[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fqTTtSXhgcRDK2idR-5utO4Kid_jq7feCpqlJWbnFTgE":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":62,"crawl_stats":37,"alternatives":69,"analysis":162,"fingerprints":411},"paytm-payments","Paytm Payment Gateway","2.8.7","integrationdevpaytm","https:\u002F\u002Fprofiles.wordpress.org\u002Fintegrationdevpaytm\u002F","\u003Cp>Welcome to the official Paytm Payment Gateway plugin for Woocommerce. Paytm Payment Gateway is ideal for Woocommerce and WordPress merchants since it allows them to give their customers a seamless, super-fast checkout experience backed by cutting-edge payments technology that powers India’s largest payments platform. Accept payments from over 100+ payment sources including credit cards, debit cards, netbanking from 50+ banks (including HDFC & SBI), UPI, wallets and Buy-now-pay-later options. Here are a few reasons why Woocommerce merchants should choose Paytm Payment Gateway.\u003C\u002Fp>\n\u003Ch3>Compatibilities and Dependencies\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>WordPress v3.9.2 or higher\u003C\u002Fli>\n\u003Cli>Woocommerce v2.4 or higher\u003C\u002Fli>\n\u003Cli>PHP v7.4.0 or higher\u003C\u002Fli>\n\u003Cli>Php-curl\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Largest scale:  Preferred by 330M+ consumers in India.\u003C\u002Fli>\n\u003Cli>India’s most reliable PG: Trusted by India’s biggest online brands such as Uber, Flipkart, Zomato, Airtel, IRCTC, LIC and many more.  \u003C\u002Fli>\n\u003Cli>Industry best prices guaranteed: 2x more affordable than other payment gateways with 0% transaction fees on UPI & Rupay payments.\u003C\u002Fli>\n\u003Cli>Boost  conversions: Affordability options like EMI and Paytm Postpaid to boost conversions.\u003C\u002Fli>\n\u003Cli>Superior technology: Industry best success rates & 99.99% Up-time, Capable of supporting 3x more transactions per second than other payment gateways.\u003C\u002Fli>\n\u003Cli>Superfast next day settlements, even on holidays and weekends.\u003C\u002Fli>\n\u003Cli>Powerful dashboard: Get payment analytics at your fingerprints. Get insights by payment source and customer cohorts.\u003C\u002Fli>\n\u003Cli>Instant refunds: Initiate refunds seamlessly with just a click right from your Paytm for business dashboard.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Getting Started\u003C\u002Fh3>\n\u003Cp>New to PaytmPG? Use this \u003Ca href=\"https:\u002F\u002Fdashboard.paytmpayments.com\" rel=\"nofollow ugc\">link\u003C\u002Fa> to create your Paytm for Business account and get access to exciting offers.\u003C\u002Fp>\n\u003Cp>Before enabling the Paytm Payment Gateway on Woocommerce, make sure you have a registered business account with Paytm. Please visit –\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fdashboard.paytmpayments.com\" rel=\"nofollow ugc\">Paytm Dashboard\u003C\u002Fa> to sign-up\u003C\u002Fp>\n\u003Ch3>Step-1: Generate your API keys with Paytm\u003C\u002Fh3>\n\u003Cp>To generate the API Key,\u003Cbr \u002F>\n* Log into your \u003Ca href=\"https:\u002F\u002Fdashboard.paytmpayments.com\u002F\" rel=\"nofollow ugc\">Dashboard\u003C\u002Fa>.\u003Cbr \u002F>\n* Select the API Keys under Developers on the left menu-bar.\u003Cbr \u002F>\n* Select the mode for which you want to generate the API Key from the menu.\u003Cbr \u002F>\n* Click Generate now to generate a key for the test mode and in case of live mode, first activate the account by submitting documents and then generate the key by clicking the Generate now button.\u003Cbr \u002F>\n* You will get the merchant ID and merchant key in response to the above. Please make a note of these to be used further.