[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fyuEExZc8Rx8uoR4jM6Uqla6vdeuqPAmcjJbg95w5gHY":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":13,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":45,"crawl_stats":36,"alternatives":49,"analysis":131,"fingerprints":190},"ipaymu-for-woocommerce","iPaymu Payment Gateway for WooCommerce","2.0.3","iPaymu","https:\u002F\u002Fprofiles.wordpress.org\u002Fipaymu\u002F","\u003Cp>This plugin integrates iPaymu Indonesia’s payment system into WooCommerce.\u003Cbr \u002F>\nIt supports Virtual Accounts, QRIS, Retail Payments (Alfamart\u002FIndomaret), Credit Card, Direct Debit, and more.\u003C\u002Fp>\n\u003Cp>To use this plugin, you need an active iPaymu account along with your API Key and Virtual Account number.\u003C\u002Fp>\n\u003Ch3>Webhook Endpoint\u003C\u002Fh3>\n\u003Cp>The plugin exposes a webhook endpoint used for server-to-server notifications from iPaymu.\u003Cbr \u002F>\nUse the following query parameter on your site URL to deliver notifications to the plugin:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>?wc-api=Ipaymu_WC_Gateway\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Example: \u003Ccode>https:\u002F\u002Fexample.com\u002F?wc-api=Ipaymu_WC_Gateway\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>If you’re upgrading from older plugin versions that used \u003Ccode>?wc-api=WC_Gateway_iPaymu\u003C\u002Fcode>,\u003Cbr \u002F>\nplease update any external webhook configuration to use the new endpoint so that\u003Cbr \u002F>\nnotifications continue to be delivered.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>GPLv2 or later.\u003C\u002Fp>\n","iPaymu Payment Gateway for WooCommerce enables secure payments via Virtual Account, QRIS, Minimarket, Credit Card, and Direct Debit in Indonesia.",40,245,0,"2025-12-30T14:09:00.000Z","6.9.4","6.0","7.4",[19,20,21,22,23],"checkout","ecommerce","indonesia","payment","payment-gateway","https:\u002F\u002Fgithub.com\u002Fipaymu\u002Fipaymu-for-woocommerce","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fipaymu-for-woocommerce.2.0.3.zip",97,1,"2026-01-06 18:32:55","2026-03-15T15:16:48.613Z",[31],{"id":32,"url_slug":33,"title":34,"description":35,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":6,"severity":38,"cvss_score":39,"cvss_vector":40,"vuln_type":41,"published_date":28,"updated_date":42,"references":43,"days_to_patch":27},"CVE-2026-0656","ipaymu-payment-gateway-for-woocommerce-missing-authentication-to-unauthenticated-payment-bypass-and-order-information-di","iPaymu Payment Gateway for WooCommerce \u003C= 2.0.2 - Missing Authentication to Unauthenticated Payment Bypass and Order Information Disclosure","The iPaymu Payment Gateway for WooCommerce plugin for WordPress is vulnerable to Missing Authentication in all versions up to, and including, 2.0.2 via the 'check_ipaymu_response' function. This is due to the plugin not validating webhook request authenticity through signature verification or origin checks. This makes it possible for unauthenticated attackers to mark WooCommerce orders as paid by sending crafted POST requests to the webhook endpoint without any payment occurring, as well as enumerate order IDs and obtain valid order keys via GET requests, exposing customer order PII including names, addresses, and purchased products.",null,"\u003C=2.0.2","high",8.2,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:L\u002FA:N","Missing Authorization","2026-01-07 06:36:03",[44],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F7e639aed-ec67-4212-9051-1f7465bbfde2?source=api-prod",{"slug":46,"display_name":7,"profile_url":8,"plugin_count":27,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":27,"trust_score":47,"computed_at":48},"ipaymu",98,"2026-04-04T14:19:37.205Z",[50,70,85,105,114],{"slug":51,"name":52,"version":53,"author":54,"author_profile":55,"description":56,"short_description":57,"active_installs":58,"downloaded":59,"rating":60,"num_ratings":27,"last_updated":61,"tested_up_to":62,"requires_at_least":63,"requires_php":61,"tags":64,"homepage":67,"download_link":68,"security_score":60,"vuln_count":13,"unpatched_count":13,"last_vuln_date":36,"fetched_at":69},"payment-gateway-groups-for-woocommerce","Payment Gateway Groups for WooCommerce","1.1.3","ivanchernyakov","https:\u002F\u002Fprofiles.wordpress.org\u002Fivanchernyakov\u002F","\u003Cp>Payment Gateway Groups for WooCommerce allows you to create groups from your list of available payment gateways. Tested with popular themes. There is a normal mod and toggle. You can also change the active color.