Does Skrill – WooCommerce have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Skrill – WooCommerce compatible with WordPress 6.7.5?

According to WordPress.org data, Skrill – WooCommerce 1.0.73 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is Skrill – WooCommerce compatible with PHP 7.1+?

Skrill – WooCommerce requires PHP 7.1 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Skrill – WooCommerce updated?

Skrill – WooCommerce was last updated on Mar 16, 2026. Frequent updates are generally a positive security signal.

What is Skrill – WooCommerce's security score?

Skrill – WooCommerce has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Skrill – WooCommerce Security & Risk Analysis

wordpress.org/plugins/official-skrill-woocommerce

Accept payments using cards, over 20 local payment methods and more than 80 banks via Skrill.

400 active installs v1.0.73 PHP 7.1+ WP 5.2.4+ Updated Mar 16, 2026

credit-cardspayment-gatewaypayment-methodsskrill

A · Safe

CVEs total1

Unpatched0

Last CVEMar 11, 2025

Plugin page Download

Safety Verdict

Is Skrill – WooCommerce Safe to Use in 2026?

Generally Safe

Score 99/100

Skrill – WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Mar 11, 2025Updated 2mo ago

Risk Assessment

The official-skrill-woocommerce plugin, version 1.0.72, exhibits a mixed security posture. On the positive side, the plugin demonstrates strong adherence to secure coding practices by exclusively using prepared statements for all SQL queries and properly escaping all output. There are no instances of dangerous function usage, file operations, or bundled libraries, which are all positive indicators. However, significant security concerns arise from its attack surface. All two identified REST API entry points lack permission callbacks, meaning they are accessible without any authentication or authorization checks. This presents a considerable risk for potential unauthorized access or manipulation of sensitive data. The plugin also has a history of vulnerabilities, with one medium-severity CVE previously recorded, indicating a potential for security weaknesses to emerge over time. While currently unpatched CVEs are zero, the past incident combined with the unprotected entry points warrants attention.

While the internal code itself seems to follow good practices regarding SQL and output, the external-facing REST API routes are a major point of concern. The absence of any capability checks on these routes is a critical flaw, exposing them to potential abuse by unauthenticated users. The plugin's history of a medium-severity CVE, although resolved, highlights that the plugin is not immune to security flaws. In conclusion, the plugin has strengths in its data handling and output sanitization, but the unprotected REST API endpoints are a serious weakness that significantly increases its overall risk profile. Developers should prioritize implementing robust permission checks on all API routes to mitigate this risk.

Key Concerns

REST API routes without permission callbacks
REST API routes without authentication
Vulnerability history (medium)

Vulnerabilities

1 published

Skrill – WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-28876medium · 4.3Cross-Site Request Forgery (CSRF)

Skrill Official <= 1.0.66 - Cross-Site Request Forgery

Mar 11, 2025 Patched in 1.0.67 (10d)

Version History

Skrill – WooCommerce Release Timeline

No version history available.

Code Analysis

Analyzed Mar 16, 2026

Skrill – WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

16 prepared

Unescaped Output

38 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared16 total queries

Output Escaping

100% escaped38 total outputs

Attack Surface

2 unprotected

Skrill – WooCommerce Attack Surface

Entry Points2

Unprotected2

REST API Routes 2

POST/wp-json/woocommerce_skrill_apiresponse_urlskrill.php:193

POST/wp-json/woocommerce_skrill_apistatus_urlskrill.php:277

WordPress Hooks 40

actionwoocommerce_admin_order_data_after_shipping_addressclass-skrill-payment-gateway.php:334

actionwoocommerce_admin_order_data_after_order_detailsclass-skrill-payment-gateway.php:338

actionwoocommerce_process_shop_order_metaclass-skrill-payment-gateway.php:339

filterwoocommerce_order_needs_paymentclass-skrill-payment-gateway.php:371

filterwoocommerce_settings_tabs_arrayincludes\admin\class-skrill-settings.php:57

actionwoocommerce_settings_tabs_skrill_settingsincludes\admin\class-skrill-settings.php:58

actionwoocommerce_update_options_skrill_settingsincludes\admin\class-skrill-settings.php:59

