Does High Risk Payment Gateway for WooCommerce have any unpatched vulnerabilities?

No. All known vulnerabilities in High Risk Payment Gateway for WooCommerce have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is High Risk Payment Gateway for WooCommerce compatible with WordPress 6.3.8?

According to WordPress.org data, High Risk Payment Gateway for WooCommerce 2.1.1 has been tested up to WordPress 6.3.8. Check the plugin's changelog for the latest compatibility information.

How often is High Risk Payment Gateway for WooCommerce updated?

High Risk Payment Gateway for WooCommerce was last updated on Sep 6, 2023. Frequent updates are generally a positive security signal.

What is High Risk Payment Gateway for WooCommerce's security score?

High Risk Payment Gateway for WooCommerce has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

High Risk Payment Gateway for WooCommerce Security & Risk Analysis

wordpress.org/plugins/high-risk-payments-for-woo

The Cardpay Solutions plugin allows merchants that fall into high risk categories to securely accept credit cards through their WooCommerce store.

30 active installs v2.1.1 PHP + WP 4.0+ Updated Sep 6, 2023

high-riskpayment-gatewaywoocommerc-pre-order-paymentwoocommercewoocommerce-subscription-payment

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is High Risk Payment Gateway for WooCommerce Safe to Use in 2026?

Generally Safe

Score 85/100

High Risk Payment Gateway for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago

Risk Assessment

The "high-risk-payments-for-woo" plugin v2.1.1 exhibits a generally strong security posture based on the provided static analysis. The absence of dangerous functions, raw SQL queries, file operations, and a very high percentage of properly escaped output are all positive indicators. The presence of nonce checks on its two AJAX entry points further enhances security by mitigating CSRF risks. Taint analysis showing zero flows, especially critical or high severity, is also very reassuring, suggesting that user input is likely handled safely.

However, the plugin has zero capability checks for its AJAX handlers. While nonce checks are present, the lack of capability checks means that any authenticated user, regardless of their role or permissions, could potentially trigger these AJAX actions. This presents a significant concern, as it allows for privilege escalation or unauthorized actions if these handlers perform sensitive operations.

The vulnerability history being completely clean is a positive sign, indicating a history of stable and secure releases. However, this cannot fully compensate for the identified lack of capability checks. The plugin's strengths lie in its sanitized SQL and output handling, but the absence of role-based access control on its entry points is a notable weakness that requires attention.

Key Concerns

Missing capability checks on AJAX handlers

Vulnerabilities

None known

High Risk Payment Gateway for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

High Risk Payment Gateway for WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

95 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

99% escaped96 total outputs

Attack Surface

High Risk Payment Gateway for WooCommerce Attack Surface

Entry Points2

Unprotected0

AJAX Handlers 2

authwp_ajax_delete_cardincludes\legacy\class-wc-cardpay-solutions-credit-cards.php:22

authwp_ajax_add_update_cardincludes\legacy\class-wc-cardpay-solutions-credit-cards.php:23

WordPress Hooks 17

actionwcs_resubscribe_order_createdincludes\class-wc-cardpay-solutions-gateway-addons.php:36

filterwoocommerce_subscription_payment_metaincludes\class-wc-cardpay-solutions-gateway-addons.php:39

filterwoocommerce_subscription_validate_payment_metaincludes\class-wc-cardpay-solutions-gateway-addons.php:40

actionadmin_noticesincludes\class-wc-cardpay-solutions-gateway.php:69

actionwoocommerce_after_my_accountincludes\legacy\class-wc-cardpay-solutions-credit-cards.php:20

actionwp_enqueue_scriptsincludes\legacy\class-wc-cardpay-solutions-credit-cards.php:21

actionwcs_resubscribe_order_createdincludes\legacy\class-wc-cardpay-solutions-gateway-addons.php:29

filterwoocommerce_subscription_payment_metaincludes\legacy\class-wc-cardpay-solutions-gateway-addons.php:32

filterwoocommerce_subscription_validate_payment_metaincludes\legacy\class-wc-cardpay-solutions-gateway-addons.php:33

actionadmin_noticesincludes\legacy\class-wc-cardpay-solutions-gateway.php:67

actionplugins_loadedwoocommerce-cardpay-solutions.php:88

actionwoocommerce_order_status_completedwoocommerce-cardpay-solutions.php:89

actioninitwoocommerce-cardpay-solutions.php:90

actionwp_enqueue_scriptswoocommerce-cardpay-solutions.php:91

actionbefore_woocommerce_initwoocommerce-cardpay-solutions.php:92

filterwoocommerce_payment_gatewayswoocommerce-cardpay-solutions.php:142

filterwoocommerce_get_customer_payment_tokenswoocommerce-cardpay-solutions.php:143

Maintenance & Trust

High Risk Payment Gateway for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.3.8

Last updatedSep 6, 2023

PHP min version

Downloads10K

Community Trust

Rating0/100

Number of ratings0

Active installs30

Alternatives

High Risk Payment Gateway for WooCommerce Alternatives

ShieldClimb – Card Payment Gateway with Instant Payouts and Chargeback Protection

shieldclimb-high-risk-card-payment-gateway

100

Card payment gateway with USDC wallet instant payouts, chargeback protection, auto order processing, and region/amount-based provider options.

100 No CVEs

iCannPay for WooCommerce

icannpay

iCannPay Payment Gateway for WooCommerce.

10 No CVEs

Paystack WooCommerce Payment Gateway

woo-paystack

100

Paystack for WooCommerce allows your WooCommerce store to accept secure payments from multiple local and global payment channels.

30K No CVEs

Montonio for WooCommerce

montonio-for-woocommerce

100

Montonio is a complete checkout solution for online stores that includes all popular payment methods (local banks, card payments, Apple Pay, Google Pa …

10K No CVEs

NETOPIA Payments Payment Gateway

netopia-payments-payment-gateway

NETOPIA Payments Payment Gateway extends WooCommerce payment options by adding NETOPIA's Payment Gateway options.

10K No CVEs

Developer Profile

High Risk Payment Gateway for WooCommerce Developer Profile

cardpaysolutions

4 plugins · 1K total installs

trust score

Avg Security Score

80/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect High Risk Payment Gateway for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/high-risk-payments-for-woo/includes/legacy/assets/css/admin.css/wp-content/plugins/high-risk-payments-for-woo/includes/legacy/assets/js/admin.js/wp-content/plugins/high-risk-payments-for-woo/includes/legacy/assets/js/cardpay.js

Script Paths

/wp-content/plugins/high-risk-payments-for-woo/includes/legacy/assets/js/admin.js/wp-content/plugins/high-risk-payments-for-woo/includes/legacy/assets/js/cardpay.js

Version Parameters

high-risk-payments-for-woo/includes/legacy/assets/css/admin.css?ver=high-risk-payments-for-woo/includes/legacy/assets/js/admin.js?ver=high-risk-payments-for-woo/includes/legacy/assets/js/cardpay.js?ver=

HTML / DOM Fingerprints

CSS Classes

cardpay-logocardpay_credit_card

HTML Comments

Data Attributes

data-cardpay-tokendata-cardpay-hashdata-cardpay-order-iddata-cardpay-gateway-url

JS Globals

cardpay_gateway_params

FAQ