WP-Safety

Robokassa payment gateway for Woocommerce Security & Risk Analysis

wordpress.org/plugins/robokassa

Позволяет использовать интерфейс (платежный шлюз) для оплаты через Робокассу в WooCommerce. Поддерживает интеграцию чеков (закон 54-ФЗ)

3K active installs v1.8.5 PHP 7.4+ WP 5.7+ Updated Mar 5, 2026
ecommercepayment-gatewayrobokassarobokassa-payment-gatewayrobokassa-woocommerce
75
B · Generally Safe
CVEs total3
Unpatched1
Last CVEJul 15, 2025
Plugin page Download
Safety Verdict

Is Robokassa payment gateway for Woocommerce Safe to Use in 2026?

Mostly Safe

Score 75/100

Robokassa payment gateway for Woocommerce is generally safe to use. 3 past CVEs were resolved. Keep it updated.

3 known CVEs 1 unpatched Last CVE: Jul 15, 2025Updated 29d ago
Risk Assessment

The robokassa plugin version 1.8.5 presents a mixed security posture. On the positive side, it demonstrates good practices in handling SQL queries, exclusively using prepared statements, and its taint analysis did not reveal any critical or high-severity vulnerabilities. The plugin also avoids bundling external libraries, which can often introduce vulnerabilities if not kept up-to-date.

However, significant concerns arise from the attack surface. With two AJAX handlers, both lacking authentication checks, this opens up potential avenues for unauthorized actions. Furthermore, the plugin has a history of known vulnerabilities, with one CVE still unpatched. The commonality of Cross-site Scripting (XSS) in past vulnerabilities, combined with a concerning 57% of outputs being not properly escaped, suggests a persistent weakness in input validation and output sanitization. The absence of nonce checks on AJAX actions is a critical oversight that directly correlates with XSS risks.

While the plugin doesn't exhibit severe code-level vulnerabilities in the current static analysis, the unpatched CVE, unprotected AJAX endpoints, and the history of XSS vulnerabilities, especially when coupled with insufficient output escaping and missing nonce checks, indicate a medium to high-risk profile. A proactive approach is needed to address the unpatched vulnerability and to secure the AJAX endpoints.

Key Concerns

  • Unpatched CVE detected
  • AJAX handlers without auth checks
  • Missing nonce checks on AJAX
  • Low percentage of properly escaped output
  • Large attack surface without auth
Vulnerabilities
3

Robokassa payment gateway for Woocommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
1 CVE in 2024
2024
1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
3

3 total CVEs

CVE-2025-49958medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Robokassa payment gateway for Woocommerce <= 1.8.1 - Reflected Cross-Site Scripting

Jul 15, 2025Unpatched
CVE-2024-47395medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Robokassa payment gateway for Woocommerce <= 1.6.1 - Reflected Cross-Site Scripting

Sep 30, 2024 Patched in 1.6.2 (11d)
WF-75824b96-8674-4340-9e56-b0cb0f52503d-robokassamedium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Robokassa payment gateway for Woocommerce <= 1.4.5 - Authenticated (Administrator+) Stored Cross-Site Scripting

Apr 19, 2023 Patched in 1.4.6 (279d)
Code Analysis
Analyzed Mar 16, 2026

Robokassa payment gateway for Woocommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
5 prepared
Unescaped Output
40
53 escaped
Nonce Checks
0
Capability Checks
0
File Operations
7
External Requests
6
Bundled Libraries
0

SQL Query Safety

100% prepared5 total queries

Output Escaping

57% escaped93 total outputs
Data Flows
4 unsanitized

Data Flow Analysis

4 flows4 with unsanitized paths
sendSms (classes\Robokassa\Payment\RobokassaPayAPI.php:689)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Robokassa payment gateway for Woocommerce Attack Surface

