[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fLOX-k-UzBZVk2ytLX2G0musca_r_J7En6kPiOmXfVBc":3},{"slug":4,"name":4,"version":5,"author":6,"author_profile":7,"description":8,"short_description":9,"active_installs":10,"downloaded":11,"rating":10,"num_ratings":10,"last_updated":12,"tested_up_to":13,"requires_at_least":14,"requires_php":15,"tags":16,"homepage":22,"download_link":23,"security_score":24,"vuln_count":10,"unpatched_count":10,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":33,"analysis":132,"fingerprints":179},"scan2payme","1.0.4","awaldherr","https:\u002F\u002Fprofiles.wordpress.org\u002Fawaldherr\u002F","\u003Cp>This plugin generates QR-Codes containing the banking details of your shop and displays them in the WooCommerce order status page. Your customers can scan this code with their banking app to initiate a SEPA bank transfer without typing.\u003C\u002Fp>\n\u003Ch3>European Payment Council (EPC) QR-Code\u003C\u002Fh3>\n\u003Cp>More information on the EPC QR-Code: \u003Ca href=\"https:\u002F\u002Fwww.europeanpaymentscouncil.eu\u002Fdocument-library\u002Fguidance-documents\u002Fstandardisation-qr-codes-mscts\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.europeanpaymentscouncil.eu\u002Fdocument-library\u002Fguidance-documents\u002Fstandardisation-qr-codes-mscts\u003C\u002Fa>\u003C\u002Fp>\n","Plugin for displaying payment QR-Codes in WooCommerce order pages.",0,1263,"","6.7.5","6.4","8.0",[17,18,19,20,21],"bank-transfer","girocode","payment","qr-code","woocommerce","https:\u002F\u002Fgithub.com\u002Fawaldherr\u002Fscan2payme","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fscan2payme.1.0.5.zip",100,null,"2026-03-15T10:48:56.248Z",[],{"slug":6,"display_name":6,"profile_url":7,"plugin_count":29,"total_installs":10,"avg_security_score":24,"avg_patch_time_days":30,"trust_score":31,"computed_at":32},1,30,94,"2026-04-04T13:55:18.917Z",[34,56,72,94,115],{"slug":35,"name":36,"version":37,"author":38,"author_profile":39,"description":40,"short_description":41,"active_installs":42,"downloaded":43,"rating":24,"num_ratings":44,"last_updated":45,"tested_up_to":46,"requires_at_least":47,"requires_php":48,"tags":49,"homepage":12,"download_link":52,"security_score":53,"vuln_count":29,"unpatched_count":10,"last_vuln_date":54,"fetched_at":55},"checkout-gateway-iris","Checkout Gateway for IRIS","1.5","vgdevsolutions","https:\u002F\u002Fprofiles.wordpress.org\u002Fvgdevsolutions\u002F","\u003Cp>\u003Cstrong>Checkout Gateway for IRIS\u003C\u002Fstrong> allows store owners to accept direct IRIS payments through WooCommerce. After the customer places an order, it is set to “on hold” until the payment is manually verified.\u003C\u002Fp>\n\u003Cp>This is ideal for Greek businesses using IRIS payments and bank transfers, allowing them to present payment instructions, QR code, VAT number, and account holder info right at checkout.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>ℹ️ This plugin is developed by VGDEV and is \u003Cstrong>not affiliated with or endorsed by IRIS or any bank\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Adds a new payment method for IRIS at WooCommerce Checkout.\u003Cbr \u002F>\n* Displays bank details, reference instructions, and a QR code after order.\u003Cbr \u002F>\n* Fully customizable payment labels (e.g., VAT, account name).\u003Cbr \u002F>\n* Designed specifically for Greek market needs.\u003Cbr \u002F>\n* Compatible with latest WooCommerce and WordPress versions.