Does KKiapay WooCommerce Plugin have any unpatched vulnerabilities?

No. All known vulnerabilities in KKiapay WooCommerce Plugin have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is KKiapay WooCommerce Plugin compatible with WordPress 6.4.8?

According to WordPress.org data, KKiapay WooCommerce Plugin 2.4.7 has been tested up to WordPress 6.4.8. Check the plugin's changelog for the latest compatibility information.

Is KKiapay WooCommerce Plugin compatible with PHP 7.4+?

KKiapay WooCommerce Plugin requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is KKiapay WooCommerce Plugin updated?

KKiapay WooCommerce Plugin was last updated on Jun 24, 2024. Frequent updates are generally a positive security signal.

What is KKiapay WooCommerce Plugin's security score?

KKiapay WooCommerce Plugin has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

KKiapay WooCommerce Plugin Security & Risk Analysis

wordpress.org/plugins/kkiapay-woocommerce

Accept Mobile money, direct bank and credit card payments with KKiapay

500 active installs v2.4.7 PHP 7.4+ WP 6.0+ Updated Jun 24, 2024

africa-paymentcredit-cardmobile-moneyonline-paymentswift-payment

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is KKiapay WooCommerce Plugin Safe to Use in 2026?

Generally Safe

Score 92/100

KKiapay WooCommerce Plugin has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The kkiapay-woocommerce plugin version 2.4.7 exhibits a generally good security posture, with no recorded vulnerabilities and a strong adherence to secure coding practices in several areas. Notably, the absence of any known CVEs and a complete lack of critical or high-severity vulnerabilities in its history are positive indicators. The code analysis also shows a commendable absence of dangerous functions and that all SQL queries utilize prepared statements, which significantly mitigates SQL injection risks. However, concerns arise from the output escaping, with only 17% of outputs being properly escaped, leaving room for potential cross-site scripting (XSS) vulnerabilities if user-supplied data is rendered without proper sanitization.

Further analysis reveals two taint flows with unsanitized paths. While these are not classified as critical or high severity, they represent potential weaknesses where an attacker might be able to inject malicious code or manipulate program flow. The presence of file operations and external HTTP requests without explicit capability or nonce checks on these entry points, though the attack surface is reported as zero, suggests a lack of defense-in-depth. The absence of any nonce checks and capability checks across the plugin's code is a significant concern, as it indicates a reliance on WordPress's default authentication and authorization, which may not be sufficient for all contexts.

In conclusion, while the plugin benefits from a clean vulnerability history and secure database practices, the low percentage of properly escaped output and the presence of unsanitized taint flows, coupled with a complete lack of nonce and capability checks, introduce notable risks. These weaknesses could be exploited to perform XSS attacks or potentially more severe actions if the unsanitized paths can be triggered. The plugin's strengths lie in its database security and lack of historical vulnerabilities, but its weaknesses in output sanitization and access control mechanisms require attention.

Key Concerns

Unsanitized taint flows detected
Low percentage of properly escaped output
No nonce checks implemented
No capability checks implemented
File operation without clear access control
External HTTP requests without clear access control

Vulnerabilities

None known

KKiapay WooCommerce Plugin Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

KKiapay WooCommerce Plugin Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

1 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

17% escaped6 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

on_kkiapay_back (includes\class-wc-kkiapay-gateway.php:304)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

KKiapay WooCommerce Plugin Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 11

actionwoocommerce_rest_checkout_process_payment_with_contextincludes\class-wc-kkiapay-gateway-blocks-support.php:24

actionwc_gateway_kkiapay_woocommerce_plugin_process_payment_errorincludes\class-wc-kkiapay-gateway-blocks-support.php:100

actionadmin_noticesincludes\class-wc-kkiapay-gateway.php:114

actionwoocommerce_api_wc_kkiapay_gatewayincludes\class-wc-kkiapay-gateway.php:118

actionwoocommerce_api_wc_kkiapay_gateway_webhookincludes\class-wc-kkiapay-gateway.php:121

filterwoocommerce_payment_gatewayskkiapay-woocommerce-plugin.php:35

actionplugins_loadedkkiapay-woocommerce-plugin.php:46

actionplugins_loadedkkiapay-woocommerce-plugin.php:71

actionbefore_woocommerce_initkkiapay-woocommerce-plugin.php:76

actionwoocommerce_blocks_payment_method_type_registrationkkiapay-woocommerce-plugin.php:102

actionwoocommerce_blocks_loadedkkiapay-woocommerce-plugin.php:110

Maintenance & Trust

KKiapay WooCommerce Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested6.4.8

Last updatedJun 24, 2024

PHP min version7.4

Downloads22K

Community Trust

Rating100/100

Number of ratings2

Active installs500

Alternatives

KKiapay WooCommerce Plugin Alternatives

FeexPay

feexpay

A secure plugin to accept Mobile Money and Credit Card payments.

100 No CVEs

FedaPay Gateway for WooCommerce

woo-gateway-fedapay

Take credit card and mobile money payments on your store using FedaPay.

900 No CVEs

Paystation Payment Gateway for woocommerce

paystation-woocommerce-payment-gateway

100

Take credit card payments on your store via Paystation.

100 No CVEs

Easypay Mobile Money

easypay-mobile-money

Allow mobile money (MTN,Airtel,M-Sente & Africell Money), Visa & Mastercard payments within your woocommerce stores and wordpress.

80 No CVEs

Pay Advantage

pay-advantage

Instantly accept Visa, Mastercard and American Express from your site with fast settlement to any Australian bank account.

40 No CVEs

Developer Profile

KKiapay WooCommerce Plugin Developer Profile

shadaiali

1 plugin · 500 total installs

trust score

Avg Security Score

92/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect KKiapay WooCommerce Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/kkiapay-woocommerce/assets/css/style.css

Version Parameters

kkiapay-woocommerce/assets/css/style.css?ver=

HTML / DOM Fingerprints

CSS Classes

kkiapay-payment-method

REST Endpoints

/wp-json/wc-kkiapay-gateway/v1/payment/wp-json/wc-kkiapay-gateway/v1/webhook

FAQ