Does PayPlus Payment Gateway have any unpatched vulnerabilities?

No. All known vulnerabilities in PayPlus Payment Gateway have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is PayPlus Payment Gateway compatible with WordPress 6.9.4?

According to WordPress.org data, PayPlus Payment Gateway 8.1.5 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is PayPlus Payment Gateway compatible with PHP 7.4+?

PayPlus Payment Gateway requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is PayPlus Payment Gateway updated?

PayPlus Payment Gateway was last updated on Mar 15, 2026. Frequent updates are generally a positive security signal.

What is PayPlus Payment Gateway's security score?

PayPlus Payment Gateway has a WP-Safety security score of 93/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

PayPlus Payment Gateway Security & Risk Analysis

wordpress.org/plugins/payplus-payment-gateway

Accept credit/debit card payments or other methods such as bit, Apple Pay, Google Pay in one page. Create digitally signed invoices & much more!

1K active installs v8.1.5 PHP 7.4+ WP 6.2+ Updated Mar 15, 2026

charges-and-refundscredit-cardssubscriptionstokenizationwoocommerce-payment-gateway

A · Safe

CVEs total3

Unpatched0

Last CVEJul 9, 2024

Plugin page Download

Safety Verdict

Is PayPlus Payment Gateway Safe to Use in 2026?

Generally Safe

Score 93/100

PayPlus Payment Gateway has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Jul 9, 2024Updated 19d ago

Risk Assessment

The "payplus-payment-gateway" plugin version 8.1.5 exhibits a mixed security posture. While it demonstrates good practices such as a high percentage of SQL prepared statements and nonce checks on AJAX handlers, there are significant areas of concern. The static analysis reveals "Flows with unsanitized paths" in the taint analysis, with one flagged as high severity. This suggests potential vulnerabilities where user input could be processed without adequate sanitization, leading to unexpected behavior or security risks. Furthermore, the plugin has a history of known vulnerabilities, including critical Cross-site Scripting (XSS) and SQL Injection issues. Although there are no currently unpatched CVEs, this pattern indicates a recurring tendency for severe vulnerabilities to be introduced into the plugin, requiring diligent attention from developers and users alike. The overall attack surface is sizable, though importantly, all identified entry points have authentication checks, which is a positive mitigating factor. However, the presence of high-severity taint flows and the historical vulnerability trends necessitate caution.

Key Concerns

High severity taint flow found
Multiple flows with unsanitized paths
History of critical vulnerabilities
History of medium vulnerabilities
Less than ideal output escaping (83%)

Vulnerabilities

PayPlus Payment Gateway Security Vulnerabilities

CVEs by Year

3 CVEs in 2024

2024

Patched Has unpatched

Severity Breakdown

Critical

Medium

3 total CVEs

CVE-2024-37564critical · 9.9Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

PayPlus Payment Gateway <= 7.0.7 - Authenticated (Subscriber+) SQL Injection

Jul 9, 2024 Patched in 7.0.8 (11d)

CVE-2024-37459medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

PayPlus Payment Gateway <= 6.6.8 - Reflected Cross-Site Scripting

Jul 1, 2024 Patched in 6.6.9 (9d)

CVE-2024-6205critical · 10Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

PayPlus Payment Gateway <= 6.6.8 - Unauthenticated SQL Injection

Jun 28, 2024 Patched in 6.6.9 (4d)

Code Analysis

Analyzed Mar 16, 2026

PayPlus Payment Gateway Code Analysis

Dangerous Functions

Raw SQL Queries

26 prepared

Unescaped Output

190

902 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

96% prepared27 total queries

Output Escaping

83% escaped1092 total outputs

Data Flows

7 unsanitized

Data Flow Analysis

15 flows7 with unsanitized paths

<class-wc-payplus-admin> (includes\admin\class-wc-payplus-admin.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

