WP-Safety

Paidy for WooCommerce Security & Risk Analysis

wordpress.org/plugins/paidy-wc

Paidy for WooCommerce

20 active installs v1.5.2 PHP 8.1+ WP 5.0+ Updated Nov 4, 2025
ecommercejapanesepaidypaymentwoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Paidy for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Paidy for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5mo ago
Risk Assessment

The "paidy-wc" plugin v1.5.2 exhibits a generally good security posture, demonstrating strong adherence to secure coding practices. The plugin shows a high rate of properly escaped output, utilizes prepared statements for all SQL queries, and implements a reasonable number of nonce and capability checks, indicating a developer conscious of common web vulnerabilities. The absence of known CVEs and any recorded vulnerability history further suggests a stable and well-maintained codebase. However, a notable concern arises from the presence of REST API routes that lack permission callbacks, exposing a potential attack vector. While the total number of entry points is small, the fact that two of them are unprotected warrants attention. Taint analysis did not reveal any critical or high severity issues, which is positive. Overall, the plugin is robust, but the unprotected REST API routes represent a specific area that could be strengthened to achieve an even higher level of security.

Key Concerns

  • REST API routes without permission callbacks
Vulnerabilities
None known

Paidy for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Paidy for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
6
246 escaped
Nonce Checks
3
Capability Checks
4
File Operations
0
External Requests
5
Bundled Libraries
0

Output Escaping

98% escaped252 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
jp4wc_save_methods (includes\jp4wc-framework\class-jp4wc-framework.php:432)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Paidy for WooCommerce Attack Surface

Entry Points3
Unprotected2

REST API Routes 3

GETPOST/wp-json/paidy-receiver/v1/receiveincludes\gateways\paidy\class-wc-paidy-apply-receiver.php:30
POST/wp-json/paidy/v1/orderincludes\gateways\paidy\class-wc-paidy-endpoint.php:45
POST/wp-json/paidy/v1/checkincludes\gateways\paidy\class-wc-paidy-endpoint.php:173
WordPress Hooks 36
actioninitclass-wc-paidy.php:77
actionwoocommerce_blocks_loadedclass-wc-paidy.php:109
actionwoocommerce_blocks_payment_method_type_registrationclass-wc-paidy.php:127
actionwoocommerce_update_options_payment_gatewaysincludes\gateways\paidy\class-wc-gateway-paidy.php:167
actionwp_enqueue_scriptsincludes\gateways\paidy\class-wc-gateway-paidy.php:172
actionadmin_enqueue_scriptsincludes\gateways\paidy\class-wc-gateway-paidy.php:173
actionwoocommerce_before_checkout_formincludes\gateways\paidy\class-wc-gateway-paidy.php:175
actionwoocommerce_order_status_completedincludes\gateways\paidy\class-wc-gateway-paidy.php:178
actionwoocommerce_order_status_processing_to_cancelledincludes\gateways\paidy\class-wc-gateway-paidy.php:179
actionwoocommerce_order_status_completed_to_cancelledincludes\gateways\paidy\class-wc-gateway-paidy.php:180
actionadmin_print_footer_scriptsincludes\gateways\paidy\class-wc-gateway-paidy.php:182
actionadmin_noticesincludes\gateways\paidy\class-wc-paidy-admin-notices.php:33
actionwp_loadedincludes\gateways\paidy\class-wc-paidy-admin-notices.php:34
actionadmin_menuincludes\gateways\paidy\class-wc-paidy-admin-wizard.php:47
actionadmin_enqueue_scriptsincludes\gateways\paidy\class-wc-paidy-admin-wizard.php:48
actioninitincludes\gateways\paidy\class-wc-paidy-admin-wizard.php:49
actionupdated_optionincludes\gateways\paidy\class-wc-paidy-admin-wizard.php:50
actionadd_optionincludes\gateways\paidy\class-wc-paidy-admin-wizard.php:51
filterwoocommerce_gateway_method_descriptionincludes\gateways\paidy\class-wc-paidy-admin-wizard.php:52
actionwoocommerce_settings_tabs_checkoutincludes\gateways\paidy\class-wc-paidy-admin-wizard.php:53
actionadmin_initincludes\gateways\paidy\class-wc-paidy-admin-wizard.php:55
actionadmin_noticesincludes\gateways\paidy\class-wc-paidy-apply-admin-dashboard.php:46
actionnetwork_admin_noticesincludes\gateways\paidy\class-wc-paidy-apply-admin-dashboard.php:47
actionwp_loadedincludes\gateways\paidy\class-wc-paidy-apply-admin-dashboard.php:48
actionrest_api_initincludes\gateways\paidy\class-wc-paidy-apply-receiver.php:23
actionrest_api_initincludes\gateways\paidy\class-wc-paidy-endpoint.php:33
actionrest_api_initincludes\gateways\paidy\class-wc-paidy-endpoint.php:35
actionadmin_enqueue_scriptsincludes\gateways\paidy\class-wc-paidy-settings-controller.php:34
actionwp_print_scriptsincludes\gateways\paidy\class-wc-paidy-settings-controller.php:92
actionplugins_loadedpaidy-wc.php:60
actionadmin_noticespaidy-wc.php:82
filterwoocommerce_payment_gatewayspaidy-wc.php:96
actionadmin_initpaidy-wc.php:113
actioninitpaidy-wc.php:144
filterwoocommerce_available_payment_gatewayspaidy-wc.php:180
actionbefore_woocommerce_initpaidy-wc.php:188
Maintenance & Trust

