Does Ecommerce Fabrick have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Ecommerce Fabrick compatible with WordPress 6.9.4?

According to WordPress.org data, Ecommerce Fabrick 20260402 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Ecommerce Fabrick compatible with PHP 7.0+?

Ecommerce Fabrick requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Ecommerce Fabrick updated?

Ecommerce Fabrick was last updated on Apr 2, 2026. Frequent updates are generally a positive security signal.

What is Ecommerce Fabrick's security score?

Ecommerce Fabrick has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Ecommerce Fabrick Security & Risk Analysis

wordpress.org/plugins/gestpay-for-woocommerce

Fabrick Free Plugin for WooCommerce extends WooCommerce by providing the Fabrick Payment Orchestra payment gateway.

1K active installs v20260402 PHP 7.0+ WP 4.7+ Updated Apr 2, 2026

axervecredit-cardfabrickpayment-gatewaywoocommerce

A · Safe

CVEs total3

Unpatched0

Last CVEFeb 27, 2024

Plugin page Download

Safety Verdict

Is Ecommerce Fabrick Safe to Use in 2026?

Generally Safe

Score 99/100

Ecommerce Fabrick has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

3 known CVEsLast CVE: Feb 27, 2024Updated 1mo ago

Risk Assessment

The "gestpay-for-woocommerce" plugin (v20251211) presents a mixed security posture. On the positive side, the plugin demonstrates good practices by exclusively using prepared statements for SQL queries and properly escaping all output, indicating a commitment to preventing common web vulnerabilities like SQL injection and XSS. It also correctly implements nonce checks for all identified AJAX handlers and capability checks on two of them. The absence of bundled libraries and a lack of dangerous function usage are also strengths.

However, there are notable areas of concern. The presence of 2 out of 5 AJAX handlers lacking authentication checks creates a significant attack surface for unauthorized actions. While the taint analysis didn't reveal critical or high severity vulnerabilities, the 2 flows with unsanitized paths are worrying, especially in conjunction with unprotected AJAX endpoints. The vulnerability history shows 3 medium severity CVEs, all of which are reported as patched. The pattern of past medium-severity vulnerabilities, particularly Cross-Site Request Forgery (CSRF), suggests that while issues have been addressed, a history of exploitable weaknesses warrants continued vigilance.

In conclusion, while the plugin has strengths in secure coding practices for SQL and output handling, the unprotected AJAX endpoints and past vulnerability history are significant weaknesses. The lack of authentication on these entry points is the most immediate risk. The history of medium-severity CVEs, even if patched, highlights a potential recurring vulnerability class that users should be aware of.

Key Concerns

Unprotected AJAX handlers
Flows with unsanitized paths
History of medium severity CVEs

Vulnerabilities

3 published

Ecommerce Fabrick Security Vulnerabilities

CVEs by Year

3 CVEs in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

3 total CVEs

CVE-2024-0433medium · 4.3Cross-Site Request Forgery (CSRF)

Gestpay for WooCommerce <= 20221130 - Cross-Site Request Forgery (CSRF) via ajax_unset_default_card

Feb 27, 2024 Patched in 20240307 (154d)

CVE-2024-0432medium · 4.3Cross-Site Request Forgery (CSRF)

Gestpay for WooCommerce <= 20221130 - Cross-Site Request Forgery (CSRF) via ajax_delete_card

Feb 27, 2024 Patched in 20240307 (154d)

CVE-2024-0431medium · 4.3Cross-Site Request Forgery (CSRF)

Gestpay for WooCommerce <= 20221130 - Cross-Site Request Forgery (CSRF) via ajax_set_default_card

Feb 26, 2024 Patched in 20240307 (155d)

Version History

Ecommerce Fabrick Release Timeline

v20260402Current

v20260326

v20260325

v20251211

v20251204

v20251110

v20251029

v20251028

v20251002

v20250912

v20250911

v20250603

v20250530

v20250523

v20250522

v20250521

v20250520

v20250508

v20241121

v20241118

Code Analysis

Analyzed Mar 16, 2026

Ecommerce Fabrick Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

198 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped198 total outputs

Data Flows · Security

2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths

phase_III_3D_Secure (inc\class-gestpay-s2s.php:261)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Ecommerce Fabrick Attack Surface

