WP-Safety

PayU Purchase Security & Risk Analysis

wordpress.org/plugins/estrx-payu-purchase

Plug-in do a purchase in case you have PayU account

0 active installs v1.0 PHP 5.6+ WP 4.0+ Updated May 25, 2018
e-strixfakturypayupurchaseplatnosci
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is PayU Purchase Safe to Use in 2026?

Generally Safe

Score 85/100

PayU Purchase has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago
Risk Assessment

The "estrx-payu-purchase" plugin v1.0 presents a mixed security posture. While the absence of known CVEs and a low percentage of raw SQL queries are positive indicators, significant security concerns arise from the static analysis. The presence of two REST API routes without permission callbacks creates a direct attack surface that could be exploited. Furthermore, the taint analysis revealing two flows with unsanitized paths, classified as high severity, are critical vulnerabilities that require immediate attention. These unsanitized paths can lead to various injection attacks if user-supplied data is not properly validated and escaped before use.

The vulnerability history indicates a clean record, which might suggest that past development followed good practices or that the plugin hasn't been extensively targeted or analyzed. However, the current static analysis highlights immediate risks that overshadow this historical data. The plugin's strengths lie in its avoidance of dangerous functions and file operations, and its use of prepared statements for the majority of SQL queries. Nevertheless, the unprotected REST API endpoints and the identified unsanitized taint flows represent serious weaknesses that could be exploited to compromise the website or its data.

Key Concerns

  • REST API routes without permission callbacks
  • Taint flows with unsanitized paths (High severity)
  • Lack of Nonce checks
  • Output escaping (57% properly escaped)
Vulnerabilities
None known

PayU Purchase Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

PayU Purchase Code Analysis

Dangerous Functions
0
Raw SQL Queries
4
26 prepared
Unescaped Output
3
4 escaped
Nonce Checks
0
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

87% prepared30 total queries

Output Escaping

57% escaped7 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
estrx_payu_purchase_entries (strx_payu_purchase.php:119)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

PayU Purchase Attack Surface

Entry Points3
Unprotected2

REST API Routes 2

GET/wp-json/estrx-payu-purchase/v1/signature/(?P<price>\d+)/(?P<email>\S+)/(?P<inid>\S+)includes\restapi\strx_payu_purchase_conroller.php:17
GET/wp-json/estrx-payu-purchase/v1/finalize/(?P<esp>\d+)/(?P<esi>\S+)/(?P<error>\S+)includes\restapi\strx_payu_purchase_conroller.php:39

Shortcodes 1

[payu_purchase] includes\shortcode\strx_payu_purchase_shortcode.php:238
WordPress Hooks 4
filterinitstrx_payu_purchase.php:34
actionrest_api_initstrx_payu_purchase.php:90
actionadmin_menustrx_payu_purchase.php:100
actioninitstrx_payu_purchase.php:114
Maintenance & Trust

PayU Purchase Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29
Last updatedMay 25, 2018
PHP min version5.6
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

PayU Purchase Alternatives

PayU GPO Payment for WooCommerce

PayU GPO Payment for WooCommerce

woo-payu-payment-gateway

A
100

PayU fast online payments for WooCommerce. Banks, BLIK, credit or debit cards, Installments, Apple Pay, Google Pay.

10K No CVEs
Min and Max Quantity for WooCommerce

Min and Max Quantity for WooCommerce

minmax-quantity-for-woocommerce

A
100

Min and Max Quantity for WooCommerce - set limits for cost of products in orders and in groups and limits for quantity of products, product variations &hellip;

20K No CVEs
ATUM WooCommerce Inventory Management and Stock Tracking

ATUM WooCommerce Inventory Management and Stock Tracking

atum-stock-manager-for-woocommerce

A
100

WooCommerce Full Inventory Management, Purchase Orders, Suppliers, Inbound Stock, Inventory Logs, WooCommerce Sales Statistics, and More.

10K No CVEs
Min Max Quantities – Set Minimum/Maximum Quantity & Price Limits with Step Control for WooCommerce

Min Max Quantities – Set Minimum/Maximum Quantity & Price Limits with Step Control for WooCommerce

wc-min-max-quantities

A
100

Set minimum and maximum order quantities or amounts for individual products, categories, or globally, with quantity-step control for WooCommerce store &hellip;

10K No CVEs
Min Max Control – Min Max Quantity & Step Control for WooCommerce

Min Max Control – Min Max Quantity & Step Control for WooCommerce

woo-min-max-quantity-step-control-single

A
100

Min Max Control plugin offers to set product's minimum, maximum quantity and step of each product individually.

10K 1 CVE
Developer Profile

PayU Purchase Developer Profile

kamilmucik

1 plugin · 0 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect PayU Purchase

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

REST Endpoints
/wp-json/estrx-payu-purchase/v1
FAQ

Frequently Asked Questions about PayU Purchase