[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f9VZTnOcrSE074I04TOFvWdHAkI679pE08MZuMfpLHeg":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":14,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":46,"crawl_stats":36,"alternatives":53,"analysis":144,"fingerprints":452},"bayarcash-wc","Bayarcash WooCommerce","4.3.14","Web Impian","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebimpian\u002F","\u003Cp>Bayarcash is a Malaysia online payment platform that support FPX, Direct Debit & DuitNow payment channels.\u003C\u002Fp>\n\u003Cp>Fully supports WooCommerce Subscription products with Direct Debit functionality. \u003Ca href=\"https:\u002F\u002Fwoocommerce.com\u002Fproducts\u002Fwoocommerce-subscriptions\u002F\" rel=\"nofollow ugc\">See more\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>How it works\u003C\u002Fh3>\n\u003Cp>This plugin will connect to Bayarcash endpoint to secure payment processing between bank & ewallet in Malaysia.\u003C\u002Fp>\n\u003Cp>Please visit our website \u003Ca href=\"https:\u002F\u002Fbayarcash.com\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fbayarcash.com\u002F\u003C\u002Fa> for terms of use and privacy policy, or email to hai@bayarcash.com for any inquiries.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>One-off payment via FPX (CASA & credit card account)\u003C\u002Fli>\n\u003Cli>Payment via DuitNow Online Banking\u002FWallets\u003C\u002Fli>\n\u003Cli>Payment via DuitNow QR\u003C\u002Fli>\n\u003Cli>Support cross-border payment via DuitNow QR\u003C\u002Fli>\n\u003Cli>Weekly & monthly recurring payment via Direct Debit. Deduction happen automatic directly via bank account (flat rate fees).\u003C\u002Fli>\n\u003Cli>Support multiple Bayarcash account per website\u003C\u002Fli>\n\u003Cli>Shariah-compliance payment gateway\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Register as \u003Ca href=\"https:\u002F\u002Fbayarcash.com\u002Fregister\u002F\" rel=\"nofollow ugc\">\u003Cstrong>Bayarcash merchant here\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Requirements\u003C\u002Fh3>\n\u003Cp>To use Bayarcash WooCommerce requires minimum:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>PHP 7.4\u003C\u002Fli>\n\u003Cli>WordPress 5.6\u003C\u002Fli>\n\u003Cli>WooCommerce Plugin\u003C\u002Fli>\n\u003C\u002Ful>\n","Accept online payment & QR from Malaysia. Currently, Bayarcash support FPX, Direct Debit and DuitNow payment channels.",800,8754,100,1,"2026-02-13T04:24:00.000Z","6.8.5","5.6","7.4",[20,21,22,23],"direct-debit","duitnow","duitnow-qr","fpx","https:\u002F\u002Fbayarcash.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbayarcash-wc.zip",99,0,"2026-01-13 20:49:08","2026-03-15T15:16:48.613Z",[31],{"id":32,"url_slug":33,"title":34,"description":35,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":6,"severity":38,"cvss_score":39,"cvss_vector":40,"vuln_type":41,"published_date":28,"updated_date":42,"references":43,"days_to_patch":45},"CVE-2026-24606","bayarcash-woocommerce-missing-authorization","Bayarcash WooCommerce \u003C= 4.3.12 - Missing Authorization","The Bayarcash WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 4.3.12. This makes it possible for unauthenticated attackers to perform an unauthorized action.",null,"\u003C=4.3.12","medium",5.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Missing Authorization","2026-02-13 18:34:54",[44],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F6b1f98d1-ced5-4604-83b7-e0bedc5d4915?source=api-prod",31,{"slug":47,"display_name":7,"profile_url":8,"plugin_count":48,"total_installs":49,"avg_security_score":50,"avg_patch_time_days":45,"trust_score":51,"computed_at":52},"webimpian",5,840,98,87,"2026-04-05T09:15:12.036Z",[54,76,91,110,126],{"slug":55,"name":56,"version":57,"author":58,"author_profile":59,"description":60,"short_description":61,"active_installs":62,"downloaded":63,"rating":64,"num_ratings":65,"last_updated":66,"tested_up_to":67,"requires_at_least":68,"requires_php":69,"tags":70,"homepage":74,"download_link":75,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"toyyibpay-for-woocommerce","toyyibPay for WooCommerce","2.0.0","toyyibPay","https:\u002F\u002Fprofiles.wordpress.org\u002Ftoyyibpay\u002F","\u003Cp>toyyibPay for WooCommerce is a robust payment gateway integration that allows Malaysian merchants to seamlessly accept payments on their WooCommerce store. Powered by \u003Ca href=\"https:\u002F\u002Ftoyyibpay.com\" rel=\"nofollow ugc\">toyyibPay\u003C\u002Fa>, one of Malaysia’s leading payment service providers, this plugin offers a straightforward setup with no hidden fees.