay-gateway.css?ver=/wp-content/plugins/afterpay-gateway-for-woocommerce/class/Frontend/Assets/css/afterpay-styles.css?ver=

HTML / DOM Fingerprints

CSS Classes
afterpay-express-checkout-button-wrapperafterpay-express-checkout-buttonafterpay-express-buttonafterpay-schedule-containerafterpay-product-schedule-container
HTML Comments
<!-- afterpay express checkout --><!-- afterpay product detail schedule --><!-- afterpay category schedule --><!-- afterpay express checkout buttons -->
Data Attributes
data-afterpay-express-checkoutdata-afterpay-buy-button-iddata-afterpay-tokendata-afterpay-modedata-afterpay-targetdata-afterpay-locale+2 more
JS Globals
afterpayExpressCheckout
REST Endpoints
/wp-json/afterpay/v1/express/start/wp-json/afterpay/v1/express/change/wp-json/afterpay/v1/express/shipping-change/wp-json/afterpay/v1/express/complete/wp-json/wc/v3/afterpay
Shortcode Output
[afterpay_product_logo][afterpay_paragraph]
FAQ

Frequently Asked Questions about Afterpay Gateway for WooCommerce