WP-Safety

Eway Payment Gateway Security & Risk Analysis

wordpress.org/plugins/eway-payment-gateway

Take credit card payments via Eway in some popular WordPress plugins

800 active installs v5.3.0 PHP 7.4+ WP 5.1+ Updated Dec 14, 2025
awpcpevent-espressoevents-managerewaywoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Eway Payment Gateway Safe to Use in 2026?

Generally Safe

Score 100/100

Eway Payment Gateway has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5mo ago
Risk Assessment

The "eway-payment-gateway" plugin version 5.3.0 exhibits a generally strong security posture based on the provided static analysis. The absence of known CVEs and a clean vulnerability history are significant positive indicators. The code analysis reveals no dangerous functions, all SQL queries use prepared statements, and there are no identified critical or high severity taint flows. This suggests a commitment to fundamental security practices within the plugin's development.

However, there are areas for improvement. The low percentage of properly escaped output (51%) is a notable concern, potentially exposing the application to Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is not handled with sufficient sanitization before being displayed. Additionally, the complete lack of nonce checks across all entry points (AJAX, REST API, shortcodes, cron) presents a significant risk. Without nonces, these entry points are susceptible to Cross-Site Request Forgery (CSRF) attacks, allowing attackers to trick authenticated users into performing unintended actions.

In conclusion, while the plugin benefits from a clean vulnerability history and good practices in SQL handling and taint analysis, the weak output escaping and the absence of nonce checks are critical security gaps that require immediate attention. Addressing these weaknesses will significantly enhance the plugin's overall security.

Key Concerns

  • Low percentage of properly escaped output
  • No nonce checks on entry points
Vulnerabilities
None known

Eway Payment Gateway Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Eway Payment Gateway Release Timeline

v5.3.0Current
v5.2.1
v5.2.0
v5.1.0
v5.0.2
v5.0.1
v5.0.0
v4.5.1
v4.5.0
v4.4.0
v4.3.16
v4.3.15
v4.3.14
v4.3.13
v4.3.12
v4.3.11
v4.3.10
v4.3.9
v4.3.8
v4.3.7
Code Analysis
Analyzed Mar 16, 2026

Eway Payment Gateway Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
4 prepared
Unescaped Output
85
89 escaped
Nonce Checks
0
Capability Checks
2
File Operations
11
External Requests
2
Bundled Libraries
0

SQL Query Safety

100% prepared4 total queries

Output Escaping

51% escaped174 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
redirect_ssl (includes\integrations\class.EventsManager.php:153)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Eway Payment Gateway Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 50
actionadmin_noticeseway-payment-gateway.php:47
actionplugins_loadedincludes\bootstrap.php:26
actioninitincludes\class.Plugin.php:39
filterplugin_row_metaincludes\class.Plugin.php:40
actionwp_enqueue_scriptsincludes\class.Plugin.php:46
filterwpsc_merchants_modulesincludes\class.Plugin.php:49
actionAHEE__EE_System__load_espresso_addonsincludes\class.Plugin.php:50
actionplugins_loadedincludes\class.Plugin.php:51
actionplugins_loadedincludes\class.Plugin.php:52
actionem_gateways_initincludes\class.Plugin.php:53
actionadmin_noticesincludes\class.Requires.php:23
filterawpcp-register-payment-methodsincludes\integrations\class.AWPCP.php:29
actionawpcp_register_settingsincludes\integrations\class.AWPCP.php:30
actionadmin_print_styles-classified-ads_page_awpcp-admin-settingsincludes\integrations\class.AWPCP.php:31
actionadmin_print_footer_scripts-classified-ads_page_awpcp-admin-settingsincludes\integrations\class.AWPCP.php:32
actionadmin_head-classified-ads_page_awpcp-admin-settingsincludes\integrations\class.AWPCP.php:53
actionadmin_noticesincludes\integrations\class.AWPCP.php:61
actionwp_enqueue_scriptsincludes\integrations\class.AWPCP.php:311
actionwp_footerincludes\integrations\class.AWPCP.php:312
actionadmin_print_footer_scriptsincludes\integrations\class.EventsManager-admin.php:43
actionadmin_print_styles-event_page_events-manager-gatewaysincludes\integrations\class.EventsManager.php:52
actionem_cart_js_footerincludes\integrations\class.EventsManager.php:55
actionem_booking_js_footerincludes\integrations\class.EventsManager.php:56
filterem_wp_localize_scriptincludes\integrations\class.EventsManager.php:60
filterem_booking_form_action_urlincludes\integrations\class.EventsManager.php:61
actiontemplate_redirectincludes\integrations\class.EventsManager.php:66
filterem_booking_validateincludes\integrations\class.EventsManager.php:72
filterem_multiple_booking_validateincludes\integrations\class.EventsManager.php:73
filterem_multiple_booking_saveincludes\integrations\class.EventsManager.php:185
filterem_booking_saveincludes\integrations\class.EventsManager.php:188
actionwp_footerincludes\integrations\class.EventsManager.php:309
filterwoocommerce_payment_gatewaysincludes\integrations\class.WooCommerce.php:27
actionbefore_woocommerce_initincludes\integrations\class.WooCommerce.php:28
filterwoocommerce_available_payment_gatewaysincludes\integrations\class.WooCommerce.php:79
actionwoocommerce_settings_checkoutincludes\integrations\class.WooCommerce.php:81
filterwoocommerce_credit_card_form_fieldsincludes\integrations\class.WooCommerce.php:86
actionwoocommerce_credit_card_form_startincludes\integrations\class.WooCommerce.php:87
actionwoocommerce_credit_card_form_endincludes\integrations\class.WooCommerce.php:88
filterwoocommerce_email_order_meta_fieldsincludes\integrations\class.WooCommerce.php:94
actionadmin_print_footer_scriptsincludes\integrations\class.WooCommerce.php:321
actionwp_footerincludes\integrations\class.WooCommerce.php:408
actionwpsc_before_shopping_cart_pageincludes\integrations\class.WPeCommerce.php:48
actionwpsc_billing_details_bottomincludes\integrations\class.WPeCommerce.php:52
actionadmin_print_footer_scripts-settings_page_wpsc-settingsincludes\integrations\class.WPeCommerce.php:53
actionwp_footerincludes\integrations\class.WPeCommerce.php:434
actionAHEE__EE_Form_Section_Proper___construct_finalize__endincludes\integrations\event_espresso_eway\EE_PMT_event_espresso_eway.pm.php:31
actionAHEE__EED_Single_Page_Checkout__enqueue_styles_and_scriptsincludes\integrations\event_espresso_eway\EE_PMT_event_espresso_eway.pm.php:32
actionadmin_print_scriptsincludes\integrations\event_espresso_eway\EE_PMT_event_espresso_eway.pm.php:33
filterFHEE__EEM_Payment_Method__get_all_for_transaction__payment_methodsincludes\integrations\event_espresso_eway\EE_PMT_event_espresso_eway.pm.php:34
actionwp_footerincludes\integrations\event_espresso_eway\EE_PMT_event_espresso_eway.pm.php:218
Maintenance & Trust