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Our pricing is always per transaction. No startup fees, no monthly fees, and no gateway fees. No hidden fees, period.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>Currently available to businesses registered and operating in Malaysia.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch4>Supported Payment Modes\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>FPX Online Banking\u003C\u002Fstrong> — Direct bank transfer via Financial Process Exchange (FPX), supporting all major Malaysian banks\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Credit \u002F Debit Card\u003C\u002Fstrong> — Visa and Mastercard payments for local and international customers\u003C\u002Fli>\n\u003Cli>\u003Cstrong>DuitNow QR\u003C\u002Fstrong> \u003Cem>(New in 2.0.0)\u003C\u002Fem> — Instant QR-based payments via the DuitNow network\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Split Payment\u003C\u002Fstrong> — Automatically split payment proceeds between multiple toyyibPay accounts\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Multiple payment modes: FPX, Credit\u002FDebit Card, DuitNow QR, and Split Payment\u003C\u002Fli>\n\u003Cli>HPOS (High-Performance Order Storage) compatible\u003C\u002Fli>\n\u003Cli>WooCommerce Blocks checkout support\u003C\u002Fli>\n\u003Cli>Seamless integration with the WooCommerce payments settings\u003C\u002Fli>\n\u003Cli>Configurable admin fee handling for DuitNow QR\u003C\u002Fli>\n\u003Cli>Sandbox\u002Fdevelopment mode for testing before going live\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Please go to the \u003Ca href=\"https:\u002F\u002Ftoyyibpay.com\u002Faccess\u002Fregistration\" rel=\"nofollow ugc\">signup page\u003C\u002Fa> to create a toyyibPay account and start receiving payments.\u003C\u002Fp>\n\u003Cp>Contact us on our \u003Ca href=\"https:\u002F\u002Fwww.facebook.com\u002Ftoyyibpay\" rel=\"nofollow ugc\">Facebook Page\u003C\u002Fa> if you have any questions or comments about this plugin.\u003C\u002Fp>\n","The official toyyibPay payment gateway plugin for WooCommerce — enabling Malaysian merchants to accept secure online payments with ease.",7000,101553,86,6,"2026-03-04T21:57:00.000Z","6.9.4","6.0","7.0",[21,23,71,72,73],"malaysia","payment-gateway","woocommerce","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftoyyibpay-for-woocommerce\u002F#installation","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftoyyibpay-for-woocommerce.2.0.0.zip",{"slug":77,"name":78,"version":79,"author":7,"author_profile":8,"description":80,"short_description":81,"active_installs":82,"downloaded":83,"rating":27,"num_ratings":27,"last_updated":84,"tested_up_to":85,"requires_at_least":17,"requires_php":18,"tags":86,"homepage":24,"download_link":90,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"bayarcash-givewp","Bayarcash GiveWP","4.2.4","\u003Cp>Bayarcash is a Malaysia online payment platform that supports FPX, Direct Debit, DuitNow, and international payment channels including NETS, Alipay, WeChat Pay, and PromptPay.\u003C\u002Fp>\n\u003Ch3>How it works\u003C\u002Fh3>\n\u003Cp>This plugin will connect to Bayarcash endpoint to secure payment processing between bank & ewallet in Malaysia.\u003C\u002Fp>\n\u003Cp>Please visit our website \u003Ca href=\"https:\u002F\u002Fbayarcash.com\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fbayarcash.com\u002F\u003C\u002Fa> for terms of use and privacy policy, or email to hai@bayarcash.com for any inquiries.