[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fxPJXWdzghYmJZcXdK1QWznIHTHBDhoDWj8tJ-M4ity4":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":23,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":62,"crawl_stats":36,"alternatives":67,"analysis":160,"fingerprints":536},"payflex-payment-gateway","Payflex Payment Gateway","2.6.9","tomlister","https:\u002F\u002Fprofiles.wordpress.org\u002Ftomlister\u002F","\u003Cp>The Payflex extension for WooCommerce enables you to accept payments in installments via one of South Africa’s most popular payment gateways.\u003C\u002Fp>\n\u003Ch4>Why choose Payflex?\u003C\u002Fh4>\n\u003Cp>Give your customers a better way to pay and they’ll have more reason to buy.Payflex is proven to increase sales conversion rates and average order values.\u003C\u002Fp>\n","The Payflex extension for WooCommerce enables you to accept payments in installments via one of South Africa’s most popular payment gateways.",1000,33826,40,4,"2026-02-09T13:21:00.000Z","6.8.5","4.4","7.4",[20,21,22],"buy-now-pay-later","payment-gateway","woocommerce","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpayflex-payment-gateway.2.6.9.zip",99,2,0,"2024-09-30 00:00:00","2026-03-15T15:16:48.613Z",[31,47],{"id":32,"url_slug":33,"title":34,"description":35,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":38,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":28,"updated_date":43,"references":44,"days_to_patch":46},"CVE-2024-47646","payflex-payment-gateway-open-redirect","Payflex Payment Gateway \u003C= 2.6.1 - Open Redirect","The Payflex Payment Gateway plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 2.6.1. This is due to insufficient validation on a redirect url supplied. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.",null,"\u003C=2.6.1","2.6.2","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","URL Redirection to Untrusted Site ('Open Redirect')","2024-10-16 14:29:00",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F3fe91c7e-e4d4-4308-a8ca-22d7985ddb61?source=api-prod",17,{"id":48,"url_slug":49,"title":50,"description":51,"plugin_slug":4,"theme_slug":36,"affected_versions":52,"patched_in_version":53,"severity":39,"cvss_score":54,"cvss_vector":55,"vuln_type":56,"published_date":57,"updated_date":58,"references":59,"days_to_patch":61},"CVE-2024-0619","payflex-payment-gateway-missing-authorization-to-order-status-update","Payflex Payment Gateway \u003C= 2.5.0 - Missing Authorization to Order Status Update","The Payflex Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the payment_callback() function in all versions up to, and including, 2.5.0. This makes it possible for unauthenticated attackers to update the status of orders, which can potentially lead to revenue loss.","\u003C=2.5.0","2.6.0",5.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Missing Authorization","2024-07-10 00:00:00","2024-08-06 19:24:20",[60],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F9f740cfa-7163-4634-9705-0e01ee571a11?source=api-prod",28,{"slug":7,"display_name":7,"profile_url":8,"plugin_count":63,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":64,"trust_score":65,"computed_at":66},1,23,93,"2026-04-04T16:48:34.650Z",[68,88,107,121,140],{"slug":69,"name":70,"version":71,"author":72,"author_profile":73,"description":74,"short_description":75,"active_installs":76,"downloaded":77,"rating":78,"num_ratings":26,"last_updated":79,"tested_up_to":80,"requires_at_least":81,"requires_php":82,"tags":83,"homepage":86,"download_link":87,"security_score":78,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"sequra","seQura","4.1.3","SeQura Tech","https:\u002F\u002Fprofiles.wordpress.org\u002Fsequradev\u002F","\u003Cp>seQura is the flexible payment platform that will help your business improve conversion and recurrence.\u003Cbr \u002F>\nThe easiest, safest, and quickest way for your customers to pay on installments.\u003C\u002Fp>\n\u003Cp>+6.000 e-commerce and +1.5 million delight shoppers already use seQura. Are you still thinking about it?\u003C\u002Fp>\n\u003Cp>This WooCommerce plugin allows you to make payments with \u003Ca href=\"https:\u002F\u002Fsequra.es\" rel=\"nofollow ugc\">seQura\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Benefits for merchants\u003C\u002Fh4>\n\u003Cblockquote>\n\u003Cp>Flexible payment solutions adapted to your business.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Widest flexible payment solutions in the market:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Buy now pay later \u003C\u002Fli>\n\u003Cli>Pay in 3, no interest\u003C\u002Fli>\n\u003Cli>Installments, up to 24 months\u003C\u002Fli>\n\u003Cli>Flexi, combines interest-free bnpl with long-term financing in a single purchase experience\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Your customers in good hands:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Cost transparency and clarity\u003C\u002Fli>\n\u003Cli>Local support teams to deliver the best shopper experience\u003C\u002Fli>\n\u003Cli>Secure data, we don’t share your data with anyone or use your information to sell our own or third-party products \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Obsessed with conversion and recurrence\u003C\u002Fp>\n\u003Cul>\n\u003Cli>We adapt to your business, solutions for every sector, and buyer profile\u003C\u002Fli>\n\u003Cli>The highest acceptance rate in Southern Europe thanks to our own risk algorithm, created and optimized for the local market\u003C\u002Fli>\n\u003Cli>Instant approval. A frictionless credit-purchase experience, buy-in seconds without document uploads\u003C\u002Fli>\n\u003Cli>seQura marketing collateral to support your campaigns\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Benefits for customers\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Widest range of flexible payment solutions available on the market, up to 4 different solutions to pay as you want.