WP-Safety

MultiSafepay plugin for WooCommerce Security & Risk Analysis

wordpress.org/plugins/multisafepay

MultiSafepay offers the most comprehensive payment solutions. Easily integrate the payment solutions of MultiSafepay into your webshop.

2K active installs v6.12.0 PHP 7.3+ WP 6.0+ Updated Mar 11, 2026
bnplcredit-cardsidealmultisafepaypayment-gateway
99
A · Safe
CVEs total1
Unpatched0
Last CVEJul 18, 2022
Plugin page Download
Safety Verdict

Is MultiSafepay plugin for WooCommerce Safe to Use in 2026?

Generally Safe

Score 99/100

MultiSafepay plugin for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jul 18, 2022Updated 23d ago
Risk Assessment

The multisafepay plugin version 6.12.0 exhibits a concerning security posture due to a significant number of unprotected entry points. All 12 AJAX handlers and 3 REST API routes lack proper authentication or permission checks, creating a large attack surface that could be exploited by unauthenticated users. While the code analysis indicates good practices regarding SQL queries (100% prepared statements) and a low number of file operations and external HTTP requests, the widespread lack of input validation on entry points is a critical weakness. The vulnerability history reveals a past Path Traversal vulnerability, which, combined with the current lack of input sanitization on entry points, suggests a potential for similar issues if data is not handled rigorously.

Despite the positive aspects of secure SQL execution and a decent output escaping rate (71%), the absence of authorization on numerous entry points overshadows these strengths. The taint analysis showing zero flows is encouraging, but it may not be comprehensive enough to detect vulnerabilities in the unprotected entry points that were not analyzed via taint flow. The plugin's history and current findings indicate a need for immediate attention to securing all entry points to prevent potential unauthorized access or data manipulation.

Key Concerns

  • 12 AJAX handlers without auth checks
  • 3 REST API routes without permission callbacks
  • 1 past high severity vulnerability (Path Traversal)
  • 71% of outputs properly escaped
Vulnerabilities
1

MultiSafepay plugin for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2022
2022
Patched Has unpatched

Severity Breakdown

High
1

1 total CVE

CVE-2022-33901high · 7.5Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

MultiSafepay plugin for WooCommerce <= 4.15.0 - Arbitrary File Read

Jul 18, 2022 Patched in 4.16.0 (554d)
Code Analysis
Analyzed Mar 16, 2026

MultiSafepay plugin for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
46
110 escaped
Nonce Checks
7
Capability Checks
2
File Operations
1
External Requests
1
Bundled Libraries
0

Output Escaping

71% escaped156 total outputs
Attack Surface
15 unprotected

MultiSafepay plugin for WooCommerce Attack Surface

Entry Points15
Unprotected15

AJAX Handlers 12

authwp_ajax_applepay_direct_validationsrc\Main.php:161
noprivwp_ajax_applepay_direct_validationsrc\Main.php:162
authwp_ajax_get_updated_total_pricesrc\Main.php:164
noprivwp_ajax_get_updated_total_pricesrc\Main.php:165
authwp_ajax_refresh_payment_component_configsrc\Main.php:178
noprivwp_ajax_refresh_payment_component_configsrc\Main.php:179
authwp_ajax_set_multisafepay_qr_code_transactionsrc\Main.php:190
noprivwp_ajax_set_multisafepay_qr_code_transactionsrc\Main.php:191
authwp_ajax_get_qr_order_redirect_urlsrc\Main.php:193
noprivwp_ajax_get_qr_order_redirect_urlsrc\Main.php:194
authwp_ajax_multisafepay_validate_postcodesrc\Main.php:228
noprivwp_ajax_multisafepay_validate_postcodesrc\Main.php:229

REST API Routes 3

GET/wp-json/multisafepay/v1notificationsrc\PaymentMethods\PaymentMethodsController.php:267
GET/wp-json/multisafepay/v1qr-balancersrc\Services\Qr\QrPaymentWebhook.php:375
GET/wp-json/multisafepay/v1qr-notificationsrc\Services\Qr\QrPaymentWebhook.php:393
WordPress Hooks 36
actionwoocommerce_loadedmultisafepay.php:90
actionwoocommerce_blocks_payment_method_type_registrationsrc\Blocks\BlocksController.php:19
actionbefore_woocommerce_initsrc\Main.php:58
actionplugins_loadedsrc\Main.php:71
filterplugin_action_links_multisafepay/multisafepay.phpsrc\Main.php:84
filteroption_multisafepay_testmodesrc\Main.php:97
filteroption_multisafepay_debugmodesrc\Main.php:98
filteroption_multisafepay_second_chancesrc\Main.php:99
filteroption_multisafepay_final_order_statussrc\Main.php:100
filteroption_multisafepay_disable_shopping_cartsrc\Main.php:101
filteroption_multisafepay_time_activesrc\Main.php:102
actionadmin_enqueue_scriptssrc\Main.php:106
actionadmin_menusrc\Main.php:108
filterwoocommerce_screen_idssrc\Main.php:110
actionadmin_initsrc\Main.php:112
filtermultisafepay_common_settings_fieldssrc\Main.php:114
actionadmin_initsrc\Main.php:118
actionwp_enqueue_scriptssrc\Main.php:131
filterwoocommerce_payment_gatewayssrc\Main.php:133
filtermultisafepay_transaction_order_idsrc\Main.php:135
filterwoocommerce_available_payment_gatewayssrc\Main.php:137
filterwoocommerce_available_payment_gatewayssrc\Main.php:139
filterwoocommerce_available_payment_gatewayssrc\Main.php:141
filterwoocommerce_available_payment_gatewayssrc\Main.php:143
actionwoocommerce_new_ordersrc\Main.php:150
filterwoocommerce_get_checkout_payment_urlsrc\Main.php:153
actionwoocommerce_api_multisafepaysrc\Main.php:155
actionrest_api_initsrc\Main.php:157
filterwoocommerce_valid_order_statuses_for_cancelsrc\Main.php:159
actionwoocommerce_admin_order_data_after_payment_infosrc\Main.php:167
actionrest_api_initsrc\Main.php:205
actionrest_api_initsrc\Main.php:207
actionwoocommerce_blocks_loadedsrc\Main.php:217
actionwp_enqueue_scriptssrc\PaymentMethods\Base\BasePaymentMethod.php:144
actionwp_enqueue_scriptssrc\PaymentMethods\Base\BasePaymentMethod.php:145
actionwp_enqueue_scriptssrc\PaymentMethods\Base\BasePaymentMethod.php:147
Maintenance & Trust

