WP-Safety

Pix for WooCommerce Security & Risk Analysis

wordpress.org/plugins/payment-gateway-pix-for-woocommerce

Easily accept Pix payments in your WooCommerce store via Pix Key, PagHiper, or C6 Bank. The complete Pix solution for Brazil.

100 active installs v1.6.1 PHP 8.0+ WP 5.0+ Updated Mar 12, 2026
brasilc6pagamentopixwoocommerce
94
A · Safe
CVEs total1
Unpatched0
Last CVEMar 12, 2026
Plugin page Download
Safety Verdict

Is Pix for WooCommerce Safe to Use in 2026?

Generally Safe

Score 94/100

Pix for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Mar 12, 2026Updated 21d ago
Risk Assessment

The "payment-gateway-pix-for-woocommerce" plugin v1.6.2 presents a mixed security posture. While it demonstrates good practices such as using prepared statements for all SQL queries and a high percentage of properly escaped output, significant concerns arise from its attack surface. A substantial portion of its AJAX handlers and REST API routes lack proper authentication or permission checks, creating potential entry points for unauthorized actions. The presence of unsanitized paths in taint analysis, though not currently flagged as critical or high severity, warrants attention as it suggests potential weaknesses in how file paths are handled. Furthermore, the plugin has a history of a critical vulnerability related to unrestricted file uploads, indicating a past susceptibility to a severe attack type. Although this critical vulnerability is currently patched, the historical pattern suggests that certain attack vectors, like file handling, may require continued vigilance.

Key Concerns

  • AJAX handlers without authentication
  • REST API routes without permission callbacks
  • Taint flows with unsanitized paths
  • Critical vulnerability in history
  • File operations detected
  • External HTTP requests detected
Vulnerabilities
1

Pix for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

Critical
1

1 total CVE

CVE-2026-3891critical · 9.8Unrestricted Upload of File with Dangerous Type

Pix for WooCommerce <= 1.5.0 - Unauthenticated Arbitrary File Upload

Mar 12, 2026 Patched in 1.6.0 (1d)
Code Analysis
Analyzed Mar 16, 2026

Pix for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
52
337 escaped
Nonce Checks
4
Capability Checks
3
File Operations
5
External Requests
12
Bundled Libraries
0

Output Escaping

87% escaped389 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

7 flows2 with unsanitized paths
validate_certificate_uploads (Includes\LknPaymentPixForWoocommercePixC6.php:900)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
7 unprotected

Pix for WooCommerce Attack Surface

Entry Points10
Unprotected7

AJAX Handlers 4

authwp_ajax_lkn_pix_for_woocommerce_c6_save_settingsIncludes\LknPaymentPixForWoocommerce.php:186
authwp_ajax_pixforwoo_test_c6_pix_chargeIncludes\LknPaymentPixForWoocommerce.php:189
authwp_ajax_lkn_pix_for_woocommerce_cielo_pix_save_settingsIncludes\LknPaymentPixForWoocommercePixCielo.php:41
authwp_ajax_lkn_pix_for_woocommerce_rede_pix_save_settingsIncludes\LknPaymentPixForWoocommercePixRede.php:40

