EasyTransac for WooCommerce Security & Risk Analysis

wordpress.org/plugins/easytransac

EasyTransac payment gateway for WooCommerce: Credit Card, SEPA, Pay By Bank, One-Click, Subscriptions, Unified Checkout and WooCommerce Blocks support …

90 active installs v3.0.3 PHP 7.4+ WP 5.8+ Updated Apr 13, 2026
checkoutencaissementmoyen-de-paiementpaymentpayment-pro
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is EasyTransac for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

EasyTransac for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago
Risk Assessment

The "easytransac" plugin v3.0.1 presents a generally positive security posture based on the static analysis. The absence of identified AJAX handlers, REST API routes, and shortcodes significantly limits the potential attack surface. Furthermore, the code demonstrates good practices by exclusively using prepared statements for SQL queries and a high percentage of properly escaped output, reducing the risk of SQL injection and cross-site scripting (XSS) vulnerabilities. The lack of external HTTP requests and bundled libraries also mitigates risks associated with those areas.

However, the static analysis does reveal some areas of concern. The complete absence of nonce checks and capability checks, particularly in conjunction with a registered cron event, is a significant weakness. This means that the cron event could potentially be triggered by an unauthenticated or unauthorized user, leading to unintended actions or information disclosure if the cron event's functionality is sensitive. The taint analysis results are favorable, showing no unsanitized paths, but this is based on a limited scope of analysis (0 flows analyzed), so it cannot be considered a definitive absence of taint issues.

The plugin's vulnerability history is remarkably clean, with zero recorded CVEs. This suggests a history of secure development or at least effective patching. However, the lack of historical data also means we cannot definitively extrapolate long-term security trends beyond what the static analysis shows. In conclusion, while the plugin exhibits strong coding practices in key areas like SQL handling and output escaping, the lack of authentication and authorization checks on its entry points, especially the cron event, represents a notable security risk that should be addressed.

Key Concerns

  • Missing nonce checks
  • Missing capability checks
  • Cron event without auth checks
  • Limited taint analysis scope
Vulnerabilities
None known

EasyTransac for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

EasyTransac for WooCommerce Release Timeline

v3.0.3Current
v3.0.2
v3.0.1
v3.0.0
v2.97
v2.96
v2.95
v2.94
v2.93
v2.92
v2.91
v2.9
v2.8
v2.7
v2.6
v2.4
v2.3
v2.2
v2.1
v1.9
Code Analysis
Analyzed Mar 16, 2026

EasyTransac for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
9
58 escaped
Nonce Checks
0
Capability Checks
0
File Operations
2
External Requests
0
Bundled Libraries
0