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>One-off donation via FPX (CASA & credit card account)\u003C\u002Fli>\n\u003Cli>Donation via DuitNow Online Banking\u002FWallets\u003C\u002Fli>\n\u003Cli>Donation via DuitNow QR\u003C\u002Fli>\n\u003Cli>Donation via NETS (Singapore)\u003C\u002Fli>\n\u003Cli>Donation via Alipay\u003C\u002Fli>\n\u003Cli>Donation via WeChat Pay\u003C\u002Fli>\n\u003Cli>Donation via PromptPay (Thailand)\u003C\u002Fli>\n\u003Cli>Donation via QRIS (Indonesia Online Banking & e-Wallet)\u003C\u002Fli>\n\u003Cli>Donation via Boost PayFlex\u003C\u002Fli>\n\u003Cli>Weekly & monthly recurring donation via Direct Debit. Deduction happen automatic directly via bank account (flat rate fees). Required \u003Ca href=\"https:\u002F\u002Fgivewp.com\u002Faddons\u002Frecurring-donations\u002F\" rel=\"nofollow ugc\">\u003Cstrong>Recurring Donations for GiveWP\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Support multiple Bayarcash account per website\u003C\u002Fli>\n\u003Cli>Support multiple portal key per donation form for better reporting & finance reconciliation\u003C\u002Fli>\n\u003Cli>Impose fees to donor. Required \u003Ca href=\"https:\u002F\u002Fgivewp.com\u002Faddons\u002Ffee-recovery\u002F\" rel=\"nofollow ugc\">\u003Cstrong>GiveWP Fee Recovery\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Shariah-compliance payment gateway\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Register as \u003Ca href=\"https:\u002F\u002Fbayarcash.com\u002Fregister\u002F\" rel=\"nofollow ugc\">\u003Cstrong>Bayarcash merchant here\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Requirements\u003C\u002Fh3>\n\u003Cp>To use Bayarcash GiveWP requires minimum:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>PHP 7.4\u003C\u002Fli>\n\u003Cli>WordPress 5.6\u003C\u002Fli>\n\u003Cli>GiveWP 1.8\u003C\u002Fli>\n\u003Cli>GiveWP Recurring Donations 2.4 (for Direct Debit)\u003C\u002Fli>\n\u003C\u002Ful>\n","Accept online donation from Malaysia and international payments. Supports FPX, DuitNow, NETS, Alipay, WeChat Pay, PromptPay and more payment channels.",20,3043,"2025-11-14T04:15:00.000Z","6.7.5",[87,21,23,88,89],"alipay","nets","wechat-pay","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbayarcash-givewp.4.2.4.zip",{"slug":92,"name":93,"version":94,"author":92,"author_profile":95,"description":96,"short_description":97,"active_installs":98,"downloaded":99,"rating":27,"num_ratings":27,"last_updated":100,"tested_up_to":85,"requires_at_least":101,"requires_php":102,"tags":103,"homepage":107,"download_link":108,"security_score":109,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"ringgitpay","RinggitPay for WooCommerce","1.0.4","https:\u002F\u002Fprofiles.wordpress.org\u002Fringgitpay1\u002F","\u003Cp>Now you can integrate your WooCommerce shopping cart with RinggitPay Payment Gateway Malaysia in few simple steps\u003C\u002Fp>\n\u003Cp>Search RinggitPay in plugin directory. Install and activate RinggitPay to accept payments online via \u003Cstrong>FPX – Internet Banking, Visa\u002FMaster Credit & Debit Cards\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>If you do not have a RinggitPay account, \u003Ca href=\"https:\u002F\u002Fringgitpay.biz\u002Fsign-up\u002F\" rel=\"nofollow ugc\">Sign Up\u003C\u002Fa> to start accepting payments online\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fringgitpay.biz\u002Fsign-up\u002F\" rel=\"nofollow ugc\">Contact\u003C\u002Fa> our careline team for more information\u003C\u002Fp>\n\u003Cp>Follow us on our \u003Ca href=\"https:\u002F\u002Fwww.facebook.com\u002FRinggitPay\" rel=\"nofollow ugc\">Facebook Page\u003C\u002Fa> to stay updated on the latest releases and news.\u003C\u002Fp>\n","RinggitPay payment gateway plugin for WooCommerce",10,1692,"2025-02-26T08:45:00.000Z","4.5","",[104,21,105,106,72],"credit-and-debit-card-visa-master","ewallets","online-banking-fpx","https:\u002F\u002Fringgitpay.biz","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fringgitpay.1.0.4.zip",92,{"slug":111,"name":112,"version":113,"author":114,"author_profile":115,"description":116,"short_description":117,"active_installs":27,"downloaded":118,"rating":27,"num_ratings":27,"last_updated":102,"tested_up_to":16,"requires_at_least":119,"requires_php":18,"tags":120,"homepage":123,"download_link":124,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":125},"bayarcash-for-fluentcart","Bayarcash for FluentCart","1.0.0","Bayarcash","https:\u002F\u002Fprofiles.wordpress.org\u002Fbayarcash\u002F","\u003Cp>Bayarcash for FluentCart is a powerful payment gateway integration that enables Malaysian businesses to accept online payments through FluentCart. This plugin seamlessly connects your FluentCart store with Bayarcash, providing access to multiple popular payment channels in Malaysia.