Does iPOSpays Gateways WC have any unpatched vulnerabilities?

No. All known vulnerabilities in iPOSpays Gateways WC have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is iPOSpays Gateways WC compatible with WordPress 6.8.5?

According to WordPress.org data, iPOSpays Gateways WC 1.3.7 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is iPOSpays Gateways WC compatible with PHP 7.4+?

iPOSpays Gateways WC requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is iPOSpays Gateways WC updated?

iPOSpays Gateways WC was last updated on Dec 12, 2025. Frequent updates are generally a positive security signal.

What is iPOSpays Gateways WC's security score?

iPOSpays Gateways WC has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

iPOSpays Gateways WC Security & Risk Analysis

wordpress.org/plugins/ipospays-gateways-wc

Accept all major credit cards, Bank, and alternative payment methods like Google Pay, PayPal, and Venmo.

100 active installs v1.3.7 PHP 7.4+ WP 6.4+ Updated Dec 12, 2025

credit-cardgoogle-paypayment-gatewaypaypalwoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is iPOSpays Gateways WC Safe to Use in 2026?

Generally Safe

Score 100/100

iPOSpays Gateways WC has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago

Risk Assessment

The 'ipospays-gateways-wc' plugin exhibits a concerning security posture primarily due to a significant number of unprotected entry points. While the static analysis shows no dangerous functions, a lack of raw SQL queries, and a high percentage of properly escaped output, the absence of authentication checks on all AJAX handlers and REST API routes presents a substantial risk. This means that any unauthenticated user could potentially interact with these functions, leading to unauthorized actions or information disclosure.

The plugin's vulnerability history is clean, with no recorded CVEs. This is a positive indicator, suggesting a lack of publicly known exploitable flaws. However, the presence of multiple unsecured AJAX and REST API endpoints creates a large attack surface that could be exploited by a motivated attacker, even without specific known vulnerabilities. The plugin does implement nonce checks on its AJAX handlers and a capability check on one entry point, which are good practices, but these are insufficient when the majority of endpoints lack any form of authorization.

In conclusion, while the plugin does not demonstrate common code-level vulnerabilities like dangerous functions or unescaped output, its lack of authorization on a large number of its entry points is a critical weakness. The absence of past vulnerabilities is positive, but it does not mitigate the immediate risks posed by the current code's insecure design for handling user input through its API and AJAX endpoints.

Key Concerns

AJAX handlers without auth checks
REST API routes without permission callbacks
Large attack surface without auth (16 total)

Vulnerabilities

None known

iPOSpays Gateways WC Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

iPOSpays Gateways WC Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

437 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

97% escaped451 total outputs

Data Flows

All sanitized

Data Flow Analysis

3 flows

<applepay-settings> (includes\admin\applepay-settings.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

16 unprotected

iPOSpays Gateways WC Attack Surface

Entry Points16

Unprotected16

AJAX Handlers 6

authwp_ajax_ipospays_gpay_processincludes\express-checkout\class-ipospays-gpay-btn.php:29

noprivwp_ajax_ipospays_gpay_processincludes\express-checkout\class-ipospays-gpay-btn.php:30

authwp_ajax_ipospays_applepay_processincludes\express-checkout\class-ipospays-gpay-btn.php:31

noprivwp_ajax_ipospays_applepay_processincludes\express-checkout\class-ipospays-gpay-btn.php:32

authwp_ajax_ipospays_clear_noticesipospays-gateways-wc.php:986

noprivwp_ajax_ipospays_clear_noticesipospays-gateways-wc.php:987

REST API Routes 10

POST/wp-json/ipospays/v1/store_ach_dataincludes\payment-methods\class-ach-gateway.php:92

GET/wp-json/ipospays/v1/loadingincludes\payment-methods\class-ftd-redirect-gateway.php:207

GET/wp-json/ipospays/v1/refund/webhookincludes\payment-methods\class-ftd-redirect-gateway.php:213

GET/wp-json/ipospays/v1/payment_token_idincludes\payment-methods\class-ftd-redirect-gateway.php:220

GET/wp-json/ipospays/v1get_session_idincludes\payment-methods\class-ftd-redirect-gateway.php:227

GET/wp-json/ipospays/v1/google_payment_tokenincludes\payment-methods\class-ftd-redirect-gateway.php:234

GET/wp-json/ipospays/v1/apple_payment_tokenincludes\payment-methods\class-ftd-redirect-gateway.php:241

GET/wp-json/ipospays/v1/loggerincludes\payment-methods\class-ftd-redirect-gateway.php:247

GET/wp-json/ipospays/v1/save_settingsincludes\payment-methods\class-ftd-redirect-gateway.php:253

GET/wp-json/ipospays/v1/delete_keysincludes\payment-methods\class-ftd-redirect-gateway.php:259

