WP-Safety

ChillPay WooCommerce Security & Risk Analysis

wordpress.org/plugins/chillpay-payment-gateway

ChillPay WooCommerce payment gateway plugin primarily supports your WooCommerce, enables you to accept payments via Credit and Debit cards, Internet B …

100 active installs v2.6.0 PHP + WP 4.3.1+ Updated Jul 22, 2025
chillpaypaymentpayment-gatewaywoocommercewoocommerce-plugin
99
A · Safe
CVEs total1
Unpatched0
Last CVEApr 9, 2025
Plugin page Download
Safety Verdict

Is ChillPay WooCommerce Safe to Use in 2026?

Generally Safe

Score 99/100

ChillPay WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Apr 9, 2025Updated 8mo ago
Risk Assessment

The "chillpay-payment-gateway" plugin v2.6.0 exhibits a mixed security posture. While it boasts no known critical or high severity vulnerabilities in its history and has addressed its past medium CVE, the static analysis reveals significant concerns. The plugin presents a total of 5 entry points, with a concerning 3 of these AJAX handlers lacking proper authentication checks. This creates a substantial attack surface that could be exploited by unauthenticated users. Furthermore, the plugin's handling of SQL queries is a weakness, with 100% of its queries not utilizing prepared statements, increasing the risk of SQL injection vulnerabilities. The output escaping is also suboptimal, with only 39% of outputs being properly escaped, potentially leading to Cross-Site Scripting (XSS) vulnerabilities.

Key Concerns

  • AJAX handlers without authentication checks
  • SQL queries without prepared statements
  • Low percentage of properly escaped output
  • Known vulnerability history (medium)
Vulnerabilities
1

ChillPay WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-32570medium · 6.1Cross-Site Request Forgery (CSRF)

ChillPay WooCommerce <= 2.5.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Apr 9, 2025 Patched in 2.6.0 (105d)
Code Analysis
Analyzed Mar 16, 2026

ChillPay WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
0 prepared
Unescaped Output
199
127 escaped
Nonce Checks
4
Capability Checks
2
File Operations
0
External Requests
1
Bundled Libraries
0

SQL Query Safety

0% prepared2 total queries

Output Escaping

39% escaped326 total outputs
Attack Surface
3 unprotected

ChillPay WooCommerce Attack Surface

Entry Points5
Unprotected3

AJAX Handlers 5

authwp_ajax_chillpay_fix_domainfix-domain-change-issue.php:250
authwp_ajax_chillpay_delete_cardincludes\class-chillpay-wc-myaccount.php:57
authwp_ajax_chillpay_create_cardincludes\class-chillpay-wc-myaccount.php:58
noprivwp_ajax_chillpay_delete_cardincludes\class-chillpay-wc-myaccount.php:59
noprivwp_ajax_chillpay_create_cardincludes\class-chillpay-wc-myaccount.php:60
WordPress Hooks 27
actionplugins_loadedchillpay-woocommerce.php:46
actioninitchillpay-woocommerce.php:47
actionadmin_noticeschillpay-woocommerce.php:73
actionrest_api_initchillpay-woocommerce.php:162
actioninitfix-domain-change-issue.php:21
actionplugins_loadedfix-domain-change-issue.php:24
actionadmin_initfix-domain-change-issue.php:27
actionadmin_noticesfix-domain-change-issue.php:30
filterwoocommerce_payment_gatewaysfix-domain-change-issue.php:75
actionadmin_menufix-domain-change-issue.php:212
actionadmin_menuincludes\class-chillpay-admin.php:39
filterwoocommerce_order_actionsincludes\class-chillpay-admin.php:58
actionwoocommerce_after_my_accountincludes\class-chillpay-wc-myaccount.php:56
filterwoocommerce_payment_gatewaysincludes\gateway\class-chillpay-payment-alipay-wechatpay.php:209
filterwoocommerce_payment_gatewaysincludes\gateway\class-chillpay-payment-billpayment.php:253
filterwoocommerce_payment_gatewaysincludes\gateway\class-chillpay-payment-creditcard.php:230
filterwoocommerce_payment_gatewaysincludes\gateway\class-chillpay-payment-ewallet.php:319
filterwoocommerce_payment_gatewaysincludes\gateway\class-chillpay-payment-installment.php:489
filterwoocommerce_payment_gatewaysincludes\gateway\class-chillpay-payment-internetbanking.php:301
filterwoocommerce_payment_gatewaysincludes\gateway\class-chillpay-payment-kiosk-machine.php:227
filterwoocommerce_payment_gatewaysincludes\gateway\class-chillpay-payment-mobilebanking.php:299
filterwoocommerce_payment_gatewaysincludes\gateway\class-chillpay-payment-pay-with-points.php:251
filterwoocommerce_payment_gatewaysincludes\gateway\class-chillpay-payment-qrcode.php:188
actionwp_enqueue_scriptsincludes\gateway\class-chillpay-payment.php:127
actionwoocommerce_api_chillpay_callbackincludes\gateway\class-chillpay-payment.php:142
actionwoocommerce_api_chillpay_resultincludes\gateway\class-chillpay-payment.php:143
actionwp_enqueue_scriptsincludes\gateway\class-chillpay-payment.php:146
Maintenance & Trust

