Does ECPay Ecommerce for WooCommerce have any unpatched vulnerabilities?

No. All known vulnerabilities in ECPay Ecommerce for WooCommerce have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is ECPay Ecommerce for WooCommerce compatible with WordPress 6.5.8?

According to WordPress.org data, ECPay Ecommerce for WooCommerce 1.1.2510300 has been tested up to WordPress 6.5.8. Check the plugin's changelog for the latest compatibility information.

Is ECPay Ecommerce for WooCommerce compatible with PHP 8.2+?

ECPay Ecommerce for WooCommerce requires PHP 8.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is ECPay Ecommerce for WooCommerce updated?

ECPay Ecommerce for WooCommerce was last updated on Nov 3, 2025. Frequent updates are generally a positive security signal.

What is ECPay Ecommerce for WooCommerce's security score?

ECPay Ecommerce for WooCommerce has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

ECPay Ecommerce for WooCommerce Security & Risk Analysis

wordpress.org/plugins/ecpay-ecommerce-for-woocommerce

綠界科技外掛套件，提供合作特店以及個人賣家使用開放原始碼商店系統時，無須自行處理複雜的檢核，直接透過安裝設定外掛套件，便可快速介接綠界科技系統，進行金流、物流、電子發票操作。

1K active installs v1.1.2510300 PHP 8.2+ WP 6.0+ Updated Nov 3, 2025

cartcheckoutecpaypaymentshop

A · Safe

CVEs total1

Unpatched0

Last CVEJan 30, 2025

Plugin page Download

Safety Verdict

Is ECPay Ecommerce for WooCommerce Safe to Use in 2026?

Generally Safe

Score 99/100

ECPay Ecommerce for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jan 30, 2025Updated 5mo ago

Risk Assessment

The plugin 'ecpay-ecommerce-for-woocommerce' v1.1.2510300 exhibits a mixed security posture. While it demonstrates good practices in utilizing prepared statements for SQL queries and a high percentage of properly escaped outputs, significant concerns arise from its attack surface and taint analysis. The presence of 5 AJAX handlers, with a concerning 4 lacking proper authentication checks, creates a large entry point for potential unauthorized actions. The taint analysis reveals 11 flows with unsanitized paths and 5 high-severity flows, indicating potential vulnerabilities where user-supplied data could be processed in an insecure manner, even if these are not immediately translating to SQL injection or XSS based on the 'Dangerous functions' signal. The vulnerability history, while currently showing no unpatched CVEs and a single medium severity vulnerability in the past related to missing authorization, suggests a recurring pattern of authorization issues. This, combined with the current lack of robust authentication on a majority of its AJAX endpoints, points to a persistent risk that needs careful monitoring and remediation.

Key Concerns

AJAX handlers without auth checks
High severity taint flows found
Flows with unsanitized paths
Past missing authorization vulnerability
Limited nonce checks
Limited capability checks

Vulnerabilities

ECPay Ecommerce for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2024-13652medium · 4.3Missing Authorization

ECPay Ecommerce for WooCommerce <= 1.1.2411060 - Missing Authorization to Authenticated (Subscriber+) Log Deletion

Jan 30, 2025 Patched in 1.1.2502030 (16d)

Code Analysis

Analyzed Mar 16, 2026

ECPay Ecommerce for WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

24 prepared

Unescaped Output

198 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

jQuery

SQL Query Safety

89% prepared27 total queries

Output Escaping

73% escaped273 total outputs

Data Flows

11 unsanitized

Data Flow Analysis

12 flows11 with unsanitized paths

map_response (includes\services\logistic\ecpay-logistic-response.php:23)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

4 unprotected

ECPay Ecommerce for WooCommerce Attack Surface

Entry Points5

Unprotected4

AJAX Handlers 5

authwp_ajax_duplicate_payment_completeadmin\order\class-wooecpay-order.php:38

authwp_ajax_send_logistic_order_actionadmin\order\class-wooecpay-order.php:43

authwp_ajax_send_invoice_createadmin\order\class-wooecpay-order.php:56

authwp_ajax_send_invoice_invalidadmin\order\class-wooecpay-order.php:59

authwp_ajax_clear_ecpay_debug_logadmin\order\class-wooecpay-order.php:69

WordPress Hooks 66

actionadmin_enqueue_scriptsadmin\order\class-wooecpay-order.php:26

actionwoocommerce_admin_billing_fieldsadmin\order\class-wooecpay-order.php:29

actionwoocommerce_admin_order_data_after_billing_addressadmin\order\class-wooecpay-order.php:30

actionwoocommerce_admin_order_data_after_order_detailsadmin\order\class-wooecpay-order.php:32

actionwoocommerce_admin_order_data_after_order_detailsadmin\order\class-wooecpay-order.php:33

actionwoocommerce_admin_order_data_after_order_detailsadmin\order\class-wooecpay-order.php:34

