WP-Safety

bSecure – Your Universal Checkout Security & Risk Analysis

wordpress.org/plugins/bsecure

bSecure - Your Universal Checkout

70 active installs v2.0.0 PHP 7.4+ WP 5.0+ Updated Apr 13, 2026
blocksbsecurecheckoutpayment-gatewaywoocommerce
68
C · Use Caution
CVEs total2
Unpatched1
Last CVEJul 21, 2025
Plugin page Download
Safety Verdict

Is bSecure – Your Universal Checkout Safe to Use in 2026?

Use With Caution

Score 68/100

bSecure – Your Universal Checkout has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

2 known CVEs 1 unpatched Last CVE: Jul 21, 2025Updated 1mo ago
Risk Assessment

The "bsecure" v2.0.0 plugin presents a mixed security posture. While it demonstrates good practices like using prepared statements for all SQL queries and has a relatively low number of file operations and external HTTP requests, significant concerns exist regarding its attack surface and past vulnerability history. The presence of 10 unprotected AJAX handlers is a major red flag, as these can be leveraged by unauthenticated users to trigger plugin functionality, potentially leading to various attacks if not properly secured. The taint analysis, while showing no critical or high severity flows, did identify flows with unsanitized paths, indicating a potential for subtle vulnerabilities that might be overlooked.

The vulnerability history is particularly alarming, with two currently unpatched CVEs, one of critical severity and one high. The common vulnerability types of Missing Authorization and SQL Injection in its history directly correlate with the static analysis findings of unprotected AJAX handlers and the taint analysis's unsanitized paths. This pattern suggests a recurring weakness in input validation and access control within the plugin. While the plugin's use of prepared statements is a strength, the presence of unpatched critical vulnerabilities and a large number of unprotected entry points outweighs this positive aspect, demanding immediate attention.

Key Concerns

  • Unpatched critical vulnerability (1)
  • Unpatched high severity vulnerability (1)
  • Large attack surface without auth (10 AJAX)
  • Flows with unsanitized paths (3)
  • Output escaping at 60% (concern)
  • Missing nonce checks on AJAX (implied by lack of auth)
Vulnerabilities
2 published

bSecure – Your Universal Checkout Security Vulnerabilities

CVEs by Year

2 CVEs in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Critical
1
High
1

2 total CVEs

CVE-2025-6187critical · 9.8Missing Authorization

bSecure 1.3.7 - 1.7.9 - Missing Authorization to Unauthenticated Privilege Escalation via order_info REST Endpoint

Jul 21, 2025Unpatched
CVE-2025-52830high · 7.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

bSecure &#8211; Your Universal Checkout <= 1.7.9 - Unauthenticated SQL Injection

Jul 3, 2025 Patched in 1.8.0 (297d)
Version History

bSecure – Your Universal Checkout Release Timeline

v2.0.0Current1 CVE
CVE-2025-6187
v1.8.01 CVE
CVE-2025-6187
v1.7.92 CVEs
CVE-2025-52830 CVE-2025-6187
v1.7.82 CVEs
CVE-2025-52830 CVE-2025-6187
v1.7.72 CVEs
CVE-2025-52830 CVE-2025-6187
v1.7.62 CVEs
CVE-2025-52830 CVE-2025-6187
v1.7.52 CVEs
CVE-2025-52830 CVE-2025-6187
v1.7.42 CVEs
CVE-2025-52830 CVE-2025-6187
v1.7.32 CVEs
CVE-2025-52830 CVE-2025-6187
v1.7.22 CVEs
CVE-2025-52830 CVE-2025-6187
v1.7.02 CVEs
CVE-2025-52830 CVE-2025-6187
v1.6.92 CVEs
CVE-2025-52830 CVE-2025-6187
v1.6.82 CVEs
CVE-2025-52830 CVE-2025-6187
v1.6.72 CVEs
CVE-2025-52830 CVE-2025-6187
v1.6.62 CVEs
CVE-2025-52830 CVE-2025-6187
v1.6.52 CVEs
CVE-2025-52830 CVE-2025-6187
v1.6.42 CVEs
CVE-2025-52830 CVE-2025-6187
v1.6.32 CVEs
CVE-2025-52830 CVE-2025-6187
v1.6.22 CVEs
CVE-2025-52830 CVE-2025-6187
v1.6.12 CVEs
CVE-2025-52830 CVE-2025-6187
Code Analysis
Analyzed Apr 16, 2026

