Does Clover Payments for WooCommerce have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Clover Payments for WooCommerce compatible with WordPress 6.9.4?

According to WordPress.org data, Clover Payments for WooCommerce 2.3.2 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Clover Payments for WooCommerce compatible with PHP 7.4+?

Clover Payments for WooCommerce requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Clover Payments for WooCommerce updated?

Clover Payments for WooCommerce was last updated on Mar 17, 2026. Frequent updates are generally a positive security signal.

What is Clover Payments for WooCommerce's security score?

Clover Payments for WooCommerce has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Clover Payments for WooCommerce Security & Risk Analysis

wordpress.org/plugins/clover-payments-for-woocommerce

The Clover Payments plugin enables merchants that use WooCommerce to process online card payments using Clover.

2K active installs v2.3.2 PHP 7.4+ WP 6.1+ Updated Mar 17, 2026

apple-paycredit-cardpaymentpayment-gatewaywoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Clover Payments for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Clover Payments for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago

Risk Assessment

The "clover-payments-for-woocommerce" plugin v2.3.1 demonstrates several positive security practices, including the complete absence of dangerous functions, a commitment to using prepared statements for all SQL queries, and a high percentage of properly escaped outputs. The plugin also boasts no known historical CVEs, which generally suggests a well-maintained codebase. However, significant security concerns exist due to the presence of two AJAX handlers that lack any authentication or authorization checks. This creates a direct attack vector for unauthenticated users, potentially allowing them to trigger unintended actions within the plugin.

The static analysis highlights a limited attack surface, with all entry points being the two AJAX handlers. While taint analysis shows no critical or high-severity unsanitized flows, the lack of authorization on the AJAX handlers is a critical oversight that bypasses any potential security mechanisms. The presence of nonces is a positive sign for some aspects of its functionality, but their absence on these two critical AJAX endpoints makes them ineffective. The plugin's file operations and external HTTP requests are also minimal, which is a good sign.

Overall, while the plugin exhibits strengths in core secure coding practices like SQL sanitization and output escaping, the unprotected AJAX endpoints represent a critical weakness. The lack of historical vulnerabilities is encouraging, but it does not negate the immediate risk posed by the identified unprotected entry points. A balanced assessment reveals a plugin with good foundational security but with a critical flaw in its handling of user interactions via AJAX.

Key Concerns

AJAX handlers without auth checks
AJAX handlers without auth checks
Capability checks: 0

Vulnerabilities

None known

Clover Payments for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Clover Payments for WooCommerce Release Timeline

v2.3.2Current

v2.3.1

v2.3.0

v2.2.0

v2.1.0

v2.0.0

v1.0.12

v1.0.11

v1.0.10

v1.0.9

v1.0.8

v1.0.7

v1.0.6

v1.0.5

v1.0.4

v1.0.3

v1.0.2

v1.0.1

v1.0.0

Code Analysis

Analyzed Mar 17, 2026

Clover Payments for WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

24 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

80% escaped30 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

2 flows

notice_bulk_actions_capture (includes\class-woo-clv-admin-capture.php:105)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Clover Payments for WooCommerce Attack Surface

Entry Points2

Unprotected2

AJAX Handlers 2

authwp_ajax_wc_clv_order_captureincludes\class-woo-clv-payments.php:36

noprivwp_ajax_wc_clv_order_captureincludes\class-woo-clv-payments.php:37

WordPress Hooks 29

actioninitincludes\apple-pay\class-woo-clv-apple-pay.php:98

filterquery_varsincludes\apple-pay\class-woo-clv-apple-pay.php:99

actiontemplate_redirectincludes\apple-pay\class-woo-clv-apple-pay.php:100

actionadmin_initincludes\apple-pay\class-woo-clv-apple-pay.php:101

actionadmin_noticesincludes\apple-pay\class-woo-clv-apple-pay.php:102

filterwoocommerce_settings_api_form_fields_clover_paymentsincludes\apple-pay\class-woo-clv-apple-pay.php:103

actionadd_option_woocommerce_clover_payments_settingsincludes\apple-pay\class-woo-clv-apple-pay.php:104

