WP-Safety

Addi – Cuotas que se adaptan a ti Security & Risk Analysis

wordpress.org/plugins/buy-now-pay-later-addi

Addi te permite generar creditos en linea siendo una nueva pasarela de pago de Woocommerce.

2K active installs v2.0.4 PHP 7.0+ WP 5.2+ Updated Apr 29, 2025
bnplbnpncreditpaymentpse
78
B · Generally Safe
CVEs total1
Unpatched1
Last CVEMar 10, 2026
Plugin page Download
Safety Verdict

Is Addi – Cuotas que se adaptan a ti Safe to Use in 2026?

Mostly Safe

Score 78/100

Addi – Cuotas que se adaptan a ti is generally safe to use. 1 past CVE were resolved. Keep it updated.

1 known CVE 1 unpatched Last CVE: Mar 10, 2026Updated 11mo ago
Risk Assessment

The "buy-now-pay-later-addi" v2.0.4 plugin exhibits a mixed security posture. While it has a clean vulnerability history with no known CVEs, the static analysis reveals several concerning aspects. The plugin has a single entry point via an AJAX handler that lacks authentication checks, presenting a significant attack vector. Furthermore, taint analysis indicates three high-severity flows with unsanitized paths, suggesting potential for injection vulnerabilities. The low percentage of properly escaped output (20%) and the absence of nonce checks on the unprotected AJAX handler amplify these risks, as they could allow for cross-site scripting (XSS) or other client-side attacks.

The plugin does demonstrate some good practices, such as the majority of SQL queries using prepared statements, which mitigates SQL injection risks in those instances. However, the presence of unsanitized paths in taint analysis and the unprotected AJAX endpoint are critical weaknesses that outweigh these strengths. The lack of any recorded vulnerabilities in its history might suggest a lack of targeted attacks or a recent discovery of these issues. Overall, the plugin requires immediate attention to address the unprotected entry point and the identified high-severity taint flows.

Key Concerns

  • AJAX handler without auth checks
  • High severity taint flows with unsanitized paths (x3)
  • Low output escaping (20%)
  • No nonce checks
Vulnerabilities
1

Addi – Cuotas que se adaptan a ti Security Vulnerabilities

CVEs by Year

1 CVE in 2026 · unpatched
2026
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2026-27073medium · 5.3Missing Authorization

Addi – Cuotas que se adaptan a ti <= 2.0.4 - Missing Authorization

Mar 10, 2026Unpatched
Code Analysis
Analyzed Mar 16, 2026

Addi – Cuotas que se adaptan a ti Code Analysis

Dangerous Functions
0
Raw SQL Queries
5
22 prepared
Unescaped Output
47
12 escaped
Nonce Checks
0
Capability Checks
2
File Operations
2
External Requests
7
Bundled Libraries
0

SQL Query Safety

81% prepared27 total queries

Output Escaping

20% escaped59 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

4 flows3 with unsanitized paths
<addi-gateway> (addi-gateway.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Addi – Cuotas que se adaptan a ti Attack Surface