Entry Points5

Unprotected2

AJAX Handlers 5

authwp_ajax_gestpay_settle_s2sgestpay-for-woocommerce.php:946

authwp_ajax_gestpay_delete_s2sgestpay-for-woocommerce.php:957

authwp_ajax_gestpay_s2s_delete_cardinc\class-gestpay-cards.php:18

authwp_ajax_gestpay_s2s_set_default_cardinc\class-gestpay-cards.php:19

authwp_ajax_gestpay_s2s_unset_default_cardinc\class-gestpay-cards.php:20

WordPress Hooks 33

actionplugins_loadedgestpay-for-woocommerce.php:76

actionbefore_woocommerce_initgestpay-for-woocommerce.php:78

actionwoocommerce_review_order_before_paymentgestpay-for-woocommerce.php:341

filterwoocommerce_available_payment_gatewaysgestpay-for-woocommerce.php:344

actiontemplate_redirectgestpay-for-woocommerce.php:967

actiontemplate_redirectgestpay-for-woocommerce.php:1042

actionwoocommerce_order_edit_statusgestpay-for-woocommerce.php:1117

actionwoocommerce_blocks_payment_method_type_registrationgestpay-for-woocommerce.php:1127

actionwp_enqueue_scriptsgestpay-for-woocommerce.php:1227

actioninitinc\class-gestpay-cards.php:15

actioninitinc\class-gestpay-endpoint.php:24

actioninitinc\class-gestpay-endpoint.php:27

filterquery_varsinc\class-gestpay-endpoint.php:28

filterthe_titleinc\class-gestpay-endpoint.php:31

filterwoocommerce_account_menu_itemsinc\class-gestpay-endpoint.php:34

actionwp_enqueue_scriptsinc\class-gestpay-iframe.php:33

actionwoocommerce_order_item_add_action_buttonsinc\class-gestpay-order-actions.php:600

actionwp_enqueue_scriptsinc\class-gestpay-s2s.php:27

actionwoocommerce_scheduled_subscription_payment_wc_gateway_gestpayinc\class-gestpay-subscriptions.php:41

filterwoocommerce_my_subscriptions_payment_methodinc\class-gestpay-subscriptions.php:44

actionthe_contentinc\class-gestpay-subscriptions.php:272

filterwoocommerce_settings_tabs_arrayinc\class-wc-settings-tab-gestpay.php:22

actionwoocommerce_settings_settings_tab_gestpayinc\class-wc-settings-tab-gestpay.php:23

actionwoocommerce_update_options_settings_tab_gestpayinc\class-wc-settings-tab-gestpay.php:24

filterwoocommerce_payment_gatewaysinc\gestpay-pro-payment-types.php:14

filtergestpay_encrypt_parametersinc\payment_types\gestpay-consel.php:23

filtergestpay_encrypt_parametersinc\payment_types\gestpay-mybank.php:35

actionwoocommerce_order_details_before_order_table_itemsinc\payment_types\gestpay-mybank.php:38

actionwp_enqueue_scriptsinc\payment_types\gestpay-mybank.php:39

actionwoocommerce_scheduled_subscription_payment_wc_gateway_gestpay_paypalinc\payment_types\gestpay-paypal.php:29

filtergestpay_encrypt_parametersinc\payment_types\gestpay-paypal.php:32

actionwoocommerce_scheduled_subscription_payment_wc_gateway_gestpay_paypalinc\payment_types\gestpay-paypal_bnpl.php:32

filtergestpay_encrypt_parametersinc\payment_types\gestpay-paypal_bnpl.php:35

Maintenance & Trust

Ecommerce Fabrick Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedApr 2, 2026

PHP min version7.0

Downloads45K

Community Trust

Rating76/100

Number of ratings9

Active installs1K

Alternatives

Ecommerce Fabrick Alternatives

Asaas Gateway for WooCommerce

woo-asaas

100

Take transparent credit card and bank ticket payment checkouts on your store using Asaas.

9K No CVEs

Clover Payments for WooCommerce

clover-payments-for-woocommerce

100

The Clover Payments plugin enables merchants that use WooCommerce to process online card payments using Clover.

2K No CVEs

PayPlus Payment Gateway

payplus-payment-gateway

Accept credit/debit card payments or other methods such as bit, Apple Pay, Google Pay in one page. Create digitally signed invoices & much more!

1K 3 CVEs

WC Moneris Payment Gateway

wc-moneris-payment-gateway

100

A simple plugin that easily add moneris payment gateway to your WooCommerce website.

900 No CVEs

WC Shop Sync – Square Payment Gateway and Product Synchronization for WooCommerce

woosquare

Want to add Square Payment Gateway for WooCommerce? Download WC Shop Sync plugin to add Square payments, inventory sync, customer data, orders, etc.

900 2 CVEs

Developer Profile

Ecommerce Fabrick Developer Profile

Fabrick Support

1 plugin · 1K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

154 days

View full developer profile

Detection Fingerprints

How We Detect Ecommerce Fabrick

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

FAQ