Does EpassCard have any unpatched vulnerabilities?

No. All known vulnerabilities in EpassCard have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is EpassCard compatible with WordPress 6.9.4?

According to WordPress.org data, EpassCard 1.0.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is EpassCard compatible with PHP 7.2+?

EpassCard requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is EpassCard updated?

EpassCard was last updated on Dec 17, 2025. Frequent updates are generally a positive security signal.

What is EpassCard's security score?

EpassCard has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

EpassCard Security & Risk Analysis

wordpress.org/plugins/epasscard

Create digital wallet passes for Apple Wallet, Google Wallet, and EpassCard.

10 active installs v1.0.0 PHP 7.2+ WP 5.6+ Updated Dec 17, 2025

apple-walletgift-cardgoogle-walletpassbookwallet

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is EpassCard Safe to Use in 2026?

Generally Safe

Score 100/100

EpassCard has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago

Risk Assessment

The epasscard plugin v1.0.0 exhibits a generally strong security posture based on the provided static analysis. The plugin effectively utilizes prepared statements for all SQL queries and demonstrates excellent output escaping practices, with nearly all outputs properly escaped. Furthermore, the absence of known CVEs and a clean vulnerability history suggest diligent security awareness from the developers. The plugin also implements nonce checks and capability checks where appropriate, contributing to a more secure design.

However, the presence of 8 AJAX handlers, while all reportedly having authentication checks, represents a significant attack surface that warrants careful monitoring. The plugin's reliance on an external HTTP request also introduces potential risks if the external service is compromised or unavailable. While the taint analysis shows no critical or high severity unsanitized flows, the sheer number of AJAX entry points without a clear indication of granular permission checks across all of them remains a potential area for further scrutiny. The bundled Select2 library, while not flagged for an issue, is an external component that should be kept updated independently.

In conclusion, epasscard v1.0.0 appears to be a well-developed plugin with a commendable focus on secure coding practices. The lack of historical vulnerabilities is a positive indicator. The primary areas for attention are the management of its AJAX attack surface and awareness of any potential risks associated with external HTTP requests. Continuous monitoring and updates, especially for bundled libraries, will be crucial for maintaining this strong security posture.

Key Concerns

8 AJAX handlers represent a large attack surface
One external HTTP request
Bundled library (Select2)

Vulnerabilities

None known

EpassCard Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

EpassCard Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

259 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2

Output Escaping

99% escaped262 total outputs

Data Flows

All sanitized

Data Flow Analysis

6 flows

<pass-template-list> (includes\admin\admin-display\pass-template-list.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

EpassCard Attack Surface

Entry Points8

Unprotected0

AJAX Handlers 8

authwp_ajax_epassc_connectincludes\admin\class-epasscard-admin-ajax.php:11

authwp_ajax_epassc_templates_callbackincludes\admin\class-epasscard-admin-ajax.php:14

noprivwp_ajax_epassc_templates_callbackincludes\admin\class-epasscard-admin-ajax.php:15

authwp_ajax_epassc_create_pass_templateincludes\admin\class-epasscard-admin-ajax.php:18

noprivwp_ajax_epassc_create_pass_templateincludes\admin\class-epasscard-admin-ajax.php:19

authwp_ajax_epassc_get_locationincludes\admin\class-epasscard-admin-ajax.php:22

noprivwp_ajax_epassc_get_locationincludes\admin\class-epasscard-admin-ajax.php:23

authwp_ajax_epassc_update_api_key_manuallyincludes\admin\class-epasscard-admin-ajax.php:26

WordPress Hooks 6

actionplugins_loadedepasscard.php:39

actionadmin_footerincludes\admin\class-epasscard-footer.php:8

actionadmin_menuincludes\admin\class-epasscard-menu.php:11

actionadmin_enqueue_scriptsincludes\class-epasscard-assets.php:11

actioninitincludes\class-epasscard.php:24

actionepassc_refresh_eventincludes\class-epasscard.php:28

Scheduled Events 3

epassc_refresh_event

Maintenance & Trust

EpassCard Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 17, 2025

PHP min version7.2

Downloads330

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

EpassCard Alternatives

DL Gift Wallet

dl-gift-wallet

100

Let customers buy gift credit that’s added directly to the recipient’s account as store credit, usable on both one-off orders and subscriptions.

0 No CVEs

PW WooCommerce Gift Cards

pw-woocommerce-gift-cards

100

Sell gift cards to your WooCommerce store, in just a few minutes!

20K No CVEs

Wallet for WooCommerce

woo-wallet

A extendable WooCommerce wallet system which support payment, partial payment, cashback reward program as well as refund for your WooCommerce store.

20K 7 CVEs

YITH WooCommerce Gift Cards

yith-woocommerce-gift-cards

The essential tool for selling gift cards in your store, increasing your conversion rate and attracting new customers.

10K 2 CVEs

Ultimate Gift Cards for WooCommerce

woo-gift-cards-lite

Create, sell and manage WooCommerce gift cards to attract more sales and multiply your revenue at your online store.

7K 3 CVEs

Developer Profile

EpassCard Developer Profile

WebCartisan

4 plugins · 370 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect EpassCard

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/epasscard/assets/css/epasscard-admin.css/wp-content/plugins/epasscard/assets/css/epasscard-admin-responsive.css/wp-content/plugins/epasscard/assets/css/select2.min.css/wp-content/plugins/epasscard/assets/css/croppie.css/wp-content/plugins/epasscard/assets/css/jquery-ui.css/wp-content/plugins/epasscard/assets/css/evol-colorpicker.min.css/wp-content/plugins/epasscard/assets/js/epasscard-admin.js/wp-content/plugins/epasscard/assets/js/lockscreen.js+11 more

Script Paths

assets/js/epasscard-admin.jsassets/js/lockscreen.jsassets/js/epasscard-setting.jsassets/js/epasscard-admin-javascript.jsassets/js/epasscard-info.jsassets/js/epasscard-back-fields-script.js+7 more

Version Parameters

epasscard/style.css?ver=epasscard/responsive.css?ver=select2.min.css?ver=croppie.css?ver=jquery-ui.css?ver=evol-colorpicker.min.css?ver=epasscard/admin.js?ver=lockscreen.js?ver=epasscard-setting.js?ver=epasscard-admin-javascript.js?ver=epasscard-info.js?ver=epasscard-back-fields-script.js?ver=epasscard-additional-fields.js?ver=epasscard-auxiliary-fields.js?ver=epasscard-image-script.js?ver=select2.min.js?ver=croppie.min.js?ver=evol-colorpicker.min.js?ver=epasscard-connection.js?ver=

HTML / DOM Fingerprints

CSS Classes

epasscard-admin-cssepasscard-admin-responsive-cssselect-2-csscropper-cssjquery-uicolor-picker-cssepasscard-admin-jslockscreen-js+11 more

Data Attributes

epasscard_admin

JS Globals