Does Mollie Payments for WooCommerce have any unpatched vulnerabilities?

No. All known vulnerabilities in Mollie Payments for WooCommerce have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Mollie Payments for WooCommerce compatible with WordPress 6.9.4?

According to WordPress.org data, Mollie Payments for WooCommerce 8.1.4 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Mollie Payments for WooCommerce compatible with PHP 7.4+?

Mollie Payments for WooCommerce requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Mollie Payments for WooCommerce updated?

Mollie Payments for WooCommerce was last updated on Mar 9, 2026. Frequent updates are generally a positive security signal.

What is Mollie Payments for WooCommerce's security score?

Mollie Payments for WooCommerce has a WP-Safety security score of 93/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Mollie Payments for WooCommerce Security & Risk Analysis

wordpress.org/plugins/mollie-payments-for-woocommerce

Accept all major payment methods in WooCommerce today. Credit cards, iDEAL and more! Fast, safe and intuitive.

100K active installs v8.1.4 PHP 7.4+ WP 5.0+ Updated Mar 9, 2026

credit-cardecommercemolliepaymentswoocommerce

A · Safe

CVEs total4

Unpatched0

Last CVEFeb 11, 2026

Plugin page Download

Safety Verdict

Is Mollie Payments for WooCommerce Safe to Use in 2026?

Generally Safe

Score 93/100

Mollie Payments for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

4 known CVEsLast CVE: Feb 11, 2026Updated 25d ago

Risk Assessment

The "mollie-payments-for-woocommerce" plugin version 8.1.4 presents a mixed security posture. While it demonstrates good practices like 100% prepared SQL statements and 95% proper output escaping, several concerning areas remain. The static analysis reveals a significant attack surface with 4 AJAX handlers, two of which lack authentication checks. This directly exposes potential vulnerabilities to unauthorized users. The presence of 41 dangerous functions, including 'assert' and 'unserialize', also raises concerns, as these can be misused if input is not strictly validated. The vulnerability history, despite having no currently unpatched CVEs, shows a pattern of past issues including Cross-site Scripting, Authorization Bypass, Information Exposure, and Unrestricted File Uploads. This indicates a recurring need for diligent security patching and suggests that developers may have struggled with sanitizing certain types of input or properly implementing authorization mechanisms in the past. The last reported vulnerability date (2026-02-11) is in the future, which is an anomaly and should be investigated, but assuming it's a typo and refers to past events, the historical trend is concerning.

In conclusion, the plugin has strengths in its data handling (SQL, output escaping), but weaknesses in its attack surface management (unprotected AJAX) and the historical presence of various vulnerability types indicate a need for ongoing vigilance. The lack of reported critical vulnerabilities and unpatched CVEs is positive, but the static analysis findings and historical pattern warrant careful consideration.

Key Concerns

AJAX handlers without auth checks
Presence of dangerous functions (assert, unserialize)
Historically significant vulnerability types
Bundled library (Guzzle)

Vulnerabilities

Mollie Payments for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

1 CVE in 2024

2024

1 CVE in 2025

2025

1 CVE in 2026

2026

Patched Has unpatched

Severity Breakdown

High

Medium

4 total CVEs

CVE-2025-68501medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Mollie Payments for WooCommerce <= 8.1.1 - Reflected Cross-Site Scripting

Feb 11, 2026 Patched in 8.1.2 (6d)

CVE-2025-39362medium · 5.3Authorization Bypass Through User-Controlled Key

Mollie Payments for WooCommerce <= 8.0.2 - Unauthenticated Insecure Direct Object Reference

Jun 26, 2025 Patched in 8.0.3 (13d)

CVE-2024-6448medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

Mollie Payments for WooCommerce <= 7.7.0 - Unauthenticated Full Path Disclosure

Aug 27, 2024 Patched in 7.8.0 (1d)

CVE-2023-6090high · 7.2Unrestricted Upload of File with Dangerous Type

Mollie Payments for WooCommerce <= 7.3.11 - Authenticated (Shop Manager+) Arbitrary File Upload