actionmanage_shop_order_posts_custom_columnadmin\order\class-wooecpay-order.php:36

actionwoocommerce_admin_order_data_after_shipping_addressadmin\order\class-wooecpay-order.php:42

actionwoocommerce_process_shop_order_metaadmin\order\class-wooecpay-order.php:45

actionpre_post_updateadmin\order\class-wooecpay-order.php:48

actionwoocommerce_admin_order_data_after_billing_addressadmin\order\class-wooecpay-order.php:53

actionwoocommerce_order_status_cancelledadmin\order\class-wooecpay-order.php:63

actionwoocommerce_order_status_refundedadmin\order\class-wooecpay-order.php:64

actionwoocommerce_order_status_processingadmin\order\class-wooecpay-order.php:75

actionadmin_enqueue_scriptsadmin\settings\class-wooecpay-setting-main.php:13

actionwoocommerce_loadedadmin\settings\class-wooecpay-setting.php:7

filterwoocommerce_settings_tabs_arrayadmin\settings\class-wooecpay-setting.php:9

filterwoocommerce_get_settings_pagesadmin\settings\class-wooecpay-setting.php:10

actionplugins_loadedecpay-ecommerce-for-woocommerce.php:34

actionupgrader_process_completeecpay-ecommerce-for-woocommerce.php:61

actionwoocommerce_loadedecpay-ecommerce-for-woocommerce.php:62

actionplugins_loadedecpay-ecommerce-for-woocommerce.php:63

actionadmin_noticesecpay-ecommerce-for-woocommerce.php:66

actionbefore_woocommerce_initecpay-ecommerce-for-woocommerce.php:79

actionwoocommerce_blocks_loadedincludes\services\invoice\checkout-blocks-initialize.php:7

actionwoocommerce_blocks_checkout_block_registrationincludes\services\invoice\checkout-blocks-initialize.php:11

actionwp_enqueue_scriptsincludes\services\invoice\class-blocks-integration.php:27

actionadmin_enqueue_scriptsincludes\services\invoice\class-blocks-integration.php:28

actionenqueue_block_editor_assetsincludes\services\invoice\class-blocks-integration.php:29

filterwoocommerce_checkout_fieldsincludes\services\invoice\class-wooecpay-invoice.php:18

actionwoocommerce_checkout_processincludes\services\invoice\class-wooecpay-invoice.php:21

actionwoocommerce_checkout_create_orderincludes\services\invoice\class-wooecpay-invoice.php:22

actionwoocommerce_store_api_checkout_update_order_from_requestincludes\services\invoice\class-wooecpay-invoice.php:25

actionwp_enqueue_scriptsincludes\services\invoice\class-wooecpay-invoice.php:27

actionwoocommerce_api_wooecpay_invoice_delay_issue_callbackincludes\services\invoice\ecpay-invoice-response.php:14

filterwoocommerce_shipping_methodsincludes\services\logistic\class-wooecpay-logistic.php:14

actionwoocommerce_shipping_initincludes\services\logistic\class-wooecpay-logistic.php:15

filtersanitize_option_wooecpay_logistic_sender_nameincludes\services\logistic\class-wooecpay-logistic.php:18

filterwoocommerce_available_payment_gatewaysincludes\services\logistic\class-wooecpay-logistic.php:20

filterwoocommerce_checkout_fieldsincludes\services\logistic\class-wooecpay-logistic.php:23

actionwoocommerce_checkout_create_orderincludes\services\logistic\class-wooecpay-logistic.php:24

actionwoocommerce_checkout_update_order_metaincludes\services\logistic\class-wooecpay-logistic.php:28

actionwoocommerce_store_api_checkout_update_order_from_requestincludes\services\logistic\class-wooecpay-logistic.php:30

actionwoocommerce_after_checkout_validationincludes\services\logistic\class-wooecpay-logistic.php:33

actionwoocommerce_store_api_checkout_update_order_from_requestincludes\services\logistic\class-wooecpay-logistic.php:35

actionadmin_noticesincludes\services\logistic\class-wooecpay-logistic.php:186

actionwoocommerce_api_wooecpay_logistic_map_callbackincludes\services\logistic\ecpay-logistic-response.php:14

actionwoocommerce_api_wooecpay_change_logistic_map_callbackincludes\services\logistic\ecpay-logistic-response.php:15

actionwoocommerce_api_wooecpay_logistic_status_callbackincludes\services\logistic\ecpay-logistic-response.php:16

filterwoocommerce_payment_gatewaysincludes\services\payment\class-wooecpay-gateway.php:9

actionwoocommerce_loadedincludes\services\payment\class-wooecpay-gateway.php:10

actionwoocommerce_blocks_loadedincludes\services\payment\class-wooecpay-gateway.php:11

