WP-Safety

Pagar.me para WooCommerce Security & Risk Analysis

wordpress.org/plugins/pagarme-payments-for-woocommerce

Aceite diversos métodos de pagamento de forma simples e segura utilizando o Pagar.me!

5K active installs v3.7.0 PHP 7.1+ WP 4.1+ Updated Nov 12, 2025
brasilecommercepagarmepaymentwoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Pagar.me para WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Pagar.me para WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago
Risk Assessment

The Pagar.me Payments for WooCommerce plugin version 3.7.0 presents a mixed security posture. While it boasts a clean vulnerability history with no recorded CVEs, indicating a generally well-maintained codebase, the static analysis reveals significant areas for improvement. A notable concern is the presence of 6 AJAX handlers, with a concerning 5 of them lacking authentication checks. This significantly expands the attack surface, potentially allowing unauthenticated users to trigger sensitive actions. Furthermore, the taint analysis identified one flow with an unsanitized path that is flagged as high severity, suggesting a potential risk of code injection or data compromise if exploited.

Despite the absence of critical vulnerabilities from known issues, the direct code signals and taint analysis highlight immediate risks within the current version. The limited number of capability checks and a single nonce check further compound the security concerns related to the unprotected AJAX endpoints. The plugin does perform SQL queries using prepared statements for the most part and has a decent number of output escaping instances, which are positive signs. However, the high number of unprotected entry points and the identified high-severity taint flow are the most critical weaknesses that need to be addressed to improve the overall security of the plugin.

Key Concerns

  • 5 AJAX handlers without auth checks
  • 1 high severity taint flow
  • Low number of capability checks (3)
  • 1 nonce check for 6 entry points
  • 59% properly escaped output
Vulnerabilities
None known

Pagar.me para WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Pagar.me para WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
6 prepared
Unescaped Output
66
95 escaped
Nonce Checks
1
Capability Checks
3
File Operations
2
External Requests
0
Bundled Libraries
0

SQL Query Safety

86% prepared7 total queries

Output Escaping

59% escaped161 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths
<Utils> (src\Helper\Utils.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
5 unprotected

Pagar.me para WooCommerce Attack Surface

Entry Points6
Unprotected5

AJAX Handlers 6

authwp_ajax_STW3dqRT6Esrc\Controller\Charges.php:28
authwp_ajax_pagarme_checkout_card_config_providersrc\Controller\Checkout\Card.php:59
noprivwp_ajax_pagarme_checkout_card_config_providersrc\Controller\Checkout\Card.php:60
authwp_ajax_xqRhBHJ5sWsrc\Controller\Checkout.php:46
noprivwp_ajax_xqRhBHJ5sWsrc\Controller\Checkout.php:47
authwp_ajax_pagarme_toggle_payment_subscriptionsrc\Controller\Settings.php:81
WordPress Hooks 49
filterwoocommerce_checkout_initsrc\Action\CustomerFieldsActions.php:35
filterwoocommerce_checkout_fieldssrc\Action\CustomerFieldsActions.php:36
actionwoocommerce_checkout_processsrc\Action\CustomerFieldsActions.php:37
actionwoocommerce_initsrc\Action\CustomerFieldsActions.php:38
actionwoocommerce_validate_additional_fieldsrc\Action\CustomerFieldsActions.php:39
actionwoocommerce_admin_order_data_after_billing_addresssrc\Action\CustomerFieldsActions.php:40
actionwoocommerce_admin_order_data_after_shipping_addresssrc\Action\CustomerFieldsActions.php:44
filterwoocommerce_default_address_fieldssrc\Action\CustomerFieldsActions.php:48
filterwoocommerce_get_order_item_totalssrc\Action\OrderActions.php:15
actionwoocommerce_admin_order_totals_after_taxsrc\Action\OrderActions.php:16
actionwoocommerce_available_payment_gatewayssrc\Action\OrderActions.php:17
actioninitsrc\Controller\Accounts.php:34
filterwoocommerce_account_settingssrc\Controller\Accounts.php:35
filterwoocommerce_account_menu_itemssrc\Controller\Accounts.php:36
filterwoocommerce_get_query_varssrc\Controller\Accounts.php:37
actionwoocommerce_view_ordersrc\Controller\Checkout.php:45
actionupdate_optionsrc\Controller\Gateways\AbstractGateway.php:144
actionadd_optionsrc\Controller\Gateways\AbstractGateway.php:145
actionadmin_enqueue_scriptssrc\Controller\Gateways\AbstractGateway.php:150
actionwoocommerce_email_after_order_tablesrc\Controller\Gateways\AbstractGateway.php:151
actionwoocommerce_api_pagarme-account-infosrc\Controller\HubAccounts.php:35
actionon_pagarme_charge_paidsrc\Controller\HubAccounts.php:36
actionadmin_noticessrc\Controller\HubAccounts.php:205
actionon_pagarme_order_paidsrc\Controller\Orders.php:37
actionon_pagarme_order_createdsrc\Controller\Orders.php:38
actionon_pagarme_order_canceledsrc\Controller\Orders.php:39
actionadd_meta_boxessrc\Controller\Orders.php:40
actionadmin_enqueue_scriptssrc\Controller\Settings.php:73
actionadmin_menusrc\Controller\Settings.php:75
actionadmin_initsrc\Controller\Settings.php:76
filterwoocommerce_payment_gateways_setting_columnssrc\Controller\Settings.php:79
actionwoocommerce_payment_gateways_setting_column_subscription_payments_togglessrc\Controller\Settings.php:80
filterwoocommerce_payment_gateways_setting_columnssrc\Controller\Settings.php:85
actionwoocommerce_payment_gateways_setting_column_checkoutblocks_statussrc\Controller\Settings.php:86
filterwoocommerce_payment_gatewayssrc\Controller\Settings.php:245
actionwoocommerce_api_pagarme-tds-tokensrc\Controller\TdsToken.php:18
actioninitsrc\Core.php:23
actionadmin_initsrc\Core.php:24
filterscript_loader_tagsrc\Core.php:28
actionadmin_enqueue_scriptssrc\Core.php:84
actionwp_enqueue_scriptssrc\Core.php:89
actionwoocommerce_after_checkout_validationsrc\Model\Checkout.php:68
actionwoocommerce_blocks_payment_method_type_registrationsrc\Model\FeatureCompatibilization.php:69
actionon_pagarme_responsesrc\Model\Subscription.php:81
filterwoocommerce_subscriptions_update_payment_via_pay_shortcodesrc\Model\Subscription.php:87
actionadmin_noticeswoo-pagarme-payments.php:281
actionplugins_loadedwoo-pagarme-payments.php:320
actionbefore_woocommerce_initwoo-pagarme-payments.php:321
actionwoocommerce_blocks_loadedwoo-pagarme-payments.php:322
Maintenance & Trust