actionplugins_loadedskrill.php:34

actionbefore_woocommerce_initskrill.php:52

actionadmin_noticesskrill.php:94

filterwoocommerce_payment_gatewaysskrill.php:142

filterallowed_redirect_hostsskrill.php:156

actionwoocommerce_subscription_status_cancelledskrill.php:162

actionrest_api_initskrill.php:186

actionrest_api_initskrill.php:270

actionwoocommerce_blocks_loadedskrill.php:379

actionwoocommerce_blocks_payment_method_type_registrationskrill.php:413

actionwoocommerce_blocks_payment_method_type_registrationskrill.php:419

actionwoocommerce_blocks_payment_method_type_registrationskrill.php:425

actionwoocommerce_blocks_payment_method_type_registrationskrill.php:431

actionwoocommerce_blocks_payment_method_type_registrationskrill.php:437

actionwoocommerce_blocks_payment_method_type_registrationskrill.php:443

actionwoocommerce_blocks_payment_method_type_registrationskrill.php:449

actionwoocommerce_blocks_payment_method_type_registrationskrill.php:455

actionwoocommerce_blocks_payment_method_type_registrationskrill.php:461

actionwoocommerce_blocks_payment_method_type_registrationskrill.php:467

actionwoocommerce_blocks_payment_method_type_registrationskrill.php:473

actionwoocommerce_blocks_payment_method_type_registrationskrill.php:479

actionwoocommerce_blocks_payment_method_type_registrationskrill.php:485

actionwoocommerce_blocks_payment_method_type_registrationskrill.php:491

actionwoocommerce_blocks_payment_method_type_registrationskrill.php:497

actionwoocommerce_blocks_payment_method_type_registrationskrill.php:503

actionwoocommerce_blocks_payment_method_type_registrationskrill.php:509

actionwoocommerce_blocks_payment_method_type_registrationskrill.php:515

actionwoocommerce_blocks_payment_method_type_registrationskrill.php:521

actionwoocommerce_blocks_payment_method_type_registrationskrill.php:527

actionwoocommerce_blocks_payment_method_type_registrationskrill.php:533

actionwoocommerce_blocks_payment_method_type_registrationskrill.php:539

actionwoocommerce_blocks_payment_method_type_registrationskrill.php:545

actionwoocommerce_blocks_payment_method_type_registrationskrill.php:551

Maintenance & Trust

Skrill – WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedMar 16, 2026

PHP min version7.1

Downloads65K

Community Trust

Rating80/100

Number of ratings4

Active installs400

Alternatives

Skrill – WooCommerce Alternatives

Payop Official

payop-woocommerce

100

Add the ability to accept payments in WooCommerce via Payop.com.

100 No CVEs

MultiSafepay plugin for WooCommerce

multisafepay

MultiSafepay offers the most comprehensive payment solutions. Easily integrate the payment solutions of MultiSafepay into your webshop.

2K 1 CVE

PayPlus Payment Gateway

payplus-payment-gateway

Accept credit/debit card payments or other methods such as bit, Apple Pay, Google Pay in one page. Create digitally signed invoices & much more!

1K 3 CVEs

Novalnet Payment Gateway for WooCommerce

woocommerce-novalnet-gateway

100

Novalnet payment plugin provides all popular online payment methods for your WooCommerce webshop.

1K No CVEs

Payment Gateway Per Product for WooCommerce

woocommerce-product-payments

Boost flexibility in WooCommerce by enabling custom payment gateways per product, category, or tag, giving your customers the right payment options at …

300 2 CVEs

Developer Profile

Skrill – WooCommerce Developer Profile

Skrill_Team

1 plugin · 400 total installs

trust score

Avg Security Score

99/100

Avg Patch Time

10 days

View full developer profile

Detection Fingerprints

How We Detect Skrill – WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/official-skrill-woocommerce/assets/css/skrill-style.css/wp-content/plugins/official-skrill-woocommerce/assets/js/skrill-script.js/wp-content/plugins/official-skrill-woocommerce/assets/js/skrill-payment-script.js

Script Paths

/wp-content/plugins/official-skrill-woocommerce/assets/js/skrill-script.js/wp-content/plugins/official-skrill-woocommerce/assets/js/skrill-payment-script.js

Version Parameters

official-skrill-woocommerce/assets/css/skrill-style.css?ver=official-skrill-woocommerce/assets/js/skrill-script.js?ver=official-skrill-woocommerce/assets/js/skrill-payment-script.js?ver=

HTML / DOM Fingerprints

CSS Classes

skrill-payment-gateway-formskrill-payment-form

HTML Comments

Skrill Payment Gateway for WooCommerceCopyright (c) SkrillSkrill get notice when woocommerce not active.Skrill declare compatibility with custom order tables and checkout blocks for WooCommerce.+7 more

Data Attributes

data-skrill-payment-urldata-skrill-merchant-iddata-skrill-secret-word

JS Globals

skrill_payment_params

REST Endpoints

/wp-json/woocommerce_skrill_api/response_url

FAQ