\u003C\u002Fp>\n\u003Cp>Useful if you have a large number of payment gateways.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fbusinessupwebsite.com\u002Fplugin\u002Fpayment-gateway-groups-for-woocommerce\u002F\" rel=\"nofollow ugc\">Pro Version\u003C\u002Fa>\u003Cbr \u002F>\n*   Drag and Drop\u003Cbr \u002F>\n*   Infinite Groups\u003Cbr \u002F>\n*   Subgroups\u003Cbr \u002F>\n*   Image titles\u003C\u002Fp>\n\u003Cp>\u003Cstrong>!Warning\u003C\u002Fstrong> Plugin uses WooCommerce page templates (“checkout\u002Fpayment.php” and “checkout\u002Fpayment-method.php”). If there are similar files in your “theme-name\u002Fwoocommerce” folder, then they will not work.\u003C\u002Fp>\n","Allows you to create groups for payment gateways on the checkout page.",20,1792,100,"","5.9.13","5.0.1",[19,65,20,23,66],"commerce","woocommerce","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fpayment-gateway-groups-for-woocommerce","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpayment-gateway-groups-for-woocommerce.zip","2026-03-15T10:48:56.248Z",{"slug":71,"name":72,"version":73,"author":74,"author_profile":75,"description":76,"short_description":77,"active_installs":58,"downloaded":78,"rating":13,"num_ratings":13,"last_updated":79,"tested_up_to":15,"requires_at_least":80,"requires_php":17,"tags":81,"homepage":83,"download_link":84,"security_score":60,"vuln_count":13,"unpatched_count":13,"last_vuln_date":36,"fetched_at":29},"paypercut-payments-for-woocommerce","Paypercut Payments for WooCommerce","0.1.4","Paypercut Dev","https:\u002F\u002Fprofiles.wordpress.org\u002Fpaypercutdev\u002F","\u003Cp>Make it easy for customers to pay — and easier for you to manage — with Paypercut for WooCommerce.\u003Cbr \u002F>\nThis plugin brings fast, secure, and intuitive checkout to your online shop,\u003Cbr \u002F>\nhelping you boost conversions and streamline operations.\u003C\u002Fp>\n\u003Cp>Paypercut enables a range of trusted payment methods while giving you a single,\u003Cbr \u002F>\nunified view of all your transactions — whether online or in person.\u003C\u002Fp>\n\u003Cp>Whether you’re selling physical products or digital downloads, Paypercut for WooCommerce\u003Cbr \u002F>\nmakes taking payments effortless — so you can focus on growing your online business.\u003C\u002Fp>\n\u003Ch3>External services\u003C\u002Fh3>\n\u003Cp>This plugin connects to the Paypercut Payments API (api.paypercut.io) to process payments and manage checkout sessions for your WooCommerce store. This connection is required for the plugin to function, as all payment processing is handled through Paypercut’s secure infrastructure.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>What the service is used for:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Creating and managing payment checkout sessions\u003Cbr \u002F>\n* Processing customer payments securely\u003Cbr \u002F>\n* Verifying payment status and updating order status\u003Cbr \u002F>\n* Managing refunds for completed orders\u003Cbr \u002F>\n* Setting up and managing webhooks for payment notifications\u003C\u002Fp>\n\u003Cp>\u003Cstrong>What data is sent and when:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The plugin sends data to Paypercut’s API (https:\u002F\u002Fapi.paypercut.io\u002F) in the following scenarios:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>During checkout session creation\u003C\u002Fstrong> (when a customer initiates checkout):\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Store information (store name, store URL, WooCommerce order identifiers)\u003C\u002Fli>\n\u003Cli>Order details (order total, currency, line items, shipping costs, tax amounts)\u003C\u002Fli>\n\u003Cli>Customer billing information (name, billing address, email address)\u003C\u002Fli>\n\u003Cli>Customer shipping information (if applicable: shipping name