WP-Safety

Scanpay for WooCommerce Security & Risk Analysis

wordpress.org/plugins/scanpay-for-woocommerce

Accept payments in WooCommerce with a reliable and secure Scandinavian payment gateway.

200 active installs v2.9.2 PHP 7.4+ WP 4.7+ Updated Sep 30, 2025
mobilepaypaymentsscanpaysubscriptionswoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Scanpay for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Scanpay for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6mo ago
Risk Assessment

The "scanpay-for-woocommerce" plugin version 2.1.3 exhibits several concerning security weaknesses. The static analysis reveals a significant attack surface with 2 AJAX handlers, both of which lack authentication checks. This is a critical oversight, as it exposes these endpoints to unauthenticated access and potential exploitation. Furthermore, the plugin performs 45 SQL queries with zero percentage utilizing prepared statements, indicating a high risk of SQL injection vulnerabilities. Only 33% of output is properly escaped, increasing the likelihood of cross-site scripting (XSS) attacks. While the plugin has no recorded vulnerability history, this does not negate the clear risks identified in the static analysis. The lack of authentication on critical entry points and the prevalent use of raw SQL queries are fundamental security flaws that require immediate attention. The presence of a nonce check and a capability check, while positive signs, are insufficient to mitigate the risks posed by the unprotected AJAX handlers and unescaped SQL queries.

Key Concerns

  • AJAX handlers without authentication
  • SQL queries not using prepared statements
  • Low percentage of properly escaped output
Vulnerabilities
None known

Scanpay for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Scanpay for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
45
0 prepared
Unescaped Output
10
5 escaped
Nonce Checks
1
Capability Checks
1
File Operations
3
External Requests
1
Bundled Libraries
0

SQL Query Safety

0% prepared45 total queries

Output Escaping

33% escaped15 total outputs
Attack Surface
2 unprotected

Scanpay for WooCommerce Attack Surface

Entry Points2
Unprotected2

AJAX Handlers 2

authwp_ajax_woocommerce_mark_order_statuswoocommerce-scanpay.php:213
authwp_ajax_woocommerce_mark_order_statuswoocommerce-scanpay.php:235
WordPress Hooks 33
filterwoocommerce_settings_api_form_fields_scanpaygateways\class-wc-scanpay-gateway.php:24
actionwoocommerce_update_options_payment_gateways_scanpaygateways\class-wc-scanpay-gateway.php:36
actionwoocommerce_blocks_enqueue_checkout_block_scripts_beforegateways\class-wc-scanpay-gateway.php:46
filterwoocommerce_order_item_needs_processinggateways\class-wc-scanpay-gateway.php:56
filterwoocommerce_order_status_completedhooks\class-wc-scanpay-sync.php:27
filterwoocommerce_scheduled_subscription_payment_scanpayhooks\class-wc-scanpay-sync.php:32
filterwoocommerce_order_item_needs_processinghooks\class-wc-scanpay-sync.php:60
filterwoocommerce_order_status_completedhooks\wp-bulk-actions.php:58
actionwoocommerce_inithooks\wp-scanpay-thankyou.php:14
actionwoocommerce_thankyou_order_idhooks\wp-scanpay-thankyou.php:32
actionadmin_noticesincludes\compatibility.php:47
actionwoocommerce_api_wc_scanpaywoocommerce-scanpay.php:54
actionplugins_loadedwoocommerce-scanpay.php:66
filterwoocommerce_subscription_payment_method_to_displaywoocommerce-scanpay.php:94
filterwoocommerce_admin_shared_settingswoocommerce-scanpay.php:178
actionadmin_print_styles-woocommerce_page_wc-settingswoocommerce-scanpay.php:186
actionadd_meta_boxes_woocommerce_page_wc-orderswoocommerce-scanpay.php:195
actionadd_meta_boxes_woocommerce_page_wc-orders--shop_subscriptionwoocommerce-scanpay.php:196
filterbulk_actions-woocommerce_page_wc-orderswoocommerce-scanpay.php:199
filterhandle_bulk_actions-woocommerce_page_wc-orderswoocommerce-scanpay.php:208
filterbulk_actions-edit-shop_orderwoocommerce-scanpay.php:221
filterhandle_bulk_actions-edit-shop_orderwoocommerce-scanpay.php:230
actionadd_meta_boxes_shop_orderwoocommerce-scanpay.php:243
actionadd_meta_boxes_shop_subscriptionwoocommerce-scanpay.php:244
filterplugin_action_links_scanpay-for-woocommerce/woocommerce-scanpay.phpwoocommerce-scanpay.php:250
actionplugins_loadedwoocommerce-scanpay.php:261
filterwoocommerce_payment_gatewayswoocommerce-scanpay.php:263
actionwoocommerce_scheduled_subscription_payment_scanpaywoocommerce-scanpay.php:276
actionwoocommerce_order_status_completedwoocommerce-scanpay.php:277
filterallowed_redirect_hostswoocommerce-scanpay.php:291
actionwoocommerce_review_order_before_submitwoocommerce-scanpay.php:296
actionwoocommerce_blocks_payment_method_type_registrationwoocommerce-scanpay.php:319
actionbefore_woocommerce_initwoocommerce-scanpay.php:331
Maintenance & Trust