PayPlus Payment Gateway Attack Surface

Entry Points36

Unprotected0

AJAX Handlers 35

authwp_ajax_payplus-token-paymentincludes\admin\class-wc-payplus-admin.php:108

authwp_ajax_payplus-api-paymentincludes\admin\class-wc-payplus-admin.php:109

authwp_ajax_generate-link-paymentincludes\admin\class-wc-payplus-admin.php:110

authwp_ajax_payment-payplus-transaction-reviewincludes\admin\class-wc-payplus-admin.php:111

authwp_ajax_payplus-create-invoiceincludes\admin\class-wc-payplus-admin.php:112

authwp_ajax_payplus-create-invoice-refundincludes\admin\class-wc-payplus-admin.php:113

authwp_ajax_payplus-refund-club-amountincludes\admin\class-wc-payplus-admin.php:114

authwp_ajax_payplus_ipnincludes\admin\class-wc-payplus-admin.php:116

authwp_ajax_invoice_plus_searchincludes\admin\class-wc-payplus-admin.php:117

authwp_ajax_invoice_plus_createincludes\admin\class-wc-payplus-admin.php:118

authwp_ajax_payplus_check_order_statusincludes\admin\class-wc-payplus-admin.php:119

authwp_ajax_display-meta-dataincludes\admin\class-wc-payplus-admin.php:120

authwp_ajax_make-token-paymentincludes\admin\class-wc-payplus-admin.php:121

authwp_ajax_apple-onvalidate-merchantincludes\wc_payplus_express_checkout.php:23

noprivwp_ajax_apple-onvalidate-merchantincludes\wc_payplus_express_checkout.php:24

authwp_ajax_process-payment-oneclickincludes\wc_payplus_express_checkout.php:25

noprivwp_ajax_process-payment-oneclickincludes\wc_payplus_express_checkout.php:26

authwp_ajax_payplus-express-checkout-initializedincludes\wc_payplus_express_checkout.php:27

authwp_ajax_check-customer-vat-ocincludes\wc_payplus_express_checkout.php:28

noprivwp_ajax_check-customer-vat-ocincludes\wc_payplus_express_checkout.php:29

authwp_ajax_payplus-get-total-cartincludes\wc_payplus_express_checkout.php:30

noprivwp_ajax_payplus-get-total-cartincludes\wc_payplus_express_checkout.php:31

authwp_ajax_complete_orderincludes\wc_payplus_subgateways.php:593

noprivwp_ajax_complete_orderincludes\wc_payplus_subgateways.php:594

authwp_ajax_get-hosted-payloadincludes\wc_payplus_subgateways.php:595

noprivwp_ajax_get-hosted-payloadincludes\wc_payplus_subgateways.php:596

authwp_ajax_regenerate-hosted-linkincludes\wc_payplus_subgateways.php:597

noprivwp_ajax_regenerate-hosted-linkincludes\wc_payplus_subgateways.php:598

authwp_ajax_make-hosted-paymentpayplus-payment-gateway.php:90

noprivwp_ajax_make-hosted-paymentpayplus-payment-gateway.php:91

authwp_ajax_run_payplus_invoice_runnerpayplus-payment-gateway.php:92

authwp_ajax_payplus_check_order_redirectpayplus-payment-gateway.php:95

noprivwp_ajax_payplus_check_order_redirectpayplus-payment-gateway.php:96

authwp_ajax_payplus_get_iframe_linkpayplus-payment-gateway.php:99

noprivwp_ajax_payplus_get_iframe_linkpayplus-payment-gateway.php:100

Shortcodes 1

[payplus-extra-express-checkout] includes\wc_payplus_express_checkout.php:36

WordPress Hooks 104

actionadmin_enqueue_scriptsincludes\admin\class-wc-payplus-admin.php:81

actionwoocommerce_order_actions_endincludes\admin\class-wc-payplus-admin.php:103

actionsave_post_shop_orderincludes\admin\class-wc-payplus-admin.php:105

actionadmin_noticesincludes\admin\class-wc-payplus-admin.php:107

actionwoocommerce_admin_order_totals_after_totalincludes\admin\class-wc-payplus-admin.php:123