Nov 27, 2023 Patched in 7.3.12 (57d)

Code Analysis

Analyzed Mar 16, 2026

Mollie Payments for WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

226 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

assertassert($constraint instanceof ConstraintInterface);pluginEnvironmentChecker\EnvironmentChecker.php:31

assertassert($componentDataService instanceof ComponentDataService);src\Assets\AssetsModule.php:300

assertassert($logger instanceof Logger);src\Gateway\DeprecatedGatewayBuilder.php:25

assertassert($notice instanceof FrontendNotice);src\Gateway\DeprecatedGatewayBuilder.php:27

assertassert($mollieOrderService instanceof MollieOrderService);src\Gateway\DeprecatedGatewayBuilder.php:29

assertassert($HttpResponseService instanceof HttpResponse);src\Gateway\DeprecatedGatewayBuilder.php:31

assertassert($settingsHelper instanceof Settings);src\Gateway\DeprecatedGatewayBuilder.php:33

assertassert($apiHelper instanceof Api);src\Gateway\DeprecatedGatewayBuilder.php:35

assertassert($data instanceof Data);src\Gateway\DeprecatedGatewayBuilder.php:38

assertassert($mollieObject instanceof MollieObject);src\Gateway\DeprecatedGatewayBuilder.php:41

assertassert($paymentFactory instanceof PaymentFactory);src\Gateway\DeprecatedGatewayBuilder.php:43

assertassert($gateway instanceof \Mollie\Inpsyde\PaymentGateway\PaymentGateway);src\Gateway\GatewayModule.php:74

assertassert($surchargeService instanceof \Mollie\WooCommerce\Gateway\Surcharge);src\Gateway\GatewayModule.php:107

assertassert($dataService instanceof Data);src\Gateway\GatewayModule.php:112

assertassert($paymentMethod instanceof PaymentMethodI);src\Gateway\GatewayModule.php:139

assertassert($cart_fee instanceof WC_Order_Item_Fee);src\Payment\PaymentLines.php:163

assertassert($this->httpResponse instanceof HttpResponse);src\Payment\PaymentModule.php:61

assertassert($this->logger instanceof Logger);src\Payment\PaymentModule.php:63

assertassert($this->apiHelper instanceof Api);src\Payment\PaymentModule.php:65

assertassert($this->settingsHelper instanceof Settings);src\Payment\PaymentModule.php:67

assertassert($gateway instanceof \WC_Payment_Gateway);src\Payment\PaymentModule.php:247

assertassert($statusHelper instanceof Status);src\Settings\SettingsModule.php:46

assertassert($apiHelper instanceof Api);src\Settings\SettingsModule.php:49

assertassert($cleanDb instanceof CleanDb);src\Settings\SettingsModule.php:51

assertassert($apiHelper instanceof Api);src\Settings\SettingsModule.php:56

assertassert($logger instanceof Logger);src\Settings\SettingsModule.php:58

assertassert($settings instanceof \Mollie\WooCommerce\Settings\Settings);src\Settings\SettingsModule.php:62

assertassert($settingsHelper instanceof \Mollie\WooCommerce\Settings\Settings);src\Settings\SettingsModule.php:67

assertassert($apiHelper instanceof Api);src\Settings\SettingsModule.php:99

assertassert($settingsHelper instanceof \Mollie\WooCommerce\Settings\Settings);src\Settings\SettingsModule.php:101

assertassert($logger instanceof Logger);src\Settings\SettingsModule.php:103

assertassert($this->settingsHelper instanceof \Mollie\WooCommerce\Settings\Settings);src\Settings\SettingsModule.php:112

assertassert($this->dataHelper instanceof Data);src\Settings\SettingsModule.php:115

assertassert($webhookTestService instanceof WebhookTestService);src\Settings\SettingsModule.php:191

unserialize$result = unserialize($result);src\Shared\Data.php:168

unserialize$recurringPaymentMethods = unserialize($recurringPaymentMethods);src\Shared\Data.php:626

assertassert($subscription instanceof \WC_Subscription);src\Subscription\MollieSubscriptionGatewayHandler.php:399

assertassert($gateway instanceof \WC_Payment_Gateway);src\Subscription\MollieSubscriptionGatewayHandler.php:400

assertassert($this->logger instanceof Logger);src\Subscription\SubscriptionModule.php:35

assertassert($this->dataHelper instanceof Data);src\Subscription\SubscriptionModule.php:37

assertassert($this->settingsHelper instanceof Settings);src\Subscription\SubscriptionModule.php:39