\u003C\u002Fp>\n\u003Cp>Note: You have to generate separate API Keys for the test and live modes. No money is deducted from your account in test mode.\u003Cbr \u002F>\nMID and merchant keys generation may take few minutes. In case you do not see these details, please logout and login after 5 minutes. Proceed now to generate these keys.\u003C\u002Fp>\n\u003Ch3>Step-2: Plugin Installation\u003C\u002Fh3>\n\u003Cp>There are 2 ways of installing the Paytm payment gateway plugin:-\u003Cbr \u002F>\ni)  Download the plugin repository from\u003Cbr \u002F>\n            OR\u003Cbr \u002F>\nii) Install the plugin directly from the WordPress dashboard\u003C\u002Fp>\n\u003Cp>Note: In case you have installed the plugin directly from the wordpress dashboard, skip to Step-3. In case you have downloaded the repository from here, follow the steps below to complete the installation.\u003C\u002Fp>\n\u003Ch3>Steps after downloading the plugin\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Unzip and open the downloaded folder.\u003C\u002Fli>\n\u003Cli>Copy the Paytm-payments folder from the unzipped folder.\u003C\u002Fli>\n\u003Cli>Paste it into \u002Fwp-content\u002Fplugins\u002F directory or you may choose to upload the Paytm folder via the Woocommerce Webstore Admin panel.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Step-3: Configuration\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Log into your WordPress admin and activate the Paytm plugin in WordPress Plugin Manager.\u003C\u002Fli>\n\u003Cli>Log into your WooCommerce Webstore account, navigate to Settings and click the Checkout\u002FPayment Gateways tab\u003C\u002Fli>\n\u003Cli>Scroll down to the Checkout page and go to the setting option of Paytm under Gateway Display\u003C\u002Fli>\n\u003Cli>Click on Paytm to edit the settings. If you do not see Paytm in the list at the top of the screen make sure you have activated the plugin in the WordPress Plugin Manager\u003C\u002Fli>\n\u003Cli>Fill in the following credentials.\n\u003Cul>\n\u003Cli>Enable – Enable check box\u003C\u002Fli>\n\u003Cli>Title – Paytm\u003C\u002Fli>\n\u003Cli>Description – Default\u003C\u002Fli>\n\u003Cli>Merchant Identifier – Staging\u002FProduction MID provided by Paytm\u003C\u002Fli>\n\u003Cli>Secret Key – Staging\u002FProduction Key provided by Paytm\u003C\u002Fli>\n\u003Cli>Website Name – Provided by Paytm\u003C\u002Fli>\n\u003Cli>Industry Type – Provided by Paytm\u003C\u002Fli>\n\u003Cli>Environment – Select environment type\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Your Paytm payment gateway is enabled. Now you can accept payment through Paytm.\u003Cbr \u002F>\nIn case of any issues with integration, please \u003Ca href=\"https:\u002F\u002Fwww.paytmpayments.com\u002Fcontact-us.html\" rel=\"nofollow ugc\">get in touch\u003C\u002Fa>.\u003C\u002Fp>\n","Welcome to the official Paytm Payment Gateway plugin for Woocommerce. Paytm Payment Gateway is ideal for Woocommerce and Wordpress merchants since it  &hellip;",3000,172783,62,15,"2025-12-11T07:33:00.000Z","6.9.4","4.0.1","7.4",[20,21,4,22,23],"paytm","paytm-payment-gateway","paytm-woocommerce","paywithpaytm","https:\u002F\u002Fgithub.com\u002FPaytm\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpaytm-payments.2.8.7.zip",98,2,0,"2023-02-22 00:00:00","2026-03-15T15:16:48.613Z",[32,48],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":39,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":29,"updated_date":44,"references":45,"days_to_patch":47},"CVE-2022-45805","paytm-payment-gateway-authenticated-editor-sql-injection-via-post","Paytm Payment Gateway \u003C= 2.7.3 - Authenticated (Editor+) SQL Injection via 'post'","The Paytm Payment Gateway plugin for WordPress is vulnerable to generic SQL Injection via the ‘post’ parameter in versions up to, and including, 2.7.