\u003C\u002Fp>\n","Unofficial IRIS checkout payment gateway for WooCommerce. Accept payments via IRIS and manage order statuses efficiently.",1000,55491,2,"2026-02-24T10:02:00.000Z","6.9.4","5.2","7.2",[17,50,51,20,21],"greek-payments","iris","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcheckout-gateway-iris.1.5.zip",99,"2026-02-05 00:00:00","2026-03-15T15:16:48.613Z",{"slug":57,"name":58,"version":59,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":24,"downloaded":64,"rating":10,"num_ratings":10,"last_updated":65,"tested_up_to":46,"requires_at_least":12,"requires_php":12,"tags":66,"homepage":70,"download_link":71,"security_score":24,"vuln_count":10,"unpatched_count":10,"last_vuln_date":25,"fetched_at":55},"czech-qr-code-bank-transfer-payment-for-woocommerce","Czech QR Payments for WooCommerce","1.0.7","Miroslav Novák","https:\u002F\u002Fprofiles.wordpress.org\u002Fmirnovak\u002F","\u003Cp>Payment method for fast QR code bank payment from Czech banking mobile apps.\u003Cbr \u002F>\nConvenient bank transfer without having to type the account number data and just scanning the QR code in customer’s mobile banking app.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Displays the QR code on the order confirmation page\u003C\u002Fli>\n\u003Cli>Sets the bank transfer variable symbol as the order number\u003C\u002Fli>\n\u003Cli>Also sends email with the QR code to the client\u003C\u002Fli>\n\u003Cli>Besides the QR code it shows also the bank account number and the variable symbol for manual bank transfers\u003C\u002Fli>\n\u003Cli>Supports instant payments\u003C\u002Fli>\n\u003Cli>Supports Gutenberg checkout blocks as well as classic shortcodes layout\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>There are also premium plugins available:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.platiti.cz\u002Fen\u002FWooCommerce\u002FBankwireFio\" rel=\"nofollow ugc\">Automated payment pairing for FIO bank\u003C\u002Fa> – Works just like this QR code payment plugin, but also automatically marks orders as paid when incoming payments are detected via the Fio Bank API. Unlike the payment gateways, there are no transaction fees.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.platiti.cz\u002Fen\u002FWooCommerce\" rel=\"nofollow ugc\">Payment plugins for the payment gateways\u003C\u002Fa> – Comgate, ThePay, PayU, GP webpay, ČSOB, GoPay, CCBill, Barion, TrustPay, Twisto, SkipPay, HomeCredit, Essox, Cofidis, Cetelem\u003C\u002Fli>\n\u003C\u002Ful>\n","Payment method for fast QR code bank transfer payment from Czech banking mobile apps",1011,"2026-01-22T15:09:00.000Z",[17,67,68,20,69],"checkout-blocks","czech-bank","woocommerce-payment","https:\u002F\u002Fwww.platiti.cz\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fczech-qr-code-bank-transfer-payment-for-woocommerce.1.0.7.zip",{"slug":73,"name":74,"version":75,"author":76,"author_profile":77,"description":78,"short_description":79,"active_installs":80,"downloaded":81,"rating":82,"num_ratings":83,"last_updated":84,"tested_up_to":46,"requires_at_least":85,"requires_php":86,"tags":87,"homepage":91,"download_link":92,"security_score":53,"vuln_count":29,"unpatched_count":10,"last_vuln_date":93,"fetched_at":55},"upi-qr-code-payment-for-woocommerce","UPI QR Code Payment Gateway for WooCommerce","1.6.2","knitpay","https:\u002F\u002Fprofiles.wordpress.org\u002Fknitpay\u002F","\u003Cp>This Plugin enables WooCommerce shop owners to get direct and instant payments through UPI apps like BHIM, GooglePay, WhatsApp, Paytm, PhonePe or any banking UPI app to save payment gateway charges in India.\u003C\u002Fp>\n\u003Ch3>UPI QR Code Payment Gateway for WooCommerce\u003C\u002Fh3>\n\u003Cp>UPI (Unified Payments Interface) is a payment standard owned by National Payment Corporation of India, a government owned instant payment solution. UPI works 24×7 and is free subject to prevalent government guidelines.\u003C\u002Fp>\n\u003Cp>When this plugin is installed, a customer will see UPI as a payment option. When customer chooses it, it will open a page which shows the UPI QR Code containing the payment details and in mobile it will also show a button which takes customer to the list of installed UPI mobile applications. Customer can choose an app and pay the required amount.