bSecure – Your Universal Checkout Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
16 prepared
Unescaped Output
82
122 escaped
Nonce Checks
3
Capability Checks
1
File Operations
3
External Requests
1
Bundled Libraries
0

SQL Query Safety

100% prepared16 total queries

Output Escaping

60% escaped204 total outputs
Data Flows · Security
3 unsanitized

Data Flow Analysis

4 flows3 with unsanitized paths
manage_wc_order (includes/class-bsecure-checkout.php:733)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
10 unprotected

bSecure – Your Universal Checkout Attack Surface

Entry Points22
Unprotected10

AJAX Handlers 13

authwp_ajax_bsecure_deactivation_popupincludes/class-bsecure-admin.php:37
noprivwp_ajax_bsecure_deactivation_form_submitincludes/class-bsecure-admin.php:38
authwp_ajax_bsecure_deactivation_form_submitincludes/class-bsecure-admin.php:39
noprivwp_ajax_ajax_order_to_bsecureincludes/class-bsecure-checkout.php:63
authwp_ajax_ajax_order_to_bsecureincludes/class-bsecure-checkout.php:64
noprivwp_ajax_ajax_reminder_popupincludes/class-bsecure-checkout.php:65
authwp_ajax_ajax_reminder_popupincludes/class-bsecure-checkout.php:66
noprivwp_ajax_send_ajax_webhook_requestincludes/class-bsecure-checkout.php:67
authwp_ajax_send_ajax_webhook_requestincludes/class-bsecure-checkout.php:68
noprivwp_ajax_append_country_prefix_in_billing_phoneincludes/class-bsecure-checkout.php:113
authwp_ajax_append_country_prefix_in_billing_phoneincludes/class-bsecure-checkout.php:114
noprivwp_ajax_ajax_load_qisstpay_popupincludes/class-bsecure-checkout.php:136
authwp_ajax_ajax_load_qisstpay_popupincludes/class-bsecure-checkout.php:137