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Multiple Payment Channels\u003C\u002Fstrong> – Support for FPX (Online Banking), DuitNow QR, Credit Card, and more\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Secure Transactions\u003C\u002Fstrong> – All transactions are verified with checksum validation\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Real-time Callbacks\u003C\u002Fstrong> – Instant order status updates via webhooks\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Test Mode\u003C\u002Fstrong> – Built-in sandbox mode for testing before going live\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customizable Checkout\u003C\u002Fstrong> – Customize button colors, text, and themes\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Order Metadata\u003C\u002Fstrong> – Stores all transaction details for complete audit trail\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Status Management\u003C\u002Fstrong> – Automatic order status updates based on payment status\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Supported Payment Channels\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>FPX (Online Banking)\u003C\u002Fli>\n\u003Cli>FPX Direct Debit\u003C\u002Fli>\n\u003Cli>FPX Line of Credit\u003C\u002Fli>\n\u003Cli>DuitNow Online Banking\u002FWallets\u003C\u002Fli>\n\u003Cli>DuitNow QR\u003C\u002Fli>\n\u003Cli>Boost PayFlex\u003C\u002Fli>\n\u003Cli>QRIS (Online Banking & E-Wallet)\u003C\u002Fli>\n\u003Cli>NETS\u003C\u002Fli>\n\u003Cli>Credit Card\u003C\u002Fli>\n\u003Cli>Alipay\u003C\u002Fli>\n\u003Cli>WeChat Pay\u003C\u002Fli>\n\u003Cli>PromptPay\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>API & SDK Information\u003C\u002Fh4>\n\u003Cp>This plugin integrates with external services to process payments:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Bayarcash Payment API v3\u003C\u002Fstrong>\u003Cbr \u002F>\n* Service: Bayarcash Payment Gateway (https:\u002F\u002Fbayarcash.com)\u003Cbr \u002F>\n* API Documentation: https:\u002F\u002Fdocs.bayarcash.com\u003Cbr \u002F>\n* Purpose: Process payment transactions and handle payment callbacks\u003Cbr \u002F>\n* Service Terms: https:\u002F\u002Fbayarcash.com\u002Fterms\u003Cbr \u002F>\n* Privacy Policy: https:\u002F\u002Fbayarcash.com\u002Fprivacy\u003C\u002Fp>\n\u003Cp>\u003Cstrong>SDK Used:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Bayarcash PHP SDK v2.0.5\u003Cbr \u002F>\n* Repository: https:\u002F\u002Fgithub.com\u002Fwebimpian\u002Fbayarcash-php-sdk\u003Cbr \u002F>\n* License: MIT License\u003C\u002Fp>\n\u003Ch4>Data Collection & Privacy\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>What data is sent to Bayarcash:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>When a customer makes a payment, the following information is transmitted to Bayarcash’s secure servers:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Order ID and amount\u003C\u002Fli>\n\u003Cli>Customer name and email address\u003C\u002Fli>\n\u003Cli>Customer phone number\u003C\u002Fli>\n\u003Cli>Selected payment channel\u003C\u002Fli>\n\u003Cli>Return URL and callback URL\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Data Processing:\u003C\u002Fstrong>\u003Cbr \u002F>\n* All payment data is transmitted securely via HTTPS\u003Cbr \u002F>\n* Payment information is processed by Bayarcash in accordance with their privacy policy\u003Cbr \u002F>\n* Transaction IDs and payment status are returned and stored in your WordPress database\u003Cbr \u002F>\n* No credit card details are stored on your server – all sensitive payment data is handled by Bayarcash\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Callbacks & Webhooks:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Bayarcash sends payment status updates to your site via secure callbacks\u003Cbr \u002F>\n* All callbacks are verified using cryptographic checksums to prevent tampering\u003Cbr \u002F>\n* Your site stores transaction metadata (transaction IDs, status, payment channel) for order management\u003C\u002Fp>\n\u003Cp>By using this plugin, you acknowledge that customer payment data will be transmitted to Bayarcash for processing. Please ensure your privacy policy reflects this third-party data processing.