\u003C\u002Fp>\n\u003Cp>Like UPI QR Code Payment Gateway for WooCommerce plugin? Consider leaving a \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fupi-qr-code-payment-for-woocommerce\u002Freviews\u002F?rate=5#new-post\" rel=\"ugc\">5 star review\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Benefits\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Simple & Easy to Setup.\u003C\u002Fli>\n\u003Cli>Avoid Payment Gateway Fees.\u003C\u002Fli>\n\u003Cli>Instant Settlement.\u003C\u002Fli>\n\u003Cli>Direct Payment.\u003C\u002Fli>\n\u003Cli>100% Success Rate.\u003C\u002Fli>\n\u003Cli>Send QR Code link to Customer.\u003C\u002Fli>\n\u003Cli>24×7 Availability.\u003C\u002Fli>\n\u003Cli>Multisite Network Supported.\u003C\u002Fli>\n\u003Cli>No Renewal\u002FSubscription.\u003C\u002Fli>\n\u003Cli>No KYC, No GST number Required.\u003C\u002Fli>\n\u003Cli>No Hidden or Additional Charges.\u003C\u002Fli>\n\u003Cli>Instant Money Settlement.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Detailed Steps\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Customer will see UPI as a payment option in WooCommerce Checkout page.\u003C\u002Fli>\n\u003Cli>When customer chooses it, it will open a page which shows the UPI QR Code containing the payment details and in mobile it will also show a button which takes customer to the list of installed UPI mobile applications.\u003C\u002Fli>\n\u003Cli>Customer can scan the QR Code using any UPI app or choose an app from mobile to pay the required order amount.\u003C\u002Fli>\n\u003Cli>After successful payment, a 12-digits Transaction\u002FUTR ID will appear in the Customer’s UPI app from which he\u002Fshe made the payment.\u003C\u002Fli>\n\u003Cli>After that, customer needs to enter that 12 digit transaction number to the “Enter the Transaction ID” text box and click submit.\u003C\u002Fli>\n\u003Cli>After successful submission of the ID, the order will be marked as on hold (customizable).\u003C\u002Fli>\n\u003Cli>Now, Merchant gets a notification on the mobile on his\u002Fher UPI app (Google Pay\u002FPhonePe\u002FBHIM\u002FPaytm etc.)\u003C\u002Fli>\n\u003Cli>Merchant opens notification, sees a payment made. Sees the “Order ID”.\u003C\u002Fli>\n\u003Cli>Merchant opens the WooCommerce Dashboard, checks the “pending orders” for this Order ID.\u003C\u002Fli>\n\u003Cli>Checks the order details and processes it (shipping etc) and makes the orders as “processing” or “completed”.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Compatibility\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>This plugin is fully compatible with WordPress Version 4.6 and beyond and also compatible with any WordPress theme.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Support\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Community support via the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fupi-qr-code-payment-for-woocommerce\" rel=\"ugc\">support forums\u003C\u002Fa> at WordPress.org.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Contribute\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Active development of this plugin is handled \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fknit-pay\u002Fupi-qr-code-payment-for-woocommerce\" rel=\"nofollow ugc\">on GitHub\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Feel free to \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fknit-pay\u002Fupi-qr-code-payment-for-woocommerce\" rel=\"nofollow ugc\">fork the project on GitHub\u003C\u002Fa> and submit your contributions via pull request.