\u003C\u002Fli>\n\u003Cli>Access to credit with no paperwork, just complete 5 fields to be instantly approved\u003C\u002Fli>\n\u003Cli>Security and privacy, we do not sell your personal data to third parties nor share with other companies\u003C\u002Fli>\n\u003C\u002Ful>\n","Flexible payment platform that enhances business conversion and recurrence. The easiest, safest, and quickest way for customers to pay installments.",900,14794,100,"2025-12-09T08:25:00.000Z","6.9.0","5.9","7.3",[84,20,85,21,22],"bnpl","installments","https:\u002F\u002Fsequra.es\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsequra.4.1.3.zip",{"slug":89,"name":90,"version":91,"author":92,"author_profile":93,"description":94,"short_description":95,"active_installs":96,"downloaded":97,"rating":27,"num_ratings":27,"last_updated":98,"tested_up_to":99,"requires_at_least":100,"requires_php":18,"tags":101,"homepage":105,"download_link":106,"security_score":78,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"klump-wc-payment-gateway","Klump WooCommerce Buy Now, Pay Later Plugin","1.4.4","paywithklump","https:\u002F\u002Fprofiles.wordpress.org\u002Fpaywithklump\u002F","\u003Cp>Klump WooCommerce Buy Now, Pay Later plugin allows merchants to give their customers the option of purchasing an item or service and make payment in four instalments. = Note = This plugin is meant to be used by merchants in Nigeria. = Suggestions \u002F Feature Request = If you have challenges using the plugin or suggestions or a new feature request, kindly reach out via the \u003Ca href=\"https:\u002F\u002Fuseklump.com\u002Fcontact\" rel=\"nofollow ugc\">contact form on our website\u003C\u002Fa> or send us an email at support@useklump.com\u003C\u002Fp>\n","Klump WooCommerce Buy Now, Pay Later plugin allows merchants to give their customers the option of purchasing an item or service and make payment in f &hellip;",50,2731,"2026-02-02T23:34:00.000Z","6.9.4","6.2",[102,103,21,104,22],"buy-now-pay-later-bnpl","klump-pay-by-instalments","useklump","https:\u002F\u002Fuseklump.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fklump-wc-payment-gateway.1.4.4.zip",{"slug":108,"name":109,"version":110,"author":111,"author_profile":112,"description":113,"short_description":114,"active_installs":115,"downloaded":116,"rating":27,"num_ratings":27,"last_updated":117,"tested_up_to":99,"requires_at_least":23,"requires_php":23,"tags":118,"homepage":23,"download_link":120,"security_score":78,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"ahapay-buy-now-pay-later","AhaPay Buy Now Pay Later","1.0.3","AhaPay - Buy Now Pay Later","https:\u002F\u002Fprofiles.wordpress.org\u002Fahapay\u002F","\u003Cp>AhaPay integrates with WooCommerce to provide flexible payment options for your customers. The plugin allows shoppers to split their payments into 4 or 7 installments automatically, with no hidden fees and 0% interest on 4-payment plans.\u003C\u002Fp>\n\u003Ch3>Requirements\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>WordPress 5.4 or higher\u003C\u002Fli>\n\u003Cli>WooCommerce 4.8 or higher\u003C\u002Fli>\n\u003Cli>PHP 7.4 or higher\u003C\u002Fli>\n\u003Cli>OpenSSL PHP extension\u003C\u002Fli>\n\u003Cli>SSL certificate installed on your domain (for secure transactions)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Configuration\u003C\u002Fh3>\n\u003Ch3>Basic Settings\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Enable\u002FDisable – Turn the payment method on or off\u003C\u002Fli>\n\u003Cli>Title – The payment method title shown to customers\u003C\u002Fli>\n\u003Cli>Description – The payment method description shown to customers\u003C\u002Fli>\n\u003Cli>Environment – Choose between Sandbox (testing) and Production\u003C\u002Fli>\n\u003Cli>API Key – Enter your AhaPay API key\u003C\u002Fli>\n\u003Cli>Minimum Amount – Set the minimum order amount for AhaPay availability\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Display Settings\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Product Label – Enable\u002Fdisable BNPL information on product pages\u003C\u002Fli>\n\u003Cli>Product Label Text – Customize the BNPL message\u003C\u002Fli>\n\u003Cli>Product Label Color – Set the background color for labels\u003C\u002Fli>\n\u003Cli>Product Label Text Color – Set the text color for labels\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Seamless integration with WooCommerce checkout\u003C\u002Fli>\n\u003Cli>Automatic order status updates\u003C\u002Fli>\n\u003Cli>Real-time payment verification\u003C\u002Fli>\n\u003Cli>Custom product page badges and banners\u003C\u002Fli>\n\u003Cli>Responsive payment modal\u003C\u002Fli>\n\u003Cli>Support for both desktop and mobile devices\u003C\u002Fli>\n\u003Cli>Order status checking in admin panel\u003C\u002Fli>\n\u003Cli>Sandbox environment for testing\u003C\u002Fli>\n\u003Cli>Detailed payment status tracking\u003C\u002Fli>\n\u003Cli>Support for refunds\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Payment Flow\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Customer selects AhaPay at checkout\u003C\u002Fli>\n\u003Cli>Order is created and customer is redirected to AhaPay\u003C\u002Fli>\n\u003Cli>Customer completes payment setup with AhaPay\u003C\u002Fli>\n\u003Cli>Order status is automatically updated\u003C\u002Fli>\n\u003Cli>Customer is redirected back to your store\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Order Statuses\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>PAYMENT_SUCCESSFUL – Payment completed\u003C\u002Fli>\n\u003Cli>CANCELLED – Payment cancelled by customer\u003C\u002Fli>\n\u003Cli>UNAVAILABLE – Payment failed\u003C\u002Fli>\n\u003Cli>PAYMENT_IN_PROGRESS – Payment pending\u003C\u002Fli>\n\u003Cli>REFUNDED – Payment refunded\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>For support or questions, please contact AhaPay support team or visit your AhaPay merchant dashboard.\u003C\u002Fp>\n\u003Ch3>External services\u003C\u002Fh3>\n\u003Cp>This plugin connects to the AhaPay API to process Buy Now Pay Later payments and handle order status updates.\u003C\u002Fp>\n\u003Cp>It sends the following data when processing payments or checking status:\u003Cbr \u002F>\n– Order ID and transaction details\u003Cbr \u002F>\n– API key for authentication\u003Cbr \u002F>\n– Refund requests with order information\u003C\u002Fp>\n\u003Cp>Data is sent securely via HTTPS to AhaPay’s servers only when necessary for payment processing or status verification.\u003C\u002Fp>\n\u003Cp>This service is provided by AhaPay: \u003Ca href=\"https:\u002F\u002Fmerchant-help.ahapay.my\u002Fhc\u002Fen-my\" rel=\"nofollow ugc\">Terms of Service\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fahapay.my\u002Fprivacy-policy\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Development\u003C\u002Fh3>\n\u003Cp>This plugin uses webpack to build JavaScript and CSS assets.