Does Payflex Payment Gateway have any unpatched vulnerabilities?

No. All known vulnerabilities in Payflex Payment Gateway have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Payflex Payment Gateway compatible with WordPress 6.8.5?

According to WordPress.org data, Payflex Payment Gateway 2.6.9 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Payflex Payment Gateway compatible with PHP 7.4+?

Payflex Payment Gateway requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Payflex Payment Gateway updated?

Payflex Payment Gateway was last updated on Feb 9, 2026. Frequent updates are generally a positive security signal.

What is Payflex Payment Gateway's security score?

Payflex Payment Gateway has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Payflex Payment Gateway Security & Risk Analysis

wordpress.org/plugins/payflex-payment-gateway

The Payflex extension for WooCommerce enables you to accept payments in installments via one of South Africa’s most popular payment gateways.

1K active installs v2.6.9 PHP 7.4+ WP 4.4+ Updated Feb 9, 2026

buy-now-pay-laterpayment-gatewaywoocommerce

A · Safe

CVEs total2

Unpatched0

Last CVESep 30, 2024

Download

Safety Verdict

Is Payflex Payment Gateway Safe to Use in 2026?

Generally Safe

Score 99/100

Payflex Payment Gateway has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Sep 30, 2024Updated 1mo ago

Risk Assessment

The payflex-payment-gateway plugin v2.6.9 exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices by exclusively using prepared statements for SQL queries and having no known unpatched vulnerabilities at present. The static analysis also indicates a relatively small attack surface, with no unprotected AJAX handlers or REST API routes. However, there are significant concerns regarding output escaping, with only 28% of outputs properly escaped. This presents a risk of cross-site scripting (XSS) vulnerabilities if user-supplied data is not adequately sanitized before being displayed. Additionally, the vulnerability history reveals past issues with 'Open Redirect' and 'Missing Authorization,' which, while currently patched, suggest potential recurring weaknesses in how external inputs and user permissions are handled. The presence of 4 flows with unsanitized paths in taint analysis, despite having no critical or high severity issues, is a minor concern that warrants attention to ensure all data paths are properly secured.

Key Concerns

Low percentage of properly escaped output
Past 'Open Redirect' vulnerabilities
Past 'Missing Authorization' vulnerabilities
Flows with unsanitized paths (though not critical)

Vulnerabilities

Payflex Payment Gateway Security Vulnerabilities

CVEs by Year

2 CVEs in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2024-47646medium · 6.1URL Redirection to Untrusted Site ('Open Redirect')

Payflex Payment Gateway <= 2.6.1 - Open Redirect

Sep 30, 2024 Patched in 2.6.2 (17d)

CVE-2024-0619medium · 5.3Missing Authorization

Payflex Payment Gateway <= 2.5.0 - Missing Authorization to Order Status Update

Jul 10, 2024 Patched in 2.6.0 (28d)

Code Analysis

Analyzed Mar 16, 2026

Payflex Payment Gateway Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

15 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

28% escaped54 total outputs

Data Flows

4 unsanitized

Data Flow Analysis

5 flows4 with unsanitized paths

payflex_support_page (includes\class-wc-gateway-payflex.php:765)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Payflex Payment Gateway Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[payflex_widget] partpay.php:326

WordPress Hooks 21

actionwoocommerce_order_status_refundedincludes\class-wc-gateway-payflex.php:155

filterwoocommerce_available_payment_gatewaysincludes\class-wc-gateway-payflex.php:164

actionwoocommerce_settings_startincludes\class-wc-gateway-payflex.php:169

actionwoocommerce_api_wc_gateway_partpayincludes\class-wc-gateway-payflex.php:175

actionadmin_footerincludes\class-wc-gateway-payflex.php:387

actionplugins_loadedpartpay.php:75

filterwoocommerce_payment_gatewayspartpay.php:83

actiontemplate_redirectpartpay.php:94

actionbefore_woocommerce_initpartpay.php:177

actionwoocommerce_blocks_loadedpartpay.php:190

actionwoocommerce_blocks_payment_method_type_registrationpartpay.php:203

actionpayflex_do_cron_jobspartpay.php:219

actioninitpartpay.php:230

filtercron_schedulespartpay.php:290

actionwoocommerce_before_add_to_cart_formpartpay.php:315

actionwoocommerce_single_product_summarypartpay.php:317

actionadmin_menupartpay.php:396

actionenqueue_block_editor_assetspartpay.php:407

actioninitpartpay.php:427

actionwoocommerce_after_single_productpartpay.php:513

actionbefore_woocommerce_initpartpay.php:577

Scheduled Events 2

payflex_do_cron_jobs

Maintenance & Trust

Payflex Payment Gateway Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedFeb 9, 2026

PHP min version7.4

Downloads34K

Community Trust

Rating40/100

Number of ratings4

Active installs1K

Alternatives

Payflex Payment Gateway Alternatives

seQura

sequra

100

Flexible payment platform that enhances business conversion and recurrence. The easiest, safest, and quickest way for customers to pay installments.

900 No CVEs

Klump WooCommerce Buy Now, Pay Later Plugin

klump-wc-payment-gateway

100

Klump WooCommerce Buy Now, Pay Later plugin allows merchants to give their customers the option of purchasing an item or service and make payment in f …

50 No CVEs

AhaPay Buy Now Pay Later

ahapay-buy-now-pay-later

100

AhaPay Buy Now Pay Later AhaPay is a Buy Now Pay Later (BNPL) payment solution that enables customers to split their purchases into installments with …

10 No CVEs

Paystack WooCommerce Payment Gateway

woo-paystack

100

Paystack for WooCommerce allows your WooCommerce store to accept secure payments from multiple local and global payment channels.

30K No CVEs

Montonio for WooCommerce

montonio-for-woocommerce

100

Montonio is a complete checkout solution for online stores that includes all popular payment methods (local banks, card payments, Apple Pay, Google Pa …

10K No CVEs

Developer Profile

Payflex Payment Gateway Developer Profile

tomlister

1 plugin · 1K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

23 days

View full developer profile

Detection Fingerprints

How We Detect Payflex Payment Gateway

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/payflex-payment-gateway/assets/payflex-block-checkout.js

Script Paths

/wp-content/plugins/payflex-payment-gateway/includes/class-payflex-woocommerce-block-checkout.php

Version Parameters

payflex-payment-gateway/assets/payflex-block-checkout.js?ver=

HTML / DOM Fingerprints

Data Attributes

data-payflex-order-iddata-payflex-client-iddata-payflex-api-key

JS Globals

payflex_product_page_widget_displayedWC_Payflex_Blocks

FAQ