Bundled Libraries

Guzzle

SQL Query Safety

100% prepared4 total queries

Output Escaping

95% escaped238 total outputs

Attack Surface

2 unprotected

Mollie Payments for WooCommerce Attack Surface

Entry Points4

Unprotected2

AJAX Handlers 4

authwp_ajax_mollie_webhook_test_initiatesrc\Settings\Webhooks\WebhookTestService.php:50

authwp_ajax_mollie_webhook_test_checksrc\Settings\Webhooks\WebhookTestService.php:51

authwp_ajax_update_surcharge_order_paysrc\Shared\GatewaySurchargeHandler.php:32

noprivwp_ajax_update_surcharge_order_paysrc\Shared\GatewaySurchargeHandler.php:35

WordPress Hooks 105

actionall_admin_noticesmollie-payments-for-woocommerce.php:56

actionplugins_loadedmollie-payments-for-woocommerce.php:93

actioninitsrc\Activation\ActivationModule.php:27

actionadmin_initsrc\Activation\ActivationModule.php:28

actionbefore_woocommerce_initsrc\Activation\ActivationModule.php:125

actionafter_setup_themesrc\Activation\ConstraintsChecker.php:59

filterauto_update_pluginsrc\Activation\PluginDisabler.php:34

actionwoocommerce_blocks_enqueue_cart_block_scripts_aftersrc\Assets\AssetsModule.php:39

actionwoocommerce_blocks_loadedsrc\Assets\AssetsModule.php:282

actionwoocommerce_initsrc\Assets\AssetsModule.php:287

actionwp_enqueue_scriptssrc\Assets\AssetsModule.php:291

actionwp_enqueue_scriptssrc\Assets\AssetsModule.php:294

actionwp_enqueue_scriptssrc\Assets\AssetsModule.php:303

actionwp_enqueue_scriptssrc\Assets\AssetsModule.php:304

filterinpsyde_payment_gateway_blocks_dependenciessrc\Assets\AssetsModule.php:307

actionwp_enqueue_scriptssrc\Assets\AssetsModule.php:313

actionadmin_initsrc\Assets\AssetsModule.php:321

actionadmin_enqueue_scriptssrc\Assets\AssetsModule.php:328

actionwoocommerce_checkout_create_ordersrc\Buttons\ApplePayButton\AppleAjaxRequests.php:410

filterwoocommerce_payment_successful_resultsrc\Buttons\ApplePayButton\AppleAjaxRequests.php:468

actionadmin_noticessrc\Buttons\ApplePayButton\ApplePayDirectHandler.php:37

actionadmin_noticessrc\Buttons\ApplePayButton\ApplePayDirectHandler.php:52

filterwoocommerce_payment_gatewayssrc\Gateway\GatewayModule.php:48

filterwoocommerce_available_payment_gatewayssrc\Gateway\GatewayModule.php:63

filterwoocommerce_payment_gatewayssrc\Gateway\GatewayModule.php:67

filterwoocommerce_available_payment_gatewayssrc\Gateway\GatewayModule.php:95

filterwoocommerce_available_payment_gatewayssrc\Gateway\GatewayModule.php:97

actionwoocommerce_after_order_object_savesrc\Gateway\GatewayModule.php:98

actionwoocommerce_payment_completesrc\Gateway\GatewayModule.php:105

actionwoocommerce_rest_checkout_process_payment_with_contextsrc\Gateway\GatewayModule.php:115

