WP-Safety

PlatiOnline Payments Security & Risk Analysis

wordpress.org/plugins/plationline

PlatiOnline payments for Woocommerce allows online merchants to accept Visa, Visa Electron and MasterCard, directly on their Woocommerce store

700 active installs v7.0.2 PHP 5.6+ WP 6.0+ Updated Jan 14, 2026
ecommercepaymentplationline
99
A · Safe
CVEs total1
Unpatched0
Last CVEJun 27, 2025
Plugin page Download
Safety Verdict

Is PlatiOnline Payments Safe to Use in 2026?

Generally Safe

Score 99/100

PlatiOnline Payments has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jun 27, 2025Updated 2mo ago
Risk Assessment

The plationline plugin v7.0.2 exhibits a mixed security posture. While it demonstrates good practices in SQL query handling and nonce/capability checks on its AJAX actions, a significant concern arises from the presence of six AJAX handlers that lack authorization checks. This creates a substantial attack surface where unauthenticated users could potentially interact with sensitive functionalities. The taint analysis also revealed two flows with unsanitized paths, although they did not reach a critical or high severity, suggesting a potential for input validation issues that could be exploited. The plugin's vulnerability history shows one known medium-severity CVE, which is currently patched. However, the recurrence of 'Missing Authorization' as a common vulnerability type, coupled with the identified unprotected AJAX endpoints, indicates a persistent weakness in access control. Overall, while SQL and nonce handling are strengths, the unprotected AJAX endpoints and potential input sanitization gaps present a notable risk that requires attention.

Key Concerns

  • 6 AJAX handlers without auth checks
  • 2 flows with unsanitized paths
  • 42% of outputs properly escaped
  • 1 medium severity CVE in history
Vulnerabilities
1

PlatiOnline Payments Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-53288medium · 4.3Missing Authorization

PlatiOnline Payments <= 7.0.0 - Missing Authorization

Jun 27, 2025 Patched in 7.0.1 (201d)
Code Analysis
Analyzed Mar 16, 2026

PlatiOnline Payments Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
2 prepared
Unescaped Output
74
53 escaped
Nonce Checks
6
Capability Checks
6
File Operations
3
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared2 total queries

Output Escaping

42% escaped127 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
<class-wc-plationline-process> (inc\core\class-wc-plationline-process.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
6 unprotected

PlatiOnline Payments Attack Surface

Entry Points7
Unprotected6

AJAX Handlers 6

authwp_ajax_queryinc\core\class-init.php:140
authwp_ajax_voidinc\core\class-init.php:141
authwp_ajax_cancel_recurrenceinc\core\class-init.php:142
authwp_ajax_settleinc\core\class-init.php:143
authwp_ajax_refundinc\core\class-init.php:144
authwp_ajax_settle_amountinc\core\class-init.php:145

Shortcodes 1

[plationline_response] inc\core\class-init.php:134
WordPress Hooks 52
actionadmin_noticesinc\core\class-init.php:70
actioninitinc\core\class-init.php:106
filterwoocommerce_payment_gatewaysinc\core\class-init.php:119
filterwoocommerce_reports_order_statusesinc\core\class-init.php:120
filterwc_order_statusesinc\core\class-init.php:121
actioninitinc\core\class-init.php:122
filterwc_order_statusesinc\core\class-init.php:123
actionwoocommerce_receipt_plationlineinc\core\class-init.php:124
actionwoocommerce_receipt_plationline_princ\core\class-init.php:125
actionwoocommerce_receipt_plationline_recurrenceinc\core\class-init.php:126
actionwoocommerce_receipt_plationline_additionalinc\core\class-init.php:127
actionwoocommerce_receipt_plationline_woocommerce_subscriptionsinc\core\class-init.php:129
actionvalid-plationline-itsn-requestinc\core\class-init.php:131
actionvalid-plationline-responseinc\core\class-init.php:132
actionwoocommerce_api_wc_plationlineinc\core\class-init.php:133
actionwoocommerce_email_order_metainc\core\class-init.php:135
filterwoocommerce_email_format_stringinc\core\class-init.php:136
actionadd_meta_boxesinc\core\class-init.php:137
actionadmin_enqueue_scriptsinc\core\class-init.php:138
actionadmin_enqueue_scriptsinc\core\class-init.php:139
actionwoocommerce_order_status_changedinc\core\class-init.php:148
filterwoocommerce_endpoint_order-received_titleinc\core\class-init.php:150
filterwoocommerce_thankyou_order_received_textinc\core\class-init.php:151
actionwoocommerce_view_orderinc\core\class-init.php:153
filterwoocommerce_order_is_paid_statusesinc\core\class-init.php:154
filterwoocommerce_product_data_tabsinc\core\class-init.php:158
filterwoocommerce_product_data_panelsinc\core\class-init.php:159
actionwoocommerce_process_product_metainc\core\class-init.php:160
actionwoocommerce_before_trash_orderinc\core\class-init.php:163
actionbefore_woocommerce_initinc\core\class-init.php:167
actionwoocommerce_blocks_loadedinc\core\class-init.php:174
actioninitinc\core\class-init.php:186
actionwp_enqueue_scriptsinc\core\class-init.php:193
actionwp_enqueue_scriptsinc\core\class-init.php:194
actionwoocommerce_login_form_endinc\core\class-init.php:195
actionwoocommerce_after_edit_account_address_forminc\core\class-init.php:196
actionwoocommerce_register_form_startinc\core\class-init.php:197
actionwoocommerce_api_wc_login_plationlineinc\core\class-init.php:198
actionwoocommerce_api_wc_login_plationline_edit_addressinc\core\class-init.php:199
actionwoocommerce_after_add_to_cart_forminc\core\class-init.php:201
actionwp_enqueue_scriptsinc\core\class-init.php:202
actionwoocommerce_blocks_payment_method_type_registrationinc\core\class-init.php:284
actionwoocommerce_after_checkout_validationinc\core\class-wc-plationline-recurrence.php:52
actionwoocommerce_checkout_create_orderinc\core\class-wc-plationline-recurrence.php:53
filterwoocommerce_available_payment_gatewaysinc\core\class-wc-plationline-recurrence.php:54
actionwoocommerce_order_details_after_order_tableinc\core\class-wc-plationline-recurrence.php:55
filterwoocommerce_available_payment_gatewaysinc\core\class-wc-plationline-woocommerce-subscriptions.php:62
actionwoocommerce_subscription_status_updatedinc\core\class-wc-plationline-woocommerce-subscriptions.php:64
actionwcs_renewal_order_createdinc\core\class-wc-plationline-woocommerce-subscriptions.php:66
filterwoocommerce_available_payment_gatewaysinc\core\class-wc-plationline.php:71
filterwoocommerce_order_email_verification_requiredinc\core\class-wc-plationline.php:75
filterwoocommerce_order_received_verify_known_shoppersinc\core\class-wc-plationline.php:78
Maintenance & Trust