and address)\u003C\u002Fli>\n\u003Cli>Technical metadata (session identifiers, return URLs, webhook URLs)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>During payment verification\u003C\u002Fstrong> (when verifying payment status):\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Checkout session identifiers\u003C\u002Fli>\n\u003Cli>Order identifiers\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>During refund processing\u003C\u002Fstrong> (when a store administrator issues a refund):\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Payment intent identifiers\u003C\u002Fli>\n\u003Cli>Refund amount and currency\u003C\u002Fli>\n\u003Cli>Refund reason (if provided)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>During webhook setup\u003C\u002Fstrong> (when configuring the plugin):\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Webhook URL for payment notifications\u003C\u002Fli>\n\u003Cli>Webhook event types to subscribe to\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>During API credential validation\u003C\u002Fstrong> (when testing connection in settings):\u003C\u002Fp>\n\u003Cul>\n\u003Cli>API credentials for authentication purposes only\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Important:\u003C\u002Fstrong> Payment card data (credit card numbers, CVV codes, etc.) is collected and processed directly by Paypercut via their hosted checkout interface. This sensitive payment information never passes through or gets stored by this plugin or your WordPress site.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Service provider:\u003C\u002Fstrong>\u003Cbr \u002F>\nThis service is provided by Paypercut. For more information about how Paypercut handles data, please refer to:\u003Cbr \u002F>\n* Privacy policy: https:\u002F\u002Fpaypercut.com\u002Fprivacy-policy\u003C\u002Fp>\n\u003Ch3>Development\u003C\u002Fh3>\n\u003Cp>This plugin uses npm and @wordpress\u002Fscripts (which uses webpack) to build the Blocks checkout integration.\u003C\u002Fp>\n\u003Ch3>Source Code Location\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>IMPORTANT:\u003C\u002Fstrong> The human-readable source code for all compiled JavaScript is included in this plugin.\u003C\u002Fp>\n\u003Cp>The minified\u002Fcompiled file \u003Ccode>assets\u002Fbuild\u002Findex.js\u003C\u002Fcode> is generated from the following source file:\u003Cbr \u002F>\n* \u003Cstrong>Source file:\u003C\u002Fstrong> \u003Ccode>assets\u002Fblocks\u002Findex.js\u003C\u002Fcode> – This is the human-readable, unminified source code for the Blocks checkout integration\u003C\u002Fp>\n\u003Cp>All source code is included in the published plugin. The source file (\u003Ccode>assets\u002Fblocks\u002Findex.js\u003C\u002Fcode>) contains the original, readable JavaScript code with ES6 modules, comments, and proper formatting. The compiled version (\u003Ccode>assets\u002Fbuild\u002Findex.js\u003C\u002Fcode>) is generated from this source using the build process described below.\u003C\u002Fp>\n\u003Ch3>Building assets\u003C\u002Fh3>\n\u003Cp>To rebuild the compiled assets from source:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\n\u003Cp>Install dependencies:\u003Cbr \u002F>\n   \u003Ccode>bash\u003Cbr \u002F>\nnpm install\u003C\u002Fcode>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Build production assets:\u003Cbr \u002F>\n   \u003Ccode>bash\u003Cbr \u002F>\nnpm run build\u003C\u002Fcode>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>This will compile \u003Ccode>assets\u002Fblocks\u002Findex.js\u003C\u002Fcode> into the minified \u003Ccode>assets\u002Fbuild\u002Findex.js\u003C\u002Fcode> using @wordpress\u002Fscripts.