WP-Safety

Planet Studio Payment Gateway for ArCa Security & Risk Analysis

wordpress.org/plugins/arca-payment-gateway

Accept payments from local & international customers to Armenian banks & Idram via ArCa paycenter for WooCommerce & GiveWP donation plugin.

100 active installs v1.5.2 PHP 7.4+ WP 5.4+ Updated Aug 6, 2025
arcaarmenian-banksidram-payment-systemonline-paymentpayment-gateway
99
A · Safe
CVEs total1
Unpatched0
Last CVENov 28, 2024
Download
Safety Verdict

Is Planet Studio Payment Gateway for ArCa Safe to Use in 2026?

Generally Safe

Score 99/100

Planet Studio Payment Gateway for ArCa has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Nov 28, 2024Updated 8mo ago
Risk Assessment

The arca-payment-gateway plugin version 1.5.2 exhibits a mixed security posture. On the positive side, it demonstrates excellent practices in output escaping, with all 454 outputs properly escaped, and the majority of SQL queries (82%) utilize prepared statements. The absence of file operations and dangerous functions is also a strength. However, significant concerns arise from the identified attack surface and taint analysis.

Specifically, the plugin exposes two AJAX handlers without authentication checks, creating potential entry points for unauthorized actions. The taint analysis reveals a concerning 15 high-severity flows with unsanitized paths, indicating a strong possibility of vulnerabilities that could allow attackers to manipulate data or code execution. While the plugin has a history of vulnerabilities, particularly CSRF, the current lack of unpatched CVEs is a positive sign, suggesting active maintenance, though the previous occurrences warrant vigilance. The single nonce check is insufficient to cover all potential attack vectors.

In conclusion, while the plugin has adopted good practices in output sanitization and SQL query preparation, the unprotected AJAX endpoints and the high number of unsanitized taint flows present a substantial risk. The vulnerability history, though currently clear of unpatched issues, suggests a pattern that requires ongoing monitoring. Addressing the unprotected entry points and the identified taint flows should be a priority to improve the plugin's overall security.

Key Concerns

  • Unprotected AJAX handlers
  • High severity taint flows without sanitization
  • Limited nonce checks
  • Previous vulnerability history (CSRF)
Vulnerabilities
1

Planet Studio Payment Gateway for ArCa Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2024-53759medium · 5.4Cross-Site Request Forgery (CSRF)

ArCa Payment Gateway <= 1.3.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Nov 28, 2024 Patched in 1.3.4 (15d)
Code Analysis
Analyzed Mar 16, 2026

Planet Studio Payment Gateway for ArCa Code Analysis

Dangerous Functions
0
Raw SQL Queries
64
300 prepared
Unescaped Output
1
453 escaped
Nonce Checks
1
Capability Checks
0
File Operations
0
External Requests
18
Bundled Libraries
0

SQL Query Safety

82% prepared364 total queries

Output Escaping

100% escaped454 total outputs
Data Flows
17 unsanitized

Data Flow Analysis

17 flows17 with unsanitized paths
apg_wc_api_idram_complete (endpoints\apg-idram.php:273)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Planet Studio Payment Gateway for ArCa Attack Surface

Entry Points6
Unprotected2

AJAX Handlers 2

authwp_ajax_arca_pg_popupincludes\apg-show-popup.php:4
noprivwp_ajax_arca_pg_popupincludes\apg-show-popup.php:5

Shortcodes 4

[arca-pg-form] includes\apg-shortcodes.php:5
[arca-pg-button] includes\apg-shortcodes.php:6
[arca-pg-button-custom-amount] includes\apg-shortcodes.php:7
[arca-pg-button-idram] includes\apg-shortcodes.php:8
WordPress Hooks 35
actioninitarca-payment-gateway.php:34
actioninitarca-payment-gateway.php:127
filterplugin_action_linksarca-payment-gateway.php:134
filterplugin_row_metaarca-payment-gateway.php:148
filterwoocommerce_payment_gatewaysarca-payment-gateway.php:160
filterwoocommerce_payment_gatewaysarca-payment-gateway.php:167
actionplugins_loadedarca-payment-gateway.php:174
actionplugins_loadedarca-payment-gateway.php:191
actionadmin_footerarca-payment-gateway.php:220
actiongive_initarca-payment-gateway.php:236
actionwoocommerce_api_idram_resultendpoints\apg-idram.php:12
actionwoocommerce_api_idram_completeendpoints\apg-idram.php:13
actionwoocommerce_api_idram_failendpoints\apg-idram.php:14
filterrequestendpoints\apg-idram.php:17
actionadmin_menuincludes\apg-admin-menu.php:4
actionwp_dashboard_setupincludes\apg-dashboard-widgets.php:4
filtergive_payment_gatewaysincludes\apg-give-wp-idram.php:23
filtergive_get_sections_gatewaysincludes\apg-give-wp-idram.php:35
filtergive_get_settings_gatewaysincludes\apg-give-wp-idram.php:73
actiongive_gateway_apg_gatewey_idramincludes\apg-give-wp-idram.php:141
filtergive_payment_gatewaysincludes\apg-give-wp.php:21
filtergive_get_sections_gatewaysincludes\apg-give-wp.php:33
filtergive_get_settings_gatewaysincludes\apg-give-wp.php:71
actiongive_gateway_apg_gateweyincludes\apg-give-wp.php:139
actionadmin_enqueue_scriptsincludes\apg-register-scripts-styles.php:4
actionwp_enqueue_scriptsincludes\apg-register-scripts-styles.php:20
filterdisplay_post_statesincludes\apg-set-post-states.php:4
filterdisplay_post_statesincludes\apg-set-post-states.php:16
filterwoocommerce_gateway_iconincludes\apg-wc-gateways_icons.php:4
actionwoocommerce_blocks_payment_method_type_registrationincludes\apg-wc-idram.php:55
actionwoocommerce_blocks_payment_method_type_registrationincludes\apg-wc.php:98
filtermanage_edit-shop_order_columnsincludes\apg-wc.php:111
actionmanage_shop_order_posts_custom_columnincludes\apg-wc.php:118
actionrestrict_manage_postsincludes\apg-wc.php:149
filterwoocommerce_order_query_argsincludes\apg-wc.php:176
Maintenance & Trust