actionadd_meta_boxesincludes\admin\class-wc-payplus-admin.php:127

actionadmin_headincludes\admin\class-wc-payplus-admin.php:128

actionadmin_menuincludes\admin\class-wc-payplus-admin.php:131

filterremovable_query_argsincludes\admin\class-wc-payplus-admin.php:135

filterwoocommerce_get_settings_checkoutincludes\admin\class-wc-payplus-admin.php:136

filteradmin_body_classincludes\admin\class-wc-payplus-admin.php:137

actionwoocommerce_order_refundedincludes\admin\class-wc-payplus-admin.php:141

actionadmin_noticesincludes\admin\class-wc-payplus-admin.php:174

filterredirect_post_locationincludes\admin\class-wc-payplus-admin.php:2565

actionadmin_noticesincludes\admin\class-wc-payplus-admin.php:2617

filterredirect_post_locationincludes\admin\class-wc-payplus-admin.php:2837

actionwoocommerce_rest_checkout_process_payment_with_contextincludes\blocks\class-wc-payplus-blocks-support.php:55

actionwc_gateway_payplus_process_payment_errorincludes\blocks\class-wc-payplus-blocks-support.php:395

actionwoocommerce_checkout_order_processedincludes\class-wc-payplus-embedded.php:34

filterpwgc_redeeming_session_dataincludes\class-wc-payplus-embedded.php:35

actioninitincludes\wc-payplus-activation-functions.php:6

filterwc_order_statusesincludes\wc-payplus-activation-functions.php:23

filterhandle_bulk_actions-edit-shop_orderincludes\wc-payplus-activation-functions.php:34

actionpayplus_cron_send_orderincludes\wc-payplus-activation-functions.php:112

filterwoocommerce_gateway_titleincludes\wc-payplus-activation-functions.php:136

filterwoocommerce_price_trim_zerosincludes\wc-payplus-activation-functions.php:516

filterwoocommerce_admin_billing_fieldsincludes\wc-payplus-activation-functions.php:517

filterwoocommerce_billing_fieldsincludes\wc-payplus-activation-functions.php:518

actionwoocommerce_after_checkout_billingincludes\wc-payplus-activation-functions.php:619

actionwoocommerce_checkout_update_order_metaincludes\wc-payplus-activation-functions.php:625

actionwoocommerce_set_additional_field_valueincludes\wc-payplus-activation-functions.php:689

actionwoocommerce_process_shop_order_metaincludes\wc-payplus-activation-functions.php:721

actionwoocommerce_after_add_to_cart_formincludes\wc_payplus_express_checkout.php:32

actionwoocommerce_before_checkout_formincludes\wc_payplus_express_checkout.php:33

actionwoocommerce_before_cartincludes\wc_payplus_express_checkout.php:34

actionwp_footerincludes\wc_payplus_express_checkout.php:35

actionadmin_enqueue_scriptsincludes\wc_payplus_gateway.php:281

actionadmin_noticesincludes\wc_payplus_gateway.php:283

actionwoocommerce_api_payplus_add_paymentincludes\wc_payplus_gateway.php:286

actionwoocommerce_customer_save_addressincludes\wc_payplus_gateway.php:287

actionwoocommerce_api_update_payplus_payment_methodincludes\wc_payplus_gateway.php:288

actionpayplus_after_process_payment_eventincludes\wc_payplus_gateway.php:291

actionwoocommerce_checkout_order_processedincludes\wc_payplus_gateway.php:292

actionwoocommerce_order_status_changedincludes\wc_payplus_gateway.php:293

filteruser_has_capincludes\wc_payplus_gateway.php:299

filterpage_row_actionsincludes\wc_payplus_gateway.php:300

actionwoocommerce_order_status_changedincludes\wc_payplus_gateway.php:310

actionwp_headincludes\wc_payplus_gateway.php:470

actionadmin_enqueue_scriptsincludes\wc_payplus_invoice.php:115

actionadmin_headincludes\wc_payplus_invoice.php:116

filtermanage_edit-shop_order_columnsincludes\wc_payplus_invoice.php:119

filterwoocommerce_shop_order_list_table_columnsincludes\wc_payplus_invoice.php:120