Entry Points2
Unprotected2

AJAX Handlers 2

authwp_ajax_robokassa_check_order_statuswp_robokassa.php:224
noprivwp_ajax_robokassa_check_order_statuswp_robokassa.php:225
WordPress Hooks 25
actionadmin_noticesclasses\Robokassa\Payment\WC_WP_robokassa.php:13
actionwoocommerce_single_product_summarypayment-widget.php:3
actionwp_enqueue_scriptspayment-widget.php:4
actionwoocommerce_cart_calculate_feeswp_robokassa.php:35
actionwp_enqueue_scriptswp_robokassa.php:36
actionwoocommerce_review_order_before_paymentwp_robokassa.php:69
actionwoocommerce_product_options_general_product_datawp_robokassa.php:70
actionwoocommerce_product_options_general_product_datawp_robokassa.php:71
actionwoocommerce_product_options_general_product_datawp_robokassa.php:72
actionwoocommerce_admin_process_product_objectwp_robokassa.php:73
actionwoocommerce_admin_process_product_objectwp_robokassa.php:74
actionwoocommerce_admin_process_product_objectwp_robokassa.php:75
actionadmin_menuwp_robokassa.php:215
actionplugins_loadedwp_robokassa.php:216
actionparse_requestwp_robokassa.php:217
actionwoocommerce_order_status_completedwp_robokassa.php:218
actionwoocommerce_order_status_changedwp_robokassa.php:220
actionwoocommerce_order_status_changedwp_robokassa.php:221
actionwoocommerce_order_status_changedwp_robokassa.php:222
actionrobokassa_cancel_payment_eventwp_robokassa.php:223
filterwoocommerce_get_privacy_policy_textwp_robokassa.php:229
filterwoocommerce_payment_gatewayswp_robokassa.php:900
actionbefore_woocommerce_initwp_robokassa.php:1388
actionwoocommerce_blocks_loadedwp_robokassa.php:1389
actionwoocommerce_blocks_payment_method_type_registrationwp_robokassa.php:1397

Scheduled Events 1

robokassa_cancel_payment_event
Maintenance & Trust

Robokassa payment gateway for Woocommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 5, 2026
PHP min version7.4
Downloads67K

Community Trust

Rating86/100
Number of ratings32
Active installs3K
Alternatives

Robokassa payment gateway for Woocommerce Alternatives

Robokassa payment gateway with Subscriptions support

Robokassa payment gateway with Subscriptions support

robokassa-subscriptions

A
85

Robokassa сделала свой популярный модуль для WooCommerce еще лучше - теперь он поддерживает не только обычные продажи, но и функционал подписок, а так &hellip;

40 No CVEs
SumUp Payment Gateway For WooCommerce

SumUp Payment Gateway For WooCommerce

sumup-payment-gateway-for-woocommerce

A
99

The SumUp plugin for WooCommerce allows businesses to securely process payments online. Accept payments from customers using a range of payment method &hellip;

10K 1 CVE
Pay for Payment for WooCommerce

Pay for Payment for WooCommerce

woocommerce-pay-for-payment

A
100

Setup individual charges for each payment method in WooCommerce.

10K No CVEs
Bold pagos en linea

Bold pagos en linea

bold-pagos-en-linea

A
99

Recibe pagos en tu tienda de forma segura con diferentes métodos de pago confiables.

4K 1 CVE
Pay in Store WooCommerce Payment Gateway

Pay in Store WooCommerce Payment Gateway

pay-in-store-woocommerce-payment-gateway

A
85

Provides a Pay in Store upon pick up Payment Gateway for Woocommerce.

3K No CVEs
Developer Profile

Robokassa payment gateway for Woocommerce Developer Profile

robokassa

2 plugins · 3K total installs

65
trust score
Avg Security Score
80/100
Avg Patch Time
145 days
View full developer profile
Detection Fingerprints

How We Detect Robokassa payment gateway for Woocommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/robokassa/assets/css/robokassa-redirect.css/wp-content/plugins/robokassa/assets/js/robokassa-redirect.js
Script Paths
/wp-content/plugins/robokassa/assets/js/robokassa-redirect.js
Version Parameters
robokassa-redirect

HTML / DOM Fingerprints

JS Globals
robokassaRedirectConfig
REST Endpoints
/wp-json/robokassa-payment/v1/settings
FAQ

Frequently Asked Questions about Robokassa payment gateway for Woocommerce