WP-Safety

Nexi Checkout Security & Risk Analysis

wordpress.org/plugins/dibs-easy-for-woocommerce

Nexi Checkout is a plugin that extends WooCommerce, allowing you to take payments via Nets/Nexi's payment method Nexi Checkout.

3K active installs v2.14.0 PHP 7.4+ WP 5.0+ Updated Mar 2, 2026
dibse-commerceecommercenets-easywoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Nexi Checkout Safe to Use in 2026?

Generally Safe

Score 100/100

Nexi Checkout has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The "dibs-easy-for-woocommerce" v2.14.0 plugin exhibits a strong security posture based on the provided static analysis. The absence of any identified AJAX handlers, REST API routes, shortcodes, or cron events without authentication checks significantly limits the potential attack surface. Furthermore, the code shows excellent practices with 100% of SQL queries utilizing prepared statements and a high percentage (97%) of output properly escaped, minimizing risks of SQL injection and cross-site scripting (XSS) vulnerabilities. The lack of critical or high severity taint flows is also a positive indicator.

While the plugin demonstrates robust security in these areas, a notable concern is the complete absence of capability checks. This implies that even non-administrative users might be able to trigger certain functionalities if entry points existed, which is a potential weakness that requires careful monitoring. The limited file operations and external HTTP requests, along with the presence of nonce checks, further contribute to a generally secure design. The plugin's vulnerability history is clean, with zero known CVEs, suggesting a history of good security maintenance or a lack of targeted exploitation.

In conclusion, this plugin appears to be well-developed from a security perspective, with strengths in preventing common web vulnerabilities. However, the absence of capability checks represents a significant omission that could lead to privilege escalation or unauthorized actions if any latent entry points were present or introduced in future versions. This should be a primary focus for any security audit or ongoing monitoring.

Key Concerns

  • No capability checks found
Vulnerabilities
None known

Nexi Checkout Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Nexi Checkout Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
6
208 escaped
Nonce Checks
5
Capability Checks
0
File Operations
3
External Requests
3
Bundled Libraries
0

Output Escaping

97% escaped214 total outputs
Attack Surface

Nexi Checkout Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 54
actionadmin_initclasses\class-nets-easy-admin-notices.php:49
actionadmin_noticesclasses\class-nets-easy-admin-notices.php:56
actionadmin_noticesclasses\class-nets-easy-admin-notices.php:57
actionadmin_noticesclasses\class-nets-easy-admin-notices.php:58
actionwoocommerce_api_dibs_api_callbacksclasses\class-nets-easy-api-callbacks.php:43
actiondibs_payment_created_callbackclasses\class-nets-easy-api-callbacks.php:44
actionwp_enqueue_scriptsclasses\class-nets-easy-assets.php:57
actionwp_enqueue_scriptsclasses\class-nets-easy-assets.php:58
actiontemplate_redirectclasses\class-nets-easy-assets.php:61
actionwc_dibs_before_checkout_formclasses\class-nets-easy-assets.php:62
actionwp_enqueue_scriptsclasses\class-nets-easy-assets.php:63
actionwp_enqueue_scriptsclasses\class-nets-easy-assets.php:68
actionwp_enqueue_scriptsclasses\class-nets-easy-assets.php:69
actionwp_print_scriptsclasses\class-nets-easy-assets.php:70
actionadmin_enqueue_scriptsclasses\class-nets-easy-assets.php:74
actionwoocommerce_after_calculate_totalsclasses\class-nets-easy-checkout.php:27
filterallowed_redirect_hostsclasses\class-nets-easy-checkout.php:28
actionnexi_inline_after_snippetclasses\class-nets-easy-checkout.php:31
actionwc_dibs_after_snippetclasses\class-nets-easy-checkout.php:32
actioninitclasses\class-nets-easy-confirmation.php:43
actioninitclasses\class-nets-easy-confirmation.php:44
actioninitclasses\class-nets-easy-confirmation.php:45
actionwoocommerce_email_after_order_tableclasses\class-nets-easy-email.php:22
filterbody_classclasses\class-nets-easy-gateway.php:86
actionwoocommerce_thankyou_dibs_easyclasses\class-nets-easy-gateway.php:87
actionwoocommerce_thankyouclasses\class-nets-easy-gateway.php:88
actionwoocommerce_order_status_completedclasses\class-nets-easy-order-management.php:31
actionwoocommerce_order_status_cancelledclasses\class-nets-easy-order-management.php:32
filterdibs_easy_create_order_argsclasses\class-nets-easy-subscriptions.php:35
actiondibs_easy_process_paymentclasses\class-nets-easy-subscriptions.php:36
actionwoocommerce_admin_order_data_after_billing_addressclasses\class-nets-easy-subscriptions.php:38
actionwoocommerce_process_shop_order_metaclasses\class-nets-easy-subscriptions.php:39
actionwoocommerce_scheduled_subscription_payment_dibs_easyclasses\class-nets-easy-subscriptions.php:42
actioninitclasses\class-nets-easy-subscriptions.php:44
filterwoocommerce_order_needs_paymentclasses\class-nets-easy-subscriptions.php:46
filterwc_get_templateclasses\class-nets-easy-templates.php:43
actionwc_dibs_after_order_reviewclasses\class-nets-easy-templates.php:46
actionwc_dibs_after_order_reviewclasses\class-nets-easy-templates.php:47
actionwc_dibs_after_snippetclasses\class-nets-easy-templates.php:48
actionnexi_inline_before_snippetclasses\class-nets-easy-templates.php:51
actionnexi_inline_after_snippetclasses\class-nets-easy-templates.php:54
filterwoocommerce_generate_krokedil_section_start_htmldependencies\krokedil\settings-page\src\Gateway.php:54
filterwoocommerce_generate_krokedil_section_end_htmldependencies\krokedil\settings-page\src\Gateway.php:55
actionadd_meta_boxesdependencies\krokedil\woocommerce\src\OrderMetabox.php:59
actionadmin_initdependencies\krokedil\woocommerce\src\OrderMetabox.php:60
actionplugins_loadeddibs-easy-for-woocommerce.php:163
actionwoocommerce_blocks_loadeddibs-easy-for-woocommerce.php:164
filterwoocommerce_payment_gatewaysdibs-easy-for-woocommerce.php:289
actionadmin_noticesdibs-easy-for-woocommerce.php:324
actionwoocommerce_blocks_payment_method_type_registrationdibs-easy-for-woocommerce.php:430
actionbefore_woocommerce_initdibs-easy-for-woocommerce.php:449
filterbody_classsrc\PaymentMethods\BaseGateway.php:99
actionwoocommerce_thankyou_dibs_easysrc\PaymentMethods\BaseGateway.php:100
actionwoocommerce_thankyousrc\PaymentMethods\BaseGateway.php:101
Maintenance & Trust