REST API Routes 9

GET/wp-json/webhook/v2/get_bsecure_order_by_ref/includes/class-bsecure-apis.php:57
POST/wp-json/webhook/v2/manage_bsecure_order/includes/class-bsecure-apis.php:144
GET/wp-json/webhook/v2/get_bsecure_signin_link/includes/class-bsecure-apis.php:426
GET/wp-json/webhook/v2/get_bsecure_checkout_btn/includes/class-bsecure-apis.php:478
POST/wp-json/webhook/v2/get_bsecure_customer_profile/includes/class-bsecure-apis.php:529
GET/wp-json/webhook/v2/get_all_wc_products/includes/class-bsecure-apis.php:616
GET/wp-json/webhook/v2/get_all_wc_order_statuses/includes/class-bsecure-apis.php:694
POST/wp-json/webhook/v2/order_info/includes/class-bsecure-checkout.php:255
GET/wp-json/webhook/v2/product_info/includes/class-bsecure-checkout.php:290
WordPress Hooks 59
filterwoocommerce_available_payment_gatewaysbsecure.php:49
actionplugins_loadedbsecure.php:61
actionwoocommerce_blocks_loadedbsecure.php:113
actionwoocommerce_blocks_payment_method_type_registrationbsecure.php:124
actionwp_loadedincludes/class-bsecure-admin.php:40
actionrest_api_initincludes/class-bsecure-apis.php:36
actionrest_api_initincludes/class-bsecure-apis.php:38
actionrest_api_initincludes/class-bsecure-apis.php:40
actionrest_api_initincludes/class-bsecure-apis.php:42
actionrest_api_initincludes/class-bsecure-apis.php:44
actionrest_api_initincludes/class-bsecure-apis.php:46
actionrest_api_initincludes/class-bsecure-apis.php:48
actionrest_api_initincludes/class-bsecure-checkout.php:69
actionrest_api_initincludes/class-bsecure-checkout.php:70
actionwoocommerce_admin_order_data_after_order_detailsincludes/class-bsecure-checkout.php:72
actionwp_loginincludes/class-bsecure-checkout.php:73
actionclear_auth_cookieincludes/class-bsecure-checkout.php:74
actionwpincludes/class-bsecure-checkout.php:75
actionplugins_loadedincludes/class-bsecure-checkout.php:76
filterwoocommerce_payment_gatewaysincludes/class-bsecure-checkout.php:80
filterbsecure_payment_iconincludes/class-bsecure-checkout.php:81
filterwoocommerce_order_shipping_to_displayincludes/class-bsecure-checkout.php:87
actionwoocommerce_widget_shopping_cart_after_buttonsincludes/class-bsecure-checkout.php:94
actionwp_footerincludes/class-bsecure-checkout.php:95
actionwoocommerce_widget_shopping_cart_after_buttonsincludes/class-bsecure-checkout.php:99
actionwp_footerincludes/class-bsecure-checkout.php:100
actionwp_footerincludes/class-bsecure-checkout.php:104
actionwp_loadedincludes/class-bsecure-checkout.php:108
actionwp_footerincludes/class-bsecure-checkout.php:112
actionwoocommerce_checkout_create_orderincludes/class-bsecure-checkout.php:117
actionwoocommerce_before_checkout_formincludes/class-bsecure-checkout.php:120
actionwoocommerce_checkout_processincludes/class-bsecure-checkout.php:123
filterwoocommerce_formatted_address_force_country_displayincludes/class-bsecure-checkout.php:126
filterwoocommerce_checkout_fieldsincludes/class-bsecure-checkout.php:127
actionwoocommerce_review_order_after_submitincludes/class-bsecure-checkout.php:130
actionwoocommerce_after_add_to_cart_buttonincludes/class-bsecure-checkout.php:133
actionwoocommerce_add_to_cartincludes/class-bsecure-checkout.php:141
filterwoocommerce_rest_prepare_product_objectincludes/class-bsecure-checkout.php:143
actionwoocommerce_order_status_changedincludes/class-bsecure-checkout.php:146
actionpost_updatedincludes/class-bsecure-checkout.php:149
actionwoocommerce_product_set_stockincludes/class-bsecure-checkout.php:150
actionwoocommerce_variation_set_stockincludes/class-bsecure-checkout.php:151
actionwoocommerce_thankyouincludes/class-bsecure-checkout.php:152
filterwoocommerce_payment_gatewaysincludes/class-bsecure-checkout.php:1257
filterwoocommerce_payment_gatewaysincludes/class-bsecure-checkout.php:2925
actionwoocommerce_login_formincludes/class-sign-in-with-bsecure.php:43
actionwp_loadedincludes/class-sign-in-with-bsecure.php:46
actioninitincludes/class-sign-in-with-bsecure.php:52
actiontemplate_redirectincludes/class-sign-in-with-bsecure.php:59
actionadmin_noticesincludes/class-wc-bsecure.php:75
filterwoocommerce_settings_tabs_arrayincludes/class-wc-bsecure.php:78
actionwoocommerce_sections_bsecureincludes/class-wc-bsecure.php:80
actionwoocommerce_settings_bsecureincludes/class-wc-bsecure.php:82
actionwoocommerce_settings_save_bsecureincludes/class-wc-bsecure.php:84
actionwoocommerce_update_options_bsecureincludes/class-wc-bsecure.php:86
actionwp_enqueue_scriptsincludes/class-wc-bsecure.php:88
actionadmin_enqueue_scriptsincludes/class-wc-bsecure.php:90
filterwoocommerce_available_payment_gatewaysincludes/class-wc-bsecure.php:92
filterwoocommerce_payment_complete_order_statusincludes/class-wc-gateway-bsecure.php:60
Maintenance & Trust

