Deshi Pay bKash, Rocket, Nagad Security & Risk Analysis
wordpress.org/plugins/deshi-payA professional and modern manual payment gateway for WooCommerce supporting bKash, Nagad, and Rocket with a sleek UI and easy copy features.
Is Deshi Pay bKash, Rocket, Nagad Safe to Use in 2026?
Generally Safe
Score 100/100Deshi Pay bKash, Rocket, Nagad has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
Based on the static analysis and vulnerability history provided, the "deshi-pay" v1.0.0 plugin exhibits a strong security posture in several key areas. The absence of any discovered CVEs, coupled with 100% of SQL queries using prepared statements and all output being properly escaped, are significant strengths. The presence of at least one nonce check further indicates an awareness of common WordPress security practices. The limited attack surface with no exposed AJAX handlers, REST API routes, shortcodes, or cron events without authentication is also a positive indicator.
However, the complete lack of capability checks raises a notable concern. While the attack surface appears small, a lack of capability checks means that even if entry points were to be discovered or added in future versions, they might be accessible to any logged-in user, regardless of their role or permissions. This could lead to privilege escalation if sensitive actions are performed without proper authorization checks.
Overall, the plugin demonstrates good foundational security practices, particularly in data handling and output sanitization. The primary weakness lies in the absence of role-based access control mechanisms, which could be a significant oversight depending on the plugin's functionality. The clean vulnerability history is encouraging but should not be a reason to neglect security hygiene, especially regarding authorization.
Key Concerns
- Missing capability checks
Deshi Pay bKash, Rocket, Nagad Security Vulnerabilities
Deshi Pay bKash, Rocket, Nagad Code Analysis
Output Escaping
Deshi Pay bKash, Rocket, Nagad Attack Surface
WordPress Hooks 3
Maintenance & Trust
Deshi Pay bKash, Rocket, Nagad Maintenance & Trust
Maintenance Signals
Community Trust
Deshi Pay bKash, Rocket, Nagad Alternatives
Flying Pay
flying-pay-gateway
A seamless and secure payment gateway integration for WooCommerce featuring Mobile Banking, 4 Major Banks, and Crypto support with an interactive UI.
SoftTech-IT bKash, Rocket, Nagad
bkash
Easy to use bKash , Rocket and Nagad Payment Gateway for Woocommerce
Bangladeshi Payments Mobile – QR Code & Transaction Reports
bangladeshi-payments-mobile
Accept Mobile Payments in Bangladesh – WooCommerce Gateway for bKash, Nagad, Rocket & Upay with QR Code & Transaction Reports.
UddoktaPay
uddoktapay-gateway
UddoktaPay Plugin for WooCommerce.
bKash & Mobile Payment – Fast Checkout, Partial Payment & Buy Now Button
bangla-press
bKash, Nagad, Rocket, and Upay payments for WooCommerce with partial payments,Buy Now Button, and complete control over checkout options.
Deshi Pay bKash, Rocket, Nagad Developer Profile
2 plugins · 40 total installs
How We Detect Deshi Pay bKash, Rocket, Nagad
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/deshi-pay/assets/css/style.css/wp-content/plugins/deshi-pay/assets/js/script.js/wp-content/plugins/deshi-pay/includes/images/bkash.png/wp-content/plugins/deshi-pay/includes/images/nagad.png/wp-content/plugins/deshi-pay/includes/images/rocket.png/wp-content/plugins/deshi-pay/assets/js/script.jsdeshi-pay/assets/css/style.css?ver=deshi-pay/assets/js/script.js?ver=HTML / DOM Fingerprints
payment-gateway-cardamount-sectiontotal-amountsecure-tagmethod-selectormethod-gridmethod-boxactive+3 moredata-numdata-namedata-imgid="m-logo"id="m-name"id="target-number"window.copyText