EPX Payment Gateway for WooCommerce Security & Risk Analysis

wordpress.org/plugins/epx-ecommerce

Accept Visa, MasterCard, American Express, Discover, JCB, Diners Club directly on your store with the EPX payment gateway for WooCommerce.

100 active installs v2.0.6 PHP 7.0+ WP 4.6+ Updated Mar 24, 2026
credit-cardsdebitepxpaymentswoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is EPX Payment Gateway for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

EPX Payment Gateway for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago
Risk Assessment

The "epx-ecommerce" v1.1.5 plugin exhibits a strong security posture in several key areas. The static analysis reveals no identified critical vulnerabilities in taint flows, no dangerous function usage, and no direct file operations. The plugin also demonstrates good practice by using prepared statements for 50% of its SQL queries and properly escaping 80% of its output. The absence of any recorded vulnerabilities or CVEs in its history further suggests a commitment to security or a lack of past exploitation.

However, there are significant concerns due to the complete absence of security checks on its entry points. With zero AJAX handlers, REST API routes, shortcodes, or cron events protected by nonces or capability checks, any functionality exposed through these mechanisms would be entirely unprotected. Furthermore, the presence of external HTTP requests without apparent authentication or validation mechanisms could pose a risk if the remote endpoint is compromised or manipulated. The lack of nonce and capability checks, in particular, is a major red flag that needs immediate attention.

In conclusion, while the plugin avoids common pitfalls like raw SQL and poorly escaped output, the total lack of access control on its potential attack surface is a critical weakness. The plugin's past vulnerability-free record is positive, but it does not mitigate the immediate risk posed by its current architecture. Addressing the unprotected entry points and the external HTTP request is paramount to improving its security.

Key Concerns

  • No nonce checks on potential entry points
  • No capability checks on potential entry points
  • 50% of SQL queries not using prepared statements
  • 20% of output not properly escaped
  • External HTTP request without apparent checks
Vulnerabilities
None known

EPX Payment Gateway for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

EPX Payment Gateway for WooCommerce Release Timeline

v1.1.5
Code Analysis
Analyzed Mar 16, 2026

EPX Payment Gateway for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
1 prepared
Unescaped Output
3
12 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
1
Bundled Libraries
0

SQL Query Safety

50% prepared2 total queries

Output Escaping

80% escaped15 total outputs
Attack Surface

EPX Payment Gateway for WooCommerce Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 3
actionplugins_loadedwoocommerce-gateway-epx.php:12
actionwoocommerce_update_options_payment_gatewayswoocommerce-gateway-epx.php:85
filterwoocommerce_payment_gatewayswoocommerce-gateway-epx.php:482
Maintenance & Trust

EPX Payment Gateway for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 24, 2026
PHP min version7.0
Downloads4K

Community Trust

Rating60/100
Number of ratings2
Active installs100
Developer Profile

EPX Payment Gateway for WooCommerce Developer Profile

ahamoudi

1 plugin · 100 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect EPX Payment Gateway for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/epx-ecommerce/assets/img/logo.jpg

HTML / DOM Fingerprints

Data Attributes
id="epx"name="woocommerce_epx"value="Credit / Debit via EPX"
JS Globals
WC_EPX
FAQ

Frequently Asked Questions about EPX Payment Gateway for WooCommerce