actionadd_meta_boxes_woocommerce_page_wc-orderssrc\Gateway\GatewayModule.php:127

filterwoocommerce_checkout_fieldssrc\Gateway\GatewayModule.php:128

actioninitsrc\Gateway\GatewayModule.php:136

filterwoocommerce_get_transaction_urlsrc\Gateway\GatewayModule.php:144

filterwoocommerce_cancel_unpaid_ordersrc\Gateway\GatewayModule.php:153

actionwoocommerce_thankyousrc\Gateway\GatewayModule.php:160

filterwoocommerce_order_actionssrc\Gateway\GatewayModule.php:170

actionwoocommerce_order_action_mollie_wc_check_payment_for_unpaid_ordersrc\Gateway\GatewayModule.php:177

filterbulk_actions-woocommerce_page_wc-orderssrc\Gateway\GatewayModule.php:185

filterhandle_bulk_actions-woocommerce_page_wc-orderssrc\Gateway\GatewayModule.php:189

filterthe_titlesrc\Gateway\MolliePaymentGatewayHandler.php:113

filterwoocommerce_thankyou_order_received_textsrc\Gateway\MolliePaymentGatewayHandler.php:114

filterwoocommerce_product_data_tabssrc\Gateway\Voucher\VoucherModule.php:51

actionwoocommerce_product_data_panelssrc\Gateway\Voucher\VoucherModule.php:55

actionwoocommerce_process_product_meta_simplesrc\Gateway\Voucher\VoucherModule.php:56

actionwoocommerce_product_after_variable_attributessrc\Gateway\Voucher\VoucherModule.php:57

actionwoocommerce_save_product_variationsrc\Gateway\Voucher\VoucherModule.php:58

actionwoocommerce_product_bulk_edit_startsrc\Gateway\Voucher\VoucherModule.php:59

actionwoocommerce_product_bulk_edit_savesrc\Gateway\Voucher\VoucherModule.php:60

actionproduct_cat_add_form_fieldssrc\Gateway\Voucher\VoucherModule.php:61

actionproduct_cat_edit_form_fieldssrc\Gateway\Voucher\VoucherModule.php:62

actionedited_product_catsrc\Gateway\Voucher\VoucherModule.php:63

actioncreate_product_catsrc\Gateway\Voucher\VoucherModule.php:64

actionwoocommerce_order_actionssrc\MerchantCapture\Capture\Type\ManualCapture.php:19

filterwoocommerce_mollie_wc_gateway_creditcard_argssrc\MerchantCapture\Capture\Type\ManualCapture.php:21

actionwoocommerce_order_status_changedsrc\MerchantCapture\Capture\Type\StateChangeCapture.php:20

actioninitsrc\MerchantCapture\MerchantCaptureModule.php:100

actionwoocommerce_order_refundedsrc\MerchantCapture\MerchantCaptureModule.php:131

actionwoocommerce_order_actions_startsrc\MerchantCapture\MerchantCaptureModule.php:144

filtermollie_wc_gateway_disable_ship_and_capturesrc\MerchantCapture\MerchantCaptureModule.php:164

filterinpsyde.mollie-advanced-settingssrc\MerchantCapture\MerchantCaptureModule.php:170

filtermanage_edit-shop_order_columnssrc\MerchantCapture\OrderListPaymentColumn.php:16

actionmanage_shop_order_posts_custom_columnsrc\MerchantCapture\OrderListPaymentColumn.php:17

filterwoocommerce_shop_order_list_table_columnssrc\MerchantCapture\OrderListPaymentColumn.php:19

actionwoocommerce_shop_order_list_table_custom_columnsrc\MerchantCapture\OrderListPaymentColumn.php:20

actionadmin_noticessrc\Notice\AdminNotice.php:10

filterwcs_is_scheduled_payment_attemptsrc\Payment\MollieObject.php:554

actionrest_api_initsrc\Payment\PaymentModule.php:72

actionwoocommerce_api_mollie_returnsrc\Payment\PaymentModule.php:76

actiontemplate_redirectsrc\Payment\PaymentModule.php:79

actionwoocommerce_order_details_after_order_tablesrc\Payment\PaymentModule.php:83

