Direct Payments for WooCommerce – Bank Transfer, Mobile Money, Crypto and Peer-to-Peer (P2P) Payments Security & Risk Analysis

wordpress.org/plugins/direct-payments-for-woocommerce

Direct Payments for WooCommerce allows your store to accept instant payments via bank transfers, mobile money, crypto and popular P2P platforms global …

700 active installs v2.4.4 PHP 7.0+ WP 5.0+ Updated Mar 13, 2026

bank-transfercryptomobile-moneypayment-gatewaywoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Direct Payments for WooCommerce – Bank Transfer, Mobile Money, Crypto and Peer-to-Peer (P2P) Payments Safe to Use in 2026?

Generally Safe

Score 100/100

Direct Payments for WooCommerce – Bank Transfer, Mobile Money, Crypto and Peer-to-Peer (P2P) Payments has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 21d ago

Risk Assessment

The direct-payments-for-woocommerce plugin v2.4.4 exhibits a generally strong security posture based on the provided static analysis and vulnerability history. The absence of any known CVEs and a robust implementation of nonce and capability checks across its considerable attack surface (74 AJAX handlers) are significant strengths. Furthermore, the high percentage of properly escaped output (95%) and the fact that no dangerous functions were detected are positive indicators.

However, there are areas for improvement. The presence of 3 flows with unsanitized paths, even without critical or high severity flags, warrants attention. While the SQL query sanitization is at 50%, which is average, any raw SQL queries without prepared statements could pose a risk. The plugin also makes 9 external HTTP requests, which, while not inherently a vulnerability, represent potential attack vectors if not handled securely or if external endpoints are compromised.

Overall, the plugin appears well-maintained and developed with security in mind, particularly given its clean vulnerability history. The strengths significantly outweigh the potential weaknesses. The primary focus for improvement should be on addressing the identified unsanitized paths and ensuring all SQL queries are properly prepared.

Key Concerns

Flows with unsanitized paths
SQL queries not using prepared statements
External HTTP requests

Vulnerabilities

None known

Direct Payments for WooCommerce – Bank Transfer, Mobile Money, Crypto and Peer-to-Peer (P2P) Payments Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Direct Payments for WooCommerce – Bank Transfer, Mobile Money, Crypto and Peer-to-Peer (P2P) Payments Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

1642 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

jQuerySelect2

SQL Query Safety

50% prepared8 total queries

Output Escaping

95% escaped1729 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

23 flows3 with unsanitized paths

digages_crypto_get_price_ajax (functions\cryptpopamount.php:60)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Direct Payments for WooCommerce – Bank Transfer, Mobile Money, Crypto and Peer-to-Peer (P2P) Payments Attack Surface

Entry Points74

Unprotected0

AJAX Handlers 74

authwp_ajax_confirm_orderdirectpayment\orderdetails.php:24

noprivwp_ajax_confirm_orderdirectpayment\orderdetails.php:25

authwp_ajax_cancel_orderdirectpayment\orderdetails.php:47

noprivwp_ajax_cancel_orderdirectpayment\orderdetails.php:48

authwp_ajax_get_order_detailsdirectpayment\orderdetails.php:51

noprivwp_ajax_get_order_detailsdirectpayment\orderdetails.php:52

authwp_ajax_digages_fetch_payment_methodsfrontend\paymethods.php:4

noprivwp_ajax_digages_fetch_payment_methodsfrontend\paymethods.php:5

authwp_ajax_digages_send_p2p_confirmationfrontend\paymethods.php:685

noprivwp_ajax_digages_send_p2p_confirmationfrontend\paymethods.php:686

authwp_ajax_digages_send_p2p_confirmation_skipfrontend\paymethods.php:985

noprivwp_ajax_digages_send_p2p_confirmation_skipfrontend\paymethods.php:986

authwp_ajax_digages_check_currency_availabilityfrontend\realtime-currency.php:86

noprivwp_ajax_digages_check_currency_availabilityfrontend\realtime-currency.php:87

