Does HSBC Open Payments have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is HSBC Open Payments compatible with WordPress 6.8.5?

According to WordPress.org data, HSBC Open Payments 4.1.0 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is HSBC Open Payments updated?

HSBC Open Payments was last updated on Jul 10, 2025. Frequent updates are generally a positive security signal.

What is HSBC Open Payments's security score?

HSBC Open Payments has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

HSBC Open Payments Security & Risk Analysis

wordpress.org/plugins/hsbc-open-payments

Enable Pay by Bank to receive payments through Open Banking

0 active installs v4.1.0 PHP + WP 5.7+ Updated Jul 10, 2025

bnplecommerceinstallmentspaymentwoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is HSBC Open Payments Safe to Use in 2026?

Generally Safe

Score 100/100

HSBC Open Payments has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10mo ago

Risk Assessment

The hsbc-open-payments v4.1.0 plugin exhibits a generally good security posture, with strong adherence to best practices such as using prepared statements for all SQL queries and a very high rate of output escaping. The absence of known CVEs and a clean vulnerability history are positive indicators of the plugin's maintenance and past security efforts. However, the analysis does reveal specific areas of concern that warrant attention. The presence of two REST API routes without permission callbacks represents a direct, unprotected entry point into the application, posing a significant risk. Additionally, the use of the `unserialize` function, while not explicitly linked to a vulnerability in the taint analysis, is a known risk factor that can lead to remote code execution if not handled with extreme care and proper validation of serialized data. The taint analysis also highlighted two high-severity flows, indicating potential issues with data handling that need thorough investigation despite not being flagged as critical.

Key Concerns

REST API routes without permission callbacks
Use of unserialize function
High severity taint flows found

Vulnerabilities

None known

HSBC Open Payments Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

HSBC Open Payments Release Timeline

v3.5.0

Code Analysis

Analyzed Apr 16, 2026

HSBC Open Payments Code Analysis

Dangerous Functions

Raw SQL Queries

24 prepared

Unescaped Output

389 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$company_data = unserialize( $company['company'] );includes/class-hsbc-invoice-manager.php:56

unserialize$company_data = unserialize( $company_data_model['company'] );includes/payment/class-hsbc-payment-service.php:317

SQL Query Safety

100% prepared24 total queries

Output Escaping

99% escaped393 total outputs

Data Flows · Security

3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths

api_download_invoice (includes/class-hsbc-invoice-api.php:57)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