\u003C\u002Fp>\n\u003Ch3>Build Process\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Install dependencies: \u003Ccode>npm install\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Build assets: \u003Ccode>npm run build\u003C\u002Fcode> (or \u003Ccode>npm run dev\u003C\u002Fcode> for development)\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Source files are located in the \u003Ccode>blocks\u002F\u003C\u002Fcode> directory. Built files are in \u003Ccode>assets\u002Fblocks\u002F\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cp>The source code is publicly available in this repository for review and modification.\u003C\u002Fp>\n\u003Ch3>1.0.0\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Initial release\u003C\u002Fli>\n\u003Cli>Basic payment integration\u003C\u002Fli>\n\u003Cli>Order status management\u003C\u002Fli>\n\u003Cli>Product page integration\u003C\u002Fli>\n\u003Cli>Admin interface\u003C\u002Fli>\n\u003Cli>Sandbox\u002FProduction environments\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is licensed under the terms of use provided by AhaPay.\u003C\u002Fp>\n\u003Ch3>Customize Payment Fields CSS\u003C\u002Fh3>\n\u003Cp>You can add custom CSS that will be applied specifically to AhaPay’s payment fields on the checkout page from the plugin settings in the WordPress admin.\u003C\u002Fp>\n\u003Cp>How to update the CSS\u003C\u002Fp>\n\u003Col>\n\u003Cli>In WordPress admin go to: WooCommerce \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Settings \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Payments.\u003C\u002Fli>\n\u003Cli>Find “AhaPay Buy Now Pay Later” in the list and click Manage (or click the Settings link).\u003C\u002Fli>\n\u003Cli>Scroll down to the setting named “Additional CSS for Payment Fields”.\u003C\u002Fli>\n\u003Cli>Paste your CSS into the textarea and click Save changes.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>How the plugin applies your CSS\u003C\u002Fp>\n\u003Cul>\n\u003Cli>The plugin stores the textarea content and adds it as inline CSS attached to the plugin stylesheet handle \u003Ccode>ahapaybuynowpaylater-block-style\u003C\u002Fcode>.\u003C\u002Fli>\n\u003Cli>The payment fields output by the gateway are wrapped in a container with the class \u003Ccode>.ahapay-payment-fields\u003C\u002Fcode>, so we recommend scoping your rules under that selector to avoid affecting other parts of your site.\u003C\u002Fli>\n\u003Cli>The plugin will strip surrounding \u003Ccode>\u003Cstyle>\u003C\u002Fcode> tags if you paste them by accident, and it sanitizes the textarea input on save. If you need to override existing rules, use specificity or \u003Ccode>!important\u003C\u002Fcode> as needed.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Quick verification example\u003C\u002Fp>\n\u003Cp>Paste the following CSS into the “Additional CSS for Payment Fields” textarea and save. Then open your checkout page (or the block checkout) and you should see a green dashed border, a small badge that reads “ADDITIONAL CSS APPLIED”, and visible styling changes for the title, subtitle and progress bar. This is a visual test to confirm the inline CSS is applied.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>`css\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u002F* Visual test for Additional CSS for Payment Fields *\u002F\u003Cbr \u002F>\n.ahapay-payment-fields {\u003Cbr \u002F>\n  border: 3px dashed #27ae60 !important;\u003Cbr \u002F>\n  background: rgba(39, 174, 96, 0.04) !important;\u003Cbr \u002F>\n  padding: 12px !important;\u003Cbr \u002F>\n  position: relative !important;\u003Cbr \u002F>\n  border-radius: 6px !important;\u003Cbr \u002F>\n}\u003C\u002Fp>\n\u003Cp>\u002F* Badge so you can clearly see the CSS is applied *\u002F\u003Cbr \u002F>\n.ahapay-payment-fields::before {\u003Cbr \u002F>\n  content: “ADDITIONAL CSS APPLIED”;\u003Cbr \u002F>\n  position: absolute;\u003Cbr \u002F>\n  top: -12px;\u003Cbr \u002F>\n  right: 8px;\u003Cbr \u002F>\n  background: #27ae60;\u003Cbr \u002F>\n  color: #ffffff;\u003Cbr \u002F>\n  font-weight: 700;\u003Cbr \u002F>\n  font-size: 11px;\u003Cbr \u002F>\n  padding: 3px 8px;\u003Cbr \u002F>\n  border-radius: 3px;\u003Cbr \u002F>\n  box-shadow: 0 1px 2px rgba(0,0,0,0.15);\u003Cbr \u002F>\n  z-index: 9999;\u003Cbr \u002F>\n}\u003C\u002Fp>\n\u003Cp>.ahapay-payment-fields .ahapay-title {\u003Cbr \u002F>\n  color: #e91e63 !important;\u003Cbr \u002F>\n  font-size: 18px !important;\u003Cbr \u002F>\n  font-weight: 700 !important;\u003Cbr \u002F>\n}\u003C\u002Fp>\n\u003Cp>.ahapay-payment-fields .ahapay-subtitle {\u003Cbr \u002F>\n  color: #555 !important;\u003Cbr \u002F>\n  font-style: italic !important;\u003Cbr \u002F>\n}\u003C\u002Fp>\n\u003Cp>.ahapay-payment-fields .ahapay-progress-bar {\u003Cbr \u002F>\n  background: #eee !important;\u003Cbr \u002F>\n  height: 12px !important;\u003Cbr \u002F>\n  border-radius: 12px !important;\u003Cbr \u002F>\n  margin: 10px 0 !important;\u003Cbr \u002F>\n}\u003C\u002Fp>\n\u003Cp>.ahapay-payment-fields .ahapay-progress {\u003Cbr \u002F>\n  width: 75% !important;\u003Cbr \u002F>\n  height: 100% !important;\u003Cbr \u002F>\n  background: linear-gradient(90deg,#e91e63,#ff8a80) !important;\u003Cbr \u002F>\n  border-radius: 12px !important;\u003Cbr \u002F>\n}\u003C\u002Fp>\n\u003Cp>.ahapay-payment-fields .ahapay-timeline div {\u003Cbr \u002F>\n  display: inline-block !important;\u003Cbr \u002F>\n  background: #fff8e1 !important;\u003Cbr \u002F>\n  padding: 6px 8px !important;\u003Cbr \u002F>\n  margin-right: 6px !important;\u003Cbr \u002F>\n  border-radius: 4px !important;\u003Cbr \u002F>\n  font-weight: 600 !important;\u003Cbr \u002F>\n}\u003Cbr \u002F>\n    `\u003C\u002Fp>\n\u003Cp>Small examples\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>Change the title color only:\u003C\u002Fp>\n\u003Cp>\u003Ccode>css\u003Cbr \u002F>\n.ahapay-payment-fields .ahapay-title { color: #0066cc !important; }\u003C\u002Fcode>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Hide the timeline if it conflicts with your theme:\u003C\u002Fp>\n\u003Cp>\u003Ccode>css\u003Cbr \u002F>\n.ahapay-payment-fields .ahapay-timeline { display: none !important; }\u003C\u002Fcode>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Troubleshooting\u003C\u002Fp>\n\u003Cul>\n\u003Cli>If you don’t see the changes after saving the CSS, try these steps:\n\u003Cul>\n\u003Cli>Ensure the AhaPay payment method is enabled (WooCommerce \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Settings \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Payments \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> AhaPay).