\u003C\u002Fp>\n","Paypercut Payments enables WooCommerce merchants to accept online payments using Paypercut's checkout experience.",249,"2026-03-14T18:18:00.000Z","6.6",[19,20,23,82,66],"payments","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fpaypercut-payments","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpaypercut-payments-for-woocommerce.0.1.4.zip",{"slug":86,"name":87,"version":88,"author":89,"author_profile":90,"description":91,"short_description":92,"active_installs":93,"downloaded":94,"rating":13,"num_ratings":13,"last_updated":95,"tested_up_to":96,"requires_at_least":97,"requires_php":61,"tags":98,"homepage":102,"download_link":103,"security_score":104,"vuln_count":13,"unpatched_count":13,"last_vuln_date":36,"fetched_at":29},"mijireh-checkout-for-gravity-forms","Mijireh Checkout for Gravity Forms","1.0.0","PatSaTECH","https:\u002F\u002Fprofiles.wordpress.org\u002Fpatsatech\u002F","\u003Cp>Mijireh Checkout helps you to keep your checkout process seamless to your customers while securely handling the collecting and transmitting of the credit card data for you.\u003C\u002Fp>\n\u003Ch4>At A Glance\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Saves you money by greatly reducing your PCI compliance burden\u003C\u002Fli>\n\u003Cli>Seamless checkout experience by using your existing website design\u003C\u002Fli>\n\u003Cli>Checkout page and all assets hosted securely behind SSL on our servers\u003C\u002Fli>\n\u003Cli>Completely automated, with no manual customizations needed in most cases\u003C\u002Fli>\n\u003Cli>Put simply, it provides the best hosted checkout page experience on the web\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Use the payment gateway you already have or get started with new one.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fwww.mijireh.com\u002Fdocs\u002Fpayment-gateways\u002F\" rel=\"nofollow ugc\">Over 90 gateways to choose from.\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Use Slurp Feature to customize the Checkout Page\u003C\u002Fh4>\n\u003Cdiv class=\"embed-vimeo\" style=\"text-align: center;\">\u003Ciframe loading=\"lazy\" src=\"https:\u002F\u002Fplayer.vimeo.com\u002Fvideo\u002F39440636\" width=\"750\" height=\"422\" frameborder=\"0\" webkitallowfullscreen mozallowfullscreen allowfullscreen>\u003C\u002Fiframe>\u003C\u002Fdiv>\n\u003Cp>You can also checkout our other plugins for WooCommerce, Jigoshop, Easy Digital Downloads and WP e-Commerce at http:\u002F\u002Fwww.patsatech.com\u003C\u002Fp>\n\u003Cp>Send us your ideas and feedback here: http:\u002F\u002Fwww.patsatech.com\u002Fcontact-us\u003C\u002Fp>\n\u003Ch3>FEATURES\u003C\u002Fh3>\n\u003Ch4>Why should you should use Mijireh Checkout?\u003C\u002Fh4>\n\u003Col>\n\u003Cli>No setup fees. \u003C\u002Fli>\n\u003Cli>No monthly fees.\u003C\u002Fli>\n\u003Cli>No contracts.\u003C\u002Fli>\n\u003Cli>Lowest cost.\u003C\u002Fli>\n\u003Cli>Lowest risk solution.\u003C\u002Fli>\n\u003Cli>Get started now for free.\u003C\u002Fli>\n\u003C\u002Fol>\n","Mijireh Checkout Plugin for accepting payments on with your Gravity Forms.",10,1751,"2014-10-16T06:13:00.000Z","4.0.38","3.5",[99,20,100,101,23],"credit-card","gravity-forms","mijireh-checkout","http:\u002F\u002Fwww.patsatech.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmijireh-checkout-for-gravity-forms.1.0.0.zip",85,{"slug":106,"name":107,"version":88,"author":89,"author_profile":90,"description":91,"short_description":108,"active_installs":93,"downloaded":109,"rating":13,"num_ratings":13,"last_updated":110,"tested_up_to":96,"requires_at_least":97,"requires_php":61,"tags":111,"homepage":102,"download_link":113,"security_score":104,"vuln_count":13,"unpatched_count":13,"last_vuln_date":36,"fetched_at":29},"mijireh-checkout-for-ninja-forms","Mijireh Checkout for Ninja Forms","Mijireh Checkout Plugin for accepting payments on with your Ninja Forms.",1503,"2014-10-16T06:10:00.000Z",[99,20,101,112,23],"ninja-forms","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmijireh-checkout-for-ninja-forms.1.0.0.zip",{"slug":115,"name":116,"version":117,"author":118,"author_profile":119,"description":120,"short_description":121,"active_installs":13,"downloaded":122,"rating":13,"num_ratings":13,"last_updated":123,"tested_up_to":124,"requires_at_least":125,"requires_php":17,"tags":126,"homepage":129,"download_link":130,"security_score":60,"vuln_count":13,"unpatched_count":13,"last_vuln_date":36,"fetched_at":29},"whalet-payment","Whalet Payment","1.1.2","whalet","https:\u002F\u002Fprofiles.wordpress.org\u002Fwhalet\u002F","\u003Cp>Whalet Payment is a comprehensive payment gateway plugin that provides secure and convenient online payment solutions for WordPress websites. Whether you’re running a simple blog with donation buttons or a full-featured WooCommerce store, Whalet makes it easy to accept payments from customers worldwide.