WP-Safety

Paytiko for WooCommerce Security & Risk Analysis

wordpress.org/plugins/paytiko

Paytiko Orchestrating 500+ Payment Partners Via A Secure, Seamless Ecosystem

100 active installs v1.3.21 PHP 5.6+ WP 6.4+ Updated Nov 26, 2025
bankcashierpaymentspaytikorouting
78
B · Generally Safe
CVEs total1
Unpatched1
Last CVEJul 3, 2025
Plugin page Download
Safety Verdict

Is Paytiko for WooCommerce Safe to Use in 2026?

Mostly Safe

Score 78/100

Paytiko for WooCommerce is generally safe to use. 1 past CVE were resolved. Keep it updated.

1 known CVE 1 unpatched Last CVE: Jul 3, 2025Updated 4mo ago
Risk Assessment

The Paytiko plugin, version 1.3.21, presents a significant security risk primarily due to a substantial number of unprotected AJAX handlers. With 9 AJAX handlers in total, 8 lack authentication checks, creating a large attack surface that is easily exploitable by unauthenticated users. This, coupled with the complete absence of nonce checks, exacerbates the risk of various client-side and server-side attacks targeting these entry points. The plugin also exhibits weaknesses in output escaping, with nearly half of its outputs not being properly sanitized, which could lead to cross-site scripting (XSS) vulnerabilities.

The vulnerability history for Paytiko is concerning. It has one known medium-severity CVE and importantly, this vulnerability remains unpatched. The pattern of past vulnerabilities also indicates a recurring issue with Missing Authorization. This suggests a systemic problem in how the plugin handles user permissions and access control, which is a critical aspect of web application security. While the plugin does not appear to use dangerous functions and a portion of its SQL queries are prepared, these positive aspects are overshadowed by the critical flaws in authorization and the unaddressed past vulnerability.

In conclusion, the Paytiko plugin has a poor security posture. The high number of unprotected AJAX endpoints, lack of nonce checks, and a history of authorization vulnerabilities, including an unpatched medium-severity CVE, make it a high-risk plugin. While the presence of prepared statements for some SQL queries and the absence of dangerous functions are minor positives, they do not mitigate the fundamental security deficiencies. Users should be extremely cautious when deploying this plugin.

Key Concerns

  • 8 unprotected AJAX handlers
  • 0 Nonce checks on AJAX
  • 1 unpatched CVE (medium severity)
  • 2 flows with unsanitized paths
  • 43% of outputs properly escaped (less than 50%)
  • 1 capability check only
Vulnerabilities
1

Paytiko for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-50032medium · 4.3Missing Authorization

Paytiko for WooCommerce <= 1.3.14 - Missing Authorization

Jul 3, 2025Unpatched
Code Analysis
Analyzed Mar 16, 2026

Paytiko for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
8
6 prepared
Unescaped Output
22
21 escaped
Nonce Checks
0
Capability Checks
1
File Operations
4
External Requests
2
Bundled Libraries
0

SQL Query Safety

43% prepared14 total queries

Output Escaping

49% escaped43 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
displayLogAsTable (includes\PaytikoLogs.php:34)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
8 unprotected

