WP-Safety

Kopo Kopo for WooCommerce Security & Risk Analysis

wordpress.org/plugins/kopo-kopo-for-woocommerce

Enable instant, secure Lipa na M-PESA payments on your WooCommerce shop and make checkout simple for your customers.

10 active installs v1.0.2 PHP 7.4+ WP 6.2+ Updated Mar 11, 2026
ecommercekopo-kopolipa-na-mpesapayment-gatewaypayments
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Kopo Kopo for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Kopo Kopo for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 23d ago
Risk Assessment

The "kopo-kopo-for-woocommerce" plugin v1.0.2 exhibits a generally strong security posture based on the provided static analysis. The absence of dangerous functions, reliance on prepared statements for all SQL queries, and proper output escaping are significant strengths. Furthermore, the plugin demonstrates a clean vulnerability history with no recorded CVEs, suggesting a history of secure development or diligent patching.

However, there are notable areas for improvement. The complete lack of nonce checks across all entry points, including AJAX handlers and REST API routes, represents a significant security concern. While the analysis indicates no unprotected entry points, the absence of nonces means that these endpoints are potentially vulnerable to Cross-Site Request Forgery (CSRF) attacks. The presence of the Guzzle library as a bundled dependency also warrants attention, as outdated or vulnerable versions of bundled libraries can introduce unforeseen risks if not managed meticulously.

In conclusion, while the plugin avoids common pitfalls like raw SQL queries and unescaped output, the critical omission of nonce checks exposes it to a specific class of attacks. The vulnerability history is positive, but the static analysis reveals a tangible risk that should be addressed to improve the overall security of the plugin.

Key Concerns

  • Missing nonce checks on entry points
  • Bundled library (Guzzle) may be outdated
Vulnerabilities
None known

Kopo Kopo for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Kopo Kopo for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
4 prepared
Unescaped Output
0
45 escaped
Nonce Checks
0
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
1

Bundled Libraries

Guzzle

SQL Query Safety

100% prepared4 total queries

Output Escaping

100% escaped45 total outputs
Attack Surface

Kopo Kopo for WooCommerce Attack Surface

Entry Points10
Unprotected0

REST API Routes 10

POST/wp-json/kkwoo/v1/force-refresh-access-tokenincludes\kkwoo-authorization-rest-api.php:20
POST/wp-json/kkwoo/v1/save-manual-payment-detailsincludes\kkwoo-manual-payments-rest-api.php:28
GET/wp-json/kkwoo/v1/selected-manual-payment-method/(?P<order_key>.+)includes\kkwoo-manual-payments-rest-api.php:38
POST/wp-json/kkwoo/v1/stk-pushincludes\kkwoo-rest-api.php:17
POST/wp-json/kkwoo/v1/stk-push-callbackincludes\kkwoo-rest-api.php:27
GET/wp-json/kkwoo/v1/payment-statusincludes\kkwoo-rest-api.php:37
GET/wp-json/kkwoo/v1/query-incoming-payment-statusincludes\kkwoo-rest-api.php:47
POST/wp-json/kkwoo/v1/create-webhook-subscriptionsincludes\kkwoo-webhooks-rest-api.php:29
POST/wp-json/kkwoo/v1/buygoods-transaction-receivedincludes\kkwoo-webhooks-rest-api.php:41
POST/wp-json/kkwoo/v1/b2b-transaction-receivedincludes\kkwoo-webhooks-rest-api.php:51
WordPress Hooks 28
filterwoocommerce_order_actionsincludes\class-kkwoo-check-payment-status.php:34
actionwoocommerce_order_action_check_payment_status_actionincludes\class-kkwoo-check-payment-status.php:35
actionwoocommerce_order_details_before_order_tableincludes\class-kkwoo-check-payment-status.php:36
actionadmin_noticesincludes\class-kkwoo-check-payment-status.php:37
filteris_protected_metaincludes\class-kkwoo-check-payment-status.php:38
actionadmin_noticesincludes\class-kkwoo-payment-gateway.php:239
actionadmin_noticesincludes\class-kkwoo-payment-gateway.php:240
actionadmin_noticesincludes\class-kkwoo-payment-gateway.php:241
actionwoocommerce_after_settings_checkoutincludes\class-kkwoo-payment-gateway.php:243
actionadmin_enqueue_scriptsincludes\class-kkwoo-payment-gateway.php:245
actioninitincludes\class-kkwoo-payment-page.php:22
filterquery_varsincludes\class-kkwoo-payment-page.php:23
actionrest_api_initincludes\kkwoo-authorization-rest-api.php:17
actionrest_api_initincludes\kkwoo-manual-payments-rest-api.php:25
actionrest_api_initincludes\kkwoo-rest-api.php:14
actionrest_api_initincludes\kkwoo-webhooks-rest-api.php:26
actionplugins_loadedkopo-kopo-for-woocommerce.php:83
filterwoocommerce_payment_gatewayskopo-kopo-for-woocommerce.php:99
actionwoocommerce_checkout_initkopo-kopo-for-woocommerce.php:111
actionwoocommerce_view_orderkopo-kopo-for-woocommerce.php:112
actionbefore_woocommerce_initkopo-kopo-for-woocommerce.php:129
filterwoocommerce_currency_symbolkopo-kopo-for-woocommerce.php:148
actionwoocommerce_initkopo-kopo-for-woocommerce.php:166
actionwoocommerce_blocks_loadedkopo-kopo-for-woocommerce.php:177
actionwoocommerce_blocks_payment_method_type_registrationkopo-kopo-for-woocommerce.php:205
actionwoocommerce_blocks_checkout_block_registrationkopo-kopo-for-woocommerce.php:215
actionwp_enqueue_scriptskopo-kopo-for-woocommerce.php:224
actiontemplate_redirectkopo-kopo-for-woocommerce.php:295
Maintenance & Trust

