Does پلاگین پرداخت دلخواه have any unpatched vulnerabilities?

Yes — پلاگین پرداخت دلخواه currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is پلاگین پرداخت دلخواه compatible with WordPress 6.7.0?

According to WordPress.org data, پلاگین پرداخت دلخواه 3.0.0 has been tested up to WordPress 6.7.0. Check the plugin's changelog for the latest compatibility information.

How often is پلاگین پرداخت دلخواه updated?

پلاگین پرداخت دلخواه was last updated on Nov 18, 2024. Frequent updates are generally a positive security signal.

What is پلاگین پرداخت دلخواه's security score?

پلاگین پرداخت دلخواه has a WP-Safety security score of 63/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

پلاگین پرداخت دلخواه Security & Risk Analysis

wordpress.org/plugins/pardakht-delkhah

افزونه پرداخت دلخواه وردپرس

1K active installs v3.0.0 PHP + WP 4.6+ Updated Nov 18, 2024

custom-price-paymentdonatepardakhte-delkhah%d9%81%d8%b1%d9%85-%d9%be%d8%b1%d8%af%d8%a7%d8%ae%d8%aa%d9%be%d8%b1%d8%af%d8%a7%d8%ae%d8%aa-%d8%af%d9%84%d8%ae%d9%88%d8%a7%d9%87

C · Use Caution

CVEs total3

Unpatched1

Last CVEDec 31, 2025

Plugin page Download

Safety Verdict

Is پلاگین پرداخت دلخواه Safe to Use in 2026?

Use With Caution

Score 63/100

پلاگین پرداخت دلخواه has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

3 known CVEs 1 unpatched Last CVE: Dec 31, 2025Updated 1yr ago

Risk Assessment

The 'pardakht-delkhah' v3.0.0 plugin presents a mixed security posture. While it exhibits good practices such as a significant number of capability checks and nonce checks, and a lack of unprotected entry points (AJAX, REST API), there are several concerning signals. The presence of `unserialize` is a red flag, as it can lead to Remote Code Execution (RCE) if not handled with extreme care and proper input validation. Furthermore, the lack of prepared statements for SQL queries is a significant vulnerability, making it susceptible to SQL injection attacks. The taint analysis, while showing no critical or high severity flows, does indicate a notable number of flows with unsanitized paths, suggesting potential for various injection attacks if not properly mitigated by the application logic.

Key Concerns

Unpatched CVE
High severity CVE
SQL queries not using prepared statements
Dangerous function: unserialize
Flows with unsanitized paths found
Significant percentage of output not properly escaped

Vulnerabilities

پلاگین پرداخت دلخواه Security Vulnerabilities

CVEs by Year

1 CVE in 2022

2022

1 CVE in 2024

2024

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

High

Medium

3 total CVEs

CVE-2025-62101medium · 4.3Cross-Site Request Forgery (CSRF)

Pardakht Delkhah <= 3.0.0 - Cross-Site Request Forgery

Dec 31, 2025Unpatched

CVE-2024-6230medium · 4.3Cross-Site Request Forgery (CSRF)

Pardakht Delkhah <= 2.9.8 - Cross-Site Request Forgery to Form Setting Reset

Jul 9, 2024 Patched in 2.9.9 (32d)

CVE-2022-4307high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Pardakht Delkhah <= 2.9.2 - Unauthenticated Stored Cross-Site Scripting

Dec 27, 2022 Patched in 2.9.3 (392d)

Code Analysis

Analyzed Mar 16, 2026

پلاگین پرداخت دلخواه Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

103

215 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserializereturn (!is_null($s)) ? unserialize($s) : null;gateways\nusoap-php8.php:8486

SQL Query Safety

0% prepared1 total queries

Output Escaping

68% escaped318 total outputs

Data Flows

10 unsanitized

Data Flow Analysis

16 flows10 with unsanitized paths

end (gateways\class-cupri-irankish-gateway.php:52)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

