Does SePay Gateway have any unpatched vulnerabilities?

No. All known vulnerabilities in SePay Gateway have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is SePay Gateway compatible with WordPress 6.9.4?

According to WordPress.org data, SePay Gateway 1.1.20 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is SePay Gateway compatible with PHP 7.2+?

SePay Gateway requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is SePay Gateway updated?

SePay Gateway was last updated on Feb 5, 2026. Frequent updates are generally a positive security signal.

What is SePay Gateway's security score?

SePay Gateway has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

SePay Gateway Security & Risk Analysis

wordpress.org/plugins/sepay-gateway

Thanh toán QR chuyển khoản (VietQR) bởi SePay cho WooCommerce. Hỗ trợ hơn 50 ngân hàng. Kết nối 15+ ngân hàng để xác nhận tự động.

1K active installs v1.1.20 PHP 7.2+ WP 5.6+ Updated Feb 5, 2026

ngan-hangpayment-gatewaythanh-toanvietqrwoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is SePay Gateway Safe to Use in 2026?

Generally Safe

Score 100/100

SePay Gateway has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The sepay-gateway plugin version 1.1.20 exhibits a generally strong security posture, with excellent practices in SQL query handling and output escaping. The plugin utilizes prepared statements for all SQL queries, which significantly mitigates the risk of SQL injection vulnerabilities. Furthermore, nearly all output is properly escaped, reducing the likelihood of cross-site scripting (XSS) attacks. The absence of known CVEs and a clean vulnerability history are positive indicators, suggesting a well-maintained and secure plugin over time.

However, there are notable concerns regarding the attack surface. The plugin exposes two REST API routes without proper permission callbacks, making them potentially accessible to unauthenticated users. Additionally, one out of two analyzed taint flows involves unsanitized paths, which, while not rated as critical or high, still represents a potential avenue for exploitation if not handled carefully. The presence of external HTTP requests also warrants attention, as these can be points of interaction with external services that might have their own vulnerabilities or be subject to man-in-the-middle attacks if not implemented securely.

In conclusion, sepay-gateway version 1.1.20 is largely secure due to its robust SQL and output handling. The primary weaknesses lie in the unprotected REST API routes and the identified unsanitized path flow, which represent the most immediate areas for improvement. The plugin's lack of a vulnerability history is a strength, but the identified attack surface issues should not be overlooked.

Key Concerns

REST API routes without permission callbacks
Taint flow with unsanitized path
AJAX handlers without auth checks

Vulnerabilities

None known

SePay Gateway Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

SePay Gateway Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

83 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

99% escaped84 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths

sepay_handle_oauth_callback (includes\class-wc-gateway-sepay.php:786)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

SePay Gateway Attack Surface

Entry Points8

Unprotected2

AJAX Handlers 6

noprivwp_ajax_sepay_check_order_statussepay-gateway.php:89

authwp_ajax_sepay_check_order_statussepay-gateway.php:90

authwp_ajax_setup_sepay_webhooksepay-gateway.php:91

authwp_ajax_sepay_get_bank_accountssepay-gateway.php:380

authwp_ajax_sepay_get_bank_sub_accountssepay-gateway.php:381

authwp_ajax_sepay_get_pay_code_prefixessepay-gateway.php:382

REST API Routes 2

POST/wp-json/sepay-gateway/v1/add-paymentsepay-gateway.php:225

POST/wp-json/sepay-gateway/v2/add-paymentsepay-gateway.php:231

WordPress Hooks 12

actionadmin_initincludes\class-wc-gateway-sepay.php:73

actionwoocommerce_api_wc_sepay_oauthincludes\class-wc-gateway-sepay.php:74

actionplugins_loadedsepay-gateway.php:41

filterwoocommerce_payment_gatewayssepay-gateway.php:71

actionadmin_noticessepay-gateway.php:82

actionrest_api_initsepay-gateway.php:224

actionbefore_woocommerce_initsepay-gateway.php:378

actionwoocommerce_blocks_loadedsepay-gateway.php:439

actionwoocommerce_blocks_payment_method_type_registrationsepay-gateway.php:446

actionadmin_enqueue_scriptssepay-gateway.php:455

actionadmin_initsepay-gateway.php:485

actionupgrader_process_completesepay-gateway.php:498

Maintenance & Trust

SePay Gateway Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 5, 2026

PHP min version7.2

Downloads13K

Community Trust

Rating100/100

Number of ratings2

Active installs1K

Alternatives

SePay Gateway Alternatives

Thanh toán chuyển khoản ngân hàng với VietQRPro từ Sổ Bán Hàng

thanh-toan-chuyen-khoan-ngan-hang-voi-vietqr

100

Kết nối ngân hàng VN vào WooCommerce. Xác nhận đơn hàng qua VietQR. Sử dụng VietQRPro của Sổ Bán Hàng. Đơn giản để bắt đầu!!!

10 No CVEs

Thanh Toán Quét Mã QR Code Tự Động – MoMo, ViettelPay, VNPay và 40 ngân hàng Việt Nam

bck-tu-dong-xac-nhan-thanh-toan-chuyen-khoan-ngan-hang

Tích hợp thanh toán quét mã QR Code MoMo, ViettelPay, VNPay, Vietcombank, Vietinbank, Techcombank, MB, ACB, VPBank, TPBank.. cho Woocommerce

500 1 unpatched

Casso – Tự động xác nhận thanh toán chuyển khoản ngân hàng

casso-tu-dong-xac-nhan-thanh-toan-chuyen-khoan-ngan-hang

Kết nối các ngân hàng Việt Nam vào Woocommerce, tự động xác nhận đơn hàng đã thanh toán. Hỗ trợ hơn 10 ngân hàng : VietinBank, OCB, Vietcombank, Techc …

300 1 CVE

Tích hợp Thanh Toán Quét Mã QR Code – MoMo, ViettelPay, Vietcombank

qh-testpay

Tích hợp thanh toán quét mã QR Code với MoMo, ViettelPay, VNPay, Vietcombank, Vietinbank, Techcombank, MB, ACB, VPBank, TPBank.. cho Woocommerce

100 No CVEs

Thanh Toán Quét Mã QR Code Tự Động – MoMo, ViettelPay, MB, Vietcombank, Vietinbank, Techcombank, Agribank, ACB, BIDV

thanh-toan-chuyen-khoan

Tích hợp thanh toán quét mã QR Code với MoMo, ViettelPay, VNPay, Vietcombank, Vietinbank, Techcombank, MB, ACB, VPBank, TPBank.. cho Woocommerce

80 No CVEs

Developer Profile

SePay Gateway Developer Profile

sepayteam

1 plugin · 1K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect SePay Gateway

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/sepay-gateway/assets/css/frontend/sepay_checkout.css/wp-content/plugins/sepay-gateway/assets/js/frontend/sepay_checkout.js

Script Paths

/wp-content/plugins/sepay-gateway/assets/js/frontend/sepay_checkout.js

Version Parameters

sepay-gateway/assets/css/frontend/sepay_checkout.css?ver=sepay-gateway/assets/js/frontend/sepay_checkout.js?ver=

HTML / DOM Fingerprints

CSS Classes

sepay-checkout-wrappersepay-qr-code-containersepay-bank-transfer-infosepay-payment-status-message

HTML Comments

Data Attributes

data-sepay-order-iddata-sepay-noncedata-sepay-ajax-url

JS Globals

sepay_checkout_params

REST Endpoints

/wp-json/sepay-gateway/v

Shortcode Output

[sepay_payment_form][sepay_qr_code][sepay_bank_details][sepay_payment_status]

FAQ