Does Autopay have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Autopay compatible with WordPress 6.9.4?

According to WordPress.org data, Autopay 4.9.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Autopay compatible with PHP 7.4+?

Autopay requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Autopay updated?

Autopay was last updated on Apr 15, 2026. Frequent updates are generally a positive security signal.

What is Autopay's security score?

Autopay has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Autopay Security & Risk Analysis

wordpress.org/plugins/platnosci-online-blue-media

Autopay is a payment module that enables cashless transactions in a shop based on the WordPress platform (WooCommerce).

3K active installs v4.9.0 PHP 7.4+ WP 6.0+ Updated Apr 15, 2026

autopaybluemediawoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Autopay Safe to Use in 2026?

Generally Safe

Score 100/100

Autopay has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The plugin "platnosci-online-blue-media" v4.8.3 demonstrates a generally good security posture in several key areas. The absence of any known CVEs and a clean vulnerability history are significant strengths, suggesting a commitment to security or a lack of significant past issues. The static analysis also shows a low attack surface, with no unprotected AJAX handlers, REST API routes, or shortcodes. Furthermore, the majority of SQL queries utilize prepared statements, and a good percentage of output is properly escaped. The presence of nonce checks also indicates an awareness of common WordPress vulnerabilities.

However, there are specific areas of concern. The taint analysis revealed two high-severity flows with unsanitized paths, which could potentially lead to path traversal or other file system related vulnerabilities if exploited. Although the total number of file operations is low, these unsanitized paths represent a critical risk. The plugin also lacks capability checks on its entry points, meaning that any authenticated user, regardless of their role, could potentially interact with these features, which could be problematic depending on the functionality. The presence of bundled libraries, while not inherently a risk, requires careful management to ensure they are up-to-date and free from known vulnerabilities.

In conclusion, the plugin has a solid foundation with a clean history and a well-managed attack surface. Nevertheless, the high-severity taint flows and the absence of capability checks on entry points introduce notable risks that should be addressed. Proactive monitoring of bundled libraries for security updates is also advisable.

Key Concerns

High severity taint flows
Unsanitized paths in taint flows
Missing capability checks
Bundled libraries (potential risk)

Vulnerabilities

None known

Autopay Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Autopay Release Timeline

v4.9.0Current

v4.8.3

v4.8.2

v4.8.1

v4.8

v4.7.1

v4.7.0

Code Analysis

Analyzed Mar 16, 2026

Autopay Code Analysis

Dangerous Functions

Raw SQL Queries

13 prepared

Unescaped Output

110

306 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Guzzle

SQL Query Safety

87% prepared15 total queries

Output Escaping

74% escaped416 total outputs

Data Flows · Security

4 unsanitized

Data Flow Analysis

4 flows4 with unsanitized paths

process_admin_options (src\Gateway\Blue_Media_Gateway.php:2169)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Autopay Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 33

actionplugins_loadedcompatibility.php:12

actionplugins_loadedcompatibility.php:28

actionadmin_enqueue_scriptssrc\Assets\AssetManager.php:24

filterwoocommerce_before_settings_checkoutsrc\Domain\Service\Currency\Currency.php:306

actionwp_headsrc\Domain\Service\Custom_Styles\Css_Frontend.php:16

actionbm_order_bm_int_status_SUCCESS_processedsrc\Domain\Service\Ga4\Ga4_Hooks.php:24

filterwoocommerce_get_sections_checkoutsrc\Domain\Service\Settings\Settings_Manager.php:41

actionwoocommerce_settings_checkoutsrc\Domain\Service\Settings\Settings_Manager.php:58

actionwoocommerce_after_settings_checkoutsrc\Domain\Service\Settings\Settings_Manager.php:62

actionwoocommerce_settings_checkoutsrc\Domain\Service\Settings\Settings_Manager.php:74

actionwoocommerce_after_settings_checkoutsrc\Domain\Service\Settings\Settings_Manager.php:78