Scanpay for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedSep 30, 2025
PHP min version7.4
Downloads12K

Community Trust

Rating100/100
Number of ratings1
Active installs200
Alternatives

Scanpay for WooCommerce Alternatives

Pay with Vipps and MobilePay for WooCommerce

Pay with Vipps and MobilePay for WooCommerce

woo-vipps

A
100

Official Vipps MobilePay payment plugin for WooCommerce.

5K 1 CVE
Vipps/MobilePay recurring payments for WooCommerce

Vipps/MobilePay recurring payments for WooCommerce

vipps-recurring-payments-gateway-for-woocommerce

A
100

Vipps/MobilePay recurring payments is perfect if you run a shop with subscription based services or products that would benefit from subscriptions.

90 No CVEs
Recurio – Ultimate Subscription Plugin for WooCommerce

Recurio – Ultimate Subscription Plugin for WooCommerce

recurio

A
100

A powerful and comprehensive WooCommerce subscription management plugin with advanced analytics, automated billing, and customer portal.

400 No CVEs
Straumur Payments For WooCommerce

Straumur Payments For WooCommerce

straumur-payments-for-woocommerce

A
100

Integrate Straumur’s Hosted Checkout into your WooCommerce store. Supports subscriptions, customizable payment pages, redirects, and detailed order no …

100 No CVEs
Appalify Subscriptions for WooCommerce

Appalify Subscriptions for WooCommerce

appalify-subscriptions-for-woocommerce

A
100

Create and manage automatic recurring payments for all products. [youtube http://www.youtube.com/watch?v=8VqnLx0Nw-A]

0 No CVEs
Developer Profile

Scanpay for WooCommerce Developer Profile

scanpay

1 plugin · 200 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Scanpay for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/scanpay-for-woocommerce/public/css/meta.css/wp-content/plugins/scanpay-for-woocommerce/public/js/order.js/wp-content/plugins/scanpay-for-woocommerce/public/js/subs.js/wp-content/plugins/scanpay-for-woocommerce/public/js/settings.js/wp-content/plugins/scanpay-for-woocommerce/public/css/settings.css
Version Parameters
/scanpay-for-woocommerce/public/css/meta.css?ver=/scanpay-for-woocommerce/public/js/order.js?ver=/scanpay-for-woocommerce/public/js/subs.js?ver=/scanpay-for-woocommerce/public/js/settings.js?ver=/scanpay-for-woocommerce/public/css/settings.css?ver=

HTML / DOM Fingerprints

CSS Classes
wcsp-meta-ul
Data Attributes
data-iddata-secretdata-statusdata-totaldata-currencydata-subid+2 more
JS Globals
wcSettings.admin.scanpay
REST Endpoints
/wc-api/wc_scanpay/
FAQ

Frequently Asked Questions about Scanpay for WooCommerce