Does Float Payment Gateway have any unpatched vulnerabilities?

No. All known vulnerabilities in Float Payment Gateway have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Float Payment Gateway compatible with WordPress 6.9.4?

According to WordPress.org data, Float Payment Gateway 1.1.11 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Float Payment Gateway compatible with PHP 7.4+?

Float Payment Gateway requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Float Payment Gateway updated?

Float Payment Gateway was last updated on Feb 6, 2026. Frequent updates are generally a positive security signal.

What is Float Payment Gateway's security score?

Float Payment Gateway has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Float Payment Gateway Security & Risk Analysis

wordpress.org/plugins/float-gateway

Take credit card payments on your store using the Float API.

100 active installs v1.1.11 PHP 7.4+ WP 5.6+ Updated Feb 6, 2026

floatsouth-african-payment-gatewaywoocommerce

A · Safe

CVEs total1

Unpatched0

Last CVEJan 13, 2026

Plugin page Download

Safety Verdict

Is Float Payment Gateway Safe to Use in 2026?

Generally Safe

Score 99/100

Float Payment Gateway has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jan 13, 2026Updated 1mo ago

Risk Assessment

The plugin "float-gateway" v1.1.11 exhibits a mixed security posture. While static analysis reveals a generally clean codebase with proper SQL statement preparation and a high percentage of output escaping, there are significant concerns regarding authorization checks and a history of vulnerabilities. The absence of nonce checks and capability checks on entry points like AJAX handlers and shortcodes is a critical oversight, leaving these areas susceptible to cross-site request forgery (CSRF) and unauthorized access if not properly protected by the WordPress core or other plugins.

The vulnerability history, specifically a medium-severity "Incorrect Authorization" vulnerability, further highlights these authorization weaknesses. The fact that this vulnerability is now patched is positive, but the pattern suggests a recurring area of concern that requires careful monitoring and robust implementation of WordPress security best practices. The plugin's limited attack surface and reliance on external HTTP requests, while not inherently a vulnerability, could be an indirect vector if those external services have security flaws.

In conclusion, "float-gateway" has strengths in its data handling and output sanitization. However, the identified gaps in authorization checks on its entry points and the past vulnerability type are significant weaknesses that require attention. The plugin is not inherently insecure due to the static analysis results, but the potential for exploitation due to missing authorization controls and its historical vulnerability pattern warrants a cautious approach.

Key Concerns

Missing nonce checks on AJAX handlers
Missing capability checks on AJAX handlers
Missing capability checks on shortcodes
Past medium severity authorization vulnerability

Vulnerabilities

Float Payment Gateway Security Vulnerabilities

CVEs by Year

1 CVE in 2026

2026

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-15513medium · 5.3Incorrect Authorization

Float Payment Gateway <= 1.1.9 - Improper Authorization to Unauthenticated Order Status Manipulation

Jan 13, 2026 Patched in 1.1.10 (10d)

Code Analysis

Analyzed Mar 16, 2026

Float Payment Gateway Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

19 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

90% escaped21 total outputs

Attack Surface

Float Payment Gateway Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[float_widget] src\frontend\FloatShortcode.php:9

WordPress Hooks 15

actionwp_enqueue_scriptsindex.php:27

actionwoocommerce_loadedindex.php:42

actionwoocommerce_loadedindex.php:113

filterwoocommerce_available_payment_gatewaysindex.php:119

actionwoocommerce_blocks_payment_method_type_registrationindex.php:663

actionwoocommerce_blocks_loadedindex.php:671

actionwoocommerce_after_shop_loop_itemsrc\frontend\FloatOnArchive.php:9

actionwoocommerce_after_cart_totalssrc\frontend\FloatOnCart.php:9

actionwoocommerce_widget_shopping_cart_before_buttonssrc\frontend\FloatOnSidebar.php:9

actionwoocommerce_single_product_summarysrc\frontend\FloatUI.php:9

actionwp_enqueue_scriptssrc\frontend\FloatUI.php:10

filterwp_kses_allowed_htmlsrc\frontend\FloatUI.php:15

filtersafe_style_csssrc\frontend\FloatUI.php:16

actionplugins_loadedsrc\Plugin.php:36

filterwoocommerce_payment_gatewayssrc\Plugin.php:48

Maintenance & Trust

Float Payment Gateway Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 6, 2026

PHP min version7.4

Downloads6K

Community Trust

Rating0/100

Number of ratings0

Active installs100

Alternatives

Float Payment Gateway Alternatives

Side Cart Woocommerce | Woocommerce Cart

side-cart-woocommerce

Manage your cart from just a click away with an interactive design

80K 3 CVEs

Sliding Cart for WooCommerce by FunnelKit – Skip Cart & Reach WooCommerce Checkout Faster

cart-for-woocommerce

100

FunnelKit Cart adds a beautiful sliding cart to your WooCommerce store. Let the buyers add items, edit quantity and add upsells on the side cart.

30K No CVEs

Modern Cart – WooCommerce Side Cart & Popup Cart

modern-cart

100

Modern Cart gives your store a side cart and free shipping bar so shoppers stay on the page, spend more to unlock rewards, and check out in seconds.

30K No CVEs

WPC Fly Cart for WooCommerce

woo-fly-cart

100

WPC Fly Cart is an interactive mini cart for WooCommerce. It allows users to update product quantities or remove products without reloading the page.

10K No CVEs

Advance Side Cart, Ajax Cart & Floating Cart for WooCommerce

th-all-in-one-woo-cart

100

Enhance your Cart for WooCommerce with a modern side cart and floating cart. Improve shopping experience with a fast, Ajax-powered shopping cart.

7K 1 CVE

Developer Profile

Float Payment Gateway Developer Profile

floattechnologies

1 plugin · 100 total installs

trust score

Avg Security Score

99/100

Avg Patch Time

10 days

View full developer profile

Detection Fingerprints

How We Detect Float Payment Gateway

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/float-gateway/assets/css/float.css/wp-content/plugins/float-gateway/assets/js/featherlite.js

Script Paths

/wp-content/plugins/float-gateway/assets/js/featherlite.js

Version Parameters

float-gateway/assets/css/float.css?ver=float-gateway/assets/js/featherlite.js?ver=

HTML / DOM Fingerprints

CSS Classes

float-gateway-payment-form

HTML Comments

Data Attributes

data-float-gateway-iddata-float-gateway-client-iddata-float-gateway-merchant-idreadonly='readonly'

JS Globals

FloatGatewayfloat_gateway_paramsfeatherlight

REST Endpoints

/wp-json/wc-float/v1/payment/wc-float/v1/payment

FAQ