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers with editor-level access, and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.",null,"\u003C=2.7.3","2.7.7","high",8.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","2024-01-22 19:56:02",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F6fa560b2-6283-42ab-a482-1e02d08181f8?source=api-prod",335,{"id":49,"url_slug":50,"title":51,"description":52,"plugin_slug":4,"theme_slug":37,"affected_versions":53,"patched_in_version":54,"severity":40,"cvss_score":55,"cvss_vector":56,"vuln_type":57,"published_date":58,"updated_date":44,"references":59,"days_to_patch":61},"CVE-2022-45362","paytm-payment-gateway-unauthenticated-server-side-request-forgery","Paytm Payment Gateway \u003C= 2.7.0 - Unauthenticated Server-Side Request Forgery","The Paytm Payment Gateway plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 2.7.0. This is due to Server-Side Request Forgery. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.","\u003C=2.7.0","2.7.3",7.2,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Server-Side Request Forgery (SSRF)","2022-11-29 00:00:00",[60],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F352cd9e6-ef1e-4a6b-bedb-6cf8ce9d4270?source=api-prod",420,{"slug":7,"display_name":7,"profile_url":8,"plugin_count":63,"total_installs":64,"avg_security_score":65,"avg_patch_time_days":66,"trust_score":67,"computed_at":68},5,3220,85,271,69,"2026-04-04T15:33:22.687Z",[70,89,104,124,141],{"slug":71,"name":72,"version":73,"author":7,"author_profile":8,"description":74,"short_description":75,"active_installs":76,"downloaded":77,"rating":78,"num_ratings":79,"last_updated":80,"tested_up_to":81,"requires_at_least":17,"requires_php":82,"tags":83,"homepage":86,"download_link":87,"security_score":88,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"edd-paytm-gateway","Paytm Digital Downloads","2.0","\u003Cp>A paytm gateway for Easy Digital Downloads. This plugin allow you to accept payments using Paytm. This plugin will add a Paytm Payment option on checkout page and user will be able to make payment using paytm PG Admin can also see payment status for orders by navigating to Downloads > Payment History from menu in admin.\u003C\u002Fp>\n","A paytm gateway for Easy Digital Downloads. This plugin allow you to accept payments using Paytm. This plugin will add a Paytm Payment option on check &hellip;",10,4275,100,1,"2024-11-26T08:15:00.000Z","6.7.5","5.6",[20,84,85,21,4],"paytm-digital-downloads","paytm-easy-digital-downloads","https:\u002F\u002Fwww.paytmpayments.com\u002Fdocs\u002Fplugins\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fedd-paytm-gateway.2.0.zip",92,{"slug":90,"name":91,"version":92,"author":7,"author_profile":8,"description":93,"short_description":94,"active_installs":76,"downloaded":95,"rating":28,"num_ratings":28,"last_updated":96,"tested_up_to":97,"requires_at_least":98,"requires_php":99,"tags":100,"homepage":102,"download_link":103,"security_score":65,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"paytm-gravity-forms","Paytm Gravity Forms","1.0","\u003Cp>This plugin allows you to accept payments using Paytm. After setup configuration with Payment Form. he will redirect to Paytm website to complete his transaction and on completion his payment, paytm will send that user back to your website along with transactions details. This plugin uses server-to-server verification to add an additional security layer for validating transactions. Admin can also see payment status for form entries by navigating to Forms > Entries from the menu in admin.