REST API Routes 6

GET/wp-json/pixforwoo/verify_c6_pix_statusIncludes\LknPaymentPixForWoocommercePixC6Endpoint.php:16
GET/wp-json/pixforwoo/verify_cielo_pix_statusIncludes\LknPaymentPixForWoocommercePixCieloEndpoint.php:11
DELETE/wp-json/paymentPix/clearOrderLogsIncludes\LknPaymentPixForWoocommercePixEndpoint.php:11
POST/wp-json/pixPagHiper/verifyPixIncludes\LknPaymentPixForWoocommercePixPagHiperEndpoint.php:14
GET/wp-json/pixPagHiper/checkStatusIncludes\LknPaymentPixForWoocommercePixPagHiperEndpoint.php:20
GET/wp-json/pixforwoo/verify_rede_pix_statusIncludes\LknPaymentPixForWoocommercePixRedeEndpoint.php:11
WordPress Hooks 34
actionwoocommerce_initIncludes\LknPaymentPixForWoocommerce.php:90
actionwoocommerce_initIncludes\LknPaymentPixForWoocommerce.php:161
filterwoocommerce_payment_gatewaysIncludes\LknPaymentPixForWoocommerce.php:173
actionadmin_enqueue_scriptsIncludes\LknPaymentPixForWoocommerce.php:177
actionadmin_enqueue_scriptsIncludes\LknPaymentPixForWoocommerce.php:178
actionwoocommerce_order_details_after_order_tableIncludes\LknPaymentPixForWoocommerce.php:180
actionwoocommerce_order_details_after_order_tableIncludes\LknPaymentPixForWoocommerce.php:183
actionwoocommerce_order_details_after_order_tableIncludes\LknPaymentPixForWoocommerce.php:185
actionwoocommerce_order_details_after_order_tableIncludes\LknPaymentPixForWoocommerce.php:193
actionlkn_schedule_check_cielo_pix_payment_hookIncludes\LknPaymentPixForWoocommerce.php:196
actionlkn_remove_custom_check_cielo_pix_payment_job_hookIncludes\LknPaymentPixForWoocommerce.php:197
actionwoocommerce_order_details_after_order_tableIncludes\LknPaymentPixForWoocommerce.php:200
actionlkn_schedule_check_rede_pix_payment_hookIncludes\LknPaymentPixForWoocommerce.php:203
actionlkn_remove_custom_check_rede_pix_payment_job_hookIncludes\LknPaymentPixForWoocommerce.php:204
actionlkn_check_c6_pix_payment_hookIncludes\LknPaymentPixForWoocommerce.php:207
actionwp_enqueue_scriptsIncludes\LknPaymentPixForWoocommerce.php:248
actionwp_enqueue_scriptsIncludes\LknPaymentPixForWoocommerce.php:249
actionwp_enqueue_scriptsIncludes\LknPaymentPixForWoocommerce.php:252
actionwp_enqueue_scriptsIncludes\LknPaymentPixForWoocommerce.php:255
actionwp_enqueue_scriptsIncludes\LknPaymentPixForWoocommerce.php:258
filterrest_api_initIncludes\LknPaymentPixForWoocommerce.php:263
filterrest_api_initIncludes\LknPaymentPixForWoocommerce.php:267
filterrest_api_initIncludes\LknPaymentPixForWoocommerce.php:271
filterrest_api_initIncludes\LknPaymentPixForWoocommerce.php:275
filterrest_api_initIncludes\LknPaymentPixForWoocommerce.php:279
filtercron_schedulesIncludes\LknPaymentPixForWoocommerce.php:282
actionbefore_woocommerce_initIncludes\LknPaymentPixForWoocommerce.php:284
actionwoocommerce_blocks_payment_method_type_registrationIncludes\LknPaymentPixForWoocommerce.php:285
actionbefore_woocommerce_initIncludes\LknPaymentPixForWoocommerce.php:286
actionadd_meta_boxesIncludes\LknPaymentPixForWoocommerce.php:289
actionhttp_api_curlIncludes\LknPaymentPixForWoocommercePixC6Endpoint.php:123
actionhttp_api_curlIncludes\LknPaymentPixForWoocommercePixC6Endpoint.php:262
actionhttp_api_curlIncludes\LknPaymentPixForWoocommercePixC6Endpoint.php:366
actionhttp_api_curlIncludes\LknPaymentPixForWoocommercePixC6Endpoint.php:471

Scheduled Events 5

lkn_check_c6_pix_payment_hook
lkn_schedule_check_cielo_pix_payment_hook
lkn_remove_custom_check_cielo_pix_payment_job_hook
lkn_schedule_check_rede_pix_payment_hook
lkn_remove_custom_check_rede_pix_payment_job_hook
Maintenance & Trust

