WP-Safety

FPX Payment for WPSmartPay (Billplz) Security & Risk Analysis

wordpress.org/plugins/billplz-for-wpsmartpay

Accept payment in WPSmartPay by using Billplz.

10 active installs v1.0.5 PHP 7.0+ WP 5.5+ Updated Jan 6, 2024
e-commercepayment-formspayment-gatewayproductsubscription
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is FPX Payment for WPSmartPay (Billplz) Safe to Use in 2026?

Generally Safe

Score 85/100

FPX Payment for WPSmartPay (Billplz) has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago
Risk Assessment

The "billplz-for-wpsmartpay" plugin v1.0.5 exhibits a mixed security posture. On the positive side, it demonstrates good practices by exclusively using prepared statements for SQL queries, avoiding dangerous functions, and having no recorded vulnerability history or known CVEs. This suggests a generally secure development approach and a lack of historical security issues, which is encouraging.

However, there are significant concerns stemming from the static analysis. The plugin has a REST API route that lacks permission callbacks, creating an unprotected entry point into the application. Furthermore, only 50% of its output is properly escaped, leaving the potential for cross-site scripting (XSS) vulnerabilities. The absence of nonce checks and capability checks on AJAX handlers, though the count is zero, is a missed opportunity for robust security, especially if functionality is added later.

Overall, while the plugin's clean vulnerability history and proper SQL handling are strengths, the identified unprotected REST API endpoint and potential for XSS due to insufficient output escaping represent critical areas for immediate attention. These issues create a tangible attack surface that could be exploited if not addressed.

Key Concerns

  • Unprotected REST API route
  • Half of outputs not properly escaped
Vulnerabilities
None known

FPX Payment for WPSmartPay (Billplz) Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

FPX Payment for WPSmartPay (Billplz) Release Timeline

v1.0.5Current
v1.0.4
v1.0.3
v1.0.2
v1.0.1
v1.0
Code Analysis
Analyzed Apr 16, 2026

FPX Payment for WPSmartPay (Billplz) Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
2
2 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
2
Bundled Libraries
0

Output Escaping

50% escaped4 total outputs
Attack Surface
1 unprotected

FPX Payment for WPSmartPay (Billplz) Attack Surface

Entry Points1
Unprotected1

REST API Routes 1

POST/wp-json/billplz-smartpay/v1bwpsp-callbackincludes/billplz.php:223
WordPress Hooks 9
actionplugins_loadedbillplz-for-wpsmartpay.php:64
filtersmartpay_gatewaysincludes/billplz.php:337
filtersmartpay_get_available_payment_gatewaysincludes/billplz.php:338
filtersmartpay_settings_sections_gatewaysincludes/billplz.php:339
filtersmartpay_settings_gatewaysincludes/billplz.php:340
actionadmin_noticesincludes/billplz.php:341
actionsmartpay_billplz_ajax_process_paymentincludes/billplz.php:342
actionrest_api_initincludes/billplz.php:343
actioninitincludes/billplz.php:344
Maintenance & Trust

FPX Payment for WPSmartPay (Billplz) Maintenance & Trust

Maintenance Signals

WordPress version tested6.4.8
Last updatedJan 6, 2024
PHP min version7.0
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

FPX Payment for WPSmartPay (Billplz) Alternatives

Billplz Addon for Contact Form 7

Billplz Addon for Contact Form 7

billplz-for-contact-form-7

A
99

Integrates Billplz with Contact Form 7. Start accepting payment with Contact Form 7 & Billplz today.

0 1 CVE
Product Filter for WooCommerce by WBW

Product Filter for WooCommerce by WBW

woo-product-filter

A
88

Filter products by categories, attributes, prices, and more. Elementor Compatibility. Shoppers easily find products with WooCommerce Product Filter

60K 9 CVEs
WCBoost – Wishlist

WCBoost – Wishlist

wcboost-wishlist

A
100

WCBoost - Wishlist lets shoppers create wishlists for later purchases, reminding them of desired items, driving repeat visits and boost sales.

40K No CVEs
Pledged Plugins Secure Gateway for Authorize.net and WooCommerce

Pledged Plugins Secure Gateway for Authorize.net and WooCommerce

woo-authorize-net-gateway-aim

A
100

Authorize.net payment gateway integration for WooCommerce to accept credit cards directly on WordPress e-commerce websites.

10K No CVEs
Store Exporter – Export WooCommerce Products, Orders, Subscriptions, Customers

Store Exporter – Export WooCommerce Products, Orders, Subscriptions, Customers

woocommerce-exporter

A
89

Export WooCommerce products, orders, customers, categories, tags, subscriptions & more into formatted files like CSV, XML, Excel 2007, XLS, XLSX.

7K 9 CVEs
Developer Profile

FPX Payment for WPSmartPay (Billplz) Developer Profile

Alvind

6 plugins · 130 total installs

91
trust score
Avg Security Score
87/100
Avg Patch Time
6 days
View full developer profile
Detection Fingerprints

How We Detect FPX Payment for WPSmartPay (Billplz)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/billplz-for-wpsmartpay/assets/img/billplz.png

HTML / DOM Fingerprints

CSS Classes
text-uppercasetext-infomy-1
REST Endpoints
/billplz-smartpay/v1/bwpsp-callback
FAQ

Frequently Asked Questions about FPX Payment for WPSmartPay (Billplz)