authwp_ajax_digages_crypto_get_price_ajaxfunctions\cryptpopamount.php:89

noprivwp_ajax_digages_crypto_get_price_ajaxfunctions\cryptpopamount.php:90

authwp_ajax_digages_woodp_save_setupfunctions\dashboard-setup.php:3

authwp_ajax_digages_woodp_load_setupfunctions\dashboard-setup.php:35

authwp_ajax_digages_dismiss_notice_addaccountsmainnotice\addaccountsmain.php:97

authwp_ajax_digages_dismiss_notice_availablenotice\available.php:97

authwp_ajax_digages_dismiss_notice_firstpaynotice\firstpay.php:125

authwp_ajax_digages_dismiss_notice_homenotice\home.php:97

authwp_ajax_digages_dismiss_notice_hundredpaynotice\hundredpay.php:131

authwp_ajax_digages_dismiss_notice_interestsnotice\interests.php:98

authwp_ajax_digages_dismiss_notice_tenpaynotice\tenpay.php:131

authwp_ajax_digages_load_pageonboarding\allpages.php:6

authwp_ajax_digages_save_pageonboarding\current-page.php:33

authwp_ajax_digages_get_current_pageonboarding\current-page.php:54

authwp_ajax_digages_update_data_usage_woodponboarding\data-usage.php:5

authwp_ajax_digages_update_interest_woodponboarding\save-interests.php:5

authwp_ajax_digages_admin_script_onboaard_methods_updateonboarding\save-methods.php:6

authwp_ajax_digages_update_order_statusothers.php:6

noprivwp_ajax_digages_update_order_statusothers.php:7

authwp_ajax_digages_upload_screenshotothers.php:94

noprivwp_ajax_digages_upload_screenshotothers.php:95

authwp_ajax_digages_upload_screenshot_skipothers.php:226

noprivwp_ajax_digages_upload_screenshot_skipothers.php:227

authwp_ajax_digages_resend_order_emailothers.php:313

noprivwp_ajax_digages_resend_order_emailothers.php:314

authwp_ajax_digages_add_order_to_cartothers.php:382

noprivwp_ajax_digages_add_order_to_cartothers.php:383

authwp_ajax_digages_direct_payment_report_woodppayment-records.php:5

noprivwp_ajax_digages_direct_payment_report_woodppayment-records.php:6

authwp_ajax_digages_woodp_activate_pluginsettings\pages\activate_plugin.php:8

authwp_ajax_upload_qr_codesettings\pages\banktransfer\bank_transfer_backend.php:7

authwp_ajax_save_bank_accountsettings\pages\banktransfer\bank_transfer_backend.php:76

authwp_ajax_edit_bank_accountsettings\pages\banktransfer\bank_transfer_backend.php:124

authwp_ajax_delete_bank_accountsettings\pages\banktransfer\bank_transfer_backend.php:188

authwp_ajax_digages_update_bank_account_statussettings\pages\banktransfer\bank_transfer_backend.php:217

authwp_ajax_crypto_upload_qr_codesettings\pages\crypto\crypto_transfer_backend.php:7

authwp_ajax_save_crypto_accountsettings\pages\crypto\crypto_transfer_backend.php:73

authwp_ajax_edit_crypto_accountsettings\pages\crypto\crypto_transfer_backend.php:126

authwp_ajax_delete_crypto_accountsettings\pages\crypto\crypto_transfer_backend.php:193

authwp_ajax_digages_update_crypto_account_statussettings\pages\crypto\crypto_transfer_backend.php:219

authwp_ajax_fetch_exchange_ratesettings\pages\currencies\functions.php:4

authwp_ajax_save_currency_ratesettings\pages\currencies\functions.php:5

authwp_ajax_fetch_all_ratessettings\pages\currencies\functions.php:6

authwp_ajax_update_currency_ordersettings\pages\currencies\functions.php:7

authwp_ajax_digages_woodp_open_plugin_urlsettings\pages\install_plugin.php:6

authwp_ajax_mobile_upload_qr_codesettings\pages\mobilemoney\mobile_transfer_backend.php:7

authwp_ajax_save_mobile_accountsettings\pages\mobilemoney\mobile_transfer_backend.php:74

authwp_ajax_edit_mobile_accountsettings\pages\mobilemoney\mobile_transfer_backend.php:119

authwp_ajax_delete_mobile_accountsettings\pages\mobilemoney\mobile_transfer_backend.php:177

authwp_ajax_digages_update_mob_account_statussettings\pages\mobilemoney\mobile_transfer_backend.php:206

authwp_ajax_p2p_upload_qr_codesettings\pages\others\p2p_transfer_backend.php:6

authwp_ajax_save_p2p_accountsettings\pages\others\p2p_transfer_backend.php:75

authwp_ajax_edit_p2p_accountsettings\pages\others\p2p_transfer_backend.php:120

authwp_ajax_delete_p2p_accountsettings\pages\others\p2p_transfer_backend.php:178

authwp_ajax_digages_update_p2p_account_statussettings\pages\others\p2p_transfer_backend.php:206

authwp_ajax_p2p_upload_qr_codesettings\pages\p2p\p2p_transfer_backend.php:7

authwp_ajax_save_p2p_accountsettings\pages\p2p\p2p_transfer_backend.php:75

authwp_ajax_edit_p2p_accountsettings\pages\p2p\p2p_transfer_backend.php:120

authwp_ajax_delete_p2p_accountsettings\pages\p2p\p2p_transfer_backend.php:178

authwp_ajax_digages_update_p2p_account_statussettings\pages\p2p\p2p_transfer_backend.php:206

