WP-Safety

iPag Pagamentos Digitais Security & Risk Analysis

wordpress.org/plugins/ipag-woocommerce

Facilite pagamentos online com segurança e rapidez, integrando sua loja ao nosso gateway e PSP.

100 active installs v2.13.2 PHP 7.4+ WP 6.3+ Updated Dec 4, 2025
boletocartaogatewaypagamentospix
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is iPag Pagamentos Digitais Safe to Use in 2026?

Generally Safe

Score 100/100

iPag Pagamentos Digitais has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago
Risk Assessment

The ipag-woocommerce plugin v2.13.2 presents a significant security risk due to a large attack surface comprised entirely of unprotected AJAX handlers. With 3 AJAX entry points identified and none of them including authorization checks, any unauthenticated user could potentially trigger these actions, leading to a broad range of vulnerabilities. The taint analysis also revealed critical flows with unsanitized paths, which, despite not being classified as critical or high severity by the analysis, indicate a strong possibility of injection-type attacks if not properly handled. Furthermore, the plugin exhibits poor output escaping practices, with only 18% of outputs being properly escaped, increasing the risk of Cross-Site Scripting (XSS) vulnerabilities. The absence of known CVEs and a clean vulnerability history suggest that the plugin has not been publicly exploited or identified as vulnerable in the past, which is a positive sign. However, the current static analysis findings highlight fundamental security weaknesses that could be exploited even without prior known vulnerabilities.

Key Concerns

  • AJAX handlers without auth checks
  • Flows with unsanitized paths
  • Low percentage of properly escaped output
  • No nonce checks on AJAX handlers
  • No capability checks
Vulnerabilities
None known

iPag Pagamentos Digitais Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

iPag Pagamentos Digitais Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
1 prepared
Unescaped Output
134
29 escaped
Nonce Checks
0
Capability Checks
0
File Operations
12
External Requests
18
Bundled Libraries
1

Bundled Libraries

Guzzle

SQL Query Safety

50% prepared2 total queries

Output Escaping

18% escaped163 total outputs
Data Flows
5 unsanitized

Data Flow Analysis

5 flows5 with unsanitized paths
capturePaymentDoubleCard (classes\ipag-gateway-cartaoduplo.php:779)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

iPag Pagamentos Digitais Attack Surface

Entry Points3
Unprotected3

AJAX Handlers 3

authwp_ajax_captureipag-gateway.php:44
authwp_ajax_capturedoublecardipag-gateway.php:45
authwp_ajax_consultipagipag-gateway.php:46
WordPress Hooks 28
actionwp_enqueue_scriptsclasses\ipag-gateway-boleto.php:39
actionwoocommerce_admin_order_data_after_shipping_addressclasses\ipag-gateway-boleto.php:41
actionwoocommerce_admin_order_data_after_shipping_addressclasses\ipag-gateway-cartaoduplo.php:64
actionwoocommerce_admin_order_data_after_shipping_addressclasses\ipag-gateway-cartaoduplo.php:65
actionwp_enqueue_scriptsclasses\ipag-gateway-cartaoduplo.php:66
actionadmin_footerclasses\ipag-gateway-cartaoduplo.php:68
actionwoocommerce_admin_order_data_after_shipping_addressclasses\ipag-gateway-credito.php:100
actionadmin_enqueue_scriptsclasses\ipag-gateway-credito.php:101
actionwp_enqueue_scriptsclasses\ipag-gateway-credito.php:102
actionadmin_footerclasses\ipag-gateway-credito.php:103
actionwoocommerce_admin_order_data_after_shipping_addressclasses\ipag-gateway-debito.php:30
actionwp_enqueue_scriptsclasses\ipag-gateway-debito.php:31
actionwoocommerce_admin_order_data_after_shipping_addressclasses\ipag-gateway-itaushopline.php:31
actionwoocommerce_view_orderclasses\ipag-gateway-itaushopline.php:33
actionwp_enqueue_scriptsclasses\ipag-gateway-pix.php:38
actionwoocommerce_admin_order_data_after_shipping_addressclasses\ipag-gateway-pix.php:40
actioninitipag-gateway.php:39
actionadmin_footeripag-gateway.php:47
filterwoocommerce_payment_gatewaysipag-gateway.php:48
actionwoocommerce_order_details_after_order_tableipag-gateway.php:49
actionwoocommerce_order_details_after_order_tableipag-gateway.php:50
actionwoocommerce_before_checkout_formipag-gateway.php:51
actionwoocommerce_subscription_status_cancelledipag-gateway.php:53
actionwoocommerce_subscription_status_expiredipag-gateway.php:54
actionwoocommerce_subscription_status_updatedipag-gateway.php:55
actionplugins_loadedipag-gateway.php:154
actionwoocommerce_api_wc_gateway_ipagipag-gateway.php:155
actionwoocommerce_api_wc_gateway_ipag_webhook_callbackipag-gateway.php:156
Maintenance & Trust