\u003C\u002Fli>\n\u003Cli>Clear any caching on your site (plugin cache, server cache, CDN) and your browser cache.\u003C\u002Fli>\n\u003Cli>Confirm you’re viewing a checkout page that loads the plugin styles (block checkout or classic checkout). If you use a custom checkout template, ensure the \u003Ccode>ahapay-payment-fields\u003C\u002Fcode> wrapper is present in the markup.\u003C\u002Fli>\n\u003Cli>Use \u003Ccode>!important\u003C\u002Fcode> or increase specificity if your theme’s CSS is overriding the rules.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Security and best practices\u003C\u002Fp>\n\u003Cul>\n\u003Cli>The textarea is intended for admin use only. Avoid pasting untrusted CSS\u002FJS — the plugin strips \u003Ccode>\u003Cstyle>\u003C\u002Fcode> tags but does not execute arbitrary JS.\u003C\u002Fli>\n\u003Cli>Keep rules scoped (start with \u003Ccode>.ahapay-payment-fields\u003C\u002Fcode>) to avoid unintentionally affecting other areas of your site.\u003C\u002Fli>\n\u003C\u002Ful>\n","AhaPay Buy Now Pay Later AhaPay is a Buy Now Pay Later (BNPL) payment solution that enables customers to split their purchases into installments with  &hellip;",10,350,"2025-12-23T21:23:00.000Z",[119,84,20,21,22],"ahapay","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fahapay-buy-now-pay-later.1.0.3.zip",{"slug":122,"name":123,"version":124,"author":125,"author_profile":126,"description":127,"short_description":128,"active_installs":129,"downloaded":130,"rating":131,"num_ratings":132,"last_updated":133,"tested_up_to":16,"requires_at_least":100,"requires_php":18,"tags":134,"homepage":138,"download_link":139,"security_score":78,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"woo-paystack","Paystack WooCommerce Payment Gateway","5.8.2","Tunbosun Ayinla","https:\u002F\u002Fprofiles.wordpress.org\u002Ftubiz\u002F","\u003Cp>Paystack makes it easy for businesses in Nigeria, Ghana, Kenya and South Africa to accept secure payments from multiple local and global payment channels. Integrate Paystack with your store today, and let your customers pay you with their choice of methods.\u003C\u002Fp>\n\u003Cp>With Paystack for WooCommerce, you can accept payments via:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Credit\u002FDebit Cards — Visa, Mastercard, Verve (NG, GH, KE), American Express (SA only)\u003C\u002Fli>\n\u003Cli>Bank transfer (Nigeria)\u003C\u002Fli>\n\u003Cli>Mobile money (Ghana)\u003C\u002Fli>\n\u003Cli>Masterpass (South Africa)\u003C\u002Fli>\n\u003Cli>EFT (South Africa)\u003C\u002Fli>\n\u003Cli>USSD (Nigeria)\u003C\u002Fli>\n\u003Cli>Visa QR (Nigeria)\u003C\u002Fli>\n\u003Cli>Many more coming soon\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Why Paystack?\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Start receiving payments instantly—go from sign-up to your first real transaction in as little as 15 minutes\u003C\u002Fli>\n\u003Cli>Simple, transparent pricing—no hidden charges or fees\u003C\u002Fli>\n\u003Cli>Modern, seamless payment experience via the Paystack Checkout — \u003Ca href=\"https:\u002F\u002Fpaystack.com\u002Fdemo\u002Fcheckout\" rel=\"nofollow ugc\">Try the demo!\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Advanced fraud detection\u003C\u002Fli>\n\u003Cli>Understand your customers better through a simple and elegant dashboard\u003C\u002Fli>\n\u003Cli>Access to attentive, empathetic customer support 24\u002F7\u003C\u002Fli>\n\u003Cli>Free updates as we launch new features and payment options\u003C\u002Fli>\n\u003Cli>Clearly documented APIs to build your custom payment experiences\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Over 60,000 businesses of all sizes in Nigeria, Ghana, Kenya, and South Africa rely on Paystack’s suite of products to receive payments and make payouts seamlessly. Sign up on \u003Ca href=\"https:\u002F\u002Fpaystack.com\u002Fsignup\" rel=\"nofollow ugc\">Paystack.com\u002Fsignup\u003C\u002Fa> to get started.\u003C\u002Fp>\n\u003Ch4>Note\u003C\u002Fh4>\n\u003Cp>This plugin is meant to be used by merchants in Ghana, Kenya, Nigeria and South Africa.\u003C\u002Fp>\n\u003Ch4>Plugin Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Accept payment\u003C\u002Fstrong> via Mastercard, Visa, Verve, USSD, Mobile Money, Bank Transfer, EFT, Bank Accounts, GTB 737 & Visa QR.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Seamless integration\u003C\u002Fstrong> into the WooCommerce checkout page. Accept payment directly on your site\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Refunds\u003C\u002Fstrong> from the WooCommerce order details page. Refund an order directly from the order details page\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Recurring payment\u003C\u002Fstrong> using \u003Ca href=\"https:\u002F\u002Fwoocommerce.com\u002Fproducts\u002Fwoocommerce-subscriptions\u002F\" rel=\"nofollow ugc\">WooCommerce Subscriptions\u003C\u002Fa> plugin\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>WooCommerce Subscriptions Integration\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>The \u003Ca href=\"https:\u002F\u002Fwoocommerce.com\u002Fproducts\u002Fwoocommerce-subscriptions\u002F\" rel=\"nofollow ugc\">WooCommerce Subscriptions\u003C\u002Fa> integration only works with \u003Cstrong>WooCommerce v2.6 and above\u003C\u002Fstrong> and \u003Cstrong>WooCommerce Subscriptions v2.0 and above\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>No subscription plans is created on Paystack. The \u003Ca href=\"https:\u002F\u002Fwoocommerce.com\u002Fproducts\u002Fwoocommerce-subscriptions\u002F\" rel=\"nofollow ugc\">WooCommerce Subscriptions\u003C\u002Fa> plugin handles all the subscription functionality.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>If a customer pays for a subscription using a Mastercard or Visa card, their subscription will renew automatically throughout the duration of the subscription. If an automatic renewal fail their subscription will be put on-hold and they will have to login to their account to renew the subscription.