Eway Payment Gateway Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 14, 2025
PHP min version7.4
Downloads66K

Community Trust

Rating86/100
Number of ratings15
Active installs800
Alternatives

Eway Payment Gateway Alternatives

Payment Gateway Based Fees and Discounts for WooCommerce

Payment Gateway Based Fees and Discounts for WooCommerce

checkout-fees-for-woocommerce

A
100

Set fees and discounts for WooCommerce payment gateways.

30K 1 CVE
Paystack WooCommerce Payment Gateway

Paystack WooCommerce Payment Gateway

woo-paystack

A
100

Paystack for WooCommerce allows your WooCommerce store to accept secure payments from multiple local and global payment channels.

30K No CVEs
Montonio for WooCommerce

Montonio for WooCommerce

montonio-for-woocommerce

A
100

Montonio is a complete checkout solution for online stores that includes all popular payment methods (local banks, card payments, Apple Pay, Google Pa …

10K No CVEs
NETOPIA Payments Payment Gateway

NETOPIA Payments Payment Gateway

netopia-payments-payment-gateway

A
100

NETOPIA Payments Payment Gateway extends WooCommerce payment options by adding NETOPIA's Payment Gateway options.

10K No CVEs
SumUp Payment Gateway For WooCommerce

SumUp Payment Gateway For WooCommerce

sumup-payment-gateway-for-woocommerce

A
99

The SumUp plugin for WooCommerce allows businesses to securely process payments online. Accept payments from customers using a range of payment method …

10K 1 CVE
Developer Profile

Eway Payment Gateway Developer Profile

webaware

13 plugins · 153K total installs

77
trust score
Avg Security Score
97/100
Avg Patch Time
1595 days
View full developer profile
Detection Fingerprints

How We Detect Eway Payment Gateway

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/eway-payment-gateway/static/js/ecrypt.js/wp-content/plugins/eway-payment-gateway/static/js/ecrypt.min.js
Script Paths
https://secure.ewaypayments.com/scripts/eCrypt.jshttps://secure.ewaypayments.com/scripts/eCrypt.min.js/wp-content/plugins/eway-payment-gateway/static/js/ecrypt.js/wp-content/plugins/eway-payment-gateway/static/js/ecrypt.min.js
Version Parameters
eway-payment-gateway/static/js/ecrypt.js?ver=eway-payment-gateway/static/js/ecrypt.min.js?ver=

HTML / DOM Fingerprints

Data Attributes
data-eway-card-numberdata-eway-cvndata-eway-expiry-monthdata-eway-expiry-yeardata-eway-card-holderdata-eway-card-token
JS Globals
eway_ecrypt_msg
FAQ

Frequently Asked Questions about Eway Payment Gateway