Does Gestpay for WooCommerce have any unpatched vulnerabilities?

No. All known vulnerabilities in Gestpay for WooCommerce have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Gestpay for WooCommerce compatible with WordPress 6.9.4?

According to WordPress.org data, Gestpay for WooCommerce 20251211 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Gestpay for WooCommerce compatible with PHP 7.0+?

Gestpay for WooCommerce requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Gestpay for WooCommerce updated?

Gestpay for WooCommerce was last updated on Dec 11, 2025. Frequent updates are generally a positive security signal.

What is Gestpay for WooCommerce's security score?

Gestpay for WooCommerce has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Gestpay for WooCommerce Security & Risk Analysis

wordpress.org/plugins/gestpay-for-woocommerce

Axerve Free Plugin for Woocommerce extends WooCommerce providing the payment gateway Axerve.

1K active installs v20251211 PHP 7.0+ WP 4.7+ Updated Dec 11, 2025

axervecredit-cardgestpaypayment-gatewaywoocommerce

A · Safe

CVEs total3

Unpatched0

Last CVEFeb 27, 2024

Plugin page Download

Safety Verdict

Is Gestpay for WooCommerce Safe to Use in 2026?

Generally Safe

Score 99/100

Gestpay for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Feb 27, 2024Updated 3mo ago

Risk Assessment

The "gestpay-for-woocommerce" plugin (v20251211) presents a mixed security posture. On the positive side, the plugin demonstrates good practices by exclusively using prepared statements for SQL queries and properly escaping all output, indicating a commitment to preventing common web vulnerabilities like SQL injection and XSS. It also correctly implements nonce checks for all identified AJAX handlers and capability checks on two of them. The absence of bundled libraries and a lack of dangerous function usage are also strengths.

However, there are notable areas of concern. The presence of 2 out of 5 AJAX handlers lacking authentication checks creates a significant attack surface for unauthorized actions. While the taint analysis didn't reveal critical or high severity vulnerabilities, the 2 flows with unsanitized paths are worrying, especially in conjunction with unprotected AJAX endpoints. The vulnerability history shows 3 medium severity CVEs, all of which are reported as patched. The pattern of past medium-severity vulnerabilities, particularly Cross-Site Request Forgery (CSRF), suggests that while issues have been addressed, a history of exploitable weaknesses warrants continued vigilance.

In conclusion, while the plugin has strengths in secure coding practices for SQL and output handling, the unprotected AJAX endpoints and past vulnerability history are significant weaknesses. The lack of authentication on these entry points is the most immediate risk. The history of medium-severity CVEs, even if patched, highlights a potential recurring vulnerability class that users should be aware of.

Key Concerns

Unprotected AJAX handlers
Flows with unsanitized paths
History of medium severity CVEs

Vulnerabilities

Gestpay for WooCommerce Security Vulnerabilities

CVEs by Year

3 CVEs in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

3 total CVEs

CVE-2024-0433medium · 4.3Cross-Site Request Forgery (CSRF)

Gestpay for WooCommerce <= 20221130 - Cross-Site Request Forgery (CSRF) via ajax_unset_default_card

Feb 27, 2024 Patched in 20240307 (154d)

CVE-2024-0432medium · 4.3Cross-Site Request Forgery (CSRF)

Gestpay for WooCommerce <= 20221130 - Cross-Site Request Forgery (CSRF) via ajax_delete_card

Feb 27, 2024 Patched in 20240307 (154d)

CVE-2024-0431medium · 4.3Cross-Site Request Forgery (CSRF)

Gestpay for WooCommerce <= 20221130 - Cross-Site Request Forgery (CSRF) via ajax_set_default_card

Feb 26, 2024 Patched in 20240307 (155d)

Code Analysis

Analyzed Mar 16, 2026

Gestpay for WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

198 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped198 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths

phase_III_3D_Secure (inc\class-gestpay-s2s.php:261)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Gestpay for WooCommerce Attack Surface

