Divit Payment Gateway Security & Risk Analysis

wordpress.org/plugins/divit-rewards-and-payment-gateway

Divit Payment Gateway for WooCommerce

10 active installs v1.7.16 PHP 5.4+ WP 5.0+ Updated May 23, 2025
divitfpshong-kongpaymentpayment-gateway
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is Divit Payment Gateway Safe to Use in 2026?

Generally Safe

Score 92/100

Divit Payment Gateway has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The "divit-rewards-and-payment-gateway" plugin v1.7.16 exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices in database interaction, utilizing prepared statements for all SQL queries and a high percentage of properly escaped output. The absence of known vulnerabilities in its history is also a significant strength, suggesting a history of relatively secure development.

However, there are notable concerns regarding its attack surface and internal security checks. A substantial portion of the plugin's 16 entry points, specifically 12 AJAX handlers, lack authentication checks. This presents a significant risk, as these endpoints could be accessed and potentially exploited by unauthenticated users. The presence of the `unserialize` dangerous function, while only one instance, always warrants caution due to its potential for remote code execution if used with untrusted input. The taint analysis, though limited, did reveal one flow with an unsanitized path, which could be a vector for injection vulnerabilities.

While the plugin has no recorded CVEs, the lack of nonce checks on the unprotected AJAX handlers, coupled with the `unserialize` function and the unsanitized taint flow, indicates potential weaknesses that could be exploited. The strengths in SQL and output escaping are commendable, but they are overshadowed by the significant number of unprotected entry points and the presence of dangerous functions without apparent safeguards. A balanced view suggests that while the plugin has a clean vulnerability history, the current codebase has identifiable areas of concern that require attention to improve its overall security.

Key Concerns

  • 12 AJAX handlers without auth checks
  • Dangerous function: unserialize
  • Taint flow with unsanitized path
  • 0 Nonce checks on entry points
Vulnerabilities
None known

Divit Payment Gateway Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Divit Payment Gateway Release Timeline

v1.7.16Current
v1.7.15
v1.7.14
v1.7.13
Code Analysis
Analyzed Apr 16, 2026

Divit Payment Gateway Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
0 prepared
Unescaped Output
7
132 escaped
Nonce Checks
0
Capability Checks
3
File Operations
2
External Requests
1
Bundled Libraries
0

Dangerous Functions Found

unserializereturn unserialize(serialize($obj));utils.php:186

Output Escaping

95% escaped139 total outputs
Data Flows · Security
1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths
admin_options (wc-divit-payment-gateway.php:1434)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
12 unprotected

Divit Payment Gateway Attack Surface

Entry Points16
Unprotected12

AJAX Handlers 12

authwp_ajax_divit_apply_promotion_codewc-divit-payment-gateway.php:70
noprivwp_ajax_divit_apply_promotion_codewc-divit-payment-gateway.php:71
authwp_ajax_divit_get_checkout_datawc-divit-payment-gateway.php:72
noprivwp_ajax_divit_get_checkout_datawc-divit-payment-gateway.php:73
authwp_ajax_divit_set_checkout_methodwc-divit-payment-gateway.php:74
noprivwp_ajax_divit_set_checkout_methodwc-divit-payment-gateway.php:75
authwp_ajax_divit_get_user_profilewc-divit-payment-gateway.php:76
noprivwp_ajax_divit_get_user_profilewc-divit-payment-gateway.php:77
authwp_ajax_divit_express_checkoutwc-divit-payment-gateway.php:78
noprivwp_ajax_divit_express_checkoutwc-divit-payment-gateway.php:79
authwp_ajax_divit_get_installation_statuswc-divit-payment-gateway.php:80
noprivwp_ajax_divit_get_installation_statuswc-divit-payment-gateway.php:81

Shortcodes 4

[divit_earn_miles_tag] payment-gateway.php:109
[divit_earn_miles_tag_product_in_cart] payment-gateway.php:110
[divit_earn_miles_tag_in_cart] payment-gateway.php:111
[divit_login_button] payment-gateway.php:112
WordPress Hooks 22
actionbefore_woocommerce_initpayment-gateway.php:78
filterwoocommerce_payment_gatewayspayment-gateway.php:85
actionwoocommerce_blocks_loadedpayment-gateway.php:86
actionwp_enqueue_scriptspayment-gateway.php:89
actionadmin_enqueue_scriptspayment-gateway.php:90
filterwoocommerce_gateway_iconpayment-gateway.php:91
actionwp_headpayment-gateway.php:94
actionwoocommerce_after_shop_loop_item_titlepayment-gateway.php:97
actionwoocommerce_before_add_to_cart_buttonpayment-gateway.php:98
actionwoocommerce_after_add_to_cart_formpayment-gateway.php:99
actionwoocommerce_widget_shopping_cart_totalpayment-gateway.php:100
actionwoocommerce_proceed_to_checkoutpayment-gateway.php:101
filterwoocommerce_order_button_htmlpayment-gateway.php:102
filterwoocommerce_thankyou_order_received_textpayment-gateway.php:104
actionwoocommerce_email_after_order_tablepayment-gateway.php:105
actionwoocommerce_thankyoupayment-gateway.php:106
filterwp_nav_menu_itemspayment-gateway.php:125
actionwoocommerce_blocks_payment_method_type_registrationpayment-gateway.php:143
actionplugins_loadedpayment-gateway.php:260
actionwoocommerce_api_callback_divit_paymentwc-divit-payment-gateway.php:84
actionwoocommerce_api_divit_auth_loginwc-divit-payment-gateway.php:85
actionwoocommerce_api_divit_auth_logoutwc-divit-payment-gateway.php:86

Scheduled Events 1

divit_cron_jobs
Maintenance & Trust

Divit Payment Gateway Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedMay 23, 2025
PHP min version5.4
Downloads3K

Community Trust

Rating100/100
Number of ratings1
Active installs10
Developer Profile

Divit Payment Gateway Developer Profile

Julian Anderson

1 plugin · 10 total installs

88
trust score
Avg Security Score
92/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Divit Payment Gateway

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/divit-rewards-and-payment-gateway/assets/css/divit-gateway.css/wp-content/plugins/divit-rewards-and-payment-gateway/assets/css/rangeslider.css/wp-content/plugins/divit-rewards-and-payment-gateway/assets/js/rangeslider.min.js/wp-content/plugins/divit-rewards-and-payment-gateway/assets/js/divit-gateway.js
Script Paths
/wp-content/plugins/divit-rewards-and-payment-gateway/assets/js/rangeslider.min.js/wp-content/plugins/divit-rewards-and-payment-gateway/assets/js/divit-gateway.js
Version Parameters
divit-rewards-and-payment-gateway/assets/css/divit-gateway.css?ver=divit-rewards-and-payment-gateway/assets/css/rangeslider.css?ver=divit-rewards-and-payment-gateway/assets/js/rangeslider.min.js?ver=divit-rewards-and-payment-gateway/assets/js/divit-gateway.js?ver=

HTML / DOM Fingerprints

CSS Classes
divit-earn-miles-messagedivit-promo-code-wrapper
HTML Comments
Divit Payment Gateway For WooCommerceAdd Divit Payment Gateway LogoDivit Express Checkout ButtonDivit Cart Earn Miles Message+2 more
Data Attributes
data-divit-amountdata-divit-currencydata-divit-product-iddata-divit-earn-miles-tag
JS Globals
wcdivit
Shortcode Output
[divit_earn_miles_tag][divit_earn_miles_tag_product_in_cart][divit_earn_miles_tag_in_cart][divit_login_button]
FAQ

Frequently Asked Questions about Divit Payment Gateway