HSBC Open Payments Attack Surface

Entry Points18

Unprotected2

AJAX Handlers 16

authwp_ajax_hsbc_capture_itemincludes/class-hsbc-ajax.php:22

authwp_ajax_hsbc_cancel_itemincludes/class-hsbc-ajax.php:23

authwp_ajax_hsbc_claim_uploadincludes/class-hsbc-ajax.php:24

authwp_ajax_hsbc_claimincludes/class-hsbc-ajax.php:25

authwp_ajax_hsbc_invoiceincludes/class-hsbc-ajax.php:26

authwp_ajax_hsbc_settleincludes/class-hsbc-ajax.php:27

authwp_ajax_hsbc_company_searchincludes/class-hsbc-company-search.php:91

noprivwp_ajax_hsbc_company_searchincludes/class-hsbc-company-search.php:92

authwp_ajax_hsbc_company_retrieveincludes/class-hsbc-company-search.php:93

noprivwp_ajax_hsbc_company_retrieveincludes/class-hsbc-company-search.php:94

authwp_ajax_hsbc_save_external_dataincludes/class-hsbc-company-search.php:95

noprivwp_ajax_hsbc_save_external_dataincludes/class-hsbc-company-search.php:96

authwp_ajax_hsbc_get_status_urlincludes/class-hsbc-pending-status-page.php:30

noprivwp_ajax_hsbc_get_status_urlincludes/class-hsbc-pending-status-page.php:31

authwp_ajax_export_productsincludes/class-hsbc-synchronization.php:35

noprivwp_ajax_export_productsincludes/class-hsbc-synchronization.php:36

REST API Routes 2

GET/wp-json/hsbc/v1/logsincludes/class-hsbc-log-manager.php:59

GET/wp-json/hsbc/v1/logs/shopincludes/class-hsbc-log-manager.php:68

WordPress Hooks 99

actionhsbc_daily_eventhsbc-open-payments.php:109

actionhsbc_hourly_eventhsbc-open-payments.php:120

actionplugins_loadedhsbc-open-payments.php:128

actionwoocommerce_loadedhsbc-open-payments.php:129

actionwp_enqueue_scriptshsbc-open-payments.php:130

actionadmin_enqueue_scriptshsbc-open-payments.php:131

actionwp_enqueue_scriptshsbc-open-payments.php:132

actionwoocommerce_blocks_loadedhsbc-open-payments.php:133

filterwoocommerce_register_log_handlershsbc-open-payments.php:136

filterwoocommerce_format_log_entryhsbc-open-payments.php:152

actionbefore_woocommerce_inithsbc-open-payments.php:168

actionwoocommerce_blocks_payment_method_type_registrationhsbc-open-payments.php:219

actionadmin_noticeshsbc-open-payments.php:424

filterwoocommerce_payment_gatewayshsbc-open-payments.php:429

actionwoocommerce_admin_order_item_headersincludes/admin/class-hsbc-admin-order-edit.php:48

actionwoocommerce_admin_order_item_valuesincludes/admin/class-hsbc-admin-order-edit.php:55

actionwoocommerce_order_item_add_action_buttonsincludes/admin/class-hsbc-admin-order-edit.php:62

actionwoocommerce_admin_order_totals_after_taxincludes/admin/class-hsbc-admin-order-edit.php:67

filterwoocommerce_admin_order_should_render_refundsincludes/admin/class-hsbc-admin-order-edit.php:72

filterwoocommerce_settings_tabs_arrayincludes/admin/class-hsbc-admin-settings.php:63

actionwoocommerce_admin_field_hsbc_synchronization_buttonincludes/admin/class-hsbc-admin-settings.php:74

actionwoocommerce_admin_field_hsbc_set_sandbox_modeincludes/admin/class-hsbc-admin-settings.php:81

actionwoocommerce_admin_field_hsbc_embedded_supportincludes/admin/class-hsbc-admin-settings.php:88

actionwoocommerce_admin_field_hsbc_toggle_subscriptionincludes/admin/class-hsbc-admin-settings.php:95

actionwoocommerce_admin_field_hsbc_fe_synchronization_buttonincludes/admin/class-hsbc-admin-settings.php:102

actionwoocommerce_admin_field_hsbc_download_logs_buttonincludes/admin/class-hsbc-admin-settings.php:110

actionadd_meta_boxesincludes/admin/class-hsbc-admin-shipping.php:16

filterwoocommerce_get_settings_hsbc_settingsincludes/class-hsbc-company-search.php:47

filterwoocommerce_get_sections_hsbc_settingsincludes/class-hsbc-company-search.php:55

actionhsbc_synchronize_payment_optionsincludes/class-hsbc-company-search.php:61

actionwp_enqueue_scriptsincludes/class-hsbc-company-search.php:66

actionwp_enqueue_scriptsincludes/class-hsbc-company-search.php:73

actionwoocommerce_checkout_before_customer_detailsincludes/class-hsbc-company-search.php:79

filterwoocommerce_checkout_get_valueincludes/class-hsbc-company-search.php:84

actionwoocommerce_cart_calculate_feesincludes/class-hsbc-fees.php:28

actionwp_enqueue_scriptsincludes/class-hsbc-fees.php:29

actionwoocommerce_api_hsbc_finance_express_successincludes/class-hsbc-finance-express-api.php:56

actionwoocommerce_api_hsbc_finance_express_cancelincludes/class-hsbc-finance-express-api.php:60

actionwoocommerce_api_hsbc_finance_express_failureincludes/class-hsbc-finance-express-api.php:64

actionwoocommerce_api_hsbc_finance_express_noticeincludes/class-hsbc-finance-express-api.php:68

actionwoocommerce_api_hsbc_finance_express_quotecallbackincludes/class-hsbc-finance-express-api.php:72

