WP-Safety

Scanandpay Payments via PayID for WooCommerce Security & Risk Analysis

wordpress.org/plugins/scanandpay-payments-via-payid-for-woocommerce

Accept PayID payments in your WooCommerce store. Customers scan a QR code and pay instantly via their banking app.

0 active installs v1.1.8 PHP 7.4+ WP 6.0+ Updated Mar 8, 2026
australiapayidpayment-gatewayqr-codewoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Scanandpay Payments via PayID for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Scanandpay Payments via PayID for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 26d ago
Risk Assessment

The "scanandpay-payments-via-payid-for-woocommerce" plugin, version 1.1.8, demonstrates a generally good security posture with several strengths. The absence of dangerous functions, file operations, and SQL queries using prepared statements is highly positive. Furthermore, the plugin exhibits robust output escaping and has no recorded vulnerability history, suggesting a commitment to secure development.

However, there are areas for concern that slightly detract from its overall security. The presence of one REST API route without a permission callback represents a potential entry point for unauthorized access or manipulation if not properly secured by the underlying WordPress environment or other plugins. While the taint analysis shows no issues, the small number of flows analyzed might not be exhaustive. The limited number of capability checks (1) and nonce checks (3) compared to the number of entry points could also be a concern if these are not sufficiently comprehensive across all critical operations.

In conclusion, the plugin is built on a foundation of secure coding practices, indicated by the lack of critical vulnerabilities and good handling of SQL and output. The primary weakness lies in a single unprotected REST API route. Continued vigilance in expanding authorization checks and comprehensive taint analysis would further strengthen its security profile.

Key Concerns

  • REST API route without permission callback
  • Limited nonce checks relative to entry points
  • Limited capability checks relative to entry points
Vulnerabilities
None known

Scanandpay Payments via PayID for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Scanandpay Payments via PayID for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
5
39 escaped
Nonce Checks
3
Capability Checks
1
File Operations
0
External Requests
2
Bundled Libraries
0

Output Escaping

89% escaped44 total outputs
Attack Surface
1 unprotected

Scanandpay Payments via PayID for WooCommerce Attack Surface

Entry Points7
Unprotected1

AJAX Handlers 5

authwp_ajax_scanpay_admin_test_connectionincludes\class-scanpay-ajax-handlers.php:24
authwp_ajax_scanpay_check_statusincludes\class-scanpay-ajax-handlers.php:27
noprivwp_ajax_scanpay_check_statusincludes\class-scanpay-ajax-handlers.php:28
authwp_ajax_scanpay_get_qr_codeincludes\class-scanpay-ajax-handlers.php:31
noprivwp_ajax_scanpay_get_qr_codeincludes\class-scanpay-ajax-handlers.php:32

REST API Routes 1

POST/wp-json/scanpay/v1/payment-confirmedincludes\class-scanpay-webhook-controller.php:41

Shortcodes 1

[scanpay_payment_page] includes\class-scanpay-payment-page.php:26
WordPress Hooks 18
actionwp_enqueue_scriptsincludes\class-scanpay-blocks-support.php:36
actionscanpay_woo_check_pending_ordersincludes\class-scanpay-cron.php:34
actionwoocommerce_admin_field_scanpay_connection_buttonincludes\class-scanpay-gateway.php:85
actionwoocommerce_admin_field_scanpay_installation_videoincludes\class-scanpay-gateway.php:86
actioninitincludes\class-scanpay-payment-page.php:23
actiontemplate_redirectincludes\class-scanpay-payment-page.php:24
filterquery_varsincludes\class-scanpay-payment-page.php:25
actionwoocommerce_thankyouincludes\class-scanpay-payment-page.php:29
actioninitincludes\class-scanpay-payment-page.php:34
actionrest_api_initincludes\class-scanpay-webhook-controller.php:34
actionbefore_woocommerce_initscanandpay-payid-gateway-woocommerce.php:34
actionadmin_noticesscanandpay-payid-gateway-woocommerce.php:49
actionplugins_loadedscanandpay-payid-gateway-woocommerce.php:95
filterwoocommerce_payment_gatewaysscanandpay-payid-gateway-woocommerce.php:107
actionwoocommerce_blocks_payment_method_type_registrationscanandpay-payid-gateway-woocommerce.php:114
actionwoocommerce_blocks_loadedscanandpay-payid-gateway-woocommerce.php:122
actionadmin_enqueue_scriptsscanandpay-payid-gateway-woocommerce.php:167
filtercron_schedulesscanandpay-payid-gateway-woocommerce.php:211

Scheduled Events 1

scanpay_woo_check_pending_orders
Maintenance & Trust

Scanandpay Payments via PayID for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 8, 2026
PHP min version7.4
Downloads808

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Scanandpay Payments via PayID for WooCommerce Alternatives

Bangladeshi Payment Gateways – Make Payment Using QR Code

Bangladeshi Payment Gateways – Make Payment Using QR Code

bangladeshi-payment-gateways

A
100

Bangladeshi Payment Gateways for WooCommerce.

5K 1 CVE
HitPay Payment Gateway for WooCommerce

HitPay Payment Gateway for WooCommerce

hitpay-payment-gateway

A
99

HitPay Payment Gateway Plugin allows HitPay merchants to accept PayNow QR, Cards, Apple Pay, Google Pay, WeChatPay, AliPay and GrabPay Payments.

4K 1 CVE
Debitsuccess

Debitsuccess

debitsuccess

A
85

Accept all major credit cards directly on your WooCommerce site in a seamless and secure checkout environment with Debitsuccess Commerce.

10 No CVEs
Frinext Scan & Pay

Frinext Scan & Pay

frinextqr

A
100

Manual UPI Scan & Pay payment gateway for WooCommerce with QR code and payment proof upload.

0 No CVEs
SSV Smart Pay Payment Gateway

SSV Smart Pay Payment Gateway

ssv-smart-pay-payment-gateway

A
100

Accept payments via Pay by Bank - SSV SmartPay Payment Gateway using QR code or bank transfer. Fast, secure, and easy to use for WooCommerce stores.

0 No CVEs
Developer Profile

Scanandpay Payments via PayID for WooCommerce Developer Profile

scanandpay

1 plugin · 0 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Scanandpay Payments via PayID for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/scanandpay-payments-via-payid-for-woocommerce/assets/css/admin.css/wp-content/plugins/scanandpay-payments-via-payid-for-woocommerce/assets/js/admin-connection-test.js
Script Paths
/wp-content/plugins/scanandpay-payments-via-payid-for-woocommerce/assets/js/admin-connection-test.js
Version Parameters
scanandpay-payments-via-payid-for-woocommerce/assets/css/admin.css?ver=scanandpay-payments-via-payid-for-woocommerce/assets/js/admin-connection-test.js?ver=

HTML / DOM Fingerprints

CSS Classes
scanpay-woo-admin-test-connect-button
Data Attributes
data-gateway-id="scanpay"
JS Globals
ScanPayAdminTest
REST Endpoints
/wp-json/scanpay-woo/v1/webhook/wp-json/scanpay-woo/v1/payment_status
FAQ

Frequently Asked Questions about Scanandpay Payments via PayID for WooCommerce