ChillPay WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedJul 22, 2025
PHP min version
Downloads5K

Community Trust

Rating0/100
Number of ratings0
Active installs100
Alternatives

ChillPay WooCommerce Alternatives

Bleumi Payments for WC Vendors Marketplace

Bleumi Payments for WC Vendors Marketplace

bleumi-payments-for-wc-vendors-marketplace

A
85

Accept Traditional and Crypto Currency Payments in your WooCommerce store.

10 No CVEs
Bleumi Payments for WooCommerce

Bleumi Payments for WooCommerce

bleumi-payments-for-woocommerce

A
85

Accept Traditional and Crypto Currency Payments in your WooCommerce store.

10 No CVEs
Due.com E-Commerce Payment Gateway

Due.com E-Commerce Payment Gateway

duecom-e-commerce-payment-gateway

A
85

Be sure to checkout our tutorial on using this plugin.

10 No CVEs
Dialog Ez Cash Payment Gateway

Dialog Ez Cash Payment Gateway

oganro-dialog-ezcash

A
85

Woocommerce Dialog Ez Cash Payment Gateway Plugin. Now carry-out your online payments thru Dialog Ez Cash.

10 No CVEs
Bleumi Payments for Cancel Abandoned Order

Bleumi Payments for Cancel Abandoned Order

bleumi-payments-for-cancel-abandoned-order

A
85

Accept Traditional and Crypto Currency Payments in your WooCommerce store.

0 No CVEs
Developer Profile

ChillPay WooCommerce Developer Profile

ChillPay

1 plugin · 100 total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
105 days
View full developer profile
Detection Fingerprints

How We Detect ChillPay WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/chillpay-payment-gateway/assets/css/frontend.css/wp-content/plugins/chillpay-payment-gateway/assets/js/frontend.js/wp-content/plugins/chillpay-payment-gateway/assets/js/jquery.payment.min.js
Script Paths
/wp-content/plugins/chillpay-payment-gateway/assets/js/frontend.js/wp-content/plugins/chillpay-payment-gateway/assets/js/jquery.payment.min.js
Version Parameters
chillpay-payment-gateway/assets/css/frontend.css?ver=chillpay-payment-gateway/assets/js/frontend.js?ver=chillpay-payment-gateway/assets/js/jquery.payment.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
chillpay-payment-formchillpay-payment-gatewaychillpay-card-details-wrapperchillpay-credit-card-inputchillpay-mb-payment-wrapperchillpay-internetbanking-payment-wrapperchillpay-ewallet-payment-wrapperchillpay-qrcode-payment-wrapper+4 more
HTML Comments
<!-- ChillPay Payment Gateway --><!-- End ChillPay Payment Gateway --><!-- Start ChillPay payment form --><!-- End ChillPay payment form -->+2 more
Data Attributes
data-chillpay-gateway-urldata-chillpay-public-keydata-chillpay-payment-method
JS Globals
ChillPaychillpay_frontend_paramsjQuery.fn.payment
REST Endpoints
/wp-json/chillpay/v1/webhooks
FAQ

Frequently Asked Questions about ChillPay WooCommerce