filterwoocommerce_thankyou_order_received_textincludes/class-hsbc-gateway.php:103

actionwoocommerce_api_hsbc_execute_commandsincludes/class-hsbc-gateway.php:120

actionwoocommerce_order_details_after_order_table_itemsincludes/class-hsbc-gateway.php:128

actionwoocommerce_email_after_order_tableincludes/class-hsbc-gateway.php:136

filterhsbc_feature_enabledincludes/class-hsbc-hooks.php:15

filterhsbc_roundincludes/class-hsbc-hooks.php:21

filterhsbc_formatincludes/class-hsbc-hooks.php:22

filterwoocommerce_order_data_store_cpt_get_orders_queryincludes/class-hsbc-hooks.php:23

filterwoocommerce_order_received_verify_known_shoppersincludes/class-hsbc-hooks.php:29

actionwoocommerce_api_hsbc_get_invoiceincludes/class-hsbc-invoice-api.php:16

actionwoocommerce_api_hsbc_invoicesincludes/class-hsbc-invoice-api.php:21

actionrest_api_initincludes/class-hsbc-log-manager.php:58

actionrest_api_initincludes/class-hsbc-log-manager.php:67

actionwoocommerce_api_hsbc_download_logsincludes/class-hsbc-log-manager.php:77

actioninitincludes/class-hsbc-migration.php:33

actioninitincludes/class-hsbc-migration.php:42

actionadmin_noticesincludes/class-hsbc-migration.php:90

actionwoocommerce_order_status_changedincludes/class-hsbc-order-changes.php:13

actionwp_enqueue_scriptsincludes/class-hsbc-pending-status-page.php:12

actionthe_postincludes/class-hsbc-pending-status-page.php:13

actionwoocommerce_after_template_partincludes/class-hsbc-pending-status-page.php:14

filterwoocommerce_endpoint_order-received_titleincludes/class-hsbc-pending-status-page.php:15

filterwoocommerce_thankyou_order_received_textincludes/class-hsbc-pending-status-page.php:21

actionwoocommerce_api_hsbc_synchronizationincludes/class-hsbc-synchronization.php:23

actionwoocommerce_api_hsbc_set_sandbox_api_keysincludes/class-hsbc-synchronization.php:24

actionwoocommerce_api_hsbc_set_live_api_keysincludes/class-hsbc-synchronization.php:25

actionwoocommerce_api_hsbc_toggle_subscriptionincludes/class-hsbc-synchronization.php:26

actionwoocommerce_api_hsbc_synchronization_incomingincludes/class-hsbc-synchronization.php:27

actionwoocommerce_api_hsbc_fe_synchronizationincludes/class-hsbc-synchronization.php:34

actionupgrader_process_completeincludes/class-hsbc-synchronization.php:37

actionadmin_noticesincludes/class-hsbc-synchronization.php:38

actionadmin_noticesincludes/class-hsbc-synchronization.php:39

filterhsbc_notification_get_handlerincludes/notification/handlers/class-hsbc-notification-cancel-amount-handler.php:12

actionhsbc_notification_handler_cancel_amountincludes/notification/handlers/class-hsbc-notification-cancel-amount-handler.php:18

filterhsbc_notification_get_handlerincludes/notification/handlers/class-hsbc-notification-refund-amount-handler.php:13

actionhsbc_notification_handler_refund_amountincludes/notification/handlers/class-hsbc-notification-refund-amount-handler.php:19

filterhsbc_notification_get_handlerincludes/notification/handlers/class-hsbc-notification-refund-items-handler.php:13

actionhsbc_notification_handler_refund_itemsincludes/notification/handlers/class-hsbc-notification-refund-items-handler.php:19

filterhsbc_notification_get_handlerincludes/notification/handlers/class-hsbc-notification-shipping-amount-handler.php:13

actionhsbc_notification_handler_shipping_amountincludes/notification/handlers/class-hsbc-notification-shipping-amount-handler.php:19

filterhsbc_notification_get_handlerincludes/notification/handlers/class-hsbc-notification-shipping-items-handler.php:13

