WP-Safety

imoje Security & Risk Analysis

wordpress.org/plugins/imoje

Add payment via imoje to WooCommerce

2K active installs v4.15.2 PHP 5.6.0+ WP + Updated Mar 11, 2026
checkoutimojepayment-gatewaypaymentswoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is imoje Safe to Use in 2026?

Generally Safe

Score 100/100

imoje has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 23d ago
Risk Assessment

The "imoje" plugin version 4.15.2 exhibits a significant security concern due to its entire attack surface being exposed without proper authentication checks. The presence of 8 AJAX handlers, all lacking authorization, creates a substantial risk for unauthorized actions or data manipulation if any of these handlers are exploitable. While the plugin demonstrates good practices in other areas, such as using prepared statements for all SQL queries and having no recorded vulnerabilities in its history, this lack of authentication on its entry points is a critical flaw. The absence of taint analysis findings and dangerous functions suggests that known exploit vectors might not be immediately apparent, but the unprotected AJAX handlers present a broad and easily accessible attack surface that could be leveraged by attackers. The plugin has strengths in its data handling and lack of historical issues, but the unauthenticated AJAX handlers represent a glaring weakness that severely compromises its overall security posture.

Key Concerns

  • AJAX handlers without authentication checks
  • 0 nonce checks
  • 0 capability checks
  • 63% properly escaped output
Vulnerabilities
None known

imoje Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

imoje Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
2 prepared
Unescaped Output
28
47 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared2 total queries

Output Escaping

63% escaped75 total outputs
Attack Surface
8 unprotected

imoje Attack Surface

Entry Points8
Unprotected8

AJAX Handlers 8

authwp_ajax_imoje_check_transactionwoocommerce-imoje.php:110
noprivwp_ajax_imoje_check_transactionwoocommerce-imoje.php:111
authwp_ajax_imoje_create_transactionwoocommerce-imoje.php:143
noprivwp_ajax_imoje_create_transactionwoocommerce-imoje.php:144
authwp_ajax_imoje_deactivate_aliaswoocommerce-imoje.php:274
noprivwp_ajax_imoje_deactivate_aliaswoocommerce-imoje.php:275
authwp_ajax_imoje_debit_aliaswoocommerce-imoje.php:315
noprivwp_ajax_imoje_debit_aliaswoocommerce-imoje.php:316
WordPress Hooks 10
actionwp_enqueue_scriptsincludes\gateway\WC_Gateway_Imoje_Abstract.php:44
filterwoocommerce_available_payment_gatewaysincludes\gateway\WC_Gateway_Imoje_Abstract.php:52
actionwp_enqueue_scriptsincludes\gateway_block\WC_Gateway_Imoje_RestApi_Blocks.php:34
actionplugins_loadedwoocommerce-imoje.php:26
actionbefore_woocommerce_initwoocommerce-imoje.php:57
filterwoocommerce_payment_gatewayswoocommerce-imoje.php:63
actionwoocommerce_blocks_payment_method_type_registrationwoocommerce-imoje.php:66
actionupdated_optionwoocommerce-imoje.php:512
actionwoocommerce_after_shop_loop_item_titlewoocommerce-imoje.php:556
actionwoocommerce_after_add_to_cart_formwoocommerce-imoje.php:559
Maintenance & Trust

imoje Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.0
Last updatedMar 11, 2026
PHP min version5.6.0
Downloads34K

Community Trust

Rating100/100
Number of ratings1
Active installs2K
Alternatives

imoje Alternatives

myPOS Checkout

myPOS Checkout

mypos-virtual-for-woocommerce

A
100

One-click checkout with instant settlement. Accept all major cards, Apple Pay and Google Pay. No setup costs or monthly fees.

4K No CVEs
NOWPayments for WooCommerce – Crypto Payment Gateway

NOWPayments for WooCommerce – Crypto Payment Gateway

nowpayments-for-woocommerce

A
100

Accept Bitcoin, Ethereum, and 300+ cryptocurrencies in WooCommerce using the official NOWPayments crypto payment gateway.

3K No CVEs
Dojo for WooCommerce

Dojo for WooCommerce

dojo-for-woocommerce

A
100

Extends WooCommerce, allowing you to take payments via Dojo.

800 No CVEs
Cardinity Payment Gateway for WooCommerce

Cardinity Payment Gateway for WooCommerce

cardinity-free-payment-gateway-for-woocommerce

A
100

Add Cardinity checkout form to your WooCommerce site and start accepting payments.

300 1 CVE
Paypercut Payments for WooCommerce

Paypercut Payments for WooCommerce

paypercut-payments-for-woocommerce

A
100

Paypercut Payments enables WooCommerce merchants to accept online payments using Paypercut's checkout experience.

20 No CVEs
Developer Profile

imoje Developer Profile

imoje

1 plugin · 2K total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect imoje

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/imoje/assets/css/frontend.css/wp-content/plugins/imoje/assets/css/backend.css/wp-content/plugins/imoje/assets/js/frontend.js/wp-content/plugins/imoje/assets/js/backend.js/wp-content/plugins/imoje/assets/js/blik.js/wp-content/plugins/imoje/assets/js/blik_oneclick.js
Script Paths
/wp-content/plugins/imoje/assets/js/frontend.js/wp-content/plugins/imoje/assets/js/backend.js/wp-content/plugins/imoje/assets/js/blik.js/wp-content/plugins/imoje/assets/js/blik_oneclick.js
Version Parameters
ver=4.15.2

HTML / DOM Fingerprints

CSS Classes
imoje-payment-formimoje-blik-code-inputimoje-blik-remember-code
Data Attributes
data-imoje-gateway
JS Globals
imoje_ajax_objectImojeFrontendImojeBackend
REST Endpoints
/wp-json/imoje/v1/transactions/wp-json/imoje/v1/blik-oneclick/deactivate
FAQ

Frequently Asked Questions about imoje