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>For customers paying with a Verve card, their subscription can’t be renewed automatically, once a payment is due their subscription will be on-hold. The customer will have to login to his account to manually renew his subscription.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>If a subscription has a free trial and no signup-fee, automatic renewal is not possible for the first payment because the initial order total will be 0, after the free trial the subscription will be put on-hold. The customer will have to login to his account to renew his subscription. If a Mastercard or Visa card is used to renew the subscription subsequent renewals will be automatic throughout the duration of the subscription, if a Verve card is used automatic renewal isn’t possible.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Suggestions \u002F Feature Request\u003C\u002Fh4>\n\u003Cp>If you have suggestions or a new feature request, feel free to get in touch with me via the contact form on my website \u003Ca href=\"http:\u002F\u002Fbosun.me\u002Fget-in-touch\u002F\" rel=\"nofollow ugc\">here\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>You can also follow me on Twitter! \u003Cstrong>\u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Ftubiz\" rel=\"nofollow ugc\">@tubiz\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n","Paystack for WooCommerce allows your WooCommerce store to accept secure payments from multiple local and global payment channels.",30000,432109,90,24,"2025-04-17T08:26:00.000Z",[135,21,136,137,22],"mastercard","paystack","visa","https:\u002F\u002Fpaystack.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwoo-paystack.5.8.2.zip",{"slug":141,"name":142,"version":143,"author":144,"author_profile":145,"description":146,"short_description":147,"active_installs":148,"downloaded":149,"rating":78,"num_ratings":150,"last_updated":151,"tested_up_to":99,"requires_at_least":152,"requires_php":153,"tags":154,"homepage":158,"download_link":159,"security_score":78,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"montonio-for-woocommerce","Montonio for WooCommerce","9.4.1","Montonio","https:\u002F\u002Fprofiles.wordpress.org\u002Fmontonio\u002F","\u003Cp>Montonio is a complete checkout solution for online stores that includes all popular payment methods (local banks, card payments, Apple Pay, Google Pay) plus financing and shipping. Montonio offers you everything you need in your online store checkout.\u003C\u002Fp>\n\u003Ch4>Payments\u003C\u002Fh4>\n\u003Cp>The easiest way to collect payments in your online store. Montonio payment initiation service offers integrations with all major banks in Estonia, Finland, Latvia, Lithuania and Poland, additionally Apple Pay, Google Pay, Revolut (available everywhere) and Blik in Poland.\u003C\u002Fp>\n\u003Cp>All funds are immediately deposited to your bank account and an overview of the transactions can be found in our \u003Ca href=\"https:\u002F\u002Fpartner.montonio.com\" rel=\"nofollow ugc\">partner system\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Card Payments\u003C\u002Fh4>\n\u003Cp>Give your customers more ways to pay. In addition to payment links, Montonio lets your users pay by credit card.\u003C\u002Fp>\n\u003Ch4>Apple Pay, Google Pay\u003C\u002Fh4>\n\u003Cp>Want to offer an even easier way of paying? We also have Apple Pay and Google Pay! You can add these popular mobile wallets to your online store’s checkout. Your customers can pay faster since their credit card info is stored in the digital wallet and they don’t need to enter card details with each purchase.\u003C\u002Fp>\n\u003Ch4>Refunds\u003C\u002Fh4>\n\u003Cp>You can do a partial or full refund with a couple of clicks in the Montonio Partner System. Just open the order, check what items your customer returned and refund the amount needed.\u003C\u002Fp>\n\u003Ch4>Financing (Hire purchase)\u003C\u002Fh4>\n\u003Cp>Montonio Financing is just the right solution for financing larger purchases. You customers can choose a payment schedule that exactly suits their needs. Shoppers pay in equal instalments but you will get the full payment amount upfront. Plus, there’s no service fee for the merchant.\u003C\u002Fp>\n\u003Ch4>Pay Later\u003C\u002Fh4>\n\u003Cp>Give your visitors the most convenient ways to pay – with Montonio ‘Pay later’ your customers can pay later or split purchase into two or three payments. All this without any additional interest or contract fees for them. Shoppers pay in equal instalments but you will get the full payment amount upfront.\u003C\u002Fp>\n\u003Ch4>Shipping\u003C\u002Fh4>\n\u003Cp>Handle everything from one system: automatically generate, edit and print shipping labels without having to ever leave the Montonio dashboard. Labels are automatically retrieved from providers after order creation. You can start printing with just 2 clicks. With Montonio you can add order tracking codes with a link to the providers’ tracking page.\u003C\u002Fp>\n\u003Ch4>How to get started\u003C\u002Fh4>\n\u003Cp>Adding Montonio to your store is only a matter of minutes.\u003Cbr \u002F>\n1. Sign up at \u003Ca href=\"https:\u002F\u002Fmontonio.com\" rel=\"nofollow ugc\">montonio.com\u003C\u002Fa>\u003Cbr \u002F>\n2. Verify your identity and confirm your account with Montonio\u003Cbr \u002F>\n3. Set up the plugin, insert API keys and start using Montonio. More details on how to install and set up the plugin can be found in the Installation tab.\u003C\u002Fp>\n\u003Ch4>Availability\u003C\u002Fh4>\n\u003Cp>Montonio currently offers services in these countries:\u003Cbr \u002F>\n* Payments: Estonia, Finland, Latvia, Lithuania, Poland\u003Cbr \u002F>\n* Card payments: Estonia, Finland, Latvia, Lithuania, Poland\u003Cbr \u002F>\n* Financing: Estonia\u003Cbr \u002F>\n* Pay Later: Estonia\u003Cbr \u002F>\n* Shipping: Estonia, Latvia, Lithuania\u003Cbr \u002F>\nWe are also working on adding new countries.\u003C\u002Fp>\n\u003Ch4>Support\u003C\u002Fh4>\n\u003Cp>Any questions? Just drop us an email at support@montonio.com.\u003C\u002Fp>\n\u003Ch4>WANT TO KNOW MORE?