Pago por Redsys Security & Risk Analysis
wordpress.org/plugins/pago-redsys-tpv-grafreakWith this plugin you can have a payment gateway on your website. Your customers can pay you through an online POS.
Is Pago por Redsys Safe to Use in 2026?
Generally Safe
Score 91/100Pago por Redsys has a strong security track record. Known vulnerabilities have been patched promptly.
The 'pago-redsys-tpv-grafreak' plugin v1.0.14 exhibits a mixed security posture. While it demonstrates good practices in database interaction with 100% prepared statements and a high rate of output escaping (92%), there are significant concerns regarding its attack surface. Specifically, the presence of two AJAX handlers without authentication checks presents a direct pathway for potential unauthorized actions. The taint analysis, though limited in scope with only 3 flows, revealed 2 flows with unsanitized paths, which could be exploited if they interact with sensitive functions. The vulnerability history shows one previously disclosed medium-severity vulnerability related to Cross-site Scripting, which has since been patched. However, the pattern of past vulnerabilities, even if resolved, coupled with the current lack of capability checks and the identified unprotected entry points, suggests that ongoing vigilance is necessary. The plugin's strengths lie in its secure handling of database queries and output, but its unprotected AJAX endpoints are a notable weakness.
Key Concerns
- Unprotected AJAX handlers
- Flows with unsanitized paths (2)
- Medium vulnerability history
- No capability checks
Pago por Redsys Security Vulnerabilities
CVEs by Year
Severity Breakdown
1 total CVE
Pago por Redsys <= 1.0.12 - Reflected Cross-Site Scripting
Pago por Redsys Code Analysis
Output Escaping
Data Flow Analysis
Pago por Redsys Attack Surface
AJAX Handlers 2
Shortcodes 3
WordPress Hooks 7
Maintenance & Trust
Pago por Redsys Maintenance & Trust
Maintenance Signals
Community Trust
Pago por Redsys Alternatives
WooCommerce
woocommerce
Everything you need to launch an online store in days and keep it growing for years. From your first sale to millions in revenue, Woo is with you.
Popup Builder & Popup Maker for WordPress – OptinMonster Email Marketing and Lead Generation
optinmonster
🤩 Make popups & optin forms to get more email newsletter subscribers, leads, and sales - #1 most popular popup builder plugin! 🚀
WooCommerce PayPal Payments
woocommerce-paypal-payments
PayPal's latest payment processing solution. Accept PayPal, Pay Later, credit/debit cards, alternative digital wallets and bank accounts.
Mailchimp for WooCommerce
mailchimp-for-woocommerce
Connect your store to your Mailchimp audience to track sales, create targeted emails, send abandoned cart emails, and more.
PrettyLinks – Affiliate Links, Link Branding, Link Tracking, Marketing and Stripe Payments Plugin
pretty-link
🌠 The best WordPress link management, branding, tracking, sharing and payments plugin. Easily make pretty & trackable shortlinks. 🔗
Pago por Redsys Developer Profile
1 plugin · 800 total installs
How We Detect Pago por Redsys
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/pago-redsys-tpv-grafreak/css/pago-redsys-grafreak-admin.css/wp-content/plugins/pago-redsys-tpv-grafreak/js/pago-redsys-grafreak-admin.jsPago por Redsys v1.0.14/wp-content/plugins/pago-redsys-tpv-grafreak/js/pago-redsys-grafreak-admin.jspago-redsys-grafreak-admin.css?ver=pago-redsys-grafreak-admin.js?ver=HTML / DOM Fingerprints
pago-redsys-grafreak-admin-displayfor=pago_redsys_grafreak_habilitadofor=pago_redsys_grafreak_titulofor=pago_redsys_grafreak_urltestfor=pago_redsys_grafreak_urlrealfor=pago_redsys_grafreak_entornoactfor=pago_redsys_grafreak_nombrecomercio+5 more