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>🔒 \u003Cstrong>Secure Payment Processing\u003C\u002Fstrong>\u003Cbr \u002F>\n* PCI DSS compliant payment infrastructure\u003Cbr \u002F>\n* SSL encryption for all transactions\u003Cbr \u002F>\n* Secure webhook verification\u003Cbr \u002F>\n* No sensitive data stored on your server\u003C\u002Fp>\n\u003Cp>💳 \u003Cstrong>Multiple Payment Methods\u003C\u002Fstrong>\u003Cbr \u002F>\n* Visa, Mastercard support\u003Cbr \u002F>\n* Regional payment method variations\u003Cbr \u002F>\n* Mobile-optimized payment forms\u003Cbr \u002F>\n* One-click payment options\u003C\u002Fp>\n\u003Cp>🛒 \u003Cstrong>WooCommerce Integration\u003C\u002Fstrong>\u003Cbr \u002F>\n* Native WooCommerce payment gateway\u003Cbr \u002F>\n* Seamless checkout experience\u003Cbr \u002F>\n* Order management integration\u003Cbr \u002F>\n* Automatic status updates via webhooks\u003C\u002Fp>\n\u003Cp>⚡ \u003Cstrong>Flexible Implementation\u003C\u002Fstrong>\u003Cbr \u002F>\n* Shortcode support: \u003Ccode>[whalet_payment]\u003C\u002Fcode>\u003Cbr \u002F>\n* REST API endpoints for custom integrations\u003Cbr \u002F>\n* Extensive hooks and filters\u003Cbr \u002F>\n* Developer-friendly architecture\u003C\u002Fp>\n\u003Cp>🌍 \u003Cstrong>Multi-currency & Multi-language\u003C\u002Fstrong>\u003Cbr \u002F>\n* Support for multiple currencies\u003Cbr \u002F>\n* Translations: English, Chinese (Simplified\u002FTraditional), Japanese\u003Cbr \u002F>\n* Regional compliance features\u003Cbr \u002F>\n* Automatic currency conversion\u003C\u002Fp>\n\u003Cp>📊 \u003Cstrong>Advanced Features\u003C\u002Fstrong>\u003Cbr \u002F>\n* Real-time transaction monitoring\u003Cbr \u002F>\n* Comprehensive logging system\u003Cbr \u002F>\n* Full and partial refund processing\u003Cbr \u002F>\n* Test mode for development\u003Cbr \u002F>\n* Customizable payment forms\u003Cbr \u002F>\n* Webhook handling for real-time updates\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Perfect for:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>E-commerce stores using WooCommerce\u003C\u002Fli>\n\u003Cli>Membership sites requiring payment processing\u003C\u002Fli>\n\u003Cli>Donation and fundraising websites\u003C\u002Fli>\n\u003Cli>Service providers accepting online payments\u003C\u002Fli>\n\u003Cli>Any WordPress site needing secure payment functionality\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Security & Compliance:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>PCI DSS compliant payment processing\u003C\u002Fli>\n\u003Cli>SSL encryption for all transactions\u003C\u002Fli>\n\u003Cli>Secure webhook verification\u003C\u002Fli>\n\u003Cli>Regular security updates\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Additional Information\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Support:\u003C\u002Fstrong>\u003Cbr \u002F>\nFor technical support and documentation, visit https:\u002F\u002Fwww.whalet.com\u002Fsupport\u003C\u002Fp>\n\u003Cp>\u003Cstrong>API Documentation:\u003C\u002Fstrong>\u003Cbr \u002F>\nDeveloper documentation is available at https:\u002F\u002Fdocs.whalet.com\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Languages:\u003C\u002Fstrong>\u003Cbr \u002F>\nThe plugin is translation-ready and includes translations for:\u003Cbr \u002F>\n* English (default)\u003Cbr \u002F>\n* Chinese Simplified (zh_CN)\u003Cbr \u002F>\n* Chinese Traditional (zh_TW, zh_HK)\u003Cbr \u002F>\n* Japanese (ja)\u003C\u002Fp>\n\u003Cp>\u003Cstrong>System Requirements:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Minimum Requirements:\u003C\u002Fstrong>\u003Cbr \u002F>\n* WordPress: 5.0 or higher\u003Cbr \u002F>\n* PHP: 7.4 or higher (PHP 8.0+ recommended)\u003Cbr \u002F>\n* MySQL: 5.6 or higher (MySQL 8.0+ recommended)\u003Cbr \u002F>\n* WooCommerce: 5.0 or higher (if using e-commerce features)\u003Cbr \u002F>\n* SSL Certificate: Required for live payment processing\u003Cbr \u002F>\n* Memory Limit: 128MB or higher\u003Cbr \u002F>\n* Max Execution Time: 30 seconds or higher\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Recommended