WordPress Hooks 27

actionwp_enqueue_scriptsincludes\express-checkout\class-ipospays-gpay-btn.php:27

actionwp_footerincludes\express-checkout\class-ipospays-gpay-btn.php:28

actionrest_api_initincludes\payment-methods\class-ach-gateway.php:51

actionrest_api_initincludes\payment-methods\class-ftd-redirect-gateway.php:64

actionwoocommerce_pay_order_before_paymentincludes\payment-methods\class-ftd-redirect-gateway.php:66

actionwoocommerce_after_add_to_cart_formincludes\payment-methods\class-ftd-redirect-gateway.php:67

actionwp_footerincludes\payment-methods\class-ftd-redirect-gateway.php:118

actionwp_footerincludes\payment-methods\class-ftd-redirect-gateway.php:143

filterplugin_row_metaipospays-gateways-wc.php:37

actionwp_enqueue_scriptsipospays-gateways-wc.php:53

actionadmin_enqueue_scriptsipospays-gateways-wc.php:138

actionadmin_enqueue_scriptsipospays-gateways-wc.php:141

filteradmin_urlipospays-gateways-wc.php:176

actionadmin_initipospays-gateways-wc.php:201

actionadmin_noticesipospays-gateways-wc.php:203

actionplugins_loadedipospays-gateways-wc.php:300

filterwoocommerce_payment_gatewaysipospays-gateways-wc.php:468

actionbefore_woocommerce_initipospays-gateways-wc.php:488

actionwoocommerce_blocks_loadedipospays-gateways-wc.php:492

actionwoocommerce_blocks_payment_method_type_registrationipospays-gateways-wc.php:506

actionwoocommerce_admin_order_totals_after_discountipospays-gateways-wc.php:516

filterwoocommerce_get_order_item_totalsipospays-gateways-wc.php:570

actionadmin_noticesipospays-gateways-wc.php:657

actionadmin_headipospays-gateways-wc.php:714

filterwoocommerce_get_settings_checkoutipospays-gateways-wc.php:753

actionplugins_loadedipospays-gateways-wc.php:902

actionwp_footerpayment-forms\credit-card.php:685

Maintenance & Trust

iPOSpays Gateways WC Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedDec 12, 2025

PHP min version7.4

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs100

Alternatives

iPOSpays Gateways WC Alternatives

Sola Payment Gateway for WooCommerce

woo-cardknox-gateway

100

Accept payments with the Sola gateway.

700 No CVEs

AllPays.co – Payment Gateway for WooCommerce

allpaysco-payment-gateway-for-woocommerce

100

Accept credit/debit cards, Apple Pay, Google Pay, Venmo and more with no registration. Fast and secure payments through traditional payment methods.

0 No CVEs

WooPayments: Integrated WooCommerce Payments

woocommerce-payments

Securely accept credit and debit cards on your WooCommerce store. Manage payments without leaving your WordPress dashboard. Only with WooPayments.

900K 6 CVEs

WooCommerce PayPal Payments

woocommerce-paypal-payments

100

PayPal's latest payment processing solution. Accept PayPal, Pay Later, credit/debit cards, alternative digital wallets and bank accounts.

800K 1 CVE

Asaas Gateway for WooCommerce

woo-asaas

100

Take transparent credit card and bank ticket payment checkouts on your store using Asaas.

9K No CVEs

Developer Profile

iPOSpays Gateways WC Developer Profile

iPOSPays

1 plugin · 100 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect iPOSpays Gateways WC

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/ipospays-gateways-wc/assets/js/custom-checkout.js/wp-content/plugins/ipospays-gateways-wc/assets/js/nonce-verify.js/wp-content/plugins/ipospays-gateways-wc/assets/css/setting.css/wp-content/plugins/ipospays-gateways-wc/assets/js/setting.js/wp-content/plugins/ipospays-gateways-wc/assets/js/gpay.js/wp-content/plugins/ipospays-gateways-wc/assets/js/applepay.js

Script Paths

/wp-content/plugins/ipospays-gateways-wc/assets/js/custom-checkout.js/wp-content/plugins/ipospays-gateways-wc/assets/js/nonce-verify.js/wp-content/plugins/ipospays-gateways-wc/assets/js/setting.js/wp-content/plugins/ipospays-gateways-wc/assets/js/gpay.js/wp-content/plugins/ipospays-gateways-wc/assets/js/applepay.js

Version Parameters

ipospays-gateways-wc/assets/js/custom-checkout.js?ver=1.3.7ipospays-gateways-wc/assets/js/nonce-verify.js?ver=1.3.7ipospays-gateways-wc/assets/css/setting.css?ver=1.3.7ipospays-gateways-wc/assets/js/setting.js?ver=1.3.7ipospays-gateways-wc/assets/js/gpay.js?ver=1.3.7ipospays-gateways-wc/assets/js/applepay.js?ver=1.3.7

HTML / DOM Fingerprints

JS Globals

wpVarsipospayData

FAQ