Nexi Checkout Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 2, 2026
PHP min version7.4
Downloads144K

Community Trust

Rating80/100
Number of ratings3
Active installs3K
Alternatives

Nexi Checkout Alternatives

Klarna for WooCommerce

Klarna for WooCommerce

klarna-payments-for-woocommerce

A
100

Grow your business for increased sales and enhanced shopping experiences at no extra costs.

30K 1 CVE
Conversion Tracking for WooCommerce

Conversion Tracking for WooCommerce

woocommerce-conversion-tracking

A
98

Adds various conversion tracking codes to cart, checkout, registration success and product page on WooCommerce

20K 4 CVEs
Kustom Checkout for WooCommerce

Kustom Checkout for WooCommerce

klarna-checkout-for-woocommerce

A
99

The leading checkout in the Nordics, built for higher conversion and returning shoppers. Easy to integrate, supports Klarna and all popular payment me …

10K 2 CVEs
Japanized for WooCommerce

Japanized for WooCommerce

woocommerce-for-japan

A
95

Essential Japanese localization toolkit for WooCommerce - adds address formats, payment methods, delivery scheduling, and legal compliance.

10K 6 CVEs
Breadcrumbs for WooCommerce

Breadcrumbs for WooCommerce

woocommerce-breadcrumbs

A
100

A simple plugin to style the WooCommerce Breadcrumbs or disable them altogether

6K No CVEs
Developer Profile

Nexi Checkout Developer Profile

dibspayment

1 plugin · 3K total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Nexi Checkout

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/dibs-easy-for-woocommerce/assets/css/dibs-easy-checkout.css/wp-content/plugins/dibs-easy-for-woocommerce/assets/js/dibs-easy-checkout.js/wp-content/plugins/dibs-easy-for-woocommerce/assets/js/dibs-easy-payment-methods.js/wp-content/plugins/dibs-easy-for-woocommerce/assets/js/dibs-easy-public.js/wp-content/plugins/dibs-easy-for-woocommerce/assets/js/krokedil-payment-gateway.js
Script Paths
/wp-content/plugins/dibs-easy-for-woocommerce/assets/js/dibs-easy-checkout.js/wp-content/plugins/dibs-easy-for-woocommerce/assets/js/dibs-easy-payment-methods.js/wp-content/plugins/dibs-easy-for-woocommerce/assets/js/dibs-easy-public.js/wp-content/plugins/dibs-easy-for-woocommerce/assets/js/krokedil-payment-gateway.js
Version Parameters
/wp-content/plugins/dibs-easy-for-woocommerce/assets/css/dibs-easy-checkout.css?ver=/wp-content/plugins/dibs-easy-for-woocommerce/assets/js/dibs-easy-checkout.js?ver=/wp-content/plugins/dibs-easy-for-woocommerce/assets/js/dibs-easy-payment-methods.js?ver=/wp-content/plugins/dibs-easy-for-woocommerce/assets/js/dibs-easy-public.js?ver=/wp-content/plugins/dibs-easy-for-woocommerce/assets/js/krokedil-payment-gateway.js?ver=

HTML / DOM Fingerprints

CSS Classes
dibs-easy-payment-gatewaykrokedil-checkout-gateway
HTML Comments
<!-- DIBS Easy Payment Gateway Settings --><!-- Krokedil Nexi Checkout Settings -->
Data Attributes
data-dibs-checkout-flowdata-dibs-payment-id
JS Globals
dibs_easy_public_paramskrokedilPaymentGateway
REST Endpoints
/wp-json/dibs-easy-for-woocommerce/v1/payment-status/wp-json/krokedil-nexi-checkout/v1/payment-status
FAQ

Frequently Asked Questions about Nexi Checkout