Does iwocaPay Payment Gateway have any unpatched vulnerabilities?

No. All known vulnerabilities in iwocaPay Payment Gateway have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is iwocaPay Payment Gateway compatible with WordPress 6.8.5?

According to WordPress.org data, iwocaPay Payment Gateway 1.3.2 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is iwocaPay Payment Gateway updated?

iwocaPay Payment Gateway was last updated on Nov 25, 2025. Frequent updates are generally a positive security signal.

What is iwocaPay Payment Gateway's security score?

iwocaPay Payment Gateway has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

iwocaPay Payment Gateway Security & Risk Analysis

wordpress.org/plugins/iwocapay-payment-gateway

Add iwocaPay as a payment option to your WooCommerce checkout flow.

100 active installs v1.3.2 PHP + WP + Updated Nov 25, 2025

bnplpayment-requestwoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is iwocaPay Payment Gateway Safe to Use in 2026?

Generally Safe

Score 100/100

iwocaPay Payment Gateway has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago

Risk Assessment

The 'iwocapay-payment-gateway' plugin, version 1.3.2, exhibits a concerning security posture despite a clean vulnerability history. The static analysis reveals a significant attack surface consisting of four AJAX handlers, all of which lack authentication checks. This means any unauthenticated user could potentially trigger these handlers, leading to an exposure of sensitive functionality. The taint analysis further highlights this risk, with four flows analyzed, all involving unsanitized paths, although they are not classified as critical or high severity. This suggests a potential for issues if these paths are exploited, even if not immediately critical. The plugin also demonstrates poor output escaping practices, with only 19% of outputs properly escaped, increasing the risk of cross-site scripting (XSS) vulnerabilities. While the absence of known CVEs and dangerous functions is positive, the lack of nonces and capability checks on critical entry points, combined with the unsanitized taint flows, points to a need for immediate attention to secure these functions.

Key Concerns

AJAX handlers without auth checks
Flows with unsanitized paths
Low output escaping rate
No nonce checks on AJAX handlers
No capability checks on entry points

Vulnerabilities

None known

iwocaPay Payment Gateway Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

iwocaPay Payment Gateway Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

3 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

19% escaped16 total outputs

Data Flows

4 unsanitized

Data Flow Analysis

4 flows4 with unsanitized paths

iwoca_init_gateway_class (woocommerce-gateway-iwocapay.php:16)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

4 unprotected

iwocaPay Payment Gateway Attack Surface

Entry Points4

Unprotected4

AJAX Handlers 4

noprivwp_ajax_get_iwocapay_order_statusincludes\popup-journey\popup-journey.php:7

authwp_ajax_get_iwocapay_order_statusincludes\popup-journey\popup-journey.php:8

noprivwp_ajax_get_monthly_instalmentswoocommerce-gateway-iwocapay.php:481

authwp_ajax_get_monthly_instalmentswoocommerce-gateway-iwocapay.php:482

WordPress Hooks 15

actionwp_enqueue_scriptsincludes\popup-journey\popup-journey.php:4

actionplugins_loadedwoocommerce-gateway-iwocapay.php:15

actionwoocommerce_api_iwocapaywoocommerce-gateway-iwocapay.php:59

filterwoocommerce_payment_gatewayswoocommerce-gateway-iwocapay.php:336

filterwoocommerce_available_payment_gatewayswoocommerce-gateway-iwocapay.php:364

actionwoocommerce_blocks_loadedwoocommerce-gateway-iwocapay.php:369

actionwoocommerce_blocks_payment_method_type_registrationwoocommerce-gateway-iwocapay.php:373

actionwoocommerce_single_product_summarywoocommerce-gateway-iwocapay.php:381

actionwoocommerce_after_shop_loop_item_titlewoocommerce-gateway-iwocapay.php:394

actionwoocommerce_after_checkout_validationwoocommerce-gateway-iwocapay.php:410

actionwp_enqueue_scriptswoocommerce-gateway-iwocapay.php:441

filterblock_categories_allwoocommerce-gateway-iwocapay.php:448

actioninitwoocommerce-gateway-iwocapay.php:467

actioninitwoocommerce-gateway-iwocapay.php:473

actioninitwoocommerce-gateway-iwocapay.php:479

Maintenance & Trust

iwocaPay Payment Gateway Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedNov 25, 2025

PHP min version

Downloads7K

Community Trust

Rating0/100

Number of ratings0

Active installs100

Alternatives

iwocaPay Payment Gateway Alternatives

WooCommerce Payfast Gateway

woocommerce-payfast-gateway

100

Give customers more flexibility and increase your bottom line with Payfast — one of South Africa’s most popular payment gateways.

30K No CVEs

Clover Payments for WooCommerce

clover-payments-for-woocommerce

100

The Clover Payments plugin enables merchants that use WooCommerce to process online card payments using Clover.

3K No CVEs

Eway Payments for Woo

woocommerce-gateway-eway

100

This is the official WooCommerce extension to take credit card and subscription payments directly on your store with Eway.

3K 1 CVE

Alma – Pay in installments or later for WooCommerce

alma-gateway-for-woocommerce

100

This plugin adds a new payment method to WooCommerce, which allows you to offer monthly payments to your customer using Alma.

1K 1 CVE

Peach Payments Gateway

wc-peach-payments-gateway

A payment gateway integration between WooCommerce and Peach Payments.

1K 2 CVEs

Developer Profile

iwocaPay Payment Gateway Developer Profile

iwocapay

1 plugin · 100 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect iwocaPay Payment Gateway

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/iwocapay-payment-gateway/iwp-logo-small.svg

HTML / DOM Fingerprints

Data Attributes

data-iwocapay-payment-modesdata-iwocapay-seller-iddata-iwocapay-api-keydata-iwocapay-test-modedata-iwocapay-base-urldata-iwocapay-popup-enabled+3 more

JS Globals

iwocapay_payment_gateway_params

REST Endpoints

/wp-json/iwocapay/v1/payment/request

FAQ