WordPress Hooks 89

actionadmin_enqueue_scriptsallpagesenq.php:5

actioninitcustom-orders\create-abandoned-status.php:18

filterwc_order_statusescustom-orders\create-abandoned-status.php:25

filterbulk_actions-woocommerce_page_wc-orderscustom-orders\create-abandoned-status.php:33

filterbulk_actions-edit-shop_ordercustom-orders\create-abandoned-status.php:35

filterhandle_bulk_actions-edit-shop_ordercustom-orders\create-abandoned-status.php:53

filterhandle_bulk_actions-woocommerce_page_wc-orderscustom-orders\create-abandoned-status.php:54

actionadmin_headcustom-orders\create-abandoned-status.php:68

actioninitcustom-orders\create-digagestest-status.php:18

filterwc_order_statusescustom-orders\create-digagestest-status.php:25

filterhandle_bulk_actions-edit-shop_ordercustom-orders\create-digagestest-status.php:53

filterhandle_bulk_actions-woocommerce_page_wc-orderscustom-orders\create-digagestest-status.php:54

actionadmin_headcustom-orders\create-digagestest-status.php:68

actioninitcustom-orders\create-test-status.php:18

filterwc_order_statusescustom-orders\create-test-status.php:25

filterbulk_actions-woocommerce_page_wc-orderscustom-orders\create-test-status.php:33

filterbulk_actions-edit-shop_ordercustom-orders\create-test-status.php:35

filterhandle_bulk_actions-edit-shop_ordercustom-orders\create-test-status.php:53

filterhandle_bulk_actions-woocommerce_page_wc-orderscustom-orders\create-test-status.php:54