filteradmin_body_classsrc\Domain\Service\Settings\Settings_Manager.php:121

filterwoocommerce_generate_autopay_template_htmlsrc\Domain\Service\Settings\WC_Form_Fields_Integration.php:16

actionupdate_option_WPLANGsrc\Gateway\Blue_Media_Gateway.php:168

filterwoocommerce_get_checkout_order_received_urlsrc\Gateway\Blue_Media_Gateway.php:785

actionwoocommerce_api_wc_gateway_bluemediasrc\Gateway\Blue_Media_Gateway.php:928

actionwpsrc\Gateway\Hooks\Payment_On_Account_Page.php:9

filterautopay_payment_on_account_pagesrc\Gateway\Hooks\Payment_On_Account_Page.php:36

filterautopay_filter_can_redirect_to_payment_gatewaysrc\Gateway\Hooks\Payment_On_Account_Page.php:84

filterautopay_filter_option_whitelabelsrc\Gateway\Hooks\Payment_On_Account_Page.php:95

actionautopay_after_payment_fieldsrc\Gateway\Hooks\Payment_On_Account_Page.php:100

actionwffn_loadedsrc\Integration\Funnel_Builder\Funnel_Builder_Integration.php:8

filterwp_redirectsrc\Integration\Funnel_Builder\Funnel_Builder_Integration.php:12

actionwoocommerce_blocks_loadedsrc\Plugin.php:127

actionbm_cancel_failed_pending_order_after_one_hoursrc\Plugin.php:141

actionwp_enqueue_scriptssrc\Plugin.php:159

actionwpsrc\Plugin.php:171

actionwoocommerce_blocks_payment_method_type_registrationsrc\Plugin.php:204

actiontemplate_redirectsrc\Plugin.php:420

actiontemplate_redirectsrc\Plugin.php:421

filterwoocommerce_cancel_unpaid_ordersrc\Plugin.php:423

filterwoocommerce_payment_gatewayssrc\Plugin.php:444

filterautopay_log_idsrc\Utilities\Test_Connection\Async_Request.php:26

Scheduled Events 1

bm_cancel_failed_pending_order_after_one_hour

Maintenance & Trust

Autopay Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedApr 15, 2026

PHP min version7.4

Downloads52K

Community Trust

Rating42/100

Number of ratings7

Active installs3K

Alternatives

Autopay Alternatives

Essential Addons for Elementor – Popular Elementor Templates & Widgets

essential-addons-for-elementor-lite

Elementor addon offering 110+ widgets and templates — Elementor Gallery, Slider, Form, Post Grid, Menu, Accordion, WooCommerce & more.

2.0M 59 CVEs

Limit Login Attempts Reloaded – Login Security, 2FA, Brute Force Protection & Firewall

limit-login-attempts-reloaded

Stop password guessing attacks, secure WooCommerce, block bad IPs, block by countries (Pro), and add email 2FA. Lightweight with better performance.

2.0M 4 CVEs

Google for WooCommerce

google-listings-and-ads

Native integration with Google that allows merchants to easily display their products across Google’s network.

900K 1 CVE

WooPayments: Integrated WooCommerce Payments

woocommerce-payments

Securely accept credit and debit cards on your WooCommerce store. Manage payments without leaving your WordPress dashboard. Only with WooPayments.

900K 7 CVEs

WooCommerce PayPal Payments

woocommerce-paypal-payments

100

PayPal's latest payment processing solution. Accept PayPal, Pay Later, credit/debit cards, alternative digital wallets and bank accounts.

800K 1 CVE

Developer Profile

Autopay Developer Profile

Autopay

1 plugin · 3K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Autopay

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/platnosci-online-blue-media/assets/js/admin-sortable.js

Version Parameters

platnosci-online-blue-media/assets/js/admin-sortable.js?ver=

HTML / DOM Fingerprints

CSS Classes

bm-woocommerce

Data Attributes

data-gateway_id="bluemedia"

JS Globals

wp.codeEditor.initializewp.codeEditor.defaultSettings

FAQ