WP-Safety

CamooPay for e-Commerce – Mobile Money Gateway Security & Risk Analysis

wordpress.org/plugins/camoo-pay-for-ecommerce

A secure and seamless plugin to receive and manage Cash, Mobile, and Card payments in Cameroon on your e-shop or website

20 active installs v1.0.9 PHP 8.1+ WP 6.0+ Updated Jan 3, 2026
cameroone-commercemobile-moneymtnorange
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is CamooPay for e-Commerce – Mobile Money Gateway Safe to Use in 2026?

Generally Safe

Score 100/100

CamooPay for e-Commerce – Mobile Money Gateway has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago
Risk Assessment

The camoo-pay-for-ecommerce plugin v1.0.9 exhibits a mixed security posture. While it demonstrates good practices such as having no known critical or high severity vulnerabilities in its history and a high percentage of properly escaped output, there are concerning areas related to its attack surface. The plugin has one unprotected REST API route, which represents a significant potential entry point for attackers. The lack of an explicit permission callback on this route means that any unauthenticated user could potentially interact with it, leading to unintended consequences or exploitation.

Despite the absence of dangerous functions or critical taint analysis findings, the unprotected REST API route is the primary security concern. The presence of SQL queries without prepared statements, even if only one, also warrants attention as it could be a vector for SQL injection if exploited. However, the plugin does implement nonce and capability checks, which are positive security measures. The clean vulnerability history is a good sign, suggesting the developers have historically been diligent about security, but the current findings require remediation.

In conclusion, while the plugin benefits from a lack of historical vulnerabilities and good output escaping, the unprotected REST API route presents a clear and present risk. This, combined with the single instance of raw SQL, lowers its overall security score. Developers should prioritize securing this entry point and ensuring all database queries are properly prepared to mitigate potential security threats.

Key Concerns

  • Unprotected REST API route without permission callbacks
  • 100% of SQL queries not using prepared statements
Vulnerabilities
None known

CamooPay for e-Commerce – Mobile Money Gateway Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

CamooPay for e-Commerce – Mobile Money Gateway Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
0 prepared
Unescaped Output
6
86 escaped
Nonce Checks
1
Capability Checks
1
File Operations
1
External Requests
0
Bundled Libraries
0

SQL Query Safety

0% prepared1 total queries

Output Escaping

93% escaped92 total outputs
Attack Surface
1 unprotected

CamooPay for e-Commerce – Mobile Money Gateway Attack Surface

Entry Points2
Unprotected1

AJAX Handlers 1

authwp_ajax_wc_camoo_pay_mark_order_statusincludes\admin\PluginAdmin.php:83

REST API Routes 1

GET/wp-json/wc-camoo-pay/notificationincludes\Plugin.php:268
WordPress Hooks 20
actionadmin_noticescamoo-pay-for-ecommerce.php:29
actionplugins_loadedcamoo-pay-for-ecommerce.php:43
actionadmin_noticescamoo-pay-for-ecommerce.php:45
actioninitcamoo-pay-for-ecommerce.php:55
filtermanage_woocommerce_page_wc-orders_columnsincludes\admin\PluginAdmin.php:66
actionmanage_woocommerce_page_wc-orders_custom_columnincludes\admin\PluginAdmin.php:71
filterwoocommerce_admin_order_actionsincludes\admin\PluginAdmin.php:77
actionadmin_enqueue_scriptsincludes\admin\PluginAdmin.php:84
actionwoocommerce_admin_order_data_after_order_detailsincludes\admin\PluginAdmin.php:86
actionadmin_initincludes\admin\PluginAdmin.php:94
actionwpmu_new_blogincludes\Install.php:15
actionadmin_noticesincludes\Plugin.php:93
actionwp_enqueue_scriptsincludes\Plugin.php:111
actionbefore_woocommerce_initincludes\Plugin.php:113
actionwoocommerce_blocks_loadedincludes\Plugin.php:114
actionwoocommerce_store_api_checkout_update_order_from_requestincludes\Plugin.php:115
actioncamoo_pay_order_status_changedincludes\Plugin.php:260
actionrest_api_initincludes\Plugin.php:262
filterwoocommerce_payment_gatewaysincludes\Plugin.php:263
filterwoocommerce_payment_gatewaysuninstall.php:22
Maintenance & Trust

CamooPay for e-Commerce – Mobile Money Gateway Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 3, 2026
PHP min version8.1
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs20
Alternatives

CamooPay for e-Commerce – Mobile Money Gateway Alternatives

Campay Woocommerce Payment Gateway

Campay Woocommerce Payment Gateway

campay-api

A
99

CamPay is a Fintech service of the company TAKWID

200 1 CVE
CamPay Give Donation Payment Gateway

CamPay Give Donation Payment Gateway

campay-give

A
85

CamPay is a Fintech service of the company TAKWID

10 No CVEs
CamPay Shortcode Payment Gateway

CamPay Shortcode Payment Gateway

campay-shortcode-payment-gateway

A
100

CamPay is a Fintech service of the company TAKWID

10 No CVEs
Gateway Payougo Checkout

Gateway Payougo Checkout

gateway-payougo-checkout

A
85

With Payougo, easyly accept secure Orange Money & MTN Mobile Money payments from Cameroon subscribers on your web store.

10 No CVEs
SoleasPay payment gateway for WooCommerce

SoleasPay payment gateway for WooCommerce

soleaspay-payment-gateway-for-woocommerce

A
92

SoleasPay - Payment gateway for WooCommerce

0 No CVEs
Developer Profile

CamooPay for e-Commerce – Mobile Money Gateway Developer Profile

Camoo Sarl

4 plugins · 310 total installs

91
trust score
Avg Security Score
96/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect CamooPay for e-Commerce – Mobile Money Gateway

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/camoo-pay-for-ecommerce/assets/css/camoo-pay-for-ecommerce-admin.css/wp-content/plugins/camoo-pay-for-ecommerce/assets/js/camoo-pay-for-ecommerce-admin.js/wp-content/plugins/camoo-pay-for-ecommerce/assets/js/camoo-pay-for-ecommerce.js
Script Paths
/wp-content/plugins/camoo-pay-for-ecommerce/assets/js/camoo-pay-for-ecommerce-admin.js/wp-content/plugins/camoo-pay-for-ecommerce/assets/js/camoo-pay-for-ecommerce.js
Version Parameters
/wp-content/plugins/camoo-pay-for-ecommerce/assets/css/camoo-pay-for-ecommerce-admin.css?ver=/wp-content/plugins/camoo-pay-for-ecommerce/assets/js/camoo-pay-for-ecommerce-admin.js?ver=/wp-content/plugins/camoo-pay-for-ecommerce/assets/js/camoo-pay-for-ecommerce.js?ver=

HTML / DOM Fingerprints

CSS Classes
wc-camoo-pay
Data Attributes
data-camoo-pay-keydata-camoo-pay-secret
JS Globals
WC_CamooPay_GatewaycamooPay
FAQ

Frequently Asked Questions about CamooPay for e-Commerce – Mobile Money Gateway