\u003C\u002Fh4>\n\u003Cp>More information about our solutions can be found on our \u003Ca href=\"https:\u002F\u002Fmontonio.com\" rel=\"nofollow ugc\">website\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin connects to multiple Montonio services to provide payment processing, shipping management, and service improvements:\u003C\u002Fp>\n\u003Ch4>Montonio Payment Gateway (Stargate)\u003C\u002Fh4>\n\u003Cp>What it does: Processes various payment methods including bank payments, card payments, BLIK payments, hire purchase and pay later options.\u003C\u002Fp>\n\u003Cp>Data transmitted: Order information (total amount, currency, order items), customer details (name, email, billing\u002Fshipping addresses), payment method selection, and merchant identification.\u003C\u002Fp>\n\u003Cp>When transmitted: During checkout when a payment is initiated, when checking payment status, and when processing refunds.\u003C\u002Fp>\n\u003Cp>Service URLs:\u003Cbr \u002F>\n* Production: https:\u002F\u002Fstargate.montonio.com\u002Fapi\u003Cbr \u002F>\n* Sandbox: https:\u002F\u002Fsandbox-stargate.montonio.com\u002Fapi\u003C\u002Fp>\n\u003Cp>Service information: \u003Ca href=\"https:\u002F\u002Fs3.eu-central-1.amazonaws.com\u002Fpublic.montonio.com\u002Fterms_and_conditions\u002Fmontonio_general\u002Fv3.0\u002Fmontonio_general_ee.pdf\" rel=\"nofollow ugc\">Terms of Service\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fmontonio.com\u002Flegal\u002Fprivacy-policy\u002F\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Montonio Shipping API\u003C\u002Fh4>\n\u003Cp>What it does: Manages shipping methods, pickup points, courier services, label generation and shipment tracking.\u003C\u002Fp>\n\u003Cp>Data transmitted: Shipping addresses, order details, selected shipping methods, parcel information (weight, dimensions), and shipment tracking information.\u003C\u002Fp>\n\u003Cp>When transmitted: When retrieving available shipping methods, displaying pickup points, creating shipments, and generating shipping labels.\u003C\u002Fp>\n\u003Cp>Service URLs:\u003Cbr \u002F>\n* Production: https:\u002F\u002Fshipping.montonio.com\u002Fapi\u003Cbr \u002F>\n* Sandbox: https:\u002F\u002Fsandbox-shipping.montonio.com\u002Fapi\u003C\u002Fp>\n\u003Cp>Service information: \u003Ca href=\"https:\u002F\u002Fs3.eu-central-1.amazonaws.com\u002Fpublic.montonio.com\u002Fterms_and_conditions\u002Fshipping\u002Fv3.0\u002Fshipping_international.pdf\" rel=\"nofollow ugc\">Terms of Service\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fmontonio.com\u002Flegal\u002Fprivacy-policy\u002F\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Montonio JavaScript SDK\u003C\u002Fh4>\n\u003Cp>What it does: Client-side library that renders payment forms, handles payment method selection and processes transactions.\u003C\u002Fp>\n\u003Cp>Data transmitted: Payment form inputs, selected payment method details, transaction authentication data.\u003C\u002Fp>\n\u003Cp>When transmitted: During checkout when payment forms are displayed and when customers interact with payment elements.\u003C\u002Fp>\n\u003Cp>Service URLs:\u003Cbr \u002F>\n* Montonio JS: https:\u002F\u002Fjs.montonio.com\u002F1.x.x\u002Fmontonio.umd.js\u003Cbr \u002F>\n* Montonio JS (Legacy): https:\u002F\u002Fpublic.montonio.com\u002Fassets\u002Fmontonio-js\u002F3.x\u002Fmontonio.bundle.js\u003Cbr \u002F>\n* Card payments API (Production): https:\u002F\u002Fapi.card-payments.montonio.com\u002Fpayment-intents\u003Cbr \u002F>\n* Card payments API (Sandbox): https:\u002F\u002Fapi.sandbox-card-payments.montonio.com\u002Fpayment-intents\u003Cbr \u002F>\n* Payment intents API (Production): https:\u002F\u002Fstargate.montonio.com\u002Fapi\u002Fpayment-intents\u003Cbr \u002F>\n* Payment intents API (Sandbox): https:\u002F\u002Fsandbox-stargate.montonio.com\u002Fapi\u002Fpayment-intents\u003C\u002Fp>\n\u003Cp>Service information: \u003Ca href=\"https:\u002F\u002Fs3.eu-central-1.amazonaws.com\u002Fpublic.montonio.com\u002Fterms_and_conditions\u002Fpayment_initiation\u002Fv3.0\u002Fpayment_initiation_international.pdf\" rel=\"nofollow ugc\">Bank Payment Terms of Service\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fs3.eu-central-1.amazonaws.com\u002Fpublic.montonio.com\u002Fterms_and_conditions\u002Fcard_payments\u002Fv3.0\u002Fcard_payments_international.pdf\" rel=\"nofollow ugc\">Card Payment Terms of Service\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fmontonio.com\u002Flegal\u002Fprivacy-policy\u002F\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Montonio Telemetry Service\u003C\u002Fh4>\n\u003Cp>What it does: Sends Store URL, WordPress\u002FWooCommerce version information and plugin configuration settings to offer better customer support when troubleshooting issues. No sensitive or private data is collected.\u003C\u002Fp>\n\u003Cp>Data transmitted: Store URL, WordPress\u002FWooCommerce version information, plugin configuration settings (with sensitive data removed).\u003C\u002Fp>\n\u003Cp>When transmitted: Upon plugin activation, deactivation, settings changes, and periodically (once per day).\u003C\u002Fp>\n\u003Cp>Service URL: https:\u002F\u002Fplugin-telemetry.montonio.com\u002Fapi\u003C\u002Fp>\n\u003Cp>Service information: \u003Ca href=\"https:\u002F\u002Fs3.eu-central-1.amazonaws.com\u002Fpublic.montonio.com\u002Fterms_and_conditions\u002Fmontonio_general\u002Fv3.0\u002Fmontonio_general_ee.pdf\" rel=\"nofollow ugc\">Terms of Service\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fmontonio.com\u002Flegal\u002Fprivacy-policy\u002F\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>\u003C\u002Fp>\n","Montonio is a complete checkout solution for online stores that includes all popular payment methods (local banks, card payments, Apple Pay, Google Pa &hellip;",10000,346076,8,"2026-03-10T08:35:00.000Z","5.0","7.0",[155,21,156,157,22],"montonio","payments","shipping","https:\u002F\u002Fwww.montonio.