\u003C\u002Fp>\n","This plugin allows you to accept payments using Paytm. After setup configuration with Payment Form. he will redirect to Paytm website to complete his  &hellip;",2364,"2018-12-20T05:28:00.000Z","4.9.29","4.9","5.3",[20,90,4,101,23],"paytm-plugin","https:\u002F\u002Fgithub.com\u002FPaytm-Payments\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpaytm-gravity-forms.zip",{"slug":105,"name":106,"version":107,"author":108,"author_profile":109,"description":110,"short_description":111,"active_installs":112,"downloaded":113,"rating":78,"num_ratings":63,"last_updated":114,"tested_up_to":81,"requires_at_least":115,"requires_php":18,"tags":116,"homepage":122,"download_link":123,"security_score":88,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"upi-qr-code-payment-gateway","UPI QR Code Payment Gateway","1.4.2","Dew Technolab","https:\u002F\u002Fprofiles.wordpress.org\u002Fdewtechnolab\u002F","\u003Cp>This Plugin enables WooCommerce shopowners to get direct and instant payments through UPI apps like Google Pay, Whatsapp, Amazon Pay Paytm, BHIM, PhonePe or any banking UPI app to save payment gateway charges in India.\u003C\u002Fp>\n\u003Ch3>UPI QR Code Payment Gateway\u003C\u002Fh3>\n\u003Cp>UPI (Unified Payments Interface) is a payment standard owned by National Payment Corporation of India, a government owned instant payment solution. UPI works 24×7 and is free subject to prevalent government guidelines.\u003C\u002Fp>\n\u003Cp>When this plugin is installed, a customer will see UPI as a payment option. When customer chooses it, it will open a page which shows the UPI QR Code containing the payment details and in mobile it will also show a button which takes customer to the list of installed UPI mobile applications. Customer can choose an app and pay the required amount.\u003C\u002Fp>\n\u003Cp>Like UPI QR Code Payment Gateway plugin? Consider leaving a \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fupi-qr-code-payment-gateway\u002Freviews\u002F?rate=5#new-post\" rel=\"ugc\">5 star review\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Benefits\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Simple & Easy to Setup.\u003C\u002Fli>\n\u003Cli>Avoid Payment Gateway Fees.\u003C\u002Fli>\n\u003Cli>Instant Money Settlement.\u003C\u002Fli>\n\u003Cli>Direct Payment.\u003C\u002Fli>\n\u003Cli>100% Success Rate.\u003C\u002Fli>\n\u003Cli>Send QR Code link to Customer.\u003C\u002Fli>\n\u003Cli>24×7 Availability.\u003C\u002Fli>\n\u003Cli>Multisite Network Supported.\u003C\u002Fli>\n\u003Cli>No KYC, No GST number Required.\u003C\u002Fli>\n\u003Cli>No Hidden or Additional Charges.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Detailed Steps\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Customer will see UPI as a payment option in WooCommerce Checkout page.\u003C\u002Fli>\n\u003Cli>When customer chooses it, it will open a page which shows the UPI QR Code containing the payment details and in mobile it will also show a button which takes customer to the list of installed UPI mobile applications.\u003C\u002Fli>\n\u003Cli>Customer can scan the QR Code using any UPI app or choose an app from mobile to pay the required order amount.\u003C\u002Fli>\n\u003Cli>After successful payment, a 12-digits Transaction\u002FUTR ID will appear in the Customer’s UPI app from which he\u002Fshe made the payment.\u003C\u002Fli>\n\u003Cli>After that, customer needs to enter that 12 digit transaction number to the “Enter the Transaction ID” textbox and click submit.\u003C\u002Fli>\n\u003Cli>After successful submission of the ID, the order will be marked as on hold (customizable).