Entry Points1
Unprotected1

AJAX Handlers 1

authwp_ajax_dismiss_addi_version_warningaddi-gateway.php:1139
WordPress Hooks 40
actioninitaddi-gateway.php:22
actionactivated_pluginaddi-gateway.php:37
actionadmin_noticesaddi-gateway.php:129
actionwoocommerce_single_product_summaryaddi-gateway.php:189
actioninitaddi-gateway.php:480
actionwp_enqueue_scriptsaddi-gateway.php:485
filterscript_loader_tagaddi-gateway.php:536
actionadmin_headaddi-gateway.php:543
actionadmin_enqueue_scriptsaddi-gateway.php:580
actioninitaddi-gateway.php:608
actioninitaddi-gateway.php:617
filterwoocommerce_available_payment_gatewaysaddi-gateway.php:665
actioninitaddi-gateway.php:680
actioninitaddi-gateway.php:747
filterwc_order_statusesaddi-gateway.php:770
filterbulk_actions-edit-shop_orderaddi-gateway.php:786
filterwoocommerce_payment_gatewaysaddi-gateway.php:804
filterwoocommerce_checkout_fieldsaddi-gateway.php:837
actionplugins_loadedaddi-gateway.php:928
actionwoocommerce_blocks_payment_method_type_registrationaddi-gateway.php:1069
actionadmin_noticesaddi-gateway.php:1098
filterplugin_row_metaaddi-gateway.php:1099
filterwoocommerce_checkout_fieldsaddi-gateway.php:1108
actionbefore_woocommerce_initaddi-gateway.php:1125
actionwoocommerce_blocks_loadedaddi-gateway.php:1127
actionwoocommerce_initaddi-gateway.php:1129
actionwoocommerce_order_status_cancelledaddi-gateway.php:1234
actionwoocommerce_order_refundedaddi-gateway.php:1235
actionwp_enqueue_scriptsincludes\class-wc-addi-gateway.php:492
actionwoocommerce_review_order_before_submitincludes\class-wc-addi-gateway.php:497
actionwoocommerce_api_wc_addi_gatewayincludes\class-wc-addi-gateway.php:500
actionupdate_optionincludes\class-wc-addi-gateway.php:502
actioninitincludes\class-wc-addi-gateway.php:675
filterwoocommerce_checkout_fieldsincludes\class-wc-addi-gateway.php:727
actionadmin_footerincludes\class-wc-addi-gateway.php:905
actionadmin_noticesincludes\class-wc-addi-gateway.php:1342
actionadmin_noticesincludes\class-wc-addi-gateway.php:1362
actionadmin_noticesincludes\class-wc-addi-gateway.php:1382
actionadmin_noticesincludes\class-wc-addi-gateway.php:1402
actionwp_footerincludes\class-wc-addi-gateway.php:1541
Maintenance & Trust

Addi – Cuotas que se adaptan a ti Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedApr 29, 2025
PHP min version7.0
Downloads41K

Community Trust

Rating30/100
Number of ratings2
Active installs2K
Alternatives

Addi – Cuotas que se adaptan a ti Alternatives

MultiSafepay plugin for WooCommerce

MultiSafepay plugin for WooCommerce

multisafepay

A
99

MultiSafepay offers the most comprehensive payment solutions. Easily integrate the payment solutions of MultiSafepay into your webshop.

2K 1 CVE
WooPayments: Integrated WooCommerce Payments

WooPayments: Integrated WooCommerce Payments

woocommerce-payments

A
89

Securely accept credit and debit cards on your WooCommerce store. Manage payments without leaving your WordPress dashboard. Only with WooPayments.

900K 7 CVEs
WooCommerce PayPal Payments

WooCommerce PayPal Payments

woocommerce-paypal-payments

A
100

PayPal's latest payment processing solution. Accept PayPal, Pay Later, credit/debit cards, alternative digital wallets and bank accounts.

800K 1 CVE
WooCommerce Stripe Payment Gateway

WooCommerce Stripe Payment Gateway

woocommerce-gateway-stripe

A
98

Accept debit and credit cards in 135+ currencies, many local methods like Alipay, ACH, and SEPA, and express checkout with Apple Pay and Google Pay.

700K 4 CVEs
Mollie Payments for WooCommerce

Mollie Payments for WooCommerce

mollie-payments-for-woocommerce

A
93

Accept all major payment methods in WooCommerce today. Credit cards, iDEAL and more! Fast, safe and intuitive.

100K 4 CVEs
Developer Profile

Addi – Cuotas que se adaptan a ti Developer Profile

Addi

1 plugin · 2K total installs

79
trust score
Avg Security Score
78/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Addi – Cuotas que se adaptan a ti

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/buy-now-pay-later-addi/assets/css/addi-checkout-gateway.css/wp-content/plugins/buy-now-pay-later-addi/assets/js/addi-checkout-gateway.js/wp-content/plugins/buy-now-pay-later-addi/assets/js/addi-widget.js
Version Parameters
buy-now-pay-later-addi/assets/css/addi-checkout-gateway.css?ver=buy-now-pay-later-addi/assets/js/addi-checkout-gateway.js?ver=buy-now-pay-later-addi/assets/js/addi-widget.js?ver=

HTML / DOM Fingerprints

CSS Classes
addi-widgetaddi-widget-textaddi-widget-button
HTML Comments
<!-- ADDI WIDGET --><!-- End ADDI WIDGET --><!-- ADDI checkout --><!-- End ADDI checkout -->+6 more
Data Attributes
data-addi-widget-params
JS Globals
addi_widget_settingsaddi_checkout_settings
FAQ

Frequently Asked Questions about Addi – Cuotas que se adaptan a ti