WP-Safety

PayEx WooCommerce Payments Security & Risk Analysis

wordpress.org/plugins/payex-woocommerce-payments

This plugin provides the PayEx Payment Gateway for WooCommerce.

10 active installs v1.3.1 PHP + WP 4.7+ Updated Jul 21, 2019
commercee-commerceecommercewoothemeswordpress-ecommerce
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is PayEx WooCommerce Payments Safe to Use in 2026?

Generally Safe

Score 85/100

PayEx WooCommerce Payments has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago
Risk Assessment

The "payex-woocommerce-payments" plugin version 1.3.1 exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and avoids external HTTP requests. The absence of known CVEs and a clean vulnerability history suggest a generally stable codebase. However, there are significant concerns regarding its attack surface. The presence of two AJAX handlers without authentication checks represents a clear vulnerability. While taint analysis did not reveal critical or high severity issues, the two identified flows with unsanitized paths are concerning and warrant investigation, especially when combined with the unprotected AJAX endpoints. The plugin also has a moderate number of output operations, with a notable percentage (29%) not being properly escaped, which could lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is involved in these outputs. The limited number of nonce and capability checks further contributes to the risk.

Key Concerns

  • AJAX handlers without authentication checks
  • Flows with unsanitized paths
  • Unescaped output instances
  • Limited nonce checks
  • Limited capability checks
Vulnerabilities
None known

PayEx WooCommerce Payments Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

PayEx WooCommerce Payments Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
18 prepared
Unescaped Output
10
25 escaped
Nonce Checks
2
Capability Checks
2
File Operations
1
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared18 total queries

Output Escaping

71% escaped35 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
add_payment_method (includes\class-wc-gateway-payex-cc.php:308)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

PayEx WooCommerce Payments Attack Surface

Entry Points4
Unprotected2

AJAX Handlers 4

authwp_ajax_payex_card_storeincludes\class-wc-gateway-payex-cc.php:137
noprivwp_ajax_payex_card_storeincludes\class-wc-gateway-payex-cc.php:138
authwp_ajax_payex_capturepayex-woocommerce-payments.php:75
authwp_ajax_payex_cancelpayex-woocommerce-payments.php:80
WordPress Hooks 35
actionwoocommerce_order_status_changedincludes\abstracts\abstract-wc-payment-gateway-payex.php:570
actionwoocommerce_order_status_changedincludes\abstracts\abstract-wc-payment-gateway-payex.php:576
actionshutdownincludes\class-wc-background-payex-queue.php:29
actionthe_postincludes\class-wc-gateway-payex-cc.php:128
actionwoocommerce_order_status_pending_to_cancelledincludes\class-wc-gateway-payex-cc.php:131
actionwoocommerce_payment_completeincludes\class-wc-gateway-payex-cc.php:141
actionwcs_resubscribe_order_createdincludes\class-wc-gateway-payex-cc.php:148
filterwoocommerce_subscription_payment_metaincludes\class-wc-gateway-payex-cc.php:151
filterwoocommerce_subscription_validate_payment_metaincludes\class-wc-gateway-payex-cc.php:156
actionwcs_save_other_payment_metaincludes\class-wc-gateway-payex-cc.php:161
filterwoocommerce_my_subscriptions_payment_methodincludes\class-wc-gateway-payex-cc.php:169
actionthe_postincludes\class-wc-gateway-payex-invoice.php:97
actionwoocommerce_order_status_pending_to_cancelledincludes\class-wc-gateway-payex-invoice.php:100
actionthe_postincludes\class-wc-gateway-payex-swish.php:104
actionwoocommerce_order_status_pending_to_cancelledincludes\class-wc-gateway-payex-swish.php:107
filterpayex_swish_phone_formatincludes\class-wc-gateway-payex-swish.php:112
actionthe_postincludes\class-wc-gateway-payex-vipps.php:104
actionwoocommerce_order_status_pending_to_cancelledincludes\class-wc-gateway-payex-vipps.php:107
filterpayex_vipps_phone_formatincludes\class-wc-gateway-payex-vipps.php:112
filterwoocommerce_payment_methods_list_itemincludes\class-wc-payment-token-payex.php:186
actionwoocommerce_account_payment_methods_column_methodincludes\class-wc-payment-token-payex.php:187
filterwoocommerce_payment_gateway_get_saved_payment_method_option_htmlincludes\class-wc-payment-token-payex.php:188
actionplugins_loadedpayex-woocommerce-payments.php:52
actionwoocommerce_initpayex-woocommerce-payments.php:53
actionwoocommerce_loadedpayex-woocommerce-payments.php:54
filterwoocommerce_valid_order_statuses_for_payment_completepayex-woocommerce-payments.php:60
actionwoocommerce_order_status_changedpayex-woocommerce-payments.php:66
actionadd_meta_boxespayex-woocommerce-payments.php:69
actionadmin_enqueue_scriptspayex-woocommerce-payments.php:72
filterpayex_generate_uuidpayex-woocommerce-payments.php:86
actioncustomize_save_afterpayex-woocommerce-payments.php:93
actionafter_switch_themepayex-woocommerce-payments.php:94
actionadmin_menupayex-woocommerce-payments.php:98
actionadmin_noticespayex-woocommerce-payments.php:102
filterwoocommerce_payment_gatewayspayex-woocommerce-payments.php:204
Maintenance & Trust

PayEx WooCommerce Payments Maintenance & Trust

Maintenance Signals

WordPress version tested5.2.24
Last updatedJul 21, 2019
PHP min version
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

PayEx WooCommerce Payments Alternatives

Braintree for WooCommerce Payment Gateway

Braintree for WooCommerce Payment Gateway

woocommerce-gateway-paypal-powered-by-braintree

A
100

Accept PayPal, Credit Cards, and Debit Cards on your WooCommerce store.

10K No CVEs
dLocal Go Payments

dLocal Go Payments

dlocal-go-payments-for-woocommerce

A
100

Accept dLocal Go payment methods in your WooCommerce store.

300 No CVEs
PayPal Checkout Payment for WooCommerce in Japan

PayPal Checkout Payment for WooCommerce in Japan

pp-express-wc4jp

A
85

Accept PayPal, Credit Cards and Debit Cards on your WooCommerce store.

100 No CVEs
Slim CD payment gateway

Slim CD payment gateway

slimcd-payment-gateway

A
100

Accept credit card/check payments for woocommerce stores, using your own merchant account.

70 No CVEs
AstroPay for WooCommerce

AstroPay for WooCommerce

astropay-for-woocommerce

A
100

Accept AstroPay payment methods in your WooCommerce store.

60 No CVEs
Developer Profile

PayEx WooCommerce Payments Developer Profile

payexplt

3 plugins · 320 total installs

85
trust score
Avg Security Score
87/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect PayEx WooCommerce Payments

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/payex-woocommerce-payments/assets/css/payex-admin.css/wp-content/plugins/payex-woocommerce-payments/assets/js/payex-admin.js
Script Paths
/wp-content/plugins/payex-woocommerce-payments/assets/js/payex-admin.js
Version Parameters
payex-woocommerce-payments/assets/css/payex-admin.css?ver=payex-woocommerce-payments/assets/js/payex-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
wc-payex-admin-field
HTML Comments
<!-- PayEx Payment Details --><!-- PayEx transactions -->
Data Attributes
data-payex-gateway
FAQ

Frequently Asked Questions about PayEx WooCommerce Payments