\u003C\u002Fp>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>FluentCart plugin (active)\u003C\u002Fli>\n\u003Cli>Bayarcash merchant account\u003C\u002Fli>\n\u003Cli>PHP 7.4 or higher\u003C\u002Fli>\n\u003Cli>WordPress 5.0 or higher\u003C\u002Fli>\n\u003C\u002Ful>\n","Accept payments via Bayarcash payment gateway for FluentCart. Supports FPX, DuitNow QR, and other Malaysian payment methods.",165,"5.0",[121,21,122,23,72],"bayarcash","fluentcart","https:\u002F\u002Fplugin.bayarcash.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbayarcash-for-fluentcart.1.0.0.zip","2026-03-15T10:48:56.248Z",{"slug":127,"name":128,"version":129,"author":130,"author_profile":131,"description":132,"short_description":133,"active_installs":134,"downloaded":135,"rating":13,"num_ratings":14,"last_updated":136,"tested_up_to":67,"requires_at_least":137,"requires_php":18,"tags":138,"homepage":141,"download_link":142,"security_score":13,"vuln_count":14,"unpatched_count":27,"last_vuln_date":143,"fetched_at":29},"woocommerce-gateway-gocardless","GoCardless for WooCommerce","2.9.9","GoCardless","https:\u002F\u002Fprofiles.wordpress.org\u002Fgocardless\u002F","\u003Cp>This is a feature plugin for accepting payments via \u003Ca href=\"https:\u002F\u002Fgocardless.com\u002F\" rel=\"nofollow ugc\">GoCardless\u003C\u002Fa>.  It requires \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwoocommerce\u002F\" rel=\"ugc\">WooCommerce\u003C\u002Fa> to be installed before GoCardless for WooCommerce can be activated.\u003C\u002Fp>\n\u003Ch4>Compatibility\u003C\u002Fh4>\n\u003Cp>This extension is compatible with:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwoo.com\u002Fproducts\u002Fwoocommerce-subscriptions\u002F\" rel=\"nofollow ugc\">Woo Subscriptions\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Test Account Setup\u003C\u002Fh4>\n\u003Cp>You can create a user on \u003Ca href=\"https:\u002F\u002Fgocardless.com\" rel=\"nofollow ugc\">gocardless.com\u003C\u002Fa> for live transactions and \u003Ca href=\"https:\u002F\u002Fmanage-sandbox.gocardless.com\u002F\" rel=\"nofollow ugc\">on the sandbox\u003C\u002Fa> for test transactions. When you first set up a site, you’ll be prompted to create a user for the correct GoCardless environment when setting up the webhooks.\u003C\u002Fp>\n\u003Ch4>Development\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Install Dependencies & Build\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The plugin uses Webpack to build the assets. To build the assets, follow these steps:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Run \u003Ccode>npm install\u003C\u002Fcode> to install the dependencies.\u003C\u002Fli>\n\u003Cli>Run \u003Ccode>npm run build:webpack\u003C\u002Fcode> to build the asset files. You can also run \u003Ccode>npm run start:webpack\u003C\u002Fcode> to watch the files and rebuild them automatically when they change.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You can find the source files in the \u003Ccode>assets\u003C\u002Fcode> and \u003Ccode>client\u003C\u002Fcode> directories.\u003C\u002Fp>\n","Extends WooCommerce with a GoCardless gateway. A GoCardless merchant account is required.",1000,11711,"2025-12-17T20:48:00.000Z","6.7",[20,139,140,73],"gocardless","instant-bank-pay","https:\u002F\u002Fwww.woocommerce.com\u002Fproducts\u002Fgocardless\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwoocommerce-gateway-gocardless.2.9.9.zip","2023-07-10 00:00:00",{"attackSurface":145,"codeSignals":360,"taintFlows":390,"riskAssessment":440,"analyzedAt":451},{"hooks":146,"ajaxHandlers":334,"restRoutes":354,"shortcodes":355,"cronEvents":356,"entryPointCount":65,"unprotectedCount":27},[147,153,160,163,165,170,173,176,179,181,185,188,191,194,197,200,202,205,208,212,216,221,225,228,230,234,238,241,245,249,254,257,260,264,267,272,276,278,283,287,290,294,298,301,304,308,312,316,320,324,326,329,332],{"type":148,"name":149,"callback":150,"priority":14,"file":151,"line":152},"action","admin_head","add_compatibility_script","includes\\admin\\compatibility.php",14,{"type":154,"name":155,"callback":156,"priority":157,"file":158,"line":159},"filter","woocommerce_settings_tabs_array","anonymous",50,"includes\\src\\AdditionalTab.php",8,{"type":148,"name":161,"callback":156,"file":158,"line":162},"woocommerce_settings_tabs_bayarcash_additional_merchant",9,{"type":148,"name":164,"callback":156,"file":158,"line":98},"woocommerce_update_options_bayarcash