PlatiOnline Payments Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 14, 2026
PHP min version5.6
Downloads16K

Community Trust

Rating100/100
Number of ratings2
Active installs700
Alternatives

PlatiOnline Payments Alternatives

WooCommerce PayPal Payments

WooCommerce PayPal Payments

woocommerce-paypal-payments

A
100

PayPal's latest payment processing solution. Accept PayPal, Pay Later, credit/debit cards, alternative digital wallets and bank accounts.

800K 1 CVE
PrettyLinks – Affiliate Links, Link Branding, Link Tracking, Marketing and Stripe Payments Plugin

PrettyLinks – Affiliate Links, Link Branding, Link Tracking, Marketing and Stripe Payments Plugin

pretty-link

A
90

🌠 The best WordPress link management, branding, tracking, sharing and payments plugin. Easily make pretty & trackable shortlinks. 🔗

300K 8 CVEs
Mollie Payments for WooCommerce

Mollie Payments for WooCommerce

mollie-payments-for-woocommerce

A
93

Accept all major payment methods in WooCommerce today. Credit cards, iDEAL and more! Fast, safe and intuitive.

100K 4 CVEs
SureCart – Ecommerce Made Easy For Selling Physical Products, Digital Downloads, Subscriptions, Donations, & Payments

SureCart – Ecommerce Made Easy For Selling Physical Products, Digital Downloads, Subscriptions, Donations, & Payments

surecart

A
99

Make ecommerce easy with a simple to use, all-in-one platform, that anyone can set up in just a few minutes!

90K 2 CVEs
Easy Digital Downloads – eCommerce Payments and Subscriptions made easy

Easy Digital Downloads – eCommerce Payments and Subscriptions made easy

easy-digital-downloads

B
75

The #1 eCommerce plugin to sell digital products & subscriptions. Accept credit card payments with Stripe & PayPal and start your store today.

40K 39 CVEs
Developer Profile

PlatiOnline Payments Developer Profile

Adrian Ladó

2 plugins · 730 total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
114 days
View full developer profile
Detection Fingerprints

How We Detect PlatiOnline Payments

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/plationline/inc/admin/css/plationline-admin.css/wp-content/plugins/plationline/inc/admin/css/jquery-confirm.min.css/wp-content/plugins/plationline/inc/admin/js/jquery-confirm.min.js/wp-content/plugins/plationline/inc/admin/js/plationline-admin.js
Script Paths
/wp-content/plugins/plationline/inc/admin/js/jquery-confirm.min.js/wp-content/plugins/plationline/inc/admin/js/plationline-admin.js
Version Parameters
plationline-admin.css?ver=jquery-confirm.min.css?ver=jquery-confirm.min.js?ver=plationline-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
plationline-admin-display
HTML Comments
<!-- PlatiOnline Remote Actions -->
Data Attributes
data-po-noncedata-po-action
JS Globals
po6
REST Endpoints
/wp-json/plationline/v1/payment
Shortcode Output
[plationline_payment]
FAQ

Frequently Asked Questions about PlatiOnline Payments