Entry Points5

Unprotected2

AJAX Handlers 5

authwp_ajax_gestpay_settle_s2sgestpay-for-woocommerce.php:946

authwp_ajax_gestpay_delete_s2sgestpay-for-woocommerce.php:957

authwp_ajax_gestpay_s2s_delete_cardinc\class-gestpay-cards.php:18

authwp_ajax_gestpay_s2s_set_default_cardinc\class-gestpay-cards.php:19

authwp_ajax_gestpay_s2s_unset_default_cardinc\class-gestpay-cards.php:20

WordPress Hooks 33

actionplugins_loadedgestpay-for-woocommerce.php:76

actionbefore_woocommerce_initgestpay-for-woocommerce.php:78

actionwoocommerce_review_order_before_paymentgestpay-for-woocommerce.php:341

filterwoocommerce_available_payment_gatewaysgestpay-for-woocommerce.php:344

actiontemplate_redirectgestpay-for-woocommerce.php:967

actiontemplate_redirectgestpay-for-woocommerce.php:1042

actionwoocommerce_order_edit_statusgestpay-for-woocommerce.php:1117

actionwoocommerce_blocks_payment_method_type_registrationgestpay-for-woocommerce.php:1127

actionwp_enqueue_scriptsgestpay-for-woocommerce.php:1227

actioninitinc\class-gestpay-cards.php:15

actioninitinc\class-gestpay-endpoint.php:24

actioninitinc\class-gestpay-endpoint.php:27

filterquery_varsinc\class-gestpay-endpoint.php:28

filterthe_titleinc\class-gestpay-endpoint.php:31

filterwoocommerce_account_menu_itemsinc\class-gestpay-endpoint.php:34

actionwp_enqueue_scriptsinc\class-gestpay-iframe.php:33

actionwoocommerce_order_item_add_action_buttonsinc\class-gestpay-order-actions.php:600

actionwp_enqueue_scriptsinc\class-gestpay-s2s.php:27

actionwoocommerce_scheduled_subscription_payment_wc_gateway_gestpayinc\class-gestpay-subscriptions.php:41

filterwoocommerce_my_subscriptions_payment_methodinc\class-gestpay-subscriptions.php:44

actionthe_contentinc\class-gestpay-subscriptions.php:272

filterwoocommerce_settings_tabs_arrayinc\class-wc-settings-tab-gestpay.php:22

actionwoocommerce_settings_settings_tab_gestpayinc\class-wc-settings-tab-gestpay.php:23

actionwoocommerce_update_options_settings_tab_gestpayinc\class-wc-settings-tab-gestpay.php:24

filterwoocommerce_payment_gatewaysinc\gestpay-pro-payment-types.php:14

filtergestpay_encrypt_parametersinc\payment_types\gestpay-consel.php:23

filtergestpay_encrypt_parametersinc\payment_types\gestpay-mybank.php:35

actionwoocommerce_order_details_before_order_table_itemsinc\payment_types\gestpay-mybank.php:38

actionwp_enqueue_scriptsinc\payment_types\gestpay-mybank.php:39

actionwoocommerce_scheduled_subscription_payment_wc_gateway_gestpay_paypalinc\payment_types\gestpay-paypal.php:29

filtergestpay_encrypt_parametersinc\payment_types\gestpay-paypal.php:32

actionwoocommerce_scheduled_subscription_payment_wc_gateway_gestpay_paypalinc\payment_types\gestpay-paypal_bnpl.php:32

filtergestpay_encrypt_parametersinc\payment_types\gestpay-paypal_bnpl.php:35

Maintenance & Trust

Gestpay for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 11, 2025

PHP min version7.0

Downloads43K

Community Trust

Rating76/100

Number of ratings9

Active installs1K

Alternatives

Gestpay for WooCommerce Alternatives

Asaas Gateway for WooCommerce

woo-asaas

100

Take transparent credit card and bank ticket payment checkouts on your store using Asaas.

9K No CVEs

PayPlus Payment Gateway

payplus-payment-gateway

Accept credit/debit card payments or other methods such as bit, Apple Pay, Google Pay in one page. Create digitally signed invoices & much more!

1K 3 CVEs

WC Moneris Payment Gateway

wc-moneris-payment-gateway

100

A simple plugin that easily add moneris payment gateway to your WooCommerce website.

900 No CVEs

WC Shop Sync – Square Payment Gateway and Product Synchronization for WooCommerce

woosquare

Want to add Square Payment Gateway for WooCommerce? Download WC Shop Sync plugin to add Square payments, inventory sync, customer data, orders, etc.

900 2 CVEs

Sola Payment Gateway for WooCommerce

woo-cardknox-gateway

100

Accept payments with the Sola gateway.

700 No CVEs

Developer Profile

Gestpay for WooCommerce Developer Profile

Fabrick Support

1 plugin · 1K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

154 days

View full developer profile

Detection Fingerprints

How We Detect Gestpay for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

FAQ