actionupdate_option_woocommerce_clover_payments_settingsincludes\apple-pay\class-woo-clv-apple-pay.php:105

actionupdate_option_woocommerce_clover_payments_settingsincludes\apple-pay\class-woo-clv-apple-pay.php:198

actionadmin_enqueue_scriptsincludes\class-woo-clv-admin-capture.php:21

actionadmin_enqueue_scriptsincludes\class-woo-clv-admin.php:74

actionwp_enqueue_scriptsincludes\class-woo-clv-admin.php:75

actionwoocommerce_order_item_add_action_buttonsincludes\class-woo-clv-admin.php:76

actionwoocommerce_admin_order_data_after_order_detailsincludes\class-woo-clv-admin.php:78

filterwoocommerce_get_order_item_totalsincludes\class-woo-clv-admin.php:82

filterwoocommerce_gateway_iconincludes\class-woo-clv-admin.php:83

actionwoocommerce_rest_checkout_process_payment_with_contextincludes\class-woo-clv-blocks-support.php:51

filterwc_clover_form_fieldsincludes\class-woo-clv-form-fields.php:11

filterbulk_actions-edit-shop_orderincludes\class-woo-clv-payments.php:38

filterhandle_bulk_actions-edit-shop_orderincludes\class-woo-clv-payments.php:39

actionadmin_noticesincludes\class-woo-clv-payments.php:40

filterwoocommerce_payment_gatewaysincludes\class-woo-clv-payments.php:43

actioninitincludes\class-woo-clv-payments.php:44

actionwpo_wcpdf_after_order_dataincludes\class-woo-clv-payments.php:45

actionbefore_woocommerce_payincludes\class-woo-clv-payments.php:46

actionwoocommerce_blocks_loadedincludes\class-woo-clv-payments.php:47

actionwoocommerce_blocks_payment_method_type_registrationincludes\class-woo-clv-payments.php:110

actionplugins_loadedwoo-clover-payments.php:27

actionadmin_noticeswoo-clover-payments.php:31

Maintenance & Trust

Clover Payments for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 17, 2026

PHP min version7.4

Downloads45K

Community Trust

Rating34/100

Number of ratings16

Active installs2K

Alternatives

Clover Payments for WooCommerce Alternatives

Sola Payment Gateway for WooCommerce

woo-cardknox-gateway

100

Accept payments with the Sola gateway.

700 No CVEs

Nomod for WooCommerce

nomod-for-woocommerce

100

Accept major cards, Apple Pay, Google Pay, Mada, Tabby & Tamara on your store. Get same-day payouts, no monthly fees & amazing support!

300 No CVEs

AllPays.co – Payment Gateway for WooCommerce

allpaysco-payment-gateway-for-woocommerce

100

Accept card payments, Apple Pay, Google Pay, Venmo, bank transfers, and local payment methods with AllPays.co for WooCommerce.

0 No CVEs

WooPayments: Integrated WooCommerce Payments

woocommerce-payments

Securely accept credit and debit cards on your WooCommerce store. Manage payments without leaving your WordPress dashboard. Only with WooPayments.

900K 7 CVEs

Asaas Gateway for WooCommerce

woo-asaas

100

Take transparent credit card and bank ticket payment checkouts on your store using Asaas.

9K No CVEs

Developer Profile

Clover Payments for WooCommerce Developer Profile

Clover eCommerce

1 plugin · 2K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Clover Payments for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/clover-payments-for-woocommerce/assets/css/woo-clv-admin-capture.css/wp-content/plugins/clover-payments-for-woocommerce/admin/js/woo-clv-admin-capture.js

Script Paths

/wp-content/plugins/clover-payments-for-woocommerce/admin/js/woo-clv-admin-capture.js

Version Parameters

clover-payments-for-woocommerce/assets/css/woo-clv-admin-capture.css?ver=clover-payments-for-woocommerce/admin/js/woo-clv-admin-capture.js?ver=

HTML / DOM Fingerprints

CSS Classes

clv-error

JS Globals

wc_clover_setting_params

FAQ