_additional_merchant",{"type":148,"name":166,"callback":167,"priority":27,"file":168,"line":169},"plugins_loaded","closure","includes\\src\\Bayarcash.php",121,{"type":148,"name":171,"callback":167,"file":168,"line":172},"shutdown",141,{"type":154,"name":174,"callback":167,"priority":98,"file":168,"line":175},"plugin_row_meta",235,{"type":154,"name":177,"callback":167,"file":168,"line":178},"woocommerce_payment_gateways",261,{"type":148,"name":166,"callback":167,"file":168,"line":180},348,{"type":148,"name":182,"callback":183,"file":168,"line":184},"all_admin_notices","callback_compatibility",356,{"type":148,"name":186,"callback":167,"file":168,"line":187},"admin_enqueue_scripts",369,{"type":148,"name":189,"callback":167,"file":168,"line":190},"wp_enqueue_scripts",406,{"type":148,"name":192,"callback":167,"file":168,"line":193},"before_woocommerce_init",544,{"type":148,"name":195,"callback":167,"file":168,"line":196},"woocommerce_blocks_loaded",573,{"type":148,"name":198,"callback":167,"file":168,"line":199},"woocommerce_blocks_checkout_block_registration",581,{"type":148,"name":195,"callback":167,"file":168,"line":201},609,{"type":148,"name":203,"callback":167,"file":168,"line":204},"woocommerce_blocks_payment_method_type_registration",617,{"type":148,"name":189,"callback":206,"file":168,"line":207},"localize_subscription_cancellation_script",706,{"type":154,"name":209,"callback":210,"priority":98,"file":168,"line":211},"wcs_view_subscription_actions","customize_subscription_actions",708,{"type":148,"name":213,"callback":214,"file":168,"line":215},"wp_footer","add_subscription_cancellation_script",709,{"type":148,"name":217,"callback":218,"file":219,"line":220},"woocommerce_cart_calculate_fees","add_checkout_fee","includes\\src\\BayarcashCheckoutFee.php",47,{"type":154,"name":222,"callback":223,"file":219,"line":224},"woocommerce_available_payment_gateways","disable_gateway_by_country",48,{"type":154,"name":222,"callback":226,"file":219,"line":227},"disable_duitnowshopee_over_limit",49,{"type":148,"name":213,"callback":229,"file":219,"line":157},"disable_checkout_button_for_payment_method",{"type":148,"name":231,"callback":232,"file":219,"line":233},"woocommerce_before_checkout_process","check_payment_method_before_processing",51,{"type":154,"name":235,"callback":236,"priority":98,"file":219,"line":237},"woocommerce_checkout_error_message","custom_checkout_error_message",52,{"type":154,"name":239,"callback":167,"file":240,"line":157},"cron_schedules","includes\\src\\CronEvent.php",{"type":148,"name":242,"callback":243,"file":240,"line":244},"bayarcash_wc_checkpayment","check_payment",67,{"type":148,"name":246,"callback":247,"file":240,"line":248},"bayarcash_wc_check_transaction","check_transaction",68,{"type":148,"name":250,"callback":251,"file":252,"line":253},"wfacp_after_template_found","init_fields","includes\\src\\CustomFieldFunnelKit.php",11,{"type":148,"name":213,"callback":255,"file":252,"line":256},"add_custom_scripts",12,{"type":154,"name":258,"callback":258,"priority":159,"file":252,"line":259},"wfacp_get_checkout_fields",113,{"type":154,"name":261,"callback":261,"priority":262,"file":252,"line":263},"wfacp_get_fieldsets",7,114,{"type":148,"name":265,"callback":167,"file":252,"line":266},"template_redirect",167,{"type":154,"name":268,"callback":269,"priority":98,"file":270,"line":271},"woocommerce_loop_add_to_cart_link","modify_add_to_cart_button","includes\\src\\CustomProductText.php",29,{"type":148,"name":273,"callback":274,"priority":253,"file":270,"line":275},"woocommerce_single_product_summary","add_payment_info_to_single_product",30,{"type":148,"name":213,"callback":277,"file":270,"line":45},"add_custom_css",{"type":148,"name":279,"callback":280,"file":281,"line":282},"admin_init","check_dependencies","includes\\src\\DependencyChecker.php",16,{"type":148,"name":284,"callback":285,"file":281,"line":286},"admin_notices","show_namespace_error",24,{"type":148,"name":279,"callback":288,"file":281,"line":289},"deactivate_plugin",25,{"type":148,"name":291,"callback":292,"file":293,"line":13},"woocommerce_before_order_notes","add_identification_fields","includes\\src\\Gateway\\DirectDebitGateway.php",{"type":148,"name":295,"callback":296,"priority":98,"file":293,"line":297},"woocommerce_subscription_status_cancelled","cancel_subscription",101,{"