Does PayDirectFPX have any unpatched vulnerabilities?

No. All known vulnerabilities in PayDirectFPX have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is PayDirectFPX compatible with WordPress 6.6.5?

According to WordPress.org data, PayDirectFPX 1.0.2 has been tested up to WordPress 6.6.5. Check the plugin's changelog for the latest compatibility information.

How often is PayDirectFPX updated?

PayDirectFPX was last updated on Jul 4, 2024. Frequent updates are generally a positive security signal.

What is PayDirectFPX's security score?

PayDirectFPX has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

PayDirectFPX Security & Risk Analysis

wordpress.org/plugins/paydirect-fpx

PayDirectFPX payment gateway plugin for WooCommerce.

10 active installs v1.0.2 PHP + WP 4.3+ Updated Jul 4, 2024

credit-cardmalaysiaonline-bankingpayment-gatewaypaypal

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is PayDirectFPX Safe to Use in 2026?

Generally Safe

Score 92/100

PayDirectFPX has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The static analysis of the 'paydirect-fpx' plugin v1.0.2 reveals a generally good security posture with no immediately apparent critical vulnerabilities. The plugin demonstrates strong adherence to secure coding practices by utilizing prepared statements for all SQL queries and properly escaping nearly all output. The absence of file operations, external HTTP requests, and a significant attack surface are also positive indicators. However, the lack of any nonce checks or capability checks, combined with two identified taint flows with unsanitized paths, presents a potential concern that warrants further investigation.

The vulnerability history is clean, with no recorded CVEs. This, coupled with the positive static analysis findings, suggests a well-maintained plugin. Despite the absence of historical issues, the identified taint flows, even if not currently exploitable due to other mitigations, highlight areas where input validation and authorization checks could be strengthened. The lack of explicit authorization checks on any entry points also means that if the plugin were to introduce new entry points in the future, they might lack the necessary security measures by default.

In conclusion, 'paydirect-fpx' v1.0.2 is generally secure based on the provided data, with strong adherence to secure coding fundamentals. The primary areas for improvement lie in implementing nonce and capability checks for enhanced authorization and thoroughly reviewing the identified taint flows to ensure they are adequately sanitized and protected against potential misuse. The clean vulnerability history is reassuring, but proactive security measures in the identified areas would further bolster its security.

Key Concerns

Taint flows with unsanitized paths
No nonce checks
No capability checks

Vulnerabilities

None known

PayDirectFPX Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

PayDirectFPX Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

77 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

99% escaped78 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

check_paydirectfpx_response (src\paydirectfpx.php:164)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

PayDirectFPX Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 5

actionplugins_loadedindex.php:18

filterwoocommerce_payment_gatewaysindex.php:27

actioninitindex.php:47

filterthe_contentsrc\paydirectfpx.php:563

filterthe_contentsrc\paydirectfpx.php:567

Maintenance & Trust

PayDirectFPX Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5

Last updatedJul 4, 2024

PHP min version

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

PayDirectFPX Alternatives

Payment Gateway of PayPal for WooCommerce

express-checkout-paypal-payment-gateway-for-woocommerce

100

Enable faster checkout with PayPal for WooCommerce. Add PayPal Express/PayPal Standard gateways that accept PayPal, Pay Later, debit & credit cards.

8K No CVEs

senangpay

senangpay-payment-gateway-for-woocommerce

senangPay payment gateway plugin for WooCommerce.

1K No CVEs

SecurePay For WooCommerce

securepay

SecurePay payment platform plugin for WooCommerce.

200 No CVEs

iPOSpays Gateways WC

ipospays-gateways-wc

100

Accept all major credit cards, Bank, and alternative payment methods like Google Pay, PayPal, and Venmo.

100 No CVEs

BOLD.Pay for WooCommerce

bold-pay

100

BOLD.Pay is a cloud-based multi-channel payment access plugin for WooCommerce.

40 No CVEs

Developer Profile

PayDirectFPX Developer Profile

Shahrul

2 plugins · 40 total installs

trust score

Avg Security Score

96/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect PayDirectFPX

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/paydirect-fpx/assets/css/main.css/wp-content/plugins/paydirect-fpx/assets/js/script.js

Script Paths

/wp-content/plugins/paydirect-fpx/assets/js/script.js

Version Parameters

paydirect-fpx/assets/css/main.css?ver=paydirect-fpx/assets/js/script.js?ver=

HTML / DOM Fingerprints

CSS Classes

paydirectfpx-payment-form

Data Attributes

data-gateway-urldata-order-iddata-merchant-iddata-secret-key

JS Globals

paydirectfpx_gateway_params

REST Endpoints

/wp-json/paydirectfpx/v1/process-payment

FAQ