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmontonio-for-woocommerce.9.4.1.zip",{"attackSurface":161,"codeSignals":255,"taintFlows":340,"riskAssessment":523,"analyzedAt":535},{"hooks":162,"ajaxHandlers":243,"restRoutes":244,"shortcodes":245,"cronEvents":250,"entryPointCount":63,"unprotectedCount":27},[163,169,174,178,182,186,191,195,198,202,206,209,212,215,218,222,226,230,234,237,241],{"type":164,"name":165,"callback":166,"file":167,"line":168},"action","woocommerce_order_status_refunded","create_refund","includes\\class-wc-gateway-payflex.php",155,{"type":170,"name":171,"callback":172,"priority":25,"file":167,"line":173},"filter","woocommerce_available_payment_gateways","check_cart_within_limits",164,{"type":164,"name":175,"callback":176,"file":167,"line":177},"woocommerce_settings_start","update_payment_limits",169,{"type":164,"name":179,"callback":180,"file":167,"line":181},"woocommerce_api_wc_gateway_partpay","payment_callback",175,{"type":164,"name":183,"callback":184,"file":167,"line":185},"admin_footer","add_script_to_settings_page",387,{"type":164,"name":187,"callback":188,"priority":27,"file":189,"line":190},"plugins_loaded","closure","partpay.php",75,{"type":170,"name":192,"callback":193,"file":189,"line":194},"woocommerce_payment_gateways","woocommerce_add_payflex_gateway",83,{"type":164,"name":196,"callback":188,"file":189,"line":197},"template_redirect",94,{"type":164,"name":199,"callback":200,"file":189,"line":201},"before_woocommerce_init","declare_cart_checkout_blocks_compatibility",177,{"type":164,"name":203,"callback":204,"file":189,"line":205},"woocommerce_blocks_loaded","oawoo_register_order_approval_payment_method_type",190,{"type":164,"name":207,"callback":188,"file":189,"line":208},"woocommerce_blocks_payment_method_type_registration",203,{"type":164,"name":210,"callback":188,"file":189,"line":211},"payflex_do_cron_jobs",219,{"type":164,"name":213,"callback":188,"file":189,"line":214},"init",230,{"type":170,"name":216,"callback":188,"file":189,"line":217},"cron_schedules",290,{"type":164,"name":219,"callback":220,"priority":27,"file":189,"line":221},"woocommerce_before_add_to_cart_form","widget_content",315,{"type":164,"name":223,"callback":220,"priority":224,"file":189,"line":225},"woocommerce_single_product_summary",12,317,{"type":164,"name":227,"callback":228,"file":189,"line":229},"admin_menu","register_support_page",396,{"type":164,"name":231,"callback":232,"file":189,"line":233},"enqueue_block_editor_assets","payflex_block_vars",407,{"type":164,"name":213,"callback":235,"file":189,"line":236},"register_payflex_widget_block",427,{"type":164,"name":238,"callback":239,"file":189,"line":240},"woocommerce_after_single_product","payflex_update_price_on_variation",513,{"type":164,"name":199,"callback":188,"file":189,"line":242},577,[],[],[246],{"tag":247,"callback":248,"file":189,"line":249},"payflex_widget","widget_shortcode_content",326,[251,253],{"hook":210,"callback":210,"file":189,"line":252},243,{"hook":210,"callback":210,"file":189,"line":254},259,{"dangerousFunctions":256,"sqlUsage":257,"outputEscaping":259,"fileOperations":27,"externalRequests":338,"nonceChecks":27,"capabilityChecks":63,"bundledLibraries":339},[],{"prepared":27,"raw":27,"locations":258},[],{"escaped":260,"rawEcho":261,"locations":262},15,39,[263,266,268,270,272,274,276,278,280,282,284,286,288,289,291,293,295,297,299,301,303,305,307,309,311,313,315,317,318,320,321,323,325,327,329,331,332,334,336],{"file":167,"line":264,"context":265},648,"raw output",{"file":167,"line":267,"context":265},715,{"file":167,"line":269,"context":265},716,{"file":167,"line":271,"context":265},829,{"file":167,"line":273,"context":265},831,{"file":167,"line":275,"context":265},844,{"file":167,"line":277,"context":265},861,{"file":167,"line":279,"context":265},863,{"file":167,"line":281,"context":265},871,{"file":167,"line":283,"context":265},873,{"file":167,"line":285,"context":265},875,{"file":167,"line":287,"context":265},887,{"file":167,"line":287,"context":265},{"file":167,"line":290,"context":265},906,{"file":167,"line":292,"context":265},908,{"file":167,"line":294,"context":265},916,{"file":167,"line":296,"context":265},932,{"file":167,"line":298,"context":265},933,{"file":167,"line":300,"context":265},936,{"file":167,"line":302,"context":265},937,{"file":167,"line":304,"context":265},972,{"file":167,"line":306,"context":265},981,{"file":167,"line":308,"context":265},983,{"file":167,"line":310,"context":265},990,{"file":167,"line":312,"context":265},993,{"file":167,"line":314,"context":265},995,{"file":167,"line":316,"context":265},1015,{"file":167,"line":316,"context":265},{"file":167,"line":319,"context":265},1025,{"file":167,"line":319,"context":265},{"file":167,"line":322,"context":265},1031,{"file":167,"line":324,"context":265},1037,{"file":167,"line":326,"context":265},1042,{"file":167,"line":328,"context":265},1047,{"file":167,"line":330,"context":265},1051,{"file":167,"line":330,"context":265},{"file":189,"line":333,"context":265},310,{"file":189,"line":335,"context":265},434,{"file":189,"line":337,"context":265},436,9,[],[341,374,422,440,511],{"entryPoint":342,"graph":343,"unsanitizedCount":373,"severity":39},"payflex_support_page (includes\\class-wc-gateway-payflex.php:765)",{"nodes":344,"edges":368},[345,350,355,359,363],{"id":346,"type":347,"label":348,"file":167,"line":349},"n0","source","$_GET (x12)",774,{"id":351,"type":352,"label":353,"file":167,"line":271,"wp_function":354},"n1","sink","echo() [XSS]","echo",{"id":356,"type":347,"label":357,"file":167,"line":358},"n2","$_GET",790,{"id":360,"type":361,"label":362,"file":167,"line":358},"n3","transform","→ payflex_remote_get_order()",{"id":364,"type":352,"label":365,"file":167,"line":366,"wp_function":367},"n4","wp_remote_get() [SSRF]",2560,"wp_remote_get",[369,371,372],{"from":346,"to":351,"sanitized":370},false,{"from":356,"to":360,"sanitized":370},{"from":360,"to":364,"sanitized":370},13,{"entryPoint":375,"graph":376,"unsanitizedCount":421,"severity":39},"payment_callback (includes\\class-wc-gateway-payflex.php:1726)",{"nodes":377,"edges":412},[378,380,382,384,387,389,394,397,400,403,406,409],{"id":346,"type":347,"label":357,"file":167,"line":379},1766,{"id":351,"type":361,"label":381,"file":167,"line":379},"→ payflex_remote_check_order_status()",{"id":356,"type":352,"label":365,"file":167,"line":383,"wp_function":367},2527,{"id":360,"type":347,"label":385,"file":167,"line":386},"$_GET (x4)",1770,{"id":364,"type":361,"label":388,"file":167,"line":386},"→ payflex_redirect_failed()",{"id":390,"type":352,"label":391,"file":167,"line":392,"wp_function":393},"n5","wp_redirect() [Open Redirect]",1872,"wp_redirect",{"id":395,"type":347,"label":357,"file":167,"line":396},"n6",1816,{"id":398,"type":361,"label":399,"file":167,"line":396},"n7","→ payflex_redirect_success()",{"id":401,"type":352,"label":391,"file":167,"line":402,"wp_function":393},"n8",1858,{"id":404,"type":347,"label":357,"file":167,"line":405},"n9",1850,{"id":407,"type":361,"label":408,"file":167,"line":405},"n10","→ payflex_redirect_unknown()",{"id":410,"type":352,"label":391,"file":167,"line":411,"wp_function":393},"n11",1865,[413,414,415,416,417,418,419,420],{"from":346,"to":351,"sanitized":370},{"from":351,"to":356,"sanitized":370},{"from":360,"to":364,"sanitized":370},{"from":364,"to":390,"sanitized":370},{"from":395,"to":398,"sanitized":370},{"from":398,"to":401,"sanitized":370},{"from":404,"to":407,"sanitized":370},{"from":407,"to":410,"sanitized":370},7,{"entryPoint":423,"graph":424,"unsanitizedCount":439,"severity":39},"page_check_remote_status (includes\\class-wc-gateway-payflex.php:1880)",{"nodes":425,"edges":435},[426,429,431,433,434],{"id":346,"type":347,"label":427,"file":167,"line":428},"$_GET (x2)",1884,{"id":351,"type":352,"label":391,"file":167,"line":430,"wp_function":393},1893,{"id":356,"type":347,"label":357,"file":167,"line":432},1886,{"id":360,"type":361,"label":381,"file":167,"line":432},{"id":364,"type":352,"label":365,"file":167,"line":383,"wp_function":367},[436,437,438],{"from":346,"to":351,"sanitized":370},{"from":356,"to":360,"sanitized":370},{"from":360,"to":364,"sanitized":370},3,{"entryPoint":441,"graph":442,"unsanitizedCount":510,"severity":39},"\u003Cclass-wc-gateway-payflex> (includes\\class-wc-gateway-payflex.php:0)",{"nodes":443,"edges":493},[444,445,446,449,450,451,455,457,459,460,461,462,463,465,467,469,471,473,475,477,479,481,483,485,488,491],{"id":346,"type":347,"label":348,"file":167,"line":349},{"id":351,"type":352,"label":353,"file":167,"line":271,"wp_function":354},{"id":356,"type":347,"label":447,"file":167,"line":448},"$_GET (x5)",1744,{"id":360,"type":352,"label":391,"file":167,"line":402,"wp_function":393},{"id":364,"type":347,"label":357,"file":167,"line":428},{"id":390,"type":352,"label":452,"file":167,"line":453,"wp_function":454},"wp_remote_post() [SSRF]",2022,"wp_remote_post",{"id":395,"type":347,"label":456,"file":167,"line":428},"$_GET (x3)",{"id":398,"type":352,"label":365,"file":167,"line":458,"wp_function":367},2151,{"id":401,"type":347,"label":357,"file":167,"line":358},{"id":404,"type":361,"label":362,"file":167,"line":358},{"id":407,"type":352,"label":365,"file":167,"line":366,"wp_function":367},{"id":410,"type":347,"label":427,"file":167,"line":379},{"id":464,"type":361,"label":381,"file":167,"line":379},"n12",{"id":466,"type":352,"label":365,"file":167,"line":383,"wp_function":367},"n13",{"id":468,"type":347,"label":385,"file":167,"line":386},"n14",{"id":470,"type":361,"label":388,"file":167,"line":386},"n15",{"id":472,"type":352,"label":391,"file":167,"line":392,"wp_function":393},"n16",{"id":474,"type":347,"label":357,"file":167,"line":396},"n17",{"id":476,"type":361,"label":399,"file":167,"line":396},"n18",{"id":478,"type":352,"label":391,"file":167,"line":402,"wp_function":393},"n19",{"id":480,"type":347,"label":357,"file":167,"line":405},"n20",{"id":482,"type":361,"label":408,"file":167,"line":405},"n21",{"id":484,"type":352,"label":391,"file":167,"line":411,"wp_function":393},"n22",{"id":486,"type":347,"label":357,"file":167,"line":487},"n23",2082,{"id":489,"type":361,"label":490,"file":167,"line":487},"n24","→ process_refund()",{"id":492,"type":352,"label":452,"file":167,"line":453,"wp_function":454},"n25",[494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509],{"from":346,"to":351,"sanitized":370},{"from":356,"to":360,"sanitized":370},{"from":364,"to":390,"sanitized":370},{"from":395,"to":398,"sanitized":370},{"from":401,"to":404,"sanitized":370},{"from":404,"to":407,"sanitized":370},{"from":410,"to":464,"sanitized":370},{"from":464,"to":466,"sanitized":370},{"from":468,"to":470,"sanitized":370},{"from":470,"to":472,"sanitized":370},{"from":474,"to":476,"sanitized":370},{"from":476,"to":478,"sanitized":370},{"from":480,"to":482,"sanitized":370},{"from":482,"to":484,"sanitized":370},{"from":486,"to":489,"sanitized":370},{"from":489,"to":492,"sanitized":370},31,{"entryPoint":512,"graph":513,"unsanitizedCount":27,"severity":522},"\u003Cpartpay> (partpay.php:0)",{"nodes":514,"edges":519},[515,517],{"id":346,"type":347,"label":357,"file":189,"line":516},109,{"id":351,"type":352,"label":365,"file":189,"line":518,"wp_function":367},132,[520],{"from":346,"to":351,"sanitized":521},true,"low",{"summary":524,"deductions":525},"The payflex-payment-gateway plugin v2.6.9 exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices by exclusively using prepared statements for SQL queries and having no known unpatched vulnerabilities at present. The static analysis also indicates a relatively small attack surface, with no unprotected AJAX handlers or REST API routes. However, there are significant concerns regarding output escaping, with only 28% of outputs properly escaped. This presents a risk of cross-site scripting (XSS) vulnerabilities if user-supplied data is not adequately sanitized before being displayed. Additionally, the vulnerability history reveals past issues with 'Open Redirect' and 'Missing Authorization,' which, while currently patched, suggest potential recurring weaknesses in how external inputs and user permissions are handled. The presence of 4 flows with unsanitized paths in taint analysis, despite having no critical or high severity issues, is a minor concern that warrants attention to ensure all data paths are properly secured.",[526,528,531,533],{"reason":527,"points":150},"Low percentage of properly escaped output",{"reason":529,"points":530},"Past 'Open Redirect' vulnerabilities",5,{"reason":532,"points":530},"Past 'Missing Authorization' vulnerabilities",{"reason":534,"points":439},"Flows with unsanitized paths (though not critical)","2026-03-16T18:45:05.934Z",{"wat":537,"direct":545},{"assetPaths":538,"generatorPatterns":540,"scriptPaths":541,"versionParams":543},[539],"\u002Fwp-content\u002Fplugins\u002Fpayflex-payment-gateway\u002Fassets\u002Fpayflex-block-checkout.js",[],[542],"\u002Fwp-content\u002Fplugins\u002Fpayflex-payment-gateway\u002Fincludes\u002Fclass-payflex-woocommerce-block-checkout.php",[544],"payflex-payment-gateway\u002Fassets\u002Fpayflex-block-checkout.js?ver=",{"cssClasses":546,"htmlComments":547,"htmlAttributes":548,"restEndpoints":552,"jsGlobals":553,"shortcodeOutput":556},[],[],[549,550,551],"data-payflex-order-id","data-payflex-client-id","data-payflex-api-key",[],[554,555],"payflex_product_page_widget_displayed","WC_Payflex_Blocks",[]]