Does Payment Gateway for Converse Bank have any unpatched vulnerabilities?

No. All known vulnerabilities in Payment Gateway for Converse Bank have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Payment Gateway for Converse Bank compatible with WordPress 6.7.5?

According to WordPress.org data, Payment Gateway for Converse Bank 1.1.0 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is Payment Gateway for Converse Bank compatible with PHP 7.4+?

Payment Gateway for Converse Bank requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Payment Gateway for Converse Bank updated?

Payment Gateway for Converse Bank was last updated on Nov 4, 2025. Frequent updates are generally a positive security signal.

What is Payment Gateway for Converse Bank's security score?

Payment Gateway for Converse Bank has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Payment Gateway for Converse Bank Security & Risk Analysis

wordpress.org/plugins/hk-payment-gateway-for-converse

Converse Bank payment gateway for WooCommerce. Accept payments in AMD, USD, EUR, and RUB with 3DS2 security.

10 active installs v1.1.0 PHP 7.4+ WP 5.0+ Updated Nov 4, 2025

converseconverse-bank

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Payment Gateway for Converse Bank Safe to Use in 2026?

Generally Safe

Score 100/100

Payment Gateway for Converse Bank has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5mo ago

Risk Assessment

The plugin 'hk-payment-gateway-for-converse' v1.1.0 exhibits a mixed security posture. While the static analysis indicates a very small attack surface with no apparent entry points directly exposed without authentication or permission checks, several concerning code signals emerge. The most significant is the presence of SQL queries that are not using prepared statements, posing a risk of SQL injection vulnerabilities. Additionally, a low percentage of output escaping is concerning, suggesting potential cross-site scripting (XSS) vulnerabilities. The high number of external HTTP requests, while not inherently a vulnerability, could be a vector for supply chain attacks if any of the external services are compromised or if the requests are not properly secured.

The taint analysis shows that all analyzed flows have unsanitized paths, although no critical or high severity issues were flagged. This indicates that data originating from user input is not being properly cleaned before being used in potentially sensitive operations. Given the absence of any recorded vulnerability history, this might suggest that critical flaws haven't been discovered or exploited yet, or that the plugin's limited exposure has so far mitigated the impact of existing weaknesses. However, the presence of unsanitized flows and the lack of robust input validation and output escaping remain significant concerns that warrant attention.

In conclusion, while the plugin's minimal attack surface and clean vulnerability history are positive indicators, the internal code analysis reveals substantial weaknesses in secure coding practices. The reliance on raw SQL queries and insufficient output escaping are critical areas that need immediate remediation to prevent potential exploitation. The unsanitized taint flows further compound these risks. It is crucial for the plugin developers to prioritize addressing these identified code quality issues to improve the overall security of the plugin.

Key Concerns

SQL queries not using prepared statements
Low percentage of properly escaped output
Unsanitized taint flows found
No nonce checks for entry points
No capability checks for entry points

Vulnerabilities

None known

Payment Gateway for Converse Bank Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Payment Gateway for Converse Bank Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

24 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared1 total queries

Output Escaping

48% escaped50 total outputs

Data Flows

6 unsanitized

Data Flow Analysis

6 flows6 with unsanitized paths

hkd_init_converse_gateway_class (includes\main.php:6)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Payment Gateway for Converse Bank Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 22

filtercron_schedulesconsole\command.php:23

actioninitconsole\command.php:33

actionadmin_initincludes\activate.php:3

filterplugin_localeincludes\language.php:4

actionplugins_loadedincludes\main.php:5

actionwoocommerce_scheduled_subscription_paymentincludes\main.php:128

actionwoocommerce_api_delete_binding_converse_bankincludes\main.php:134

actionwoocommerce_api_converse_successfulincludes\main.php:142

actionwoocommerce_api_converse_failedincludes\main.php:147

actionadmin_print_stylesincludes\main.php:151

filterquery_varsincludes\main.php:157

filterwoocommerce_account_menu_itemsincludes\main.php:158

actionwoocommerce_account_cards_endpointincludes\main.php:159

filterwoocommerce_admin_order_actionsincludes\main.php:167

actionadmin_headincludes\main.php:168

actionwoocommerce_order_status_changedincludes\main.php:169

actionwoocommerce_order_edit_statusincludes\main.php:170

actioncronCheckOrderConverseBankincludes\main.php:176

actionwoocommerce_thankyouincludes\thankyou.php:4

filterwoocommerce_payment_gatewayswc-hkdigital-converse-gateway.php:40

actionwoocommerce_blocks_loadedwc-hkdigital-converse-gateway.php:57

actionwoocommerce_blocks_payment_method_type_registrationwc-hkdigital-converse-gateway.php:62

Scheduled Events 1

cronCheckOrderConverseBank

Maintenance & Trust

Payment Gateway for Converse Bank Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedNov 4, 2025

PHP min version7.4

Downloads1K

Community Trust

Rating100/100

Number of ratings1

Active installs10

Alternatives

Payment Gateway for Converse Bank Alternatives

ConverseJS

conversejs

100

Converse.js is an open source webchat client, that runs in the browser and can be integrated into any website.

10 No CVEs

Developer Profile

Payment Gateway for Converse Bank Developer Profile

HK Digital Agency LLC

11 plugins · 660 total installs

trust score

Avg Security Score

92/100

Avg Patch Time

456 days

View full developer profile

Detection Fingerprints

How We Detect Payment Gateway for Converse Bank

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/hk-payment-gateway-for-converse/assets/images/logo_converse.png

Version Parameters

hk-payment-gateway-for-converse/assets/css/wc-hkd-converse.css?ver=hk-payment-gateway-for-converse/assets/js/wc-hkd-converse.js?ver=

HTML / DOM Fingerprints

CSS Classes

hkd-converse-payment-gateway

HTML Comments

Data Attributes

data-checkout-iddata-payment-url

JS Globals

hkd_converse_params

REST Endpoints

/wp-json/hk-payment-gateway-for-converse/v1/payment

FAQ