actionadmin_headcustom-orders\create-test-status.php:68

actionbefore_woocommerce_initdigages.php:21

filterplugin_row_metadigages.php:105

actionadmin_initdigages.php:198

actioninitdigages.php:208

actionadmin_noticesdigages.php:211

actionadmin_noticesdigages.php:216

actionadmin_initdigages.php:217

actionadmin_noticesdigages.php:221

actionadmin_initdigages.php:222

actioninitdigages.php:234

actioninitdigages.php:238

actionupgrader_process_completedigages.php:308

actionplugins_loadeddigages.php:326

actionadmin_initdigages.php:358

filtercron_schedulesdigages.php:365

actiondigages_reset_ai_auto_optiondigages.php:412

actionwoocommerce_review_order_before_submitfrontend\main.php:4

actionwp_footerfrontend\paymentpopup.php:127

filterwoocommerce_email_order_metafrontend\paymethods.php:1238

actionwp_footerfrontend\step1.php:618

actionadmin_enqueue_scriptsfunctions\bankenqueue.php:100

actioninitfunctions\canceledpage.php:9

actiontemplate_redirectfunctions\canceledpage.php:67

actionadmin_enqueue_scriptsfunctions\cryptoqueue.php:103

actionwp_enqueue_scriptsfunctions\cryptpopamount.php:55

actionwoocommerce_order_status_changedfunctions\data.php:141

actionadmin_enqueue_scriptsfunctions\enqueue.php:36

actionwp_enqueue_scriptsfunctions\frontadminenqueue.php:31

actionadmin_enqueue_scriptsfunctions\frontadminenqueue.php:170

actionadmin_enqueue_scriptsfunctions\frontadminenqueue.php:226

actionadmin_enqueue_scriptsfunctions\frontadminenqueue.php:299

actioninitfunctions\initialorder.php:20

filterwc_order_statusesfunctions\initialorder.php:33

actionwoocommerce_new_orderfunctions\initialorder.php:50

filterwc_order_statusesfunctions\initialorder.php:60

actionadmin_enqueue_scriptsfunctions\mobilequeue.php:101

actionadmin_menufunctions\otherpages.php:30

actionadmin_enqueue_scriptsfunctions\p2penqueue.php:102

actionwoocommerce_order_status_changedfunctions\paydata.php:200

actionwp_enqueue_scriptsfunctions\popupenqueue.php:37

actioninitfunctions\sendmail.php:7

actiontemplate_redirectfunctions\sendmail.php:8

filterquery_varsfunctions\sendmail.php:9

actionadmin_menufunctions\submenu.php:16

actionwoocommerce_settings_tabsfunctions\subtab.php:202

filteradmin_titlefunctions\titles.php:44

actionwp_loadedfunctions\workflowhelper.php:348

actionadmin_noticesnotice\addaccountsmain.php:89

actionadmin_noticesnotice\available.php:89

actionadmin_enqueue_scriptsnotice\enqueue.php:17

actionadmin_noticesnotice\firstpay.php:117

actionadmin_noticesnotice\home.php:89

actionadmin_noticesnotice\hundredpay.php:122

actionadmin_noticesnotice\interests.php:89

actionadmin_noticesnotice\tenpay.php:122

actionadmin_footeronboarding\current-page.php:67

actionadmin_enqueue_scriptsonboarding\enqueue.php:391

actionadmin_enqueue_scriptsonboarding\jsenqueue\bank.php:66

actionadmin_enqueue_scriptsonboarding\jsenqueue\crypto.php:54

actionadmin_enqueue_scriptsonboarding\jsenqueue\mobile.php:53

actionadmin_enqueue_scriptsonboarding\jsenqueue\p2p.php:55

actionadmin_menuonboarding\main.php:54

actionwpothers.php:408

actioninitpayment-records.php:8

filterwoocommerce_payment_gatewayssettings\gateway.php:9

actionadmin_noticessettings\gateway.php:220

actionplugins_loadedsettings\gateway.php:307

actionwp_scheduled_deletesettings\gateway.php:309

actionadmin_enqueue_scriptssettings\gateway.php:335

Scheduled Events 2

digages_reset_ai_auto_option

wp_scheduled_delete

Maintenance & Trust

Direct Payments for WooCommerce – Bank Transfer, Mobile Money, Crypto and Peer-to-Peer (P2P) Payments Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedMar 13, 2026

PHP min version7.0

Downloads21K

Community Trust

Rating100/100

Number of ratings9

Active installs700

Alternatives

Direct Payments for WooCommerce – Bank Transfer, Mobile Money, Crypto and Peer-to-Peer (P2P) Payments Alternatives

Bani Payments for WooCommerce

bani-payments-for-woocommerce

100

Bani for WooCommerce allows merchants seamlessly accept cardless payments from their customers whether that be mobile money payments across Sub-Sahara …

10 No CVEs

NOWPayments for WooCommerce – Crypto Payment Gateway

nowpayments-for-woocommerce

100

Accept Bitcoin, Ethereum, and 300+ cryptocurrencies in WooCommerce using the official NOWPayments crypto payment gateway.

3K No CVEs

Fr Multi Bank Transfer Payment Gateways for WooCommerce

fr-multi-bank-transfer-payment-gateways-for-woocommerce

100

Add multiple bank transfer payment gateways.

2K No CVEs

Advance Bank Payment Transfer Gateway

advance-bank-payment-transfer-gateway

100

Short Description: This plugin clones the Direct Bank Transfer gateway to create another offline payment method. License: GPLv2 or later

1K No CVEs

Helio Pay (Accept 1-click crypto payments #USDC #SOL #BTC #ETH)

helio

Helio Pay ⚡⚡ Sell more with crypto ⚡⚡ - Accept crypto payments the easy way - Set up in minutes & get paid instantly with real-time payouts - Sell …

600 No CVEs

Developer Profile

Direct Payments for WooCommerce – Bank Transfer, Mobile Money, Crypto and Peer-to-Peer (P2P) Payments Developer Profile

Digages

5 plugins · 850 total installs

trust score

Avg Security Score

91/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Direct Payments for WooCommerce – Bank Transfer, Mobile Money, Crypto and Peer-to-Peer (P2P) Payments

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/direct-payments-for-woocommerce/functions/enqueue.php/wp-content/plugins/direct-payments-for-woocommerce/functions/frontadminenqueue.php/wp-content/plugins/direct-payments-for-woocommerce/functions/bankenqueue.php/wp-content/plugins/direct-payments-for-woocommerce/functions/mobilequeue.php/wp-content/plugins/direct-payments-for-woocommerce/functions/cryptoqueue.php/wp-content/plugins/direct-payments-for-woocommerce/functions/p2penqueue.php/wp-content/plugins/direct-payments-for-woocommerce/functions/popupenqueue.php/wp-content/plugins/direct-payments-for-woocommerce/frontend/main.php+25 more

HTML / DOM Fingerprints

FAQ