Paidy for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedNov 4, 2025
PHP min version8.1
Downloads6K

Community Trust

Rating0/100
Number of ratings0
Active installs20
Alternatives

Paidy for WooCommerce Alternatives

WooCommerce PayPal Payments

WooCommerce PayPal Payments

woocommerce-paypal-payments

A
100

PayPal's latest payment processing solution. Accept PayPal, Pay Later, credit/debit cards, alternative digital wallets and bank accounts.

800K 1 CVE
Mollie Payments for WooCommerce

Mollie Payments for WooCommerce

mollie-payments-for-woocommerce

A
93

Accept all major payment methods in WooCommerce today. Credit cards, iDEAL and more! Fast, safe and intuitive.

100K 4 CVEs
iyzico for WooCommerce

iyzico for WooCommerce

iyzico-woocommerce

A
100

iyzico latest payment processing solution. Accept credit/debit cards, alternative digital wallets and bank accounts.

10K No CVEs
SumUp Payment Gateway For WooCommerce

SumUp Payment Gateway For WooCommerce

sumup-payment-gateway-for-woocommerce

A
99

The SumUp plugin for WooCommerce allows businesses to securely process payments online. Accept payments from customers using a range of payment method …

10K 1 CVE
Japanized for WooCommerce

Japanized for WooCommerce

woocommerce-for-japan

A
95

Essential Japanese localization toolkit for WooCommerce - adds address formats, payment methods, delivery scheduling, and legal compliance.

10K 6 CVEs
Developer Profile

Paidy for WooCommerce Developer Profile

shohei.tanaka

6 plugins · 11K total installs

75
trust score
Avg Security Score
94/100
Avg Patch Time
101 days
View full developer profile
Detection Fingerprints

How We Detect Paidy for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/paidy-wc/assets/css/paidy-wc.css/wp-content/plugins/paidy-wc/assets/js/paidy-wc.js/wp-content/plugins/paidy-wc/includes/gateways/paidy/assets/css/paidy-wc-admin-wizard.css/wp-content/plugins/paidy-wc/includes/gateways/paidy/assets/js/paidy-wc-admin-wizard.js
Version Parameters
paidy-wc/assets/css/paidy-wc.css?ver=paidy-wc/assets/js/paidy-wc.js?ver=paidy-wc-admin-wizard.css?ver=paidy-wc-admin-wizard.js?ver=

HTML / DOM Fingerprints

CSS Classes
paidy-wc-admin-wizard-wrappaidy-wc-logopaidy-wc-settingspaidy-wc-onboarding-containerpaidy-wc-input-label
HTML Comments
<!-- Generated by Paidy for WooCommerce -->
Data Attributes
data-paidy-wc-api-urldata-paidy-wc-order-id
JS Globals
window.paidyWcAdminwindow.paidyWcOnboarding
REST Endpoints
/wp-json/paidy-wc/v1/settings/wp-json/paidy-wc/v1/order-status
FAQ

Frequently Asked Questions about Paidy for WooCommerce