filterwoocommerce_gateway_titleincludes\wc_payplus_subgateways.php:949

filterwoocommerce_available_payment_gatewaysincludes\wc_payplus_subgateways.php:952

filterwoocommerce_available_payment_gatewaysincludes\wc_payplus_subgateways.php:978

actionplugins_loadedpayplus-payment-gateway.php:79

actionadmin_initpayplus-payment-gateway.php:80

actionadmin_noticespayplus-payment-gateway.php:81

actionadmin_enqueue_scriptspayplus-payment-gateway.php:82

actionwp_enqueue_scriptspayplus-payment-gateway.php:83

actioninitpayplus-payment-gateway.php:84

actionplugins_loadedpayplus-payment-gateway.php:85

actionmanage_product_posts_custom_columnpayplus-payment-gateway.php:86

actionwoocommerce_email_before_order_tablepayplus-payment-gateway.php:87

actionwp_headpayplus-payment-gateway.php:88

actionwoocommerce_api_payplus_gatewaypayplus-payment-gateway.php:89

actionwoocommerce_before_checkout_formpayplus-payment-gateway.php:104

actionpayplus_twice_hourly_cron_jobpayplus-payment-gateway.php:105

actionpayplus_invoice_runner_cron_jobpayplus-payment-gateway.php:106

actiontemplate_redirectpayplus-payment-gateway.php:107

actionwoocommerce_initpayplus-payment-gateway.php:108

actionwoocommerce_checkout_order_processedpayplus-payment-gateway.php:109

actionwoocommerce_thankyoupayplus-payment-gateway.php:110

actionwoocommerce_thankyoupayplus-payment-gateway.php:111

actionwp_footerpayplus-payment-gateway.php:112

filterwoocommerce_available_payment_gatewayspayplus-payment-gateway.php:116

filtercron_schedulespayplus-payment-gateway.php:117

filterpwgc_redeeming_session_datapayplus-payment-gateway.php:118

actionwoocommerce_store_api_checkout_order_processedpayplus-payment-gateway.php:447

actionadmin_noticespayplus-payment-gateway.php:483

actionwoocommerce_blocks_loadedpayplus-payment-gateway.php:1680

actioninitpayplus-payment-gateway.php:1683

actioninitpayplus-payment-gateway.php:1684

actionelementor/widgets/registerpayplus-payment-gateway.php:1687

actionwoocommerce_after_checkout_validationpayplus-payment-gateway.php:1689

actionwp_enqueue_scriptspayplus-payment-gateway.php:1690

actionwoocommerce_api_callback_responsepayplus-payment-gateway.php:1691

actionwoocommerce_api_callback_response_hashpayplus-payment-gateway.php:1695

actionwoocommerce_review_order_before_submitpayplus-payment-gateway.php:1697

actionmanage_shop_order_posts_custom_columnpayplus-payment-gateway.php:1699

actionwoocommerce_shop_order_list_table_custom_columnpayplus-payment-gateway.php:1700

actionwoocommerce_order_status_on-holdpayplus-payment-gateway.php:1706

actionwoocommerce_order_status_processingpayplus-payment-gateway.php:1707

actionadd_meta_boxespayplus-payment-gateway.php:1716

actionmanage_product_posts_columnspayplus-payment-gateway.php:1717

actionmanage_shop_order_posts_custom_columnpayplus-payment-gateway.php:1718

filtermanage_edit-shop_order_columnspayplus-payment-gateway.php:1719

actionadd_meta_boxespayplus-payment-gateway.php:1726

actionsave_postpayplus-payment-gateway.php:1729

filterwoocommerce_payment_gatewayspayplus-payment-gateway.php:1730

filterbody_classpayplus-payment-gateway.php:1837

actionadmin_bar_menupayplus-payment-gateway.php:2258

actionadmin_menupayplus-payment-gateway.php:2261

actionwoocommerce_blocks_payment_method_type_registrationpayplus-payment-gateway.php:2374

