Does OXXO PAY powered by Spin have any unpatched vulnerabilities?

No. All known vulnerabilities in OXXO PAY powered by Spin have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is OXXO PAY powered by Spin compatible with WordPress 6.8.5?

According to WordPress.org data, OXXO PAY powered by Spin 1.0.10 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is OXXO PAY powered by Spin compatible with PHP 8.1+?

OXXO PAY powered by Spin requires PHP 8.1 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is OXXO PAY powered by Spin updated?

OXXO PAY powered by Spin was last updated on Jan 27, 2026. Frequent updates are generally a positive security signal.

What is OXXO PAY powered by Spin's security score?

OXXO PAY powered by Spin has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

OXXO PAY powered by Spin Security & Risk Analysis

wordpress.org/plugins/digitalfemsa-payment-gateway

WooCommerce Payment Gateway for DigitalFemsa.io: Securely process cash payments and send email notifications for successful purchases.

100 active installs v1.0.10 PHP 8.1+ WP 1.0.10+ Updated Jan 27, 2026

cashfreemexicopayment-gateway

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is OXXO PAY powered by Spin Safe to Use in 2026?

Generally Safe

Score 100/100

OXXO PAY powered by Spin has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago

Risk Assessment

The digitalfemsa-payment-gateway plugin version 1.0.10 presents a mixed security posture. On the positive side, the static analysis indicates a lack of critical vulnerabilities such as dangerous functions, raw SQL queries, unsanitized paths in taint analysis, and external HTTP requests. The absence of known CVEs further contributes to an impression of a relatively secure plugin. However, several areas raise significant concerns. The low percentage of properly escaped output (65%) suggests a high risk of Cross-Site Scripting (XSS) vulnerabilities, especially given the total number of outputs analyzed. Additionally, the complete absence of nonce checks and capability checks across all entry points is a major oversight, leaving the plugin vulnerable to various forms of unauthorized actions and privilege escalation if any entry points were to be discovered or become accessible in future updates. The presence of file operations also warrants careful consideration, as these could be exploited if not properly secured.

Key Concerns

Low output escaping percentage
Missing nonce checks
Missing capability checks
File operations present

Vulnerabilities

None known

OXXO PAY powered by Spin Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

OXXO PAY powered by Spin Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

20 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Guzzle

Output Escaping

65% escaped31 total outputs

Attack Surface

OXXO PAY powered by Spin Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 5

actionwoocommerce_api_wc_spinspin_block_gateway.php:71

filterwoocommerce_payment_gatewaysspin_block_gateway.php:364

actionwoocommerce_blocks_loadedspin_block_gateway.php:366

actionwoocommerce_blocks_payment_method_type_registrationspin_block_gateway.php:371

actionplugins_loadedspin_checkout.php:32

Maintenance & Trust

OXXO PAY powered by Spin Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJan 27, 2026

PHP min version8.1

Downloads3K

Community Trust

Rating40/100

Number of ratings1

Active installs100

Alternatives

OXXO PAY powered by Spin Alternatives

Conekta Payment Gateway

conekta-payment-gateway

100

WooCommerce Payment Gateway for Conekta.io This bundles functionality to process credit cards and cash payments securely as well as send email notific …

2K No CVEs

elegro Crypto Payment

elegro-payment

Increase your customers base by accepting cryptocurrencies.

20K No CVEs

Cashfree for WooCommerce

cashfree

100

Official Cashfree Payment Gateway plugin for WooCommerce.

9K No CVEs

Knit Pay – Cashfree, Instamojo, Razorpay, Paypal and more

knit-pay

100

Seamlessly integrates 500+ payment gateways, including Cashfree, Instamojo, PayPal, Razorpay, and SSLCommerz, with over 100 WordPress plugins.

2K No CVEs

CashBill.pl – Płatności WooCommerce

cashbill-payment-method

Dedykowane rozwiązanie integrujące najpopularniejsze metody płatności. Dzięki tej wtyczce możesz w atrakcyjny sposób prezentować siatkę z logotypami b …

900 1 CVE

Developer Profile

OXXO PAY powered by Spin Developer Profile

integracionesdigitalfemsa

1 plugin · 100 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect OXXO PAY powered by Spin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/digitalfemsa-payment-gateway/images/oxxopay_b2b.svg/wp-content/plugins/digitalfemsa-payment-gateway/images/oxxopay_b2c.svg

Version Parameters

digitalfemsa-payment-gateway/spin_checkout.php?ver=digitalfemsa-payment-gateway/spin_gateway_helper.php?ver=digitalfemsa-payment-gateway/spin_plugin.php?ver=digitalfemsa-payment-gateway/spin_block_gateway.php?ver=

HTML / DOM Fingerprints

Data Attributes

data-integration-typedata-integration-namedata-plugin-versiondata-platform-versiondata-device-type

JS Globals

window.spin_obj

REST Endpoints

/wp-json/digitalfemsa-payment-gateway/v1/webhook

FAQ