BanglaPress – bKash, & Mobile Payment with Order Tracking & Invoice & Shipping Label Printing for WooCommerce Security & Risk Analysis

wordpress.org/plugins/bangla-press

bKash, Nagad, Rocket & Upay for WooCommerce — Label Print, Invoice, Order Tracker, Orders Manager.

300 active installs v1.3 PHP + WP 5.0+ Updated Mar 22, 2026

bangladeshbkashbuy-nownagadpartial-payment

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is BanglaPress – bKash, & Mobile Payment with Order Tracking & Invoice & Shipping Label Printing for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

BanglaPress – bKash, & Mobile Payment with Order Tracking & Invoice & Shipping Label Printing for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The Bangla Press plugin v1.2 exhibits a mixed security posture. On the positive side, it demonstrates strong practices in avoiding dangerous functions, executing all SQL queries using prepared statements, and performing a high percentage of output escaping. It also has no recorded vulnerabilities in its history, suggesting a general awareness of security or a lack of past exploitation. However, significant concerns arise from its attack surface. Two AJAX handlers are present without authentication checks, representing a direct pathway for potential unauthorized actions. The taint analysis also indicates one flow with an unsanitized path, which could lead to exploitable vulnerabilities if not handled carefully, though it's not categorized as critical or high severity.

While the absence of known CVEs is a positive sign, the presence of unprotected entry points in the code analysis, specifically the AJAX handlers, remains a notable weakness. The taint flow with an unsanitized path, even if not critical, warrants attention as it suggests a potential for input validation issues. The plugin's strengths lie in its secure database interactions and output handling, but the critical need for robust authentication and input sanitization on its AJAX endpoints cannot be overlooked.

Key Concerns

Unprotected AJAX handlers
Taint flow with unsanitized path

Vulnerabilities

None known

BanglaPress – bKash, & Mobile Payment with Order Tracking & Invoice & Shipping Label Printing for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

BanglaPress – bKash, & Mobile Payment with Order Tracking & Invoice & Shipping Label Printing for WooCommerce Release Timeline

v1.3Current

v1.2

Code Analysis

Analyzed Mar 16, 2026

BanglaPress – bKash, & Mobile Payment with Order Tracking & Invoice & Shipping Label Printing for WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

197 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

80% escaped245 total outputs

Data Flows · Security

1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths

<class-wc-gateway-mobile-banking> (class-wc-gateway-mobile-banking.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

BanglaPress – bKash, & Mobile Payment with Order Tracking & Invoice & Shipping Label Printing for WooCommerce Attack Surface

Entry Points3

Unprotected2

AJAX Handlers 2

authwp_ajax_process_bkash_paymentbp-bkash-for-wc.php:39

noprivwp_ajax_process_bkash_paymentbp-bkash-for-wc.php:40

Shortcodes 1

[bkash_payment_button] bp-bkash-for-wc.php:36

WordPress Hooks 17

actionplugins_loadedbp-bkash-for-wc.php:24

actionadmin_enqueue_scriptsbp-bkash-for-wc.php:31

actionwp_footerbp-bkash-for-wc.php:37

actionwp_enqueue_scriptsbp-bkash-for-wc.php:38

actionwoocommerce_admin_order_data_after_billing_addressbp-bkash-for-wc.php:41

actionwoocommerce_checkout_update_order_metabp-bkash-for-wc.php:42

actionwoocommerce_initbp-bkash-for-wc.php:518

actionwoocommerce_after_add_to_cart_buttonbp-bkash-for-wc.php:524

actionwoocommerce_thankyoubp-bkash-for-wc.php:539

actionadmin_initbp-bkash-settings.php:12

actionadmin_initbp-bkash-settings.php:13

actionadmin_noticesbp-bkash-settings.php:31

actionadmin_menubp-bkash-settings.php:434

actionwoocommerce_admin_order_data_after_order_detailsclass-wc-gateway-mobile-banking.php:454

actionwoocommerce_thankyouclass-wc-gateway-mobile-banking.php:493

actionwoocommerce_email_order_detailsclass-wc-gateway-mobile-banking.php:509

filterwoocommerce_payment_gatewaysclass-wc-gateway-mobile-banking.php:528

Maintenance & Trust

BanglaPress – bKash, & Mobile Payment with Order Tracking & Invoice & Shipping Label Printing for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 22, 2026

PHP min version

Downloads10K

Community Trust

Rating80/100

Number of ratings4

Active installs300

Alternatives

BanglaPress – bKash, & Mobile Payment with Order Tracking & Invoice & Shipping Label Printing for WooCommerce Alternatives

Flying Pay

flying-pay-gateway

100

A seamless and secure payment gateway integration for WooCommerce featuring Mobile Banking, 4 Major Banks, and Crypto support with an interactive UI.

40 No CVEs

Deshi Pay bKash, Rocket, Nagad

deshi-pay

100

A professional and modern manual payment gateway for WooCommerce supporting bKash, Nagad, and Rocket with a sleek UI and easy copy features.

20 No CVEs

SoftTech-IT bKash, Rocket, Nagad

bkash

Easy to use bKash , Rocket and Nagad Payment Gateway for Woocommerce

6K No CVEs

Bangladeshi Payments Mobile – QR Code & Transaction Reports

bangladeshi-payments-mobile

100

Accept Mobile Payments in Bangladesh – WooCommerce Gateway for bKash, Nagad, Rocket & Upay with QR Code & Transaction Reports.

1K No CVEs

UddoktaPay

uddoktapay-gateway

100

UddoktaPay Plugin for WooCommerce.

1K No CVEs

Developer Profile

BanglaPress – bKash, & Mobile Payment with Order Tracking & Invoice & Shipping Label Printing for WooCommerce Developer Profile

Anowar Hossain Rana

9 plugins · 540 total installs

trust score

Avg Security Score

97/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect BanglaPress – bKash, & Mobile Payment with Order Tracking & Invoice & Shipping Label Printing for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/bangla-press/assets/bkash-admin-style.css/wp-content/plugins/bangla-press/assets/js/admin-scripts.js/wp-content/plugins/bangla-press/assets/bkash-style.css/wp-content/plugins/bangla-press/assets/mobile-banking.css

Script Paths

/wp-content/plugins/bangla-press/assets/js/admin-scripts.js

Version Parameters

bangla-press/assets/bkash-style.css?ver=bangla-press/assets/js/admin-scripts.js?ver=

HTML / DOM Fingerprints

CSS Classes

bkash-payment-buttonbkash-modalbkash-modal-contentclose-modalbkash-error-messagebkash-success-messagebkash-processing-message

Data Attributes

data-product-iddata-product-pricedata-min-attributesdata-bkash-iddata-bkash-amountdata-bkash-product-id

JS Globals

bkash_payment_globalbkash_noncebkash_ajax_url

REST Endpoints

/wp-json/bangla-press/v1/process-payment

Shortcode Output

<div class="error">Please set a product ID!</div><button class="bkash-payment-button"

FAQ