Kopo Kopo for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 11, 2026
PHP min version7.4
Downloads251

Community Trust

Rating100/100
Number of ratings1
Active installs10
Alternatives

Kopo Kopo for WooCommerce Alternatives

SumUp Payment Gateway For WooCommerce

SumUp Payment Gateway For WooCommerce

sumup-payment-gateway-for-woocommerce

A
99

The SumUp plugin for WooCommerce allows businesses to securely process payments online. Accept payments from customers using a range of payment method &hellip;

10K 1 CVE
MONEI Payments for WooCommerce

MONEI Payments for WooCommerce

monei

A
100

Accept Card, Apple Pay, Google Pay, Bizum, PayPal and many more payment methods in your WooCommerce store using MONEI payment gateway.

400 No CVEs
Paystation Payment Gateway for woocommerce

Paystation Payment Gateway for woocommerce

paystation-woocommerce-payment-gateway

A
100

Take credit card payments on your store via Paystation.

100 No CVEs
Ecart Pay

Ecart Pay

ecart-pay

A
100

Ecart Pay allows online merchants to quickly and securely accept payments through WooCommerce. With multiple payment options, this plugin is easy to s &hellip;

80 No CVEs
kevin. Payment Gateway for WooCommerce

kevin. Payment Gateway for WooCommerce

e-commerce-payment-gateway-kevin

A
100

kevin. Payment Gateway plugin for WooCommerce. Let your customers make fast, simple and secure payments directly from their bank accounts across Europ &hellip;

30 No CVEs
Developer Profile

Kopo Kopo for WooCommerce Developer Profile

kopokopoinc

1 plugin · 10 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Kopo Kopo for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/kopo-kopo-for-woocommerce/assets/js/kkwoo-classic-checkout-handler.js/wp-content/plugins/kopo-kopo-for-woocommerce/assets/css/kkwoo-style.css
Script Paths
https://fonts.googleapis.com/css2?family=Poppins:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap
Version Parameters
kkwoo-classic-checkout-handler.js?ver=kkwoo-style.css?ver=

HTML / DOM Fingerprints

JS Globals
KKWOO_PLUGIN_VERSIONKKWOO_ASSET_VERSIONKKWOO_SANDBOX_URLKKWOO_PRODUCTION_URLKKWOO_PLUGIN_PATHKKWOO_PLUGIN_URL+1 more
REST Endpoints
/wp-json/kkwoo/v1/authorization/wp-json/kkwoo/v1/webhook/wp-json/kkwoo/v1/manual-payments
FAQ

Frequently Asked Questions about Kopo Kopo for WooCommerce