\u003C\u002Fli>\n\u003Cli>Now, Merchant gets a notification on the mobile on his\u002Fher UPI app (Google Pay\u002FPhonePe\u002FBHIM\u002FPaytm etc.)\u003C\u002Fli>\n\u003Cli>Merchant opens notification, sees a payment made. Sees the “Order ID”.\u003C\u002Fli>\n\u003Cli>Merchant opens the WooCommerce Dashboard, checks the “pending orders” for this Order ID.\u003C\u002Fli>\n\u003Cli>Checks the order details and processes it (shipping etc) and makes the orders as “processing” or “completed”.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Compatibility\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>This plugin is fully compatible with WordPress Version 4.6 and beyond and also compatible with any WordPress theme.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Support\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Community support via the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fupi-qr-code-payment-gateway\u002F\" rel=\"ugc\">support forums\u003C\u002Fa> at WordPress.org.\u003C\u002Fli>\n\u003C\u002Ful>\n","This Plugin enables WooCommerce shop owners to get direct and instant payments through UPI apps like GPay, PhonePe, Paytm or any banking UPI app.",1000,29918,"2025-01-04T06:52:00.000Z","4.5.0",[117,118,119,120,121],"gpay","paytm-upi","qrcode","upi-payment","woocommerce","http:\u002F\u002Fdewtechnolab.com\u002Fproject\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fupi-qr-code-payment-gateway.1.4.2.zip",{"slug":125,"name":126,"version":127,"author":7,"author_profile":8,"description":128,"short_description":129,"active_installs":130,"downloaded":131,"rating":78,"num_ratings":132,"last_updated":133,"tested_up_to":81,"requires_at_least":98,"requires_php":18,"tags":134,"homepage":137,"download_link":138,"security_score":139,"vuln_count":132,"unpatched_count":79,"last_vuln_date":140,"fetched_at":30},"paytm-donation","Paytm Payment Donation","2.3.3","\u003Cp>This plugin allow you to accept donation payments using Paytm. This plugin will add a simple form that user will fill, when he clicks on submit he will redirected to Paytm website to complete his transaction and on completion his payment, paytm will send that user back to your website along with transactions details. This plugin uses server-to-server verification to add additional security layer for validating transactions. Admin can also see all transaction details with payment status by going to “Paytm Payment Details” from menu in admin.\u003C\u002Fp>\n\u003Ch3>Compatibilities and Dependencies\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>WordPress v3.9.2 or higher\u003C\u002Fli>\n\u003Cli>PHP v7.4.0 or higher\u003C\u002Fli>\n\u003Cli>Php-curl\u003C\u002Fli>\n\u003C\u002Ful>\n","A plugin to create Custom form and accept donation payment using paytm payment gateway.",200,18075,3,"2025-03-03T14:13:00.000Z",[20,125,135,101,136],"paytm-payment","paytm-wordpress-donation","https:\u002F\u002Fpaytmpayments.com\u002Fdocs\u002Fwordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpaytm-donation.2.3.3.zip",67,"2025-02-03 00:00:00",{"slug":142,"name":143,"version":144,"author":145,"author_profile":146,"description":147,"short_description":148,"active_installs":149,"downloaded":150,"rating":78,"num_ratings":151,"last_updated":152,"tested_up_to":153,"requires_at_least":154,"requires_php":155,"tags":156,"homepage":155,"download_link":161,"security_score":65,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"pay-with-paytm-qr-offline-payment-gateway","paytm QR payment gateway","1.0.0","smart","https:\u002F\u002Fprofiles.wordpress.org\u002Fsmitraval\u002F","\u003Cp>This plugin allow you to accept payments using Paytm QR code. User can place order on your site and can pay using paytm. Simplest way to collect payment directly into your paytm wallet and gain user engagements with easy checkout.