\u003C\u002Fli>\n\u003C\u002Ful>\n","This Plugin enables WooCommerce shop owners to get direct and instant payments through UPI apps like BHIM, GooglePay, PhonePe or any banking UPI app.",20000,409742,96,248,"2026-01-19T06:53:00.000Z","4.6","5.6",[88,20,89,90,21],"bhim-upi","upi","upi-payment","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fupi-qr-code-payment-for-woocommerce\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fupi-qr-code-payment-for-woocommerce.1.6.2.zip","2026-01-23 00:00:00",{"slug":95,"name":96,"version":97,"author":98,"author_profile":99,"description":100,"short_description":101,"active_installs":102,"downloaded":103,"rating":24,"num_ratings":104,"last_updated":105,"tested_up_to":46,"requires_at_least":106,"requires_php":107,"tags":108,"homepage":112,"download_link":113,"security_score":24,"vuln_count":29,"unpatched_count":10,"last_vuln_date":114,"fetched_at":55},"bangladeshi-payment-gateways","Bangladeshi Payment Gateways – Make Payment Using QR Code","4.0.4","ultraDevs","https:\u002F\u002Fprofiles.wordpress.org\u002Fultradevs\u002F","\u003Cp>Bangladeshi Payment Gateways for WooCommerce. It has some advanced features that will help you to manage payment easily.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Pay with QR Code\u003C\u002Fli>\n\u003Cli>Fee for each gateway\u003C\u002Fli>\n\u003Cli>Block Based Checkout Page Support\u003C\u002Fli>\n\u003Cli>USD to BDT Conversion Support\u003C\u002Fli>\n\u003Cli>Statistics, Transactions.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Supported Gateways\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>bKash\u003C\u002Fli>\n\u003Cli>Rocket\u003C\u002Fli>\n\u003Cli>Nagad\u003C\u002Fli>\n\u003Cli>Upay\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Video\u003C\u002Fh4>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FArJ-zOW1KBU?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Ch3>Our Other Plugins.\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Feasy-dropbox-integration\u002F\" rel=\"ugc\">Easy Dropbox Integration For WordPress\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Frandom-image-block-for-block-editor\u002F\" rel=\"ugc\">Random Image Block for Block Editor\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fultraembed-advanced-iframe\u002F\" rel=\"ugc\">UltraEmbed – Advanced Iframe Plugin For WordPress with Gutenberg Block Included\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftestimonialx-block\u002F\" rel=\"ugc\">TestimonialX – Testimonial Block For Gutenberg Block Editor with 15+ Stunning Styles\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Need Help?\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fbangladeshi-payment-gateways\u002F\" rel=\"ugc\">Free Support\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fweb.facebook.com\u002Fhello.ultradevs\" rel=\"nofollow ugc\">Live Chat\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fultradevs.com\u002Fdocs\u002Fbangladeshi-payment-gateways\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>  | \u003Ca href=\"https:\u002F\u002Fwww.youtube.com\u002Fplaylist?list=PL6-MOhUm73eiSSVHgAVnFFEvs6rO2sZyC\" rel=\"nofollow ugc\">Video Tutorials\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Join With US\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fweb.facebook.com\u002Fgroups\u002Fpowerfulblocks\u002F\" rel=\"nofollow ugc\">Facebook – Community\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fweb.facebook.com\u002Fhello.ultradevs\" rel=\"nofollow ugc\">Facebook – Page\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwww.youtube.com\u002Fchannel\u002FUCc2yL-QGQjscXpPx9Pp7J8w\" rel=\"nofollow ugc\">Youtube\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002FultraDevsBD\" rel=\"nofollow ugc\">Twitter\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwww.instagram.com\u002Fultradevs\u002F\" rel=\"nofollow ugc\">Instagram\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Contribute\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002FultraDevs\u002FBangladeshi-Payment-Gateways\" rel=\"nofollow ugc\">Github Link\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cp>Bangladeshi Payment Gateways uses \u003Ca href=\"https:\u002F\u002Fappsero.com\" rel=\"nofollow ugc\">Appsero\u003C\u002Fa> SDK to collect some telemetry data upon user’s confirmation. This helps us to troubleshoot problems faster & make product improvements.