MultiSafepay plugin for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 11, 2026
PHP min version7.3
Downloads96K

Community Trust

Rating100/100
Number of ratings2
Active installs2K
Alternatives

MultiSafepay plugin for WooCommerce Alternatives

PayPlus Payment Gateway

PayPlus Payment Gateway

payplus-payment-gateway

A
93

Accept credit/debit card payments or other methods such as bit, Apple Pay, Google Pay in one page. Create digitally signed invoices & much more!

1K 3 CVEs
Novalnet Payment Gateway for WooCommerce

Novalnet Payment Gateway for WooCommerce

woocommerce-novalnet-gateway

A
100

Novalnet payment plugin provides all popular online payment methods for your WooCommerce webshop.

1K No CVEs
seQura

seQura

sequra

A
100

Flexible payment platform that enhances business conversion and recurrence. The easiest, safest, and quickest way for customers to pay installments.

900 No CVEs
Skrill – WooCommerce

Skrill – WooCommerce

official-skrill-woocommerce

A
99

Accept payments using cards, over 20 local payment methods and more than 80 banks via Skrill.

400 1 CVE
Payop Official

Payop Official

payop-woocommerce

A
100

Add the ability to accept payments in WooCommerce via Payop.com.

90 No CVEs
Developer Profile

MultiSafepay plugin for WooCommerce Developer Profile

MultiSafepay

1 plugin · 2K total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
554 days
View full developer profile
Detection Fingerprints

How We Detect MultiSafepay plugin for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/multisafepay/assets/css/multisafepay-blocks.css/wp-content/plugins/multisafepay/assets/css/multisafepay-common.css/wp-content/plugins/multisafepay/assets/css/multisafepay-settings.css/wp-content/plugins/multisafepay/assets/js/multisafepay-blocks.js/wp-content/plugins/multisafepay/assets/js/multisafepay-common.js/wp-content/plugins/multisafepay/assets/js/multisafepay-settings.js/wp-content/plugins/multisafepay/assets/js/multisafepay-checkout.js/wp-content/plugins/multisafepay/assets/js/multisafepay-admin-checkout.js+1 more
Generator Patterns
MultiSafepay Payment Plugin v6.12.0
Script Paths
/wp-content/plugins/multisafepay/assets/js/multisafepay-blocks.js/wp-content/plugins/multisafepay/assets/js/multisafepay-common.js/wp-content/plugins/multisafepay/assets/js/multisafepay-settings.js/wp-content/plugins/multisafepay/assets/js/multisafepay-checkout.js/wp-content/plugins/multisafepay/assets/js/multisafepay-admin-checkout.js/wp-content/plugins/multisafepay/assets/js/multisafepay-admin-settings.js
Version Parameters
multisafepay/assets/css/multisafepay-blocks.css?ver=multisafepay/assets/css/multisafepay-common.css?ver=multisafepay/assets/css/multisafepay-settings.css?ver=multisafepay/assets/js/multisafepay-blocks.js?ver=multisafepay/assets/js/multisafepay-common.js?ver=multisafepay/assets/js/multisafepay-settings.js?ver=multisafepay/assets/js/multisafepay-checkout.js?ver=multisafepay/assets/js/multisafepay-admin-checkout.js?ver=multisafepay/assets/js/multisafepay-admin-settings.js?ver=

HTML / DOM Fingerprints

CSS Classes
multisafepay-settingsmultisafepay-commonmultisafepay-blocksmultisafepay-settings-page
HTML Comments
<!-- MultiSafepay Settings --><!-- MultiSafepay common settings --><!-- MultiSafepay blocks compatibility --><!-- MultiSafepay admin settings -->
Data Attributes
data-multisafepay-settingsdata-multisafepay-admin-settings
JS Globals
window.multisafepay_paramsvar multisafepay_paramswindow.multisafepay_settings_paramsvar multisafepay_settings_paramswindow.multisafepay_blocks_paramsvar multisafepay_blocks_params
REST Endpoints
/wp-json/multisafepay/v1/settings/wp-json/multisafepay/v1/orders
Shortcode Output
[multisafepay_payment_button][multisafepay_checkout][multisafepay_order_status]
FAQ

Frequently Asked Questions about MultiSafepay plugin for WooCommerce