WP-Safety

Express Checkout via PayPal for WooCommerce Security & Risk Analysis

wordpress.org/plugins/express-checkout

Integrate PayPal Express Checkout and other payment methods seamlessly into your WooCommerce store with PayPal for WooCommerce.

900 active installs v6.0.0 PHP 5.5+ WP 5.3.0+ Updated Sep 26, 2024
credit-cardecommercepaypalpaypal-checkoutpaypal-for-woocommerce
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Express Checkout via PayPal for WooCommerce Safe to Use in 2026?

Generally Safe

Score 92/100

Express Checkout via PayPal for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The express-checkout v6.0.0 plugin exhibits a generally good security posture with several strengths, including the absence of known CVEs and the exclusive use of prepared statements for its SQL queries. The static analysis also shows a low attack surface, with no unprotected entry points identified. However, there are notable areas of concern. The presence of 8 unsanitized path taint flows, with one identified as high severity, is a significant risk. This indicates a potential for directory traversal or other path manipulation vulnerabilities. Furthermore, a high percentage of outputs (26%) are not properly escaped, which could lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is displayed without adequate sanitization. The complete lack of capability checks is also a weakness, as it means that potentially sensitive actions might not be properly authorized.

While the plugin has no recorded vulnerability history, which is positive, the identified taint flow and unescaped outputs warrant careful attention. The strengths in SQL handling and absence of external CVEs are commendable, but the high severity taint flow and unescaped outputs represent tangible risks that could be exploited. A balanced conclusion is that the plugin has a solid foundation regarding database security and known vulnerabilities, but needs immediate attention to address potential path traversal and XSS risks stemming from inadequate sanitization and authorization.

Key Concerns

  • High severity taint flow found
  • Significant percentage of unescaped outputs
  • No capability checks on entry points
  • Unsanitized paths in taint flows
Vulnerabilities
None known

Express Checkout via PayPal for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Express Checkout via PayPal for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
2 prepared
Unescaped Output
23
66 escaped
Nonce Checks
1
Capability Checks
0
File Operations
2
External Requests
19
Bundled Libraries
0

