BS Authorize.net Security & Risk Analysis

wordpress.org/plugins/bs-authorize-net

Most advanced authorize.net plugin for woocommerce.Live merchant dashboard, statistics, transaction management, and many more features.

10 active installs v1.0 PHP 5.6+ WP 4.0+ Updated Sep 24, 2019
authorize-netpayment-pluginwoocommercewoocommerce-authorize-net-pluginwoocommerce-plugin
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is BS Authorize.net Safe to Use in 2026?

Generally Safe

Score 85/100

BS Authorize.net has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago
Risk Assessment

The "bs-authorize-net" plugin version 1.0 exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and avoiding dangerous functions, file operations, and external HTTP requests. The presence of a nonce check, although only one, is also a positive indicator. However, a significant concern is the large attack surface presented by seven AJAX handlers, all of which lack authentication checks. This means any unauthenticated user can trigger these actions, potentially leading to unintended consequences or further exploitation if other vulnerabilities exist within these handlers. The taint analysis reveals four flows with unsanitized paths, which, while not classified as critical or high severity in this specific analysis, represent a potential risk for cross-site scripting (XSS) or other injection attacks if the data processed by these paths originates from user input and is not properly validated or escaped before use or output. The plugin's vulnerability history is clean, with no recorded CVEs, which suggests a potentially secure development history or a lack of rigorous historical security auditing. Despite the lack of historical vulnerabilities, the significant number of unprotected AJAX handlers and the presence of unsanitized paths in the taint analysis warrant attention to mitigate potential risks.

Key Concerns

  • Unprotected AJAX handlers
  • Flows with unsanitized paths
  • Low output escaping percentage
  • Missing capability checks on AJAX
Vulnerabilities
None known

BS Authorize.net Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

BS Authorize.net Release Timeline

No version history available.
Code Analysis
Analyzed Apr 16, 2026

BS Authorize.net Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
281
114 escaped
Nonce Checks
1
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

29% escaped395 total outputs
Data Flows · Security
4 unsanitized

Data Flow Analysis

4 flows4 with unsanitized paths
<reports_anet_reports> (reports/reports_anet_reports.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
7 unprotected

BS Authorize.net Attack Surface

Entry Points7
Unprotected7

AJAX Handlers 7

authwp_ajax_anet_setteled_transactionsincludes/common-functions.php:364
authwp_ajax_anet_transaction_detailsincludes/common-functions.php:365
authwp_ajax_anet_transaction_voidincludes/common-functions.php:366
authwp_ajax_anet_transaction_refundincludes/common-functions.php:367
authwp_ajax_anet_transaction_fdsactionincludes/common-functions.php:368
authwp_ajax_validatecardincludes/common-functions.php:376
authwp_ajax_validateecheckincludes/common-functions.php:377
WordPress Hooks 21
actionplugins_loadedbs-authorizenet.php:23
filterwoocommerce_payment_gatewaysbs-authorizenet.php:57
actionadmin_noticesbs-authorizenet.php:91
filterwoocommerce_credit_card_form_fieldsincludes/class-bs-anet-wc-cc.php:30
filterwoocommerce_echeck_form_fieldsincludes/class-bs-anet-wc-echeck.php:29
filterwoocommerce_form_field_hiddenincludes/class-bs-anet-wc-form-helper.php:27
actionwoocommerce_credit_card_form_startincludes/class-bs-anet-wc-form-helper.php:144
actionadmin_noticesincludes/class-bs-anet-wc-notices.php:32
actionwoocommerce_api_paypal_return_successincludes/class-bs-anet-wc-paypal-helper.php:40
actionwoocommerce_api_paypal_return_cancelledincludes/class-bs-anet-wc-paypal-helper.php:41
actionadmin_menuincludes/class-bs-anet-wc-reports.php:41
actionadmin_enqueue_scriptsincludes/class-bs-anet-wc-reports.php:58
filterscript_loader_tagincludes/common-functions.php:67
actionwoocommerce_admin_order_data_after_order_detailsincludes/common-functions.php:369
filterwoocommerce_payment_methods_list_itemincludes/common-functions.php:371
filterwoocommerce_get_customer_payment_tokensincludes/common-functions.php:372
actionwoocommerce_payment_token_set_defaultincludes/common-functions.php:373
actionwoocommerce_payment_token_deletedincludes/common-functions.php:374
actiondelete_userincludes/common-functions.php:375
actionadmin_initincludes/settings/class-bs-anet-wc-advanced-settings.php:26
actionadmin_enqueue_scriptsincludes/settings/class-bs-anet-wc-settings-api.php:30
Maintenance & Trust

BS Authorize.net Maintenance & Trust

Maintenance Signals

WordPress version tested5.2.24
Last updatedSep 24, 2019
PHP min version5.6
Downloads1K

Community Trust

Rating80/100
Number of ratings3
Active installs10
Developer Profile

BS Authorize.net Developer Profile

Bipin Singh

1 plugin · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect BS Authorize.net

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/bs-authorize-net/assets/js/authorize.js/wp-content/plugins/bs-authorize-net/assets/css/authorize.css/wp-content/plugins/bs-authorize-net/assets/css/icons/style.css/wp-content/plugins/bs-authorize-net/assets/js/authorize-frontend-helper.js/wp-content/plugins/bs-authorize-net/assets/js/moment.min.js/wp-content/plugins/bs-authorize-net/assets/js/jquery-confirm.min.js/wp-content/plugins/bs-authorize-net/assets/css/jquery-confirm.min.css/wp-content/plugins/bs-authorize-net/assets/css/tooltipster.bundle.min.css+8 more
Script Paths
https://jstest.authorize.net/v1/Accept.jshttps://js.authorize.net/v1/Accept.js

HTML / DOM Fingerprints

CSS Classes
bs_anet_wc_cc_checkout_form
Data Attributes
data-id="bs_anet_wc_cc_checkout_form"
JS Globals
batchrangeparamsgw
FAQ

Frequently Asked Questions about BS Authorize.net