Pix for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 12, 2026
PHP min version8.0
Downloads2K

Community Trust

Rating100/100
Number of ratings1
Active installs100
Alternatives

Pix for WooCommerce Alternatives

PagBank / PagSeguro Connect para WooCommerce

PagBank / PagSeguro Connect para WooCommerce

pagbank-connect

A
99

PagBank com PIX, Cartão de Crédito, Boleto, Recorrência + Envio Fácil e com Menos Taxas no PagSeguro. Autenticação 3D: menos chargeback + aprovações.

4K 1 CVE
PagBank for WooCommerce

PagBank for WooCommerce

pagbank-for-woocommerce

A
100

Aceite pagamentos via cartão de crédito, boleto e Pix no checkout do WooCommerce através do PagBank.

4K No CVEs
CIELO API PIX, credit card, debit payment for WooCommerce

CIELO API PIX, credit card, debit payment for WooCommerce

lkn-wc-gateway-cielo

A
100

Payment Gateway for Cielo API for WooCommerce - PIX, Google Pay, Credit Card and Debit Cards.

800 No CVEs
Pix Automático com Pagarme para WooCommerce

Pix Automático com Pagarme para WooCommerce

wc-pagarme-pix-payment

A
92

Pagamentos Pix com compensação automática, status do pedido é alterado automaticamente.

600 No CVEs
Pagou – Payments for WooCommerce

Pagou – Payments for WooCommerce

pagou-payments-for-woocommerce

A
92

Pagamentos via PIX e boletos bancários no WooCommerce.

30 No CVEs
Developer Profile

Pix for WooCommerce Developer Profile

linknacional

18 plugins · 5K total installs

99
trust score
Avg Security Score
98/100
Avg Patch Time
6 days
View full developer profile
Detection Fingerprints

How We Detect Pix for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/payment-gateway-pix-for-woocommerce/css/payment-pix-for-woocommerce-admin.css/wp-content/plugins/payment-gateway-pix-for-woocommerce/css/pixForWoocommercePaymentAdminFields.css/wp-content/plugins/payment-gateway-pix-for-woocommerce/css/pixForWoocommercePaymentAdminSettingLinkCard.css/wp-content/plugins/payment-gateway-pix-for-woocommerce/js/payment-pix-for-woocommerce-admin.js/wp-content/plugins/payment-gateway-pix-for-woocommerce/js/pixForWoocommercePaymentAdminFields.js/wp-content/plugins/payment-gateway-pix-for-woocommerce/js/pixForWoocommercePaymentAdminSaveFields.js/wp-content/plugins/payment-gateway-pix-for-woocommerce/js/pixForWoocommercePaymentAdminTestIntegration.js
Version Parameters
payment-pix-for-woocommerce/css/payment-pix-for-woocommerce-admin.css?ver=payment-pix-for-woocommerce/css/pixForWoocommercePaymentAdminFields.css?ver=payment-pix-for-woocommerce/css/pixForWoocommercePaymentAdminSettingLinkCard.css?ver=payment-pix-for-woocommerce/js/payment-pix-for-woocommerce-admin.js?ver=payment-pix-for-woocommerce/js/pixForWoocommercePaymentAdminFields.js?ver=payment-pix-for-woocommerce/js/pixForWoocommercePaymentAdminSaveFields.js?ver=payment-pix-for-woocommerce/js/pixForWoocommercePaymentAdminTestIntegration.js?ver=

HTML / DOM Fingerprints

HTML Comments
<!-- PIX for WooCommerce -->
JS Globals
PAYMENT_PIX_FOR_WOOCOMMERCE_GATEWAY_IDSPAYMENT_PIX_FOR_WOOCOMMERCE_VERSION
FAQ

Frequently Asked Questions about Pix for WooCommerce