\u003C\u002Fp>\n\u003Cp>Appsero SDK \u003Cstrong>does not gather any data by default.\u003C\u002Fstrong> The SDK only starts gathering basic telemetry data \u003Cstrong>when a user allows it via the admin notice\u003C\u002Fstrong>. We collect the data to ensure a great user experience for all our users.\u003C\u002Fp>\n\u003Cp>Integrating Appsero SDK \u003Cstrong>DOES NOT IMMEDIATELY\u003C\u002Fstrong> start gathering data, \u003Cstrong>without confirmation from users in any case.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Learn more about how \u003Ca href=\"https:\u002F\u002Fappsero.com\u002Fprivacy-policy\u002F\" rel=\"nofollow ugc\">Appsero collects and uses this data\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Made with love by \u003Ca href=\"https:\u002F\u002Fultradevs.com\" rel=\"nofollow ugc\">ultraDevs\u003C\u002Fa>\u003C\u002Fp>\n","Bangladeshi Payment Gateways for WooCommerce.",5000,72784,87,"2025-12-28T04:28:00.000Z","4.4","7.0.0",[109,110,111,20,21],"bkash","mobile-payment","payment-gateway","https:\u002F\u002Fultradevs.com\u002Fproducts\u002Fwp-plugin\u002Fbangladeshi-payment-gateways\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbangladeshi-payment-gateways.4.0.4.zip","2022-12-16 00:00:00",{"slug":116,"name":117,"version":118,"author":119,"author_profile":120,"description":121,"short_description":122,"active_installs":123,"downloaded":124,"rating":24,"num_ratings":29,"last_updated":125,"tested_up_to":46,"requires_at_least":126,"requires_php":127,"tags":128,"homepage":12,"download_link":130,"security_score":53,"vuln_count":29,"unpatched_count":10,"last_vuln_date":131,"fetched_at":55},"hitpay-payment-gateway","HitPay Payment Gateway for WooCommerce","4.2.1","HitPay Payment Solutions Pte Ltd","https:\u002F\u002Fprofiles.wordpress.org\u002Fhitpay2020\u002F","\u003Cp>HitPay Payment Gateway Plugin allows HitPay merchants to accept PayNow QR, Cards, Apple Pay, Google Pay, WeChatPay, AliPay and GrabPay Payments.\u003C\u002Fp>\n\u003Cp>This plugin would communicate with 3rd party HitPay payment gateway(https:\u002F\u002Fwww.hitpayapp.com\u002F) in order to process the payments.\u003C\u002Fp>\n\u003Cp>Merchant must create an account with HitPay payment gateway(https:\u002F\u002Fwww.hitpayapp.com\u002F).\u003C\u002Fp>\n\u003Cp>Pay only per transaction. No monthly, setup, admin or any hidden service fees.\u003C\u002Fp>\n\u003Cp>Merchant once created an account with HitPay payment gateway(https:\u002F\u002Fwww.hitpayapp.com\u002F), they can go to thier HitPay dashboard and choose the payment options they would to avail for their site.\u003C\u002Fp>\n\u003Cp>And merchant need to copy the API keys and Salt values from the HitPay Web Dashboard under Settings > Payment Gateway > API Keys\u003C\u002Fp>\n\u003Ch3>Configuration\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Go to WooCommerce settings\u003C\u002Fli>\n\u003Cli>Select the “Payments” tab\u003C\u002Fli>\n\u003Cli>Activate the payment method (if inactive)\u003C\u002Fli>\n\u003Cli>Set the name you wish to show your users on Checkout (for example: “HitPay or Creditcard”)\u003C\u002Fli>\n\u003Cli>Fill the payment method’s description (for example: “Pay with HitPay”)\u003C\u002Fli>\n\u003Cli>Copy the API keys and Salt values from the HitPay Web Dashboard under Settings > Payment Gateway > API Keys\u003C\u002Fli>\n\u003Cli>Select the payment gateway logos.\u003C\u002Fli>\n\u003Cli>Click “Save Changes”\u003C\u002Fli>\n\u003Cli>All done!