WP-Safety

Beyond Pay for WooCommerce Security & Risk Analysis

wordpress.org/plugins/beyond-pay-for-woocommerce

Securely accept credit card payments using Beyond Pay gateway and optimize your cost of acceptance on B2B/corporate cards.

40 active installs v1.7.2 PHP 7.0+ WP 4.7+ Updated Nov 7, 2024
credit-cardpaymentpayment-gatewaysubscriptionswoocommerce
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Beyond Pay for WooCommerce Safe to Use in 2026?

Generally Safe

Score 92/100

Beyond Pay for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The 'beyond-pay-for-woocommerce' v1.7.2 plugin exhibits a mixed security posture, with some positive signs but significant areas of concern. The absence of known vulnerabilities and the use of prepared statements for all SQL queries are strong indicators of good development practices in those specific areas. However, the static analysis reveals a concerningly small attack surface that is entirely unprotected. Specifically, the plugin exposes two AJAX handlers without any form of authentication or capability checks. This is a critical oversight that could allow unauthorized users to trigger potentially sensitive actions within the plugin.

The taint analysis shows no identified flows, which is a positive sign, suggesting no immediately apparent complex vulnerabilities related to data flow manipulation. The plugin also does not appear to bundle external libraries, reducing the risk of known vulnerabilities within third-party code. Despite the lack of historical CVEs, the presence of unprotected entry points represents a clear and present risk that needs immediate attention. The plugin's strengths lie in its SQL handling and lack of historical issues, but its weaknesses are amplified by the direct exposure of AJAX endpoints without any security hardening.

Key Concerns

  • AJAX handlers without auth checks
  • No nonce checks on AJAX
  • No capability checks
  • Unescaped output (32% of outputs)
Vulnerabilities
None known

Beyond Pay for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Beyond Pay for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
9
19 escaped
Nonce Checks
0
Capability Checks
0
File Operations
2
External Requests
2
Bundled Libraries
0

Output Escaping

68% escaped28 total outputs
Attack Surface
2 unprotected

Beyond Pay for WooCommerce Attack Surface

Entry Points2
Unprotected2

AJAX Handlers 2

authwp_ajax_beyond_pay_process_tokenized_orderbeyondpay-gateway.php:142
authwp_ajax_beyond_pay_update_payment_statusbeyondpay-gateway.php:293
WordPress Hooks 13
filterwoocommerce_payment_gatewaysbeyondpay-gateway.php:30
actionwoocommerce_update_orderbeyondpay-gateway.php:31
actionplugins_loadedbeyondpay-gateway.php:59
actionadmin_noticesbeyondpay-gateway.php:68
actionwoocommerce_scheduled_subscription_payment_beyondpaybeyondpay-gateway.php:74
filterwoocommerce_register_shop_order_post_statusesbeyondpay-gateway.php:82
filterwc_order_statusesbeyondpay-gateway.php:102
filterwoocommerce_order_is_pending_statusesbeyondpay-gateway.php:112
actionwoocommerce_order_actions_endbeyondpay-gateway.php:121
actionadmin_enqueue_scriptsbeyondpay-gateway.php:162
actionwoocommerce_admin_order_data_after_billing_addressbeyondpay-gateway.php:174
filtercron_schedulesbeyondpay-gateway.php:305
actionwp_enqueue_scriptsincludes\wc-beyond-pay-gateway.php:125
Maintenance & Trust

Beyond Pay for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.1.10
Last updatedNov 7, 2024
PHP min version7.0
Downloads3K

Community Trust

Rating100/100
Number of ratings2
Active installs40
Alternatives

Beyond Pay for WooCommerce Alternatives

PayPlus Payment Gateway

PayPlus Payment Gateway

payplus-payment-gateway

A
93

Accept credit/debit card payments or other methods such as bit, Apple Pay, Google Pay in one page. Create digitally signed invoices & much more!

1K 3 CVEs
Pledged Plugins Secure Gateway for Authorize.net and WooCommerce

Pledged Plugins Secure Gateway for Authorize.net and WooCommerce

woo-authorize-net-gateway-aim

A
100

Authorize.net payment gateway integration for WooCommerce to accept credit cards directly on WordPress e-commerce websites.

10K No CVEs
Asaas Gateway for WooCommerce

Asaas Gateway for WooCommerce

woo-asaas

A
100

Take transparent credit card and bank ticket payment checkouts on your store using Asaas.

9K No CVEs
Gestpay for WooCommerce

Gestpay for WooCommerce

gestpay-for-woocommerce

A
99

Axerve Free Plugin for Woocommerce extends WooCommerce providing the payment gateway Axerve.

1K 3 CVEs
WC Moneris Payment Gateway

WC Moneris Payment Gateway

wc-moneris-payment-gateway

A
100

A simple plugin that easily add moneris payment gateway to your WooCommerce website.

900 No CVEs
Developer Profile

Beyond Pay for WooCommerce Developer Profile

Beyond Pay

1 plugin · 40 total installs

88
trust score
Avg Security Score
92/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Beyond Pay for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/beyond-pay-for-woocommerce/assets/js/beyondpay-admin-order.js/wp-content/plugins/beyond-pay-for-woocommerce/assets/css/admin-styling.css
Version Parameters
beyond-pay-for-woocommerce/assets/js/beyondpay-admin-order.js?ver=beyond-pay-for-woocommerce/assets/css/admin-styling.css?ver=

HTML / DOM Fingerprints

CSS Classes
beyond-pay-cc-brandbeyond-pay-icon
Data Attributes
onclickid
JS Globals
beyondPayProcessTokenizedOrderbeyond_pay_update_payment_statusajaxurl
FAQ

Frequently Asked Questions about Beyond Pay for WooCommerce