iPag Pagamentos Digitais Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 4, 2025
PHP min version7.4
Downloads5K

Community Trust

Rating0/100
Number of ratings0
Active installs100
Alternatives

iPag Pagamentos Digitais Alternatives

Click2pay para WooCommerce | PIX, Cartão de Crédito e Boleto Bancário

Click2pay para WooCommerce | PIX, Cartão de Crédito e Boleto Bancário

click2pay-pagamentos

A
92

Ofereça a seus clientes pagamentos via Pix, assinatura recorrente, cartão de crédito ou boleto bancário, com as melhores tarifas!

40 No CVEs
Virtuaria PagBank / PagSeguro para Woocommerce

Virtuaria PagBank / PagSeguro para Woocommerce

virtuaria-pagseguro

A
99

Crédito, Pix e Boleto na sua loja virtual. Mais segurança, menos chargebacks com 3DS. Descontos nas taxas do PagBank.

1K 1 CVE
PagHiper Boleto e PIX para WooCommerce

PagHiper Boleto e PIX para WooCommerce

woo-boleto-paghiper

A
100

Ofereça a seus clientes pagamento boleto bancário com a PagHiper. Fácil, prático e rapido!

1K No CVEs
Virtuaria Rede ( Itaú ) Pagamentos

Virtuaria Rede ( Itaú ) Pagamentos

virtuaria-eredeitau

A
100

Pagamentos via Pix e Cartão de Crédito na sua loja virtual com a confiabilidade da Rede / Itaú diretamente em seu WooCommerce.

60 No CVEs
Pagou – Payments for WooCommerce

Pagou – Payments for WooCommerce

pagou-payments-for-woocommerce

A
92

Pagamentos via PIX e boletos bancários no WooCommerce.

30 No CVEs
Developer Profile

iPag Pagamentos Digitais Developer Profile

iPag Pagamentos Digitais

2 plugins · 180 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect iPag Pagamentos Digitais

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/ipag-woocommerce/assets/images/logo.png/wp-content/plugins/ipag-woocommerce/assets/js/ipag-woocommerce-admin.js/wp-content/plugins/ipag-woocommerce/assets/css/ipag-woocommerce-admin.css/wp-content/plugins/ipag-woocommerce/assets/js/ipag-woocommerce.js/wp-content/plugins/ipag-woocommerce/assets/css/ipag-woocommerce.css
Version Parameters
ipag-woocommerce/assets/js/ipag-woocommerce.js?ver=ipag-woocommerce/assets/css/ipag-woocommerce.css?ver=

HTML / DOM Fingerprints

CSS Classes
wc_payment_method_ipag-gateway_boletowc_payment_method_wc_gateway_ipag_pixwc_payment_method_wc_gateway_ipag_creditowc_payment_method_wc_gateway_ipag_itaushoplinewc_payment_method_wc_gateway_ipag_debitowc_payment_method_wc_gateway_ipag_cartaoduplo
Data Attributes
data-order_iddata-trans_iddata-statusdata-payment_datedata-nonce
JS Globals
window.ipag_gateway_capture_noncewindow.ipag_gateway_consult_nonce
REST Endpoints
/wp-json/ipag-woocommerce/v1/capture/wp-json/ipag-woocommerce/v1/consult
FAQ

Frequently Asked Questions about iPag Pagamentos Digitais