actionwoocommerce_email_after_order_tableincludes\services\payment\class-wooecpay-gateway.php:15

actionwoocommerce_blocks_payment_method_type_registrationincludes\services\payment\class-wooecpay-gateway.php:72

actionwoocommerce_api_wooecpay_logistic_redirect_mapincludes\services\payment\ecpay-gateway-base.php:19

actionadmin_enqueue_scriptsincludes\services\payment\ecpay-gateway-dca.php:43

actionwoocommerce_api_wooecpay_payment_callbackincludes\services\payment\ecpay-gateway-response.php:17

actionwoocommerce_api_wc_gateway_ecpayincludes\services\payment\ecpay-gateway-response.php:21

actionwoocommerce_api_wc_gateway_ecpay_dcaincludes\services\payment\ecpay-gateway-response.php:22

filterwoocommerce_checkout_fieldsincludes\services\payment\woocommerce-gateway-cod.php:13

actionwoocommerce_thankyou_codincludes\services\payment\woocommerce-gateway-cod.php:14

filterwoocommerce_cod_process_payment_order_statusincludes\services\payment\woocommerce-gateway-cod.php:15

filterwoocommerce_get_checkout_order_received_urlincludes\services\payment\woocommerce-gateway-cod.php:17

actionwoocommerce_api_wooecpay_logistic_redirect_map_preprocessorincludes\services\payment\woocommerce-gateway-cod.php:18

actionwoocommerce_api_wooecpay_logistic_map_responseincludes\services\payment\woocommerce-gateway-cod.php:19

actionwoocommerce_api_wooecpay_logistic_cancel_order_codincludes\services\payment\woocommerce-gateway-cod.php:20

Maintenance & Trust

ECPay Ecommerce for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8

Last updatedNov 3, 2025

PHP min version8.2

Downloads15K

Community Trust

Rating0/100

Number of ratings0

Active installs1K

Alternatives

ECPay Ecommerce for WooCommerce Alternatives

Jigoshop Credimax

jigoshop-credimax

This plugin extends the Jigoshop payment gateways to add in Credimax Payment Gateway.

10 No CVEs

FluentCart A New Era of eCommerce – Faster, Lighter, and Simpler

fluent-cart

Sell Subscriptions, Physical Products, Digital Downloads easier than ever. Built for performance, scalability, and flexibility.

4K 2 CVEs

Payment Button for PayPal

wp-paypal

Easily accept payment in WordPress by adding a PayPal button to your website. Add PayPal Buy Now, Add to Cart, Subscription or Donation button.

4K 3 CVEs

Mini Cart for WooCommerce – Add a Stylish Sliding Cart

mini-cart-for-woocommerce

100

It allows to creation of a beautiful Mini Cart on the WooCommerce site. Adds cart icon to menu and body.

600 No CVEs

BORICA Payments by BORICA AD

borica-payments

100

Simple way of receiving debit and credit card payments by virtual POS.

500 No CVEs

Developer Profile

ECPay Ecommerce for WooCommerce Developer Profile

techsupport

2 plugins · 1K total installs

trust score

Avg Security Score

92/100

Avg Patch Time

16 days

View full developer profile

Detection Fingerprints

How We Detect ECPay Ecommerce for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/ecpay-ecommerce-for-woocommerce/includes/services/helpers/logger/ecpay-logger.php/wp-content/plugins/ecpay-ecommerce-for-woocommerce/includes/services/payment/class-wooecpay-gateway.php/wp-content/plugins/ecpay-ecommerce-for-woocommerce/includes/services/logistic/class-wooecpay-logistic.php/wp-content/plugins/ecpay-ecommerce-for-woocommerce/includes/services/invoice/checkout-blocks-initialize.php/wp-content/plugins/ecpay-ecommerce-for-woocommerce/includes/services/invoice/class-wooecpay-invoice.php/wp-content/plugins/ecpay-ecommerce-for-woocommerce/admin/settings/class-wooecpay-setting.php/wp-content/plugins/ecpay-ecommerce-for-woocommerce/admin/order/class-wooecpay-order.php/wp-content/plugins/ecpay-ecommerce-for-woocommerce/includes/services/helpers/logistic/ecpay-logistic-helper.php+4 more

Generator Patterns

ECPay Ecommerce for WooCommerce 1.1.2510300

Version Parameters

ecpay-ecommerce-for-woocommerce/style.css?ver=ecpay-ecommerce-for-woocommerce/script.js?ver=

HTML / DOM Fingerprints

CSS Classes

wooecpay-order-actions

HTML Comments

Data Attributes

data-ecpay-logistic-actiondata-ecpay-duplicate-payment-action

JS Globals

window.wooecpay_settingswindow.wooecpay_ajax_object

REST Endpoints

/wp-json/wooecpay/v1/logistic/wp-json/wooecpay/v1/payment

FAQ