Output Escaping

87% escaped67 total outputs
Attack Surface

EasyTransac for WooCommerce Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 47
actionadmin_noticeseasytransac-woocommerce.php:57
actionbefore_woocommerce_initeasytransac-woocommerce.php:70
actionadmin_enqueue_scriptseasytransac-woocommerce.php:86
actionplugins_loadedeasytransac-woocommerce.php:141
actionwp_enqueue_scriptsincludes\Gateway\Submethod\CardGateway.php:63
filterwoocommerce_gateway_iconincludes\Gateway\Submethod\CardGateway.php:66
actionadmin_noticesincludes\Gateway\UnifiedGateway.php:161
actionadmin_noticesincludes\Gateway\UnifiedGateway.php:162
actionwoocommerce_subscription_status_pending-cancelincludes\Gateway\UnifiedGateway.php:164
actionwoocommerce_checkout_subscription_createdincludes\Gateway\UnifiedGateway.php:176
filterwcs_set_payment_method_for_subscriptionincludes\Gateway\UnifiedGateway.php:178
actionwcs_renewal_order_createdincludes\Gateway\UnifiedGateway.php:179
filterwc_subscriptions_renewal_order_dataincludes\Gateway\UnifiedGateway.php:180
actionwp_enqueue_scriptsincludes\Gateway\UnifiedGateway.php:182
filterwoocommerce_available_payment_gatewaysincludes\Gateway\UnifiedGateway.php:183
actionwp_enqueue_scriptsincludes\Gateway\UnifiedGateway.php:203
actionwpincludes\Helpers\HelpersElements.php:13
actionwpincludes\Helpers\HelpersElements.php:14
actionwpincludes\Helpers\HelpersElements.php:15
actionwp_headincludes\Helpers\HelpersElements.php:313
actioneasytransac_cancel_unpaid_orders_eventincludes\Hooks\StockCancelHook.php:21
actionplugins_loadedincludes\Plugin\PluginDependance.php:39
actionbefore_woocommerce_initincludes\Plugin\PluginDependance.php:42
actionadmin_initincludes\Plugin\PluginDependance.php:45
actionwoocommerce_before_thankyouincludes\Plugin\PluginDependance.php:51
actionadmin_enqueue_scriptsincludes\Plugin\PluginDependance.php:54
actionwp_enqueue_scriptsincludes\Plugin\PluginDependance.php:57
filtermanage_edit-shop_order_columnsincludes\Plugin\PluginDependance.php:98
actionmanage_shop_order_posts_custom_columnincludes\Plugin\PluginDependance.php:99
filtermanage_edit-shop_subscription_columnsincludes\Plugin\PluginDependance.php:102
actionmanage_shop_subscription_posts_custom_columnincludes\Plugin\PluginDependance.php:103
filtermanage_woocommerce_page_wc-orders_columnsincludes\Plugin\PluginDependance.php:106
actionmanage_woocommerce_page_wc-orders_custom_columnincludes\Plugin\PluginDependance.php:107
filtermanage_woocommerce_page_wc-orders--shop_subscription_columnsincludes\Plugin\PluginDependance.php:110
actionmanage_woocommerce_page_wc-orders--shop_subscription_custom_columnincludes\Plugin\PluginDependance.php:111
actionwoocommerce_api_easytransacincludes\Plugin\PluginHook.php:41
actionwoocommerce_api_easytransac-sddincludes\Plugin\PluginHook.php:45
actionwoocommerce_api_easytransac-paybybankincludes\Plugin\PluginHook.php:48
actiontemplate_redirectincludes\Plugin\PluginHook.php:53
actioninitincludes\Plugin\PluginHook.php:56
actionwoocommerce_subscription_status_cancelledincludes\Plugin\PluginHook.php:59
actionwoocommerce_order_status_changedincludes\Plugin\PluginHook.php:60
actionplugins_loadedincludes\Plugin\PluginHook.php:63
filterwoocommerce_payment_gatewaysincludes\Plugin.php:51
actioninitincludes\Plugin.php:64
actionwoocommerce_scheduled_subscription_paymentincludes\Plugin.php:82
actionwoocommerce_blocks_payment_method_type_registrationincludes\Plugin.php:316

Scheduled Events 1

easytransac_cancel_unpaid_orders_event
Maintenance & Trust

EasyTransac for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 13, 2026
PHP min version7.4
Downloads12K

Community Trust

Rating74/100
Number of ratings3
Active installs90
Developer Profile

EasyTransac for WooCommerce Developer Profile

Easytransac

1 plugin · 90 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect EasyTransac for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/easytransac/assets/admin/css/custom-admin.css/wp-content/plugins/easytransac/assets/admin/js/setting-gateway.js/wp-content/plugins/easytransac/assets/admin/js/admin-unified.js
Script Paths
/wp-content/plugins/easytransac/assets/admin/js/setting-gateway.js/wp-content/plugins/easytransac/assets/admin/js/admin-unified.js

HTML / DOM Fingerprints

CSS Classes
et-oc-headet-oneclicket-oc-listet-oc-actionset-oc-use-new
Data Attributes
data-easytransac-gateway-url
JS Globals
EasytransacGateways
FAQ

Frequently Asked Questions about EasyTransac for WooCommerce