\u003C\u002Fp>\n","Get payment using your paytm QR code on your website.",80,14228,4,"2016-12-14T12:23:00.000Z","4.7.32","3.5","",[157,158,159,20,160],"gateway","payment","payment-gateway","qr","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpay-with-paytm-qr-offline-payment-gateway.1.0.zip",{"attackSurface":163,"codeSignals":239,"taintFlows":254,"riskAssessment":399,"analyzedAt":410},{"hooks":164,"ajaxHandlers":227,"restRoutes":236,"shortcodes":237,"cronEvents":238,"entryPointCount":27,"unprotectedCount":79},[165,171,175,179,184,188,190,194,198,202,206,210,215,219,222],{"type":166,"name":167,"callback":168,"file":169,"line":170},"action","init","check_paytm_response","class.paytm.php",44,{"type":166,"name":172,"callback":173,"file":169,"line":174},"woocommerce_update_options_payment_gateways","process_admin_options",50,{"type":166,"name":176,"callback":177,"file":169,"line":178},"admin_enqueue_scripts","paytm_enqueue_script",783,{"type":166,"name":180,"callback":181,"file":182,"line":183},"before_woocommerce_init","closure","woo-paytm.php",35,{"type":166,"name":185,"callback":186,"file":182,"line":187},"woocommerce_blocks_loaded","paytm_register_order_approval_payment_method_type",57,{"type":166,"name":189,"callback":181,"file":182,"line":139},"woocommerce_blocks_payment_method_type_registration",{"type":166,"name":191,"callback":192,"file":182,"line":193},"wp_head","paytmWoopayment_enqueue_style",123,{"type":166,"name":195,"callback":196,"file":182,"line":197},"wp_enqueue_scripts","paytmWoopayment_js_css",128,{"type":166,"name":199,"callback":200,"file":182,"line":201},"add_meta_boxes","add_paytm_payment_block",133,{"type":166,"name":203,"callback":204,"file":182,"line":205},"admin_head","woocommerce_paytm_add_css_js",285,{"type":166,"name":207,"callback":208,"priority":28,"file":182,"line":209},"plugins_loaded","woocommerce_paytm_init",395,{"type":211,"name":212,"callback":213,"file":182,"line":214},"filter","woocommerce_payment_gateways","woocommerce_add_paytm_gateway",405,{"type":166,"name":216,"callback":217,"file":182,"line":218},"the_content","paytmResponseMessage",418,{"type":166,"name":191,"callback":220,"file":182,"line":221},"woocommerce_paytm_front_add_css",421,{"type":166,"name":223,"callback":224,"priority":225,"file":182,"line":226},"admin_menu","paytm_transactions_menu",99,439,[228,232],{"action":229,"nopriv":230,"callback":229,"hasNonce":230,"hasCapCheck":230,"file":169,"line":231},"setPaymentNotificationUrl",false,732,{"action":233,"nopriv":230,"callback":233,"hasNonce":234,"hasCapCheck":230,"file":182,"line":235},"savetxnstatus",true,338,[],[],[],{"dangerousFunctions":240,"sqlUsage":241,"outputEscaping":243,"fileOperations":28,"externalRequests":132,"nonceChecks":79,"capabilityChecks":79,"bundledLibraries":253},[],{"prepared":76,"raw":28,"locations":242},[],{"escaped":244,"rawEcho":132,"locations":245},76,[246,249,251],{"file":169,"line":247,"context":248},314,"raw output",{"file":169,"line":250,"context":248},771,{"file":182,"line":252,"context":248},370,[],[255,300,320,332,344,369],{"entryPoint":256,"graph":257,"unsanitizedCount":132,"severity":40},"check_paytm_response (class.paytm.php:526)",{"nodes":258,"edges":293},[259,264,268,274,278,281,286,289,291],{"id":260,"type":261,"label":262,"file":169,"line":263},"n0","source","$_POST",540,{"id":265,"type":266,"label":267,"file":169,"line":263},"n1","transform","→ getPaytmOrderData()",{"id":269,"type":270,"label":271,"file":182,"line":272,"wp_function":273},"n2","sink","get_row() [SQLi]",259,"get_row",{"id":275,"type":261,"label":276,"file":169,"line":277},"n3","$_POST['ORDERID']",564,{"id":279,"type":266,"label":280,"file":169,"line":277},"n4","→ saveTxnResponse()",{"id":282,"type":270,"label":283,"file":182,"line":284,"wp_function":285},"n5","query() [SQLi]",390,"query",{"id":287,"type":261,"label":262,"file":169,"line":288},"n6",604,{"id":290,"type":266,"label":280,"file":169,"line":288},"n7",{"id":292,"type":270,"label":283,"file":182,"line":284,"wp_function":285},"n8",[294,295,296,297,298,299],{"from":260,"to":265,"sanitized":230},{"from":265,"to":269,"sanitized":230},{"from":275,"to":279,"sanitized":230},{"from":279,"to":282,"sanitized":230},{"from":287,"to":290,"sanitized":230},{"from":290,"to":292,"sanitized":230},{"entryPoint":301,"graph":302,"unsanitizedCount":132,"severity":40},"\u003Cclass.paytm> (class.paytm.php:0)",{"nodes":303,"edges":313},[304,305,306,307,308,309,310,311,312],{"id":260,"type":261,"label":262,"file":169,"line":263},{"id":265,"type":266,"label":267,"file":169,"line":263},{"id":269,"type":270,"label":271,"file":182,"line":272,"wp_function":273},{"id":275,"type":261,"label":276,"file":169,"line":277},{"id":279,"type":266,"label":280,"file":169,"line":277},{"id":282,"type":270,"label":283,"file":182,"line":284,"wp_function":285},{"id":287,"type":261,"label":262,"file":169,"line":288},{"id":290,"type":266,"label":280,"file":169,"line":288},{"id":292,"type":270,"label":283,"file":182,"line":284,"wp_function":285},[314,315,316,317,318,319],{"from":260,"to":265,"sanitized":230},{"from":265,"to":269,"sanitized":230},{"from":275,"to":279,"sanitized":230},{"from":279,"to":282,"sanitized":230},{"from":287,"to":290,"sanitized":230},{"from":290,"to":292,"sanitized":230},{"entryPoint":321,"graph":322,"unsanitizedCount":79,"severity":40},"add_paytm_payment_block (woo-paytm.php:136)",{"nodes":323,"edges":329},[324,327,328],{"id":260,"type":261,"label":325,"file":182,"line":326},"$_GET",153,{"id":265,"type":266,"label":267,"file":182,"line":326},{"id":269,"type":270,"label":271,"file":182,"line":272,"wp_function":273},[330,331],{"from":260,"to":265,"sanitized":230},{"from":265,"to":269,"sanitized":230},{"entryPoint":333,"graph":334,"unsanitizedCount":79,"severity":40},"savetxnstatus (woo-paytm.php:340)",{"nodes":335,"edges":341},[336,339,340],{"id":260,"type":261,"label":337,"file":182,"line":338},"$_POST['paytm_order_id']",363,{"id":265,"type":266,"label":280,"file":182,"line":338},{"id":269,"type":270,"label":283,"file":182,"line":284,"wp_function":285},[342,343],{"from":260,"to":265,"sanitized":230},{"from":265,"to":269,"sanitized":230},{"entryPoint":345,"graph":346,"unsanitizedCount":27,"severity":40},"display_paytm_transactions (woo-paytm.php:453)",{"nodes":347,"edges":365},[348,350,354,355,359,361],{"id":260,"type":261,"label":325,"file":182,"line":349},459,{"id":265,"type":270,"label":351,"file":182,"line":352,"wp_function":353},"get_results() [SQLi]",466,"get_results",{"id":269,"type":261,"label":325,"file":182,"line":349},{"id":275,"type":270,"label":356,"file":182,"line":357,"wp_function":358},"get_var() [SQLi]",491,"get_var",{"id":279,"type":261,"label":360,"file":182,"line":349},"$_GET (x2)",{"id":282,"type":270,"label":362,"file":182,"line":363,"wp_function":364},"echo() [XSS]",510,"echo",[366,367,368],{"from":260,"to":265,"sanitized":230},{"from":269,"to":275,"sanitized":230},{"from":279,"to":282,"sanitized":234},{"entryPoint":370,"graph":371,"unsanitizedCount":27,"severity":40},"\u003Cwoo-paytm> (woo-paytm.php:0)",{"nodes":372,"edges":391},[373,376,378,379,380,381,382,383,384,385,387,389],{"id":260,"type":261,"label":374,"file":182,"line":375},"$_GET (x3)",146,{"id":265,"type":270,"label":362,"file":182,"line":377,"wp_function":364},251,{"id":269,"type":261,"label":325,"file":182,"line":349},{"id":275,"type":270,"label":351,"file":182,"line":352,"wp_function":353},{"id":279,"type":261,"label":325,"file":182,"line":349},{"id":282,"type":270,"label":356,"file":182,"line":357,"wp_function":358},{"id":287,"type":261,"label":325,"file":182,"line":326},{"id":290,"type":266,"label":267,"file":182,"line":326},{"id":292,"type":270,"label":271,"file":182,"line":272,"wp_function":273},{"id":386,"type":261,"label":337,"file":182,"line":338},"n9",{"id":388,"type":266,"label":280,"file":182,"line":338},"n10",{"id":390,"type":270,"label":283,"file":182,"line":284,"wp_function":285},"n11",[392,393,394,395,396,397,398],{"from":260,"to":265,"sanitized":234},{"from":269,"to":275,"sanitized":234},{"from":279,"to":282,"sanitized":234},{"from":287,"to":290,"sanitized":230},{"from":290,"to":292,"sanitized":230},{"from":386,"to":388,"sanitized":230},{"from":388,"to":390,"sanitized":230},{"summary":400,"deductions":401},"The \"paytm-payments\" plugin v2.8.7 exhibits a mixed security posture. On the positive side, it demonstrates strong practices in SQL query handling, with 100% of queries using prepared statements and a high percentage of output properly escaped. The absence of file operations and the limited use of bundled libraries are also strengths. However, a significant concern arises from the attack surface analysis, which reveals two AJAX handlers, one of which lacks authentication checks. Furthermore, the taint analysis shows six flows with unsanitized paths, all flagged as high severity. This indicates a potential for serious vulnerabilities, despite the absence of directly exploitable critical taint flows in this specific analysis.\n\nThe plugin's vulnerability history, with two known high-severity CVEs related to SQL Injection and SSRF, is concerning. While there are currently no unpatched CVEs, this historical pattern suggests a recurring tendency for these types of vulnerabilities to emerge in the plugin. The last vulnerability was recorded in early 2023, but the presence of high-severity taint flows with unsanitized paths in the current version points to potential lingering risks or the introduction of new, similar vulnerabilities. The combination of an unprotected entry point and high-severity taint flows with unsanitized paths is the most pressing risk. The plugin has room for improvement in its input validation and access control mechanisms to mitigate these risks.",[402,405,408],{"reason":403,"points":404},"AJAX handler without auth checks",8,{"reason":406,"points":407},"High severity taint flows with unsanitized paths",12,{"reason":409,"points":14},"2 High severity CVEs in vulnerability history","2026-03-16T18:20:41.474Z",{"wat":412,"direct":422},{"assetPaths":413,"generatorPatterns":416,"scriptPaths":417,"versionParams":419},[414,415],"\u002Fwp-content\u002Fplugins\u002Fpaytm-payments\u002Fassets\u002F2.8.7\u002Fcss\u002Fpaytm-payments.css","\u002Fwp-content\u002Fplugins\u002Fpaytm-payments\u002Fassets\u002F2.8.7\u002Fjs\u002Fpaytm-payments.js",[],[418],"\u002Fwp-content\u002Fplugins\u002Fpaytm-payments\u002Fclass-block.php",[420,421],"paytm-payments\u002Fassets\u002F2.8.7\u002Fcss\u002Fpaytm-payments.css?ver=","paytm-payments\u002Fassets\u002F2.8.7\u002Fjs\u002Fpaytm-payments.js?ver=",{"cssClasses":423,"htmlComments":424,"htmlAttributes":425,"restEndpoints":429,"jsGlobals":430,"shortcodeOutput":432},[],[],[426,427,428],"data-paytm-order-id","data-paytm-transaction-id","data-paytm-status",[],[431],"paytm_constants",[]]