Environment:\u003C\u002Fstrong>\u003Cbr \u002F>\n* WordPress: 6.0 or higher\u003Cbr \u002F>\n* PHP: 8.1 or higher\u003Cbr \u002F>\n* MySQL: 8.0 or higher\u003Cbr \u002F>\n* WooCommerce: 7.0 or higher\u003Cbr \u002F>\n* Memory Limit: 256MB or higher\u003Cbr \u002F>\n* HTTPS: Required for production use\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Server Requirements:\u003C\u002Fstrong>\u003Cbr \u002F>\n* cURL support enabled\u003Cbr \u002F>\n* OpenSSL extension\u003Cbr \u002F>\n* JSON extension\u003Cbr \u002F>\n* mbstring extension\u003Cbr \u002F>\n* Modern web server (Apache 2.4+ or Nginx 1.18+)\u003C\u002Fp>\n","Secure and convenient online payment gateway for WordPress with WooCommerce integration and flexible payment solutions.",523,"2026-01-26T11:05:00.000Z","6.8.5","5.0",[99,20,127,23,128],"online-payment","woocommerce-checkout","https:\u002F\u002Fwww.whalet.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwhalet-payment.1.1.2.zip",{"attackSurface":132,"codeSignals":168,"taintFlows":176,"riskAssessment":177,"analyzedAt":189},{"hooks":133,"ajaxHandlers":164,"restRoutes":165,"shortcodes":166,"cronEvents":167,"entryPointCount":13,"unprotectedCount":13},[134,140,142,147,152,156,160],{"type":135,"name":136,"callback":137,"file":138,"line":139},"action","woocommerce_api_ipaymu_wc_gateway","check_ipaymu_response","gateway.php",81,{"type":135,"name":141,"callback":137,"file":138,"line":104},"woocommerce_api_wc_gateway_ipaymu",{"type":135,"name":143,"callback":144,"priority":13,"file":145,"line":146},"plugins_loaded","ipaymu_load_gateway","ipaymu.php",34,{"type":148,"name":149,"callback":150,"file":145,"line":151},"filter","woocommerce_payment_gateways","ipaymu_register_gateway",43,{"type":135,"name":153,"callback":154,"file":145,"line":155},"before_woocommerce_init","ipaymu_declare_cart_checkout_blocks_compatibility",55,{"type":135,"name":157,"callback":158,"file":145,"line":159},"woocommerce_blocks_payment_method_type_registration","closure",67,{"type":135,"name":161,"callback":162,"file":145,"line":163},"woocommerce_blocks_loaded","ipaymu_register_blocks_support",74,[],[],[],[],{"dangerousFunctions":169,"sqlUsage":170,"outputEscaping":172,"fileOperations":27,"externalRequests":27,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":175},[],{"prepared":13,"raw":13,"locations":171},[],{"escaped":173,"rawEcho":13,"locations":174},21,[],[],[],{"summary":178,"deductions":179},"The plugin 'ipaymu-for-woocommerce' v2.0.3 demonstrates a generally strong security posture based on the static analysis. It exhibits no detectable dangerous functions, utilizes prepared statements exclusively for its SQL queries, and all identified output is properly escaped.  Furthermore, the absence of identified taint flows with unsanitized paths, critical or high severity, is a positive indicator.  However, the plugin's vulnerability history reveals one previously known high-severity vulnerability related to missing authorization, and notably, it has a last vulnerability date in the future, which is an anomaly requiring further investigation.  The lack of nonce and capability checks on its entry points is a significant concern, as it implies that all AJAX handlers, REST API routes, shortcodes, and cron events are potentially accessible without proper authorization verification, creating a substantial attack surface that is currently unprotected. While the code itself appears to follow good practices for SQL and output handling, the absence of authorization checks on entry points and the peculiar vulnerability history suggest potential weaknesses that could be exploited if not addressed.",[180,183,185,187],{"reason":181,"points":182},"Missing capability checks on entry points",15,{"reason":184,"points":182},"Missing nonce checks on entry points",{"reason":186,"points":182},"One known high severity vulnerability (unpatched status unclear)",{"reason":188,"points":93},"Future vulnerability date is anomalous","2026-03-16T22:10:41.441Z",{"wat":191,"direct":196},{"assetPaths":192,"generatorPatterns":193,"scriptPaths":194,"versionParams":195},[],[],[],[],{"cssClasses":197,"htmlComments":198,"htmlAttributes":199,"restEndpoints":200,"jsGlobals":201,"shortcodeOutput":202},[],[],[],[],[],[]]