Scheduled Events 3

payplus_twice_hourly_cron_job

payplus_invoice_runner_cron_job

payplus_delayed_event

Maintenance & Trust

PayPlus Payment Gateway Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 15, 2026

PHP min version7.4

Downloads80K

Community Trust

Rating0/100

Number of ratings0

Active installs1K

Alternatives

PayPlus Payment Gateway Alternatives

Payment Plugins for PayPal WooCommerce

pymntpl-paypal-woocommerce

100

Developed exclusively between Payment Plugins and PayPal, PayPal for WooCommerce integrates with PayPal's newest API's.

90K No CVEs

SureCart – Ecommerce Made Easy For Selling Physical Products, Digital Downloads, Subscriptions, Donations, & Payments

surecart

Make ecommerce easy with a simple to use, all-in-one platform, that anyone can set up in just a few minutes!

90K 2 CVEs

Subscriptions for WooCommerce

subscriptions-for-woocommerce

100

With WooCommerce Subscription, turn your physical or online store into a WooCommerce product subscription store and avail recurring revenue.

10K No CVEs

Pledged Plugins Secure Gateway for Authorize.net and WooCommerce

woo-authorize-net-gateway-aim

100

Authorize.net payment gateway integration for WooCommerce to accept credit cards directly on WordPress e-commerce websites.

10K No CVEs

Payment Gateway for PayPal on WooCommerce

woo-paypal-gateway

PayPal, Credit/Debit Cards, Google Pay, Apple Pay, Pay Later, Venmo, SEPA, iDEAL, Mercado Pago, Bancontact & more - by an official PayPal Partner

10K 1 CVE

Developer Profile

PayPlus Payment Gateway Developer Profile

PayPlus Tech Team

4 plugins · 1K total installs

trust score

Avg Security Score

95/100

Avg Patch Time

8 days

View full developer profile

Detection Fingerprints

How We Detect PayPlus Payment Gateway

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/payplus-payment-gateway/assets/css/payplus.css/wp-content/plugins/payplus-payment-gateway/assets/js/payplus.js/wp-content/plugins/payplus-payment-gateway/assets/js/payplus-applepay.js/wp-content/plugins/payplus-payment-gateway/assets/js/payplus-hosted-fields.js/wp-content/plugins/payplus-payment-gateway/assets/js/payplus-thankyou.js

Script Paths

/wp-content/plugins/payplus-payment-gateway/assets/js/payplus.js/wp-content/plugins/payplus-payment-gateway/assets/js/payplus-applepay.js/wp-content/plugins/payplus-payment-gateway/assets/js/payplus-hosted-fields.js/wp-content/plugins/payplus-payment-gateway/assets/js/payplus-thankyou.js

Version Parameters

payplus-payment-gateway/assets/css/payplus.css?ver=payplus-payment-gateway/assets/js/payplus.js?ver=payplus-payment-gateway/assets/js/payplus-applepay.js?ver=payplus-payment-gateway/assets/js/payplus-hosted-fields.js?ver=payplus-payment-gateway/assets/js/payplus-thankyou.js?ver=

HTML / DOM Fingerprints

CSS Classes

payplus-payment-gateway

Data Attributes

data-payplus-checkout-urldata-payplus-thankyou-urldata-payplus-order-iddata-payplus-currencydata-payplus-amount

JS Globals

payplus_payment_gatewaypayplus_varspayplus_data

REST Endpoints

/wp-json/payplus/v1/order/status

FAQ