Paytiko for WooCommerce Attack Surface

Entry Points9
Unprotected8

AJAX Handlers 9

authwp_ajax_create_fake_ordersincludes\PaytikoAutoCleaner.php:24
authwp_ajax_paytiko_cron_autocleaner_jobincludes\PaytikoAutoCleaner.php:25
authwp_ajax_start_refundincludes\PaytikoGateway.php:158
authwp_ajax_refund_request_sentincludes\PaytikoGateway.php:159
authwp_ajax_search_account_by_emailincludes\PaytikoPayouts.php:49
authwp_ajax_update_payouts_tableincludes\PaytikoPayouts.php:50
authwp_ajax_create_payout_recordincludes\PaytikoPayouts.php:51
authwp_ajax_get_order_dataincludes\PaytikoPayouts.php:52
authwp_ajax_start_payoutincludes\PaytikoPayouts.php:53
WordPress Hooks 29
actionadmin_menuincludes\PaytikoAutoCleaner.php:15
actionadmin_initincludes\PaytikoAutoCleaner.php:16
actionpaytiko_auto_cleaner_cronincludes\PaytikoAutoCleaner.php:17
actionadmin_enqueue_scriptsincludes\PaytikoAutoCleaner.php:18
filtercron_schedulesincludes\PaytikoAutoCleaner.php:22
actionadmin_initincludes\PaytikoAutoCleaner.php:23
actionadmin_enqueue_scriptsincludes\PaytikoGateway.php:122
actionwoocommerce_after_checkout_formincludes\PaytikoGateway.php:148
actionwoocommerce_pay_order_after_submitincludes\PaytikoGateway.php:149
actionwoocommerce_order_status_cancelledincludes\PaytikoGateway.php:151
actionwoocommerce_order_status_refundedincludes\PaytikoGateway.php:152
actionwoocommerce_before_checkout_formincludes\PaytikoGateway.php:154
actionbefore_woocommerce_payincludes\PaytikoGateway.php:155
actionwoocommerce_thankyouincludes\PaytikoGateway.php:156
filterwoocommerce_product_data_tabsincludes\PaytikoGateway.php:162
actionwoocommerce_product_data_panelsincludes\PaytikoGateway.php:163
actionwoocommerce_process_product_metaincludes\PaytikoGateway.php:164
filterwoocommerce_available_payment_gatewaysincludes\PaytikoGateway.php:168
filtercomments_clausesincludes\PaytikoGateway.php:846
actionadmin_menuincludes\PaytikoLogs.php:16
actionadmin_menuincludes\PaytikoMenu.php:2
actionadmin_menuincludes\PaytikoPayouts.php:27
actionadmin_menuincludes\PaytikoPayouts.php:28
actionadmin_enqueue_scriptsincludes\PaytikoPayouts.php:29
actionadmin_menuincludes\PaytikoSubscriptions.php:11
actionadmin_initincludes\PaytikoSubscriptions.php:12
actionadmin_enqueue_scriptsincludes\PaytikoSubscriptions.php:13
actionplugins_loadedwc-paytiko.php:25
filterwoocommerce_payment_gatewayswc-paytiko.php:34

Scheduled Events 1

paytiko_auto_cleaner_cron
Maintenance & Trust

Paytiko for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedNov 26, 2025
PHP min version5.6
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs100
Alternatives

Paytiko for WooCommerce Alternatives

Monobank WP Payment

Monobank WP Payment

monopay

A
92

Офіційний модуль від monobank для підключення інтернет-еквайрингу.

1K No CVEs
BridgerPay Woocommerce

BridgerPay Woocommerce

bridgerpay-woocommerce

A
100

The Bridgerpay Woocommerce plugin enables you to easily accept payments through your Woocommerce store.

30 No CVEs
Cecabank WooCommerce Plugin

Cecabank WooCommerce Plugin

cecabank-woocommerce

A
99

El plugin de Cecabank para WooCommerce permite realizar cobros a tus clientes utilizando el TPV de Cecabank.

3K 1 CVE
Checkout with Zelle on Woocommerce

Checkout with Zelle on Woocommerce

wc-zelle

A
99

Receive Zelle payments on your website with WooCommerce + Zelle

3K 1 CVE
Checkout Gateway for IRIS

Checkout Gateway for IRIS

checkout-gateway-iris

A
99

Unofficial IRIS checkout payment gateway for WooCommerce. Accept payments via IRIS and manage order statuses efficiently.

1K 1 CVE
Developer Profile

Paytiko for WooCommerce Developer Profile

Paytiko - Payment Orchestration Platform

1 plugin · 100 total installs

79
trust score
Avg Security Score
78/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Paytiko for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/paytiko/assets/js/auto-cleaner.js
Script Paths
/wp-content/plugins/paytiko/assets/js/auto-cleaner.js
Version Parameters
assets/js/auto-cleaner.js?ver=

HTML / DOM Fingerprints

CSS Classes
clearing-setting
Data Attributes
data-paytiko-session-token
JS Globals
paytiko_ajax_objectPaytikoBlocksConfig
REST Endpoints
/wp-json/paytiko/v1/gateway
Shortcode Output
[paytiko_payment_form]
FAQ

Frequently Asked Questions about Paytiko for WooCommerce