\u003C\u002Fli>\n\u003C\u002Fol>\n","HitPay Payment Gateway Plugin allows HitPay merchants to accept PayNow QR, Cards, Apple Pay, Google Pay, WeChatPay, AliPay and GrabPay Payments.",4000,42761,"2025-11-29T02:34:00.000Z","4.0","5.5",[129,111,20,21],"hitpay","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhitpay-payment-gateway.4.2.1.zip","2024-07-11 00:00:00",{"attackSurface":133,"codeSignals":163,"taintFlows":171,"riskAssessment":172,"analyzedAt":178},{"hooks":134,"ajaxHandlers":154,"restRoutes":160,"shortcodes":161,"cronEvents":162,"entryPointCount":29,"unprotectedCount":29},[135,141,145,149],{"type":136,"name":137,"callback":138,"file":139,"line":140},"action","admin_menu","scan2payme\\scan2payme_extension_options_page","scan2payme-admin.php",17,{"type":136,"name":142,"callback":143,"file":139,"line":144},"admin_enqueue_scripts","scan2payme\\scan2payme_enqueue_scripts",22,{"type":136,"name":146,"callback":147,"file":139,"line":148},"admin_init","scan2payme\\scan2payme_extension_settings_init",390,{"type":136,"name":150,"callback":151,"file":152,"line":153},"plugins_loaded","scan2payme\\scan2payme_plugin_load_text_domain","scan2payme.php",67,[155],{"action":156,"nopriv":157,"callback":158,"hasNonce":157,"hasCapCheck":157,"file":139,"line":159},"scan2payme_option_account_changed",false,"scan2payme\\ajax_scan2payme_option_account_changed_handler",50,[],[],[],{"dangerousFunctions":164,"sqlUsage":165,"outputEscaping":167,"fileOperations":10,"externalRequests":10,"nonceChecks":29,"capabilityChecks":29,"bundledLibraries":170},[],{"prepared":10,"raw":10,"locations":166},[],{"escaped":168,"rawEcho":10,"locations":169},42,[],[],[],{"summary":173,"deductions":174},"The \"scan2payme\" plugin, in version 1.0.4, exhibits a mixed security posture. On the positive side, the plugin demonstrates excellent coding practices in several areas. All SQL queries are properly prepared, and all output is correctly escaped, indicating a strong defense against common injection and XSS vulnerabilities. There are no file operations or external HTTP requests, further reducing the attack surface. The absence of bundled libraries is also a good sign, as it avoids potential vulnerabilities from outdated dependencies.\n\nHowever, a significant concern arises from the attack surface analysis. The plugin has a single entry point through an AJAX handler that completely lacks authentication checks. This presents a critical risk, as any unauthenticated user could potentially interact with this handler, leading to unintended actions or information disclosure. While taint analysis did not reveal any issues, the presence of an unprotected AJAX endpoint bypasses the need for taint to manifest a vulnerability, as the lack of authorization is the primary flaw.\n\nFurthermore, the plugin's vulnerability history is entirely clean, with no recorded CVEs. While this is a positive indicator, it's important to note that a clean history does not guarantee future security. Coupled with the unprotected AJAX endpoint, this suggests that while the developers may have good intentions, there's a critical oversight in securing critical functionalities. The plugin's strengths in preventing common web vulnerabilities are overshadowed by the single, yet significant, vulnerability in its authentication mechanism.",[175],{"reason":176,"points":177},"AJAX handler without authentication",10,"2026-03-17T05:42:08.366Z",{"wat":180,"direct":187},{"assetPaths":181,"generatorPatterns":183,"scriptPaths":184,"versionParams":185},[182],"\u002Fwp-content\u002Fplugins\u002Fscan2payme\u002Fjs\u002Fscan2payme-admin.js",[],[],[186],"scan2payme\u002Fjs\u002Fscan2payme-admin.js?ver=",{"cssClasses":188,"htmlComments":189,"htmlAttributes":191,"restEndpoints":193,"jsGlobals":195,"shortcodeOutput":197},[],[190],"\u003C!-- TODO does the default value work if this is a fresh installation? -->",[192],"data-nonce=\"scan2payme-account-nonce\"",[194],"\u002Fwp-json\u002Fscan2payme\u002Fv1\u002Foptions",[196],"scan2payme_ajax_object",[]]