Pagar.me para WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedNov 12, 2025
PHP min version7.1
Downloads111K

Community Trust

Rating50/100
Number of ratings46
Active installs5K
Alternatives

Pagar.me para WooCommerce Alternatives

WooCommerce PayPal Payments

WooCommerce PayPal Payments

woocommerce-paypal-payments

A
100

PayPal's latest payment processing solution. Accept PayPal, Pay Later, credit/debit cards, alternative digital wallets and bank accounts.

800K 1 CVE
Mollie Payments for WooCommerce

Mollie Payments for WooCommerce

mollie-payments-for-woocommerce

A
93

Accept all major payment methods in WooCommerce today. Credit cards, iDEAL and more! Fast, safe and intuitive.

100K 4 CVEs
iyzico for WooCommerce

iyzico for WooCommerce

iyzico-woocommerce

A
100

iyzico latest payment processing solution. Accept credit/debit cards, alternative digital wallets and bank accounts.

10K No CVEs
SumUp Payment Gateway For WooCommerce

SumUp Payment Gateway For WooCommerce

sumup-payment-gateway-for-woocommerce

A
99

The SumUp plugin for WooCommerce allows businesses to securely process payments online. Accept payments from customers using a range of payment method &hellip;

10K 1 CVE
Pay for Payment for WooCommerce

Pay for Payment for WooCommerce

woocommerce-pay-for-payment

A
100

Setup individual charges for each payment method in WooCommerce.

10K No CVEs
Developer Profile

Pagar.me para WooCommerce Developer Profile

Pagar.me

1 plugin · 5K total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Pagar.me para WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/pagarme-payments-for-woocommerce/assets/stylesheets/admin/notice.css/wp-content/plugins/pagarme-payments-for-woocommerce/assets/javascripts/admin/pagarme_notices.js/wp-content/plugins/pagarme-payments-for-woocommerce/assets/images/pagarme-avatar.svg
Script Paths
/wp-content/plugins/pagarme-payments-for-woocommerce/assets/javascripts/admin/pagarme_notices.js
Version Parameters
pagarme-payments-for-woocommerce/assets/stylesheets/admin/notice.css?ver=pagarme-payments-for-woocommerce/assets/javascripts/admin/pagarme_notices.js?ver=

HTML / DOM Fingerprints

CSS Classes
pagarme-noticepagarme-notice-avatar-containerpagarme-notice-avatarpagarme-notice-message-container
Data Attributes
data-pagarme-pay
JS Globals
pagarmeNotice
REST Endpoints
/wp-json/wc-pagarme/v1/order/payment
FAQ

Frequently Asked Questions about Pagar.me para WooCommerce