actionwoocommerce_order_status_cancelledsrc\Payment\PaymentModule.php:87

actionwoocommerce_order_status_completedsrc\Payment\PaymentModule.php:89

filterwoocommerce_cancel_unpaid_ordersrc\Payment\PaymentModule.php:90

actioninitsrc\Payment\PaymentModule.php:92

filtermollie-payments-for-woocommerce_order_status_cancelledsrc\Payment\PaymentModule.php:142

actionmollie_woocommerce_cancel_unpaid_orderssrc\Payment\PaymentModule.php:410

actionbefore_woocommerce_pay_formsrc\Payment\PaymentProcessor.php:421

filterwoocommerce_valid_order_statuses_for_payment_completesrc\Payment\Webhooks\WebhookHandler.php:135

filterwoocommerce_payment_complete_order_statussrc\Payment\Webhooks\WebhookHandler.php:139

filterwoocommerce_after_checkout_validationsrc\PaymentMethods\Billie.php:40

actionwoocommerce_checkout_posted_datasrc\PaymentMethods\Billie.php:41

actionmollie-payments-for-woocommerce_after_webhook_actionsrc\PaymentMethods\Voucher.php:40

actionwoocommerce_admin_field_mollie_custom_inputsrc\Settings\MollieSettingsPage.php:39

actionwoocommerce_admin_field_mollie_contentsrc\Settings\MollieSettingsPage.php:75

filtergettextsrc\Settings\SettingsModule.php:121

actioninitsrc\Settings\SettingsModule.php:148

actionwoocommerce_settings_savedsrc\Settings\SettingsModule.php:155

actionadmin_initsrc\Settings\SettingsModule.php:161

filterwoocommerce_get_settings_pagessrc\Settings\SettingsModule.php:172

actionwoocommerce_admin_settings_sanitize_optionsrc\Settings\SettingsModule.php:177

actionupdate_option_mollie-payments-for-woocommerce_live_api_keysrc\Settings\SettingsModule.php:178

actionupdate_option_mollie-payments-for-woocommerce_test_api_keysrc\Settings\SettingsModule.php:184

actionafter_setup_themesrc\Shared\GatewaySurchargeHandler.php:19

actioninitsrc\Shared\GatewaySurchargeHandler.php:20

actionwoocommerce_cart_calculate_feessrc\Shared\GatewaySurchargeHandler.php:28

actionwp_enqueue_scriptssrc\Shared\GatewaySurchargeHandler.php:29

actionwoocommerce_order_item_meta_endsrc\Shared\GatewaySurchargeHandler.php:38

actionwcs_resubscribe_order_createdsrc\Subscription\MollieSubscriptionGatewayHandler.php:70

filterwcs_renewal_order_createdsrc\Subscription\MollieSubscriptionGatewayHandler.php:72

actionwoocommerce_subscription_failing_payment_method_updated_molliesrc\Subscription\MollieSubscriptionGatewayHandler.php:73

filterwoocommerce_subscription_payment_metasrc\Subscription\MollieSubscriptionGatewayHandler.php:74

actionwoocommerce_subscription_validate_payment_metasrc\Subscription\MollieSubscriptionGatewayHandler.php:77

actionpending_payment_confirmation_checksrc\Subscription\SubscriptionModule.php:55

actionall_admin_noticesuninstall.php:30

Scheduled Events 1

pending_payment_confirmation_check

Maintenance & Trust

Mollie Payments for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 9, 2026

PHP min version7.4

Downloads4.6M

Community Trust

Rating70/100

Number of ratings68

Active installs100K

Alternatives

Mollie Payments for WooCommerce Alternatives

WooCommerce PayPal Payments

woocommerce-paypal-payments

100

PayPal's latest payment processing solution. Accept PayPal, Pay Later, credit/debit cards, alternative digital wallets and bank accounts.

800K 1 CVE

MONEI Payments for WooCommerce

monei

100

Accept Card, Apple Pay, Google Pay, Bizum, PayPal and many more payment methods in your WooCommerce store using MONEI payment gateway.