Planet Studio Payment Gateway for ArCa Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedAug 6, 2025
PHP min version7.4
Downloads6K

Community Trust

Rating0/100
Number of ratings0
Active installs100
Alternatives

Planet Studio Payment Gateway for ArCa Alternatives

Paysera Payment Gateway for WooCommerce

Paysera Payment Gateway for WooCommerce

woo-payment-gateway-paysera

A
99

Paysera payments + delivery

7K 1 CVE
ABA PayWay Payment Gateway for WooCommerce

ABA PayWay Payment Gateway for WooCommerce

aba-payway-woocommerce-payment-gateway

A
99

PayWay is Cambodia's leading online payment gateway provided by Advanced Bank of Asia Ltd. (ABA Bank). It offers multiple way of checkout options &hellip;

200 1 CVE
Bykea.Cash – Online Payments

Bykea.Cash – Online Payments

bykea-cash-online-payments

A
85

The Bykea Cash plugin allows you to collect payments on your WordPress WooCommerce website instantly using Credit/Debit Cards (VISA, MasterCard, PayPa &hellip;

200 No CVEs
Modena Payment Gateway

Modena Payment Gateway

modenapaymentgateway

A
100

Modena is a full checkout solution for all of your e-commerce needs. We cover all popular payment methods. Modena can help you get started with everyt &hellip;

200 No CVEs
FeexPay

FeexPay

feexpay

A
92

A secure plugin to accept Mobile Money and Credit Card payments.

100 No CVEs
Developer Profile

Planet Studio Payment Gateway for ArCa Developer Profile

Planet Studio

2 plugins · 170 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
15 days
View full developer profile
Detection Fingerprints

How We Detect Planet Studio Payment Gateway for ArCa

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/arca-payment-gateway/assets/css/admin.css/wp-content/plugins/arca-payment-gateway/assets/css/custom.css/wp-content/plugins/arca-payment-gateway/assets/css/daterangepicker.css/wp-content/plugins/arca-payment-gateway/assets/css/give-wp-style.css/wp-content/plugins/arca-payment-gateway/assets/css/give-wp-style.min.css/wp-content/plugins/arca-payment-gateway/assets/css/select2.min.css/wp-content/plugins/arca-payment-gateway/assets/css/select2-bootstrap4.css/wp-content/plugins/arca-payment-gateway/assets/css/toastr.min.css+6 more
Script Paths
/wp-content/plugins/arca-payment-gateway/assets/js/admin.js/wp-content/plugins/arca-payment-gateway/assets/js/custom.js/wp-content/plugins/arca-payment-gateway/assets/js/daterangepicker.min.js/wp-content/plugins/arca-payment-gateway/assets/js/give-wp-scripts.js/wp-content/plugins/arca-payment-gateway/assets/js/select2.full.min.js/wp-content/plugins/arca-payment-gateway/assets/js/toastr.min.js
Version Parameters
arca-payment-gateway/assets/css/admin.css?ver=arca-payment-gateway/assets/css/custom.css?ver=arca-payment-gateway/assets/css/daterangepicker.css?ver=arca-payment-gateway/assets/css/give-wp-style.css?ver=arca-payment-gateway/assets/css/give-wp-style.min.css?ver=arca-payment-gateway/assets/css/select2.min.css?ver=arca-payment-gateway/assets/css/select2-bootstrap4.css?ver=arca-payment-gateway/assets/css/toastr.min.css?ver=arca-payment-gateway/assets/js/admin.js?ver=arca-payment-gateway/assets/js/custom.js?ver=arca-payment-gateway/assets/js/daterangepicker.min.js?ver=arca-payment-gateway/assets/js/give-wp-scripts.js?ver=arca-payment-gateway/assets/js/select2.full.min.js?ver=arca-payment-gateway/assets/js/toastr.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
arca-pg-settingsarca-pg-idram-settingsarca-pg-admin-menuarca-pg-deactivate-popup-wrap
HTML Comments
<!-- TATIOSA multi account integration not found. file: "multi-account.php" -->
Data Attributes
data-plugin-name="arca-payment-gateway"data-plugin-version="1.5.2"
JS Globals
ARCAPG_VERSIONARCAPG_PRO
FAQ

Frequently Asked Questions about Planet Studio Payment Gateway for ArCa