SQL Query Safety

100% prepared2 total queries

Output Escaping

74% escaped89 total outputs
Data Flows
8 unsanitized

Data Flow Analysis

8 flows8 with unsanitized paths
handle_wc_api (includes\class-express-checkout-gateway.php:87)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Express Checkout via PayPal for WooCommerce Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[ppcp_bnpl_message] ppcp\includes\class-ppcp-paypal-checkout-for-woocommerce-pay-later-messaging.php:93
WordPress Hooks 74
actionplugins_loadedexpress-checkout.php:90
actionwoocommerce_checkout_billingincludes\class-express-checkout-gateway.php:69
actionwoocommerce_available_payment_gatewaysincludes\class-express-checkout-gateway.php:70
filterbody_classincludes\class-express-checkout-gateway.php:71
actionwoocommerce_checkout_fieldsincludes\class-express-checkout-gateway.php:72
actionwoocommerce_before_checkout_billing_formincludes\class-express-checkout-gateway.php:73
actionwoocommerce_review_order_after_submitincludes\class-express-checkout-gateway.php:74
filterwoocommerce_terms_is_checked_defaultincludes\class-express-checkout-gateway.php:75
actionwoocommerce_cart_emptiedincludes\class-express-checkout-gateway.php:76
filterwoocommerce_thankyou_order_received_textincludes\class-express-checkout-gateway.php:77
actionparse_requestincludes\class-express-checkout.php:65
actionexpress_checkout_api_ipn_handlerincludes\class-express-checkout.php:66
actionplugins_loadedincludes\class-express-checkout.php:129
filterwoocommerce_payment_gatewaysincludes\class-express-checkout.php:134
actionwp_footerincludes\class-express-checkout.php:135
actionwoocommerce_after_checkout_validationincludes\class-express-checkout.php:136
actionwpincludes\class-express-checkout.php:137
filterwoocommerce_add_to_cart_redirectincludes\class-express-checkout.php:138
actionwoocommerce_proceed_to_checkoutincludes\class-express-checkout.php:141
actionwoocommerce_after_add_to_cart_buttonincludes\class-express-checkout.php:144
actionwoocommerce_before_checkout_formincludes\class-express-checkout.php:147
actionwp_enqueue_scriptsincludes\class-express-checkout.php:149
actionhttp_api_curlincludes\class-express-checkout.php:150
actionadmin_enqueue_scriptsppcp\includes\class-ppcp-paypal-checkout-for-woocommerce-gateway.php:28
actionwoocommerce_admin_order_totals_after_totalppcp\includes\class-ppcp-paypal-checkout-for-woocommerce-gateway.php:29
filterthe_contentppcp\includes\class-ppcp-paypal-checkout-for-woocommerce-pay-later-messaging.php:76
actionwoocommerce_before_shop_loopppcp\includes\class-ppcp-paypal-checkout-for-woocommerce-pay-later-messaging.php:77
actionwoocommerce_before_shop_loopppcp\includes\class-ppcp-paypal-checkout-for-woocommerce-pay-later-messaging.php:80
actionwoocommerce_single_product_summaryppcp\includes\class-ppcp-paypal-checkout-for-woocommerce-pay-later-messaging.php:83
actionwoocommerce_before_cart_tableppcp\includes\class-ppcp-paypal-checkout-for-woocommerce-pay-later-messaging.php:86
actionwoocommerce_proceed_to_checkoutppcp\includes\class-ppcp-paypal-checkout-for-woocommerce-pay-later-messaging.php:87
actionwoocommerce_before_checkout_formppcp\includes\class-ppcp-paypal-checkout-for-woocommerce-pay-later-messaging.php:90
actionppcp_display_paypal_button_checkout_pageppcp\includes\class-ppcp-paypal-checkout-for-woocommerce-pay-later-messaging.php:91
actionwoocommerce_add_to_cartppcp\includes\class-ppcp-paypal-checkout-for-woocommerce-product.php:71
filterwoocommerce_payment_gatewaysppcp\includes\class-ppcp-paypal-checkout-for-woocommerce.php:23
actionplugins_loadedppcp\includes\class-ppcp-paypal-checkout-for-woocommerce.php:43
actionwp_enqueue_scriptsppcp\public\class-ppcp-paypal-checkout-for-woocommerce-button-manager.php:114
actionwp_enqueue_scriptsppcp\public\class-ppcp-paypal-checkout-for-woocommerce-button-manager.php:115
actionwoocommerce_after_add_to_cart_formppcp\public\class-ppcp-paypal-checkout-for-woocommerce-button-manager.php:118
actionwoocommerce_proceed_to_checkoutppcp\public\class-ppcp-paypal-checkout-for-woocommerce-button-manager.php:121
actionwoocommerce_before_cart_tableppcp\public\class-ppcp-paypal-checkout-for-woocommerce-button-manager.php:123
actiondisplay_paypal_button_checkout_pageppcp\public\class-ppcp-paypal-checkout-for-woocommerce-button-manager.php:127
actioninitppcp\public\class-ppcp-paypal-checkout-for-woocommerce-button-manager.php:129
filterclean_urlppcp\public\class-ppcp-paypal-checkout-for-woocommerce-button-manager.php:130
actionwp_loadedppcp\public\class-ppcp-paypal-checkout-for-woocommerce-button-manager.php:131
actionwp_headppcp\public\class-ppcp-paypal-checkout-for-woocommerce-button-manager.php:132
filterthe_titleppcp\public\class-ppcp-paypal-checkout-for-woocommerce-button-manager.php:133
actionwoocommerce_cart_emptiedppcp\public\class-ppcp-paypal-checkout-for-woocommerce-button-manager.php:134
actionwoocommerce_checkout_initppcp\public\class-ppcp-paypal-checkout-for-woocommerce-button-manager.php:135
actionwoocommerce_available_payment_gatewaysppcp\public\class-ppcp-paypal-checkout-for-woocommerce-button-manager.php:136
filterwoocommerce_default_address_fieldsppcp\public\class-ppcp-paypal-checkout-for-woocommerce-button-manager.php:137
filterwoocommerce_billing_fieldsppcp\public\class-ppcp-paypal-checkout-for-woocommerce-button-manager.php:138
actionwoocommerce_checkout_processppcp\public\class-ppcp-paypal-checkout-for-woocommerce-button-manager.php:139
actionwoocommerce_cart_shipping_packagesppcp\public\class-ppcp-paypal-checkout-for-woocommerce-button-manager.php:140
filterbody_classppcp\public\class-ppcp-paypal-checkout-for-woocommerce-button-manager.php:141
filterwoocommerce_coupons_enabledppcp\public\class-ppcp-paypal-checkout-for-woocommerce-button-manager.php:142
actionwoocommerce_before_checkout_formppcp\public\class-ppcp-paypal-checkout-for-woocommerce-button-manager.php:143
actionwoocommerce_order_status_processingppcp\public\class-ppcp-paypal-checkout-for-woocommerce-button-manager.php:144
actionwoocommerce_order_status_completedppcp\public\class-ppcp-paypal-checkout-for-woocommerce-button-manager.php:145
actionwoocommerce_order_status_cancelledppcp\public\class-ppcp-paypal-checkout-for-woocommerce-button-manager.php:146
actionwoocommerce_order_status_refundedppcp\public\class-ppcp-paypal-checkout-for-woocommerce-button-manager.php:147
filterwoocommerce_order_actionsppcp\public\class-ppcp-paypal-checkout-for-woocommerce-button-manager.php:148
actionwoocommerce_order_action_ppcp_capture_chargeppcp\public\class-ppcp-paypal-checkout-for-woocommerce-button-manager.php:149
actionwoocommerce_before_checkout_formppcp\public\class-ppcp-paypal-checkout-for-woocommerce-button-manager.php:150
actionwoocommerce_review_order_before_submitppcp\public\class-ppcp-paypal-checkout-for-woocommerce-button-manager.php:151
actionwp_loadedppcp\public\class-ppcp-paypal-checkout-for-woocommerce-button-manager.php:152
actionwoocommerce_pay_order_after_submitppcp\public\class-ppcp-paypal-checkout-for-woocommerce-button-manager.php:153
actionwp_loadedppcp\public\class-ppcp-paypal-checkout-for-woocommerce-button-manager.php:154
actionwoocommerce_before_checkout_formppcp\public\class-ppcp-paypal-checkout-for-woocommerce-button-manager.php:156
actionwoocommerce_after_checkout_validationppcp\public\class-ppcp-paypal-checkout-for-woocommerce-button-manager.php:358
actionwoocommerce_checkout_billingppcp\public\class-ppcp-paypal-checkout-for-woocommerce-button-manager.php:396
actionwoocommerce_checkout_shippingppcp\public\class-ppcp-paypal-checkout-for-woocommerce-button-manager.php:398
filterwc_checkout_paramsppcp\public\class-ppcp-paypal-checkout-for-woocommerce-button-manager.php:635
filterwoocommerce_get_script_datappcp\public\class-ppcp-paypal-checkout-for-woocommerce-button-manager.php:637
Maintenance & Trust

