Does Payday have any unpatched vulnerabilities?

Yes — Payday currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Payday compatible with WordPress 6.8.5?

According to WordPress.org data, Payday 3.3.18 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Payday compatible with PHP 8.0+?

Payday requires PHP 8.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Payday updated?

Payday was last updated on Jun 26, 2025. Frequent updates are generally a positive security signal.

What is Payday's security score?

Payday has a WP-Safety security score of 79/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Payday Security & Risk Analysis

wordpress.org/plugins/payday

This plugin integrates WooCommerce with your Payday bookkeeping solution.

100 active installs v3.3.18 PHP 8.0+ WP 3.0.1+ Updated Jun 26, 2025

accounting-softwarebookkeeping-solutionicelandicpayday

B · Generally Safe

CVEs total1

Unpatched1

Last CVEApr 3, 2025

Plugin page Download

Safety Verdict

Is Payday Safe to Use in 2026?

Mostly Safe

Score 79/100

Payday is generally safe to use. 1 past CVE were resolved. Keep it updated.

1 known CVE 1 unpatched Last CVE: Apr 3, 2025Updated 9mo ago

Risk Assessment

The "payday" plugin version 3.3.18 exhibits a mixed security posture. While the static analysis indicates a relatively small attack surface with no immediately apparent unprotected entry points like unauthenticated AJAX handlers or REST API routes, and the majority of SQL queries utilize prepared statements, there are areas for concern. A significant portion of the plugin's output is not properly escaped, potentially leading to cross-site scripting (XSS) vulnerabilities if user-supplied data is echoed directly without sanitization. Furthermore, the plugin has a history of known vulnerabilities, including a currently unpatched medium severity issue. This historical pattern, particularly the mention of "Missing Authorization" as a common vulnerability type, suggests a recurring weakness in how the plugin handles user permissions, which could be exploited even with seemingly protected entry points.

Key Concerns

Unpatched CVE exists (medium severity)
Significant percentage of outputs unescaped
History of medium severity vulnerabilities

Vulnerabilities

Payday Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-31876medium · 5.3Missing Authorization

Payday <= 3.3.13 - Missing Authorization

Apr 3, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

Payday Code Analysis

Dangerous Functions

Raw SQL Queries

14 prepared

Unescaped Output

108 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

93% prepared15 total queries

Output Escaping

69% escaped157 total outputs

Attack Surface

Payday Attack Surface

Entry Points2

Unprotected0

REST API Routes 2

GET/wp-json/payday/v1/orderspayday-plugin-api\controllers\class-payday-orders-controller.php:21

GET/wp-json/payday/v1/productspayday-plugin-api\controllers\class-payday-products-controller.php:20

WordPress Hooks 39

actionwoocommerce_order_status_changedclasses\class-payday-claim-service-payment-gateway.php:299

filterwoocommerce_payment_gatewaysclasses\class-payday-claim-service-payment-gateway.php:417

actioninitclasses\class-payday-claim-service-payment-gateway.php:421

filterwoocommerce_payment_gatewaysclasses\class-payday-deactivator.php:31

actioninitclasses\class-payday.php:55

actioninitclasses\class-payday.php:56

actionadmin_menuclasses\class-payday.php:59

filterplugin_row_metaclasses\class-payday.php:64

actionadmin_footer_textclasses\class-payday.php:65

actionwoocommerce_order_status_changedclasses\class-payday.php:69

actionwoocommerce_new_orderclasses\class-payday.php:70

actionadmin_initclasses\class-payday.php:75

actionadmin_post_payday_settings_refreshclasses\class-payday.php:76

actionadmin_post_payday_settings_disconnectclasses\class-payday.php:77

actionadmin_post_payday_sync_all_productsclasses\class-payday.php:78

filterbulk_actions-edit-productclasses\class-payday.php:81

filterhandle_bulk_actions-edit-productclasses\class-payday.php:82

actionadmin_post_sync_inventory_with_paydayclasses\class-payday.php:83

actionadmin_noticesclasses\class-payday.php:84

filterpost_row_actionsclasses\class-payday.php:85

filtermanage_edit-product_columnsclasses\class-payday.php:86

actionmanage_product_posts_custom_columnclasses\class-payday.php:87

actionadmin_enqueue_scriptsclasses\class-payday.php:88

filterwoocommerce_payment_gatewaysclasses\class-payday.php:112

actionwoocommerce_checkout_fieldsclasses\class-payday.php:118

actionwoocommerce_checkout_processclasses\class-payday.php:121

actionwoocommerce_checkout_update_user_metaclasses\class-payday.php:124

actionwoocommerce_checkout_update_order_metaclasses\class-payday.php:127

actionsave_post_shop_orderclasses\class-payday.php:130

filterwoocommerce_admin_billing_fieldsclasses\class-payday.php:133

filterwoocommerce_email_order_meta_keysclasses\class-payday.php:136

actioninitpages\class-payday-log-viewer-page.php:89

actionadmin_initpages\class-payday-login-page.php:384

actionadmin_noticespages\class-payday-login-page.php:385

actioninitpages\class-payday-login-page.php:386

actionadmin_noticespayday.php:139

actionadmin_noticespayday.php:241

filterupgrader_pre_installpayday.php:257

actionbefore_woocommerce_initpayday.php:273

Maintenance & Trust

Payday Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJun 26, 2025

PHP min version8.0

Downloads7K

Community Trust

Rating100/100

Number of ratings1

Active installs100

Alternatives

Payday Alternatives

$Pósturinn\'s Shipping with WooCommerce$

Pósturinn\'s Shipping with WooCommerce

posturinn

Pósturinn Shipping with WooCommerce is a plugin that adds support to WooCommerce for Pósturinn postal service.

500 1 CVE

EIMSKIP

tvg-xpress

Tenging við EIMSKIP

30 No CVEs

Easify Server WooCommerce

easify-server-woocommerce

100

Connects Easify Business Software to your WooCommerce online shop, allowing you to synchronise stock levels between your physical shop and your online …

10 No CVEs

Pay Day Loan Application form plugin for WordPress

pay-day-loans-application-form

Pay Day Loan Application gives you an affiliate loan application form from which you will earn 70% commission

10 No CVEs

Developer Profile

Payday Developer Profile

gunnarpayday

1 plugin · 100 total installs

trust score

Avg Security Score

79/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Payday

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/payday/assets/css/payday.css/wp-content/plugins/payday/assets/js/payday.js

Script Paths

/wp-content/plugins/payday/assets/js/payday.js

Version Parameters

payday/assets/css/payday.css?ver=payday/assets/js/payday.js?ver=

HTML / DOM Fingerprints

CSS Classes

payday-settings-wrapperpayday-logopayday-form-field

HTML Comments

Data Attributes

data-payday-invoice-iddata-payday-order-id

JS Globals

window.payday_ajax_object

REST Endpoints

/wp-json/payday/v1/process_order/wp-json/payday/v1/get_invoice_status

Shortcode Output

[payday_payment_form][payday_invoice_details]

FAQ