پلاگین پرداخت دلخواه Attack Surface

Entry Points6

Unprotected0

AJAX Handlers 4

authwp_ajax_cupri_actioncupri.php:54

noprivwp_ajax_cupri_actioncupri.php:55

authwp_ajax_cupri_delete_postextra.php:535

authwp_ajax_cupri_send_test_smsextra.php:553

Shortcodes 2

[cupri] cupri.php:52

[pardakht_delkhah] cupri.php:53

WordPress Hooks 23

actionadd_meta_boxesclass-meta-box.php:15

actionsave_postclass-meta-box.php:16

actionafter_setup_themecupri.php:48

actionplugins_loadedcupri.php:49

actionadmin_initcupri.php:50

actionadmin_menucupri.php:51

actionadmin_enqueue_scriptscupri.php:56

actionwp_enqueue_scriptscupri.php:57

actionload-post.phpcupri.php:60

actionload-post-new.phpcupri.php:61

filtermanage_cupri_pay_posts_columnsextra.php:28

actionmanage_cupri_pay_posts_custom_columnextra.php:53

actionadmin_noticesextra.php:370

filterposts_joinextra.php:421

filterposts_whereextra.php:432

actionwp_loadedextra.php:491

filterwoocommerce_prevent_admin_accessextra.php:495

filterwoocommerce_disable_admin_barextra.php:496

filterpost_row_actionsextra.php:532

actioncupri_gateways___private__paid_tabs_contentsextra.php:669

filtercupri_gatewaysgateways\class-cupri-abstract-gateway.php:62

actioncupri_failed_paymentgateways\class-cupri-abstract-gateway.php:99

actioncupri_success_paymentgateways\class-cupri-abstract-gateway.php:107

Maintenance & Trust

پلاگین پرداخت دلخواه Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.0

Last updatedNov 18, 2024

PHP min version

Downloads46K

Community Trust

Rating94/100

Number of ratings15

Active installs1K

Alternatives

پلاگین پرداخت دلخواه Alternatives

GiveWP – Donation Plugin and Fundraising Platform

give

Accept donations and begin fundraising with GiveWP, the highest rated WordPress donation plugin for online giving.

100K 69 CVEs

Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More

charitable

The best WordPress donation plugin. Create fundraising donation forms, accept recurring donations, easy donor management, add crowdfunding, and more.

10K 14 CVEs

Accept Donations with PayPal & Stripe

easy-paypal-donation

Add a PayPal or Stripe Donation Button to your website and start collecting donations today. No Coding Required. Official PayPal & Stripe Partner.

10K 8 CVEs

Buy Me a Coffee – Button and Widget Plugin

buymeacoffee

A free, fast, and friendly way to accept donations and memberships (recurring payments) from your visitors.

6K 4 CVEs

Ko-fi Button

ko-fi-button

100

Receive donations on your Ko-fi page with a button on your WordPress site.

5K 1 CVE

Developer Profile

پلاگین پرداخت دلخواه Developer Profile

Omid Shamloo

7 plugins · 8K total installs

trust score

Avg Security Score

91/100

Avg Patch Time

158 days

View full developer profile

Detection Fingerprints

How We Detect پلاگین پرداخت دلخواه

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/pardakht-delkhah/assets/css/style.css/wp-content/plugins/pardakht-delkhah/assets/js/custom.js

Script Paths

/wp-content/plugins/pardakht-delkhah/assets/js/custom.js

Version Parameters

pardakht-delkhah/style.css?ver=pardakht-delkhah/script.js?ver=

HTML / DOM Fingerprints

CSS Classes

cupri-payment-form

HTML Comments

Data Attributes

data-gateway-urldata-action

JS Globals

cupri_ajax_object

REST Endpoints

/wp-json/cupri/v1/process_payment

Shortcode Output

<form class="cupri-payment-form" method="post"><input type="hidden" name="action" value="cupri_action">

FAQ