type":148,"name":284,"callback":299,"file":293,"line":300},"bayarcash_admin_notices",102,{"type":148,"name":213,"callback":302,"file":293,"line":303},"add_payment_method_script",123,{"type":148,"name":189,"callback":305,"file":306,"line":307},"payment_scripts","includes\\src\\Gateway.php",69,{"type":148,"name":309,"callback":310,"file":306,"line":311},"woocommerce_api_bayarcash_payment","process_bayarcash",71,{"type":148,"name":313,"callback":314,"file":306,"line":315},"woocommerce_api_bayarcash_callback","process_callback",72,{"type":154,"name":317,"callback":318,"priority":98,"file":306,"line":319},"woocommerce_order_button_text","custom_order_button_text",73,{"type":148,"name":321,"callback":322,"priority":98,"file":323,"line":159},"woocommerce_order_action_wc_mark_cancelled","preventMarkCancelledForDirectDebit","includes\\src\\OrderCancellationPrevention.php",{"type":148,"name":325,"callback":322,"priority":98,"file":323,"line":162},"woocommerce_order_action_mark_cancelled",{"type":154,"name":327,"callback":328,"priority":98,"file":323,"line":98},"wc_order_statuses","removeCancelledStatusForDirectDebit",{"type":154,"name":330,"callback":331,"priority":98,"file":323,"line":253},"woocommerce_bulk_action_ids","preventBulkCancelDirectDebit",{"type":148,"name":284,"callback":333,"file":323,"line":256},"displayDirectDebitCancelPreventionNotice",[335,340,344,348,349,353],{"action":336,"nopriv":337,"callback":336,"hasNonce":338,"hasCapCheck":338,"file":168,"line":339},"get_bayarcash_settings",false,true,201,{"action":341,"nopriv":337,"callback":342,"hasNonce":338,"hasCapCheck":338,"file":168,"line":343},"cancel_direct_debit_subscription","handle_cancel_direct_debit_subscription",707,{"action":345,"nopriv":337,"callback":346,"hasNonce":338,"hasCapCheck":337,"file":252,"line":347},"update_custom_fields","handle_ajax_update",13,{"action":345,"nopriv":338,"callback":346,"hasNonce":338,"hasCapCheck":337,"file":252,"line":152},{"action":350,"nopriv":337,"callback":351,"hasNonce":338,"hasCapCheck":337,"file":293,"line":352},"update_directdebit_fields","handle_directdebit_fields_update",120,{"action":350,"nopriv":338,"callback":351,"hasNonce":338,"hasCapCheck":337,"file":293,"line":169},[],[],[357,358],{"hook":242,"callback":242,"file":240,"line":315},{"hook":246,"callback":246,"file":240,"line":359},75,{"dangerousFunctions":361,"sqlUsage":362,"outputEscaping":367,"fileOperations":14,"externalRequests":381,"nonceChecks":382,"capabilityChecks":382,"bundledLibraries":383},[],{"prepared":27,"raw":14,"locations":363},[364],{"file":306,"line":365,"context":366},716,"$wpdb->get_results() with variable interpolation",{"escaped":368,"rawEcho":65,"locations":369},38,[370,373,374,376,377,379],{"file":252,"line":371,"context":372},43,"raw output",{"file":252,"line":220,"context":372},{"file":270,"line":375,"context":372},70,{"file":293,"line":266,"context":372},{"file":293,"line":378,"context":372},171,{"file":323,"line":380,"context":372},53,2,4,[384,387],{"name":385,"version":36,"knownCves":386},"Lodash",[],{"name":388,"version":36,"knownCves":389},"Guzzle",[],[391,413,424],{"entryPoint":392,"graph":393,"unsanitizedCount":14,"severity":38},"handle_success_callback (includes\\src\\Gateway\\DirectDebitGateway.php:808)",{"nodes":394,"edges":410},[395,400,404],{"id":396,"type":397,"label":398,"file":293,"line":399},"n0","source","$_POST",854,{"id":401,"type":402,"label":403,"file":293,"line":399},"n1","transform","→ redirect()",{"id":405,"type":406,"label":407,"file":306,"line":408,"wp_function":409},"n2","sink","echo() [XSS]",586,"echo",[411,412],{"from":396,"to":401,"sanitized":337},{"from":401,"to":405,"sanitized":337},{"entryPoint":414,"graph":415,"unsanitizedCount":381,"severity":38},"\u003CDirectDebitGateway> (includes\\src\\Gateway\\DirectDebitGateway.php:0)",{"nodes":416,"edges":421},[417,419,420],{"id":396,"type":397,"label":418,"file":293,"line":399},"$_POST (x2)",{"id":401,"type":402,"label":403,"file":293,"line":399},{"id":405,"type":406,"label":407,"file":306,"line":408,"wp_function":409},[422,423],{"from":396,"to":401,"sanitized":337},{"from":401,"to":405,"sanitized":337},{"entryPoint":425,"graph":426,"unsanitizedCount":14,"severity":38},"\u003CGateway> (includes\\src\\Gateway.php:0)",{"nodes":427,"edges":437},[428,430,432],{"id":396,"type":397,"label":398,"file":306,"line":429},562,{"id":401,"type":402,"label":431,"file":306,"line":429},"→ bayarcash_requery()",{"id":405,"type":406,"label":433,"file":434,"line":435,"wp_function":436},"wp_remote_post() [SSRF]","includes\\src\\DataRequest.php",59,"wp_remote_post",[438,439],{"from":396,"to":401,"sanitized":337},{"from":401,"to":405,"sanitized":337},{"summary":441,"deductions":442},"The bayarcash-wc plugin version 4.3.14 exhibits a generally strong security posture with a notable absence of critical or high-severity vulnerabilities identified in both static analysis and taint flows. The plugin demonstrates good practices by implementing capability checks and nonce checks for its entry points, and a high percentage of output escaping is present, which helps mitigate cross-site scripting risks. The static analysis also indicates no dangerous functions are being used.\n\nHowever, there are several areas that warrant attention. The single SQL query identified is not using prepared statements, which poses a significant risk of SQL injection, especially if the query involves user-supplied input. While taint analysis did not reveal any critical or high-severity issues, the presence of three flows with unsanitized paths is a concern and suggests potential for vulnerabilities if these paths are ever exposed to untrusted input. Furthermore, the plugin bundles external libraries (Lodash and Guzzle), which, if not regularly updated and audited, could introduce their own vulnerabilities. The vulnerability history, despite having no currently unpatched CVEs, shows a past medium-severity vulnerability related to missing authorization, indicating a historical weakness that users should be aware of.\n\nIn conclusion, bayarcash-wc v4.3.14 has strengths in its authorization and output escaping mechanisms, and currently lacks critical exploitable flaws. Nevertheless, the unescaped SQL query and the identified unsanitized paths are significant risks that require immediate attention. Regular updates and audits of bundled libraries are also recommended to maintain a robust security profile.",[443,445,447,449],{"reason":444,"points":159},"SQL query not using prepared statements",{"reason":446,"points":65},"Flows with unsanitized paths identified",{"reason":448,"points":382},"Bundled external libraries (Lodash, Guzzle)",{"reason":450,"points":48},"Past medium severity vulnerability (Missing Authorization)","2026-03-16T19:20:14.116Z",{"wat":453,"direct":470},{"assetPaths":454,"generatorPatterns":461,"scriptPaths":462,"versionParams":463},[455,456,457,458,459,460],"\u002Fwp-content\u002Fplugins\u002Fbayarcash-wc\u002Fassets\u002Fcss\u002Fbackend.css","\u002Fwp-content\u002Fplugins\u002Fbayarcash-wc\u002Fassets\u002Fcss\u002Ffrontend.css","\u002Fwp-content\u002Fplugins\u002Fbayarcash-wc\u002Fassets\u002Fjs\u002Fbackend.js","\u002Fwp-content\u002Fplugins\u002Fbayarcash-wc\u002Fassets\u002Fjs\u002Ffrontend.js","\u002Fwp-content\u002Fplugins\u002Fbayarcash-wc\u002Fassets\u002Fjs\u002Fbackend\u002Fapp.js","\u002Fwp-content\u002Fplugins\u002Fbayarcash-wc\u002Fassets\u002Fjs\u002Ffrontend\u002Fapp.js",[],[457,458,459,460],[464,465,466,467,468,469],"bayarcash-wc\u002Fassets\u002Fcss\u002Fbackend.css?ver=","bayarcash-wc\u002Fassets\u002Fcss\u002Ffrontend.css?ver=","bayarcash-wc\u002Fassets\u002Fjs\u002Fbackend.js?ver=","bayarcash-wc\u002Fassets\u002Fjs\u002Ffrontend.js?ver=","bayarcash-wc\u002Fassets\u002Fjs\u002Fbackend\u002Fapp.js?ver=","bayarcash-wc\u002Fassets\u002Fjs\u002Ffrontend\u002Fapp.js?ver=",{"cssClasses":471,"htmlComments":475,"htmlAttributes":479,"restEndpoints":482,"jsGlobals":485,"shortcodeOutput":492},[472,473,474],"bayarcash-wc-settings-page","bayarcash-wc-backend-app","bayarcash-wc-frontend-app",[476,477,478],"\u003C!-- Bayarcash WC Settings Page -->","\u003C!-- Bayarcash WC Backend App -->","\u003C!-- Bayarcash WC Frontend App -->",[480,481],"data-bayarcash-wc-settings","data-bayarcash-wc-app",[483,484],"\u002Fwp-json\u002Fbayarcash-wc\u002Fv1\u002Fsettings","\u002Fwp-json\u002Fbayarcash-wc\u002Fv1\u002Fpayment-status",[486,487,488,489,490,491],"window.BayarcashWCSettings","window.BayarcashWCBackendApp","window.BayarcashWCFriendendApp","var BayarcashWCSettings","var BayarcashWCBackendApp","var BayarcashWCFriendendApp",[493,494],"[bayarcash_payment_form]","[bayarcash_order_summary]"]