400 No CVEs

Paystation Payment Gateway for woocommerce

paystation-woocommerce-payment-gateway

100

Take credit card payments on your store via Paystation.

100 No CVEs

WooPayments: Integrated WooCommerce Payments

woocommerce-payments

Securely accept credit and debit cards on your WooCommerce store. Manage payments without leaving your WordPress dashboard. Only with WooPayments.

900K 6 CVEs

WooCommerce Stripe Payment Gateway

woocommerce-gateway-stripe

Accept debit and credit cards in 135+ currencies, many local methods like Alipay, ACH, and SEPA, and express checkout with Apple Pay and Google Pay.

700K 4 CVEs

Developer Profile

Mollie Payments for WooCommerce Developer Profile

Mollie

1 plugin · 100K total installs

trust score

Avg Security Score

93/100

Avg Patch Time

19 days

View full developer profile

Detection Fingerprints

How We Detect Mollie Payments for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/mollie-payments-for-woocommerce/public/css/applepay-block-checkout.css/wp-content/plugins/mollie-payments-for-woocommerce/public/css/unabledButton.css/wp-content/plugins/mollie-payments-for-woocommerce/public/js/applepayButtonBlock.min.js/wp-content/plugins/mollie-payments-for-woocommerce/public/js/mollie-checkout-blocks-support.js/wp-content/plugins/mollie-payments-for-woocommerce/public/js/mollie-gateway-icons.js/wp-content/plugins/mollie-payments-for-woocommerce/public/js/paypalButtonBlockComponent.min.js

Script Paths

/wp-content/plugins/mollie-payments-for-woocommerce/public/js/applepayButtonBlock.min.js/wp-content/plugins/mollie-payments-for-woocommerce/public/js/mollie-checkout-blocks-support.js/wp-content/plugins/mollie-payments-for-woocommerce/public/js/paypalButtonBlockComponent.min.js

Version Parameters

/wp-content/plugins/mollie-payments-for-woocommerce/public/css/applepay-block-checkout.css?ver=/wp-content/plugins/mollie-payments-for-woocommerce/public/css/unabledButton.css?ver=/wp-content/plugins/mollie-payments-for-woocommerce/public/js/applepayButtonBlock.min.js?ver=/wp-content/plugins/mollie-payments-for-woocommerce/public/js/mollie-checkout-blocks-support.js?ver=/wp-content/plugins/mollie-payments-for-woocommerce/public/js/mollie-gateway-icons.js?ver=/wp-content/plugins/mollie-payments-for-woocommerce/public/js/paypalButtonBlockComponent.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

mollie-applepay-direct-btnmollie-applepay-direct-cart-btnmollie-paypal-button-cart-container

Data Attributes

data-mollie-gateway-iddata-mollie-payment-id

JS Globals

mollie_paypalButtonCartmollieApplePayBlockDataCartmollieApplePayDirectDatamollieApplePayDirectDataCartmollie_paypalButtonProduct

REST Endpoints

/wp-json/mollie/v1/payment/create/wp-json/mollie/v1/payment/webhook

FAQ

Mollie Payments for WooCommerce Security & Risk Analysis

Is Mollie Payments for WooCommerce Safe to Use in 2026?

Generally Safe

Key Concerns

Mollie Payments for WooCommerce Security Vulnerabilities

CVEs by Year

Severity Breakdown

Mollie Payments for WooCommerce Code Analysis

Dangerous Functions Found

Bundled Libraries

SQL Query Safety

Output Escaping

Mollie Payments for WooCommerce Attack Surface

AJAX Handlers 4

Scheduled Events 1

Mollie Payments for WooCommerce Maintenance & Trust

Maintenance Signals

Community Trust

Mollie Payments for WooCommerce Alternatives

WooCommerce PayPal Payments

MONEI Payments for WooCommerce

Paystation Payment Gateway for woocommerce

WooPayments: Integrated WooCommerce Payments

WooCommerce Stripe Payment Gateway

Mollie Payments for WooCommerce Developer Profile

How We Detect Mollie Payments for WooCommerce

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Mollie Payments for WooCommerce