Express Checkout via PayPal for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5
Last updatedSep 26, 2024
PHP min version5.5
Downloads94K

Community Trust

Rating76/100
Number of ratings22
Active installs900
Alternatives

Express Checkout via PayPal for WooCommerce Alternatives

WooCommerce PayPal Payments

WooCommerce PayPal Payments

woocommerce-paypal-payments

A
100

PayPal's latest payment processing solution. Accept PayPal, Pay Later, credit/debit cards, alternative digital wallets and bank accounts.

800K 1 CVE
Payment Gateway for PayPal on WooCommerce

Payment Gateway for PayPal on WooCommerce

woo-paypal-gateway

A
99

PayPal, Credit/Debit Cards, Google Pay, Apple Pay, Pay Later, Venmo, SEPA, iDEAL, Mercado Pago, Bancontact & more - by an official PayPal Partner

10K 1 CVE
Contact Form 7 – PayPal & Stripe Add-on

Contact Form 7 – PayPal & Stripe Add-on

contact-form-7-paypal-add-on

A
96

Easily add PayPal and Stripe to Contact Form 7. Accept credit card payments with Stripe & PayPal on your site today. Offical PayPal & Stripe Partner.

8K 5 CVEs
Payment Gateway for PayPal Pro & PayPal Checkout for WooCommerce

Payment Gateway for PayPal Pro & PayPal Checkout for WooCommerce

woocommerce-paypal-pro-payment-gateway

A
100

Easily add PayPal Pro and PayPal Checkout payment gateways to WooCommerce. Accept credit cards on-site or offer the latest PayPal payment buttons.

2K No CVEs
Mollie Payments for WooCommerce

Mollie Payments for WooCommerce

mollie-payments-for-woocommerce

A
93

Accept all major payment methods in WooCommerce today. Credit cards, iDEAL and more! Fast, safe and intuitive.

100K 4 CVEs
Developer Profile

Express Checkout via PayPal for WooCommerce Developer Profile

wpgateways

1 plugin · 900 total installs

88
trust score
Avg Security Score
92/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Express Checkout via PayPal for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/express-checkout/assets/css/express-checkout-public.css/wp-content/plugins/express-checkout/assets/js/express-checkout-public.js/wp-content/plugins/express-checkout/assets/js/express-checkout-validate.js/wp-content/plugins/express-checkout/assets/js/paypal-button-sdk.min.js
Script Paths
/wp-content/plugins/express-checkout/assets/js/express-checkout-public.js/wp-content/plugins/express-checkout/assets/js/express-checkout-validate.js/wp-content/plugins/express-checkout/assets/js/paypal-button-sdk.min.js
Version Parameters
express-checkout/assets/css/express-checkout-public.css?ver=express-checkout/assets/js/express-checkout-public.js?ver=express-checkout/assets/js/express-checkout-validate.js?ver=express-checkout/assets/js/paypal-button-sdk.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
express-checkout-paypal-buttonpaypal-express-checkout
HTML Comments
<!-- express-checkout -->
Data Attributes
data-express-checkout-buttondata-client-iddata-noncedata-localedata-intentdata-currency
JS Globals
ExpressCheckoutpaypalwc_express_checkout_paramsexpress_checkout_config
REST Endpoints
/wp-json/express-checkout/v1/capture-payment/wp-json/express-checkout/v1/validate-order
Shortcode Output
[paypal_express_checkout_button]
FAQ

Frequently Asked Questions about Express Checkout via PayPal for WooCommerce