actionhsbc_notification_handler_shipping_itemsincludes/notification/handlers/class-hsbc-notification-shipping-items-handler.php:19

actionhsbc_handle_callbackincludes/payment/class-hsbc-callback-handler.php:38

actionwoocommerce_before_main_contentincludes/payment/class-hsbc-callback-handler.php:39

actionwoocommerce_before_cartincludes/payment/class-hsbc-callback-handler.php:40

filterrender_blockincludes/payment/class-hsbc-callback-handler.php:41

actionhsbc_update_orderincludes/payment/class-hsbc-payment-handler.php:52

actioninitincludes/plugin/class-hsbc-plugin-version.php:59

actionadmin_noticesincludes/plugin/class-hsbc-plugin-version.php:64

actionadmin_noticesincludes/plugin/class-hsbc-plugin-version.php:81

actionwoocommerce_new_productincludes/synchronization/class-hsbc-outward-actions.php:37

actionwoocommerce_update_productincludes/synchronization/class-hsbc-outward-actions.php:38

actionwoocommerce_delete_product_variationincludes/synchronization/class-hsbc-outward-actions.php:39

actionwoocommerce_trash_product_variationincludes/synchronization/class-hsbc-outward-actions.php:46

actionwp_delete_postincludes/synchronization/class-hsbc-outward-actions.php:53

actionwp_trash_postincludes/synchronization/class-hsbc-outward-actions.php:54

actionwoocommerce_product_object_updated_propsincludes/synchronization/class-hsbc-outward-actions.php:55

filterwoocommerce_update_product_stock_queryincludes/synchronization/class-hsbc-outward-actions.php:64

Scheduled Events 2

hsbc_daily_event

hsbc_hourly_event

Maintenance & Trust

HSBC Open Payments Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJul 10, 2025

PHP min version

Downloads373

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

HSBC Open Payments Alternatives

payever – WooCommerce Gateway

payever-woocommerce-gateway

100

With payever you can easily add all your preferred payment options to your checkout. Within minutes! Find more about us: www.getpayever.com

500 No CVEs

Zinia – Enjoy now. Pay later.

zinia-composable-payment-gateway-for-free

With zinia you can easily add all your preferred payment options to your checkout. Within minutes! Find more about us: https://www.zinia.com

0 No CVEs

Alma – Pay in installments or later for WooCommerce

alma-gateway-for-woocommerce

This plugin adds a new payment method to WooCommerce, which allows you to offer monthly payments to your customer using Alma.

1K 2 CVEs

seQura

sequra

100

Flexible payment platform that enhances business conversion and recurrence. The easiest, safest, and quickest way for customers to pay installments.

900 No CVEs

plazox

Display the plazox brand on your ecommerce site to indicate to users that they can split their purchases into 3, 6, and 12 installments.

10 No CVEs

Developer Profile

HSBC Open Payments Developer Profile

sophiazhang98

1 plugin · 0 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect HSBC Open Payments

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/hsbc-open-payments/assets/js/checkout.js/wp-content/plugins/hsbc-open-payments/assets/js/admin/capture.js/wp-content/plugins/hsbc-open-payments/assets/js/admin/cancel.js/wp-content/plugins/hsbc-open-payments/assets/js/admin/claim.js/wp-content/plugins/hsbc-open-payments/assets/js/admin/invoice.js/wp-content/plugins/hsbc-open-payments/assets/js/admin/settle.js/wp-content/plugins/hsbc-open-payments/assets/css/checkout.css

Script Paths

Version Parameters

hsbc-open-payments/assets/js/checkout.js?ver=hsbc-open-payments/assets/js/admin/capture.js?ver=hsbc-open-payments/assets/js/admin/cancel.js?ver=hsbc-open-payments/assets/js/admin/claim.js?ver=hsbc-open-payments/assets/js/admin/invoice.js?ver=hsbc-open-payments/assets/js/admin/settle.js?ver=hsbc-open-payments/assets/css/checkout.css?ver=

HTML / DOM Fingerprints

CSS Classes

hsbc-payment-request-button

JS Globals

Hsbc_Admin

FAQ