bSecure – Your Universal Checkout Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedApr 13, 2026
PHP min version7.4
Downloads16K

Community Trust

Rating100/100
Number of ratings1
Active installs70
Alternatives

bSecure – Your Universal Checkout Alternatives

Custom Payment Gateways for WooCommerce

Custom Payment Gateways for WooCommerce

custom-payment-gateways-woocommerce

A
100

Custom payment gateways for WooCommerce - create custom payment gateways to never miss out any payments for your WooCommerce Store.

9K No CVEs
Pigee Shipping & Payments

Pigee Shipping & Payments

pigee-shipping-payments

A
100

Pigee integration for WooCommerce – provide real-time shipping rates, insurance, and payments at checkout.

0 No CVEs
myPOS Checkout

myPOS Checkout

mypos-virtual-for-woocommerce

A
100

One-click checkout with instant settlement. Accept all major cards, Apple Pay and Google Pay. No setup costs or monthly fees.

4K No CVEs
NOWPayments for WooCommerce – Crypto Payment Gateway

NOWPayments for WooCommerce – Crypto Payment Gateway

nowpayments-for-woocommerce

A
100

Accept Bitcoin, Ethereum, and 300+ cryptocurrencies in WooCommerce using the official NOWPayments crypto payment gateway.

3K No CVEs
Payment Gateways by User Roles for WooCommerce

Payment Gateways by User Roles for WooCommerce

payment-gateways-by-user-roles-for-woocommerce

A
100

Set user roles to include/exclude for WooCommerce payment gateways to show up.

3K No CVEs
Developer Profile

bSecure – Your Universal Checkout Developer Profile

BSecure - Your Universal Checkout

2 plugins · 70 total installs

63
trust score
Avg Security Score
77/100
Avg Patch Time
297 days
View full developer profile
Detection Fingerprints

How We Detect bSecure – Your Universal Checkout

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/bsecure/assets/js/bsecure.js/wp-content/plugins/bsecure/assets/css/bsecure.css/wp-content/plugins/bsecure/assets/js/bsecure-checkout.js/wp-content/plugins/bsecure/assets/img/bsecure-checkout-img.svg/wp-content/plugins/bsecure/assets/img/select-qisstpay-at-checkout.png
Script Paths
/wp-content/plugins/bsecure/assets/js/bsecure.js/wp-content/plugins/bsecure/assets/js/bsecure-checkout.js
Version Parameters
bsecure/assets/js/bsecure.js?ver=bsecure/assets/css/bsecure.css?ver=bsecure/assets/js/bsecure-checkout.js?ver=

HTML / DOM Fingerprints

CSS Classes
bsecure-checkout-wrap
HTML Comments
<!-- bSecure Blocks Support Integration --><!-- Add setting lin at plugin page --><!-- Check bSecure woocommerce plugin requirements before activating // --><!-- The file that defines the core plugin class -->+2 more
Data Attributes
data-bsecure-checkout-urldata-bsecure-order-iddata-bsecure-product-iddata-bsecure-product-namedata-bsecure-product-pricedata-bsecure-product-quantity
JS Globals
window.bSecureCheckout
Shortcode Output
<button class="bsecure-checkout-button">Pay with bSecure</button><button class="bsecure-checkout-button">Select QisstPay at Checkout</button>
FAQ

Frequently Asked Questions about bSecure – Your Universal Checkout