WP-Safety

Sezzle Woocommerce Payment Security & Risk Analysis

wordpress.org/plugins/sezzle-woocommerce-payment

Sezzle is an alternative payment platform that increases sales and basket sizes by enabling your customers to 'buy now and pay later' with i …

1K active installs v6.1.5 PHP 8.0+ WP 5.6.0+ Updated Dec 2, 2025
installmentspaylaterpaymentssezzle
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Sezzle Woocommerce Payment Safe to Use in 2026?

Generally Safe

Score 100/100

Sezzle Woocommerce Payment has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago
Risk Assessment

The sezzle-woocommerce-payment plugin version 6.1.5 exhibits a mixed security posture. On the positive side, it shows strong output escaping practices (95%) and a clean vulnerability history with no known CVEs. The absence of dangerous functions, shortcodes, and REST API routes also contributes to a reduced attack surface in those areas. However, there are significant concerns regarding its handling of AJAX requests. The plugin has 10 AJAX handlers, with 2 of them lacking proper authentication checks, creating potential entry points for unauthorized actions. Additionally, all SQL queries are executed without prepared statements, posing a risk of SQL injection vulnerabilities, especially if any data manipulation occurs. While taint analysis did not reveal critical or high severity issues, the presence of two flows with unsanitized paths warrants attention and further investigation. The lack of capability checks for AJAX handlers is a notable weakness that, combined with the unprotected AJAX endpoints, amplifies the risk.

Key Concerns

  • AJAX handlers without authentication checks
  • Raw SQL queries without prepared statements
  • Flows with unsanitized paths (2)
  • No capability checks on AJAX handlers
Vulnerabilities
None known

Sezzle Woocommerce Payment Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Sezzle Woocommerce Payment Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
0 prepared
Unescaped Output
2
37 escaped
Nonce Checks
5
Capability Checks
0
File Operations
2
External Requests
3
Bundled Libraries
0

SQL Query Safety

0% prepared2 total queries

Output Escaping

95% escaped39 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
woocommerce_sezzlepay_init (woocommerce-gateway-sezzle.php:57)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Sezzle Woocommerce Payment Attack Surface

Entry Points10
Unprotected2

AJAX Handlers 10

authwp_ajax_sezzle_checkoutwoocommerce-gateway-sezzle.php:1568
noprivwp_ajax_sezzle_checkoutwoocommerce-gateway-sezzle.php:1569
authwp_ajax_sezzle_express_checkout_startwoocommerce-gateway-sezzle.php:2524
noprivwp_ajax_sezzle_express_checkout_startwoocommerce-gateway-sezzle.php:2525
authwp_ajax_sezzle_calculate_address_costswoocommerce-gateway-sezzle.php:2527
noprivwp_ajax_sezzle_calculate_address_costswoocommerce-gateway-sezzle.php:2528
authwp_ajax_sezzle_send_widget_server_logwoocommerce-gateway-sezzle.php:2529
noprivwp_ajax_sezzle_send_widget_server_logwoocommerce-gateway-sezzle.php:2530
authwp_ajax_sezzle_express_checkout_completewoocommerce-gateway-sezzle.php:2532
noprivwp_ajax_sezzle_express_checkout_completewoocommerce-gateway-sezzle.php:2533
WordPress Hooks 27
actionwoocommerce_checkout_billingincludes\class-sezzle-checkout.php:56
actionwoocommerce_checkout_shippingincludes\class-sezzle-checkout.php:57
filterwoocommerce_checkout_registration_enabledincludes\class-sezzle-checkout.php:107
filterwoocommerce_checkout_registration_requiredincludes\class-sezzle-checkout.php:116
actionplugins_loadedwoocommerce-gateway-sezzle.php:53
actionplugins_loadedwoocommerce-gateway-sezzle.php:54
actionadmin_footerwoocommerce-gateway-sezzle.php:94
actionadmin_noticeswoocommerce-gateway-sezzle.php:95
filterwoocommerce_payment_gatewayswoocommerce-gateway-sezzle.php:1563
filterwoocommerce_available_payment_gatewayswoocommerce-gateway-sezzle.php:1564
filterwoocommerce_available_payment_gatewayswoocommerce-gateway-sezzle.php:1565
actionwoocommerce_single_product_summarywoocommerce-gateway-sezzle.php:1566
actionwc_ajax_sezzle_checkoutwoocommerce-gateway-sezzle.php:1570
actionwp_loadedwoocommerce-gateway-sezzle.php:1571
actionsezzle_daily_data_send_eventwoocommerce-gateway-sezzle.php:2515
actionwoocommerce_after_checkout_formwoocommerce-gateway-sezzle.php:2516
actionwoocommerce_after_checkout_formwoocommerce-gateway-sezzle.php:2517
actionwp_enqueue_scriptswoocommerce-gateway-sezzle.php:2518
actionwp_enqueue_scriptswoocommerce-gateway-sezzle.php:2519
actionwoocommerce_proceed_to_checkoutwoocommerce-gateway-sezzle.php:2522
actionwpmu_new_blogwoocommerce-gateway-sezzle.php:2628
actionwp_initialize_sitewoocommerce-gateway-sezzle.php:2630
actionactivate_blogwoocommerce-gateway-sezzle.php:2633
actionbefore_woocommerce_initwoocommerce-gateway-sezzle.php:2634
actionbefore_woocommerce_initwoocommerce-gateway-sezzle.php:2639
actionwoocommerce_blocks_loadedwoocommerce-gateway-sezzle.php:2644
actionwoocommerce_blocks_payment_method_type_registrationwoocommerce-gateway-sezzle.php:2650

Scheduled Events 1

sezzle_daily_data_send_event_cron
Maintenance & Trust

Sezzle Woocommerce Payment Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedDec 2, 2025
PHP min version8.0
Downloads98K

Community Trust

Rating80/100
Number of ratings1
Active installs1K
Alternatives

Sezzle Woocommerce Payment Alternatives

BharatX Pay In 3

BharatX Pay In 3

bharatx-pay-in-3

A
92

BharatX Pay In 3 plugin is a payment gateway plugin which allows you to accept payments in 3 easy instalments.

10 No CVEs
KosTeams Payments for Yandex Pay and Yandex Split for WooCommerce

KosTeams Payments for Yandex Pay and Yandex Split for WooCommerce

kosteams-payments-for-yandex

A
100

Accept payments via Yandex Pay, Yandex Split, or a combination of both. Increase conversion with flexible payment options using the KosTeams plugin.

50 No CVEs
Deposits & Partial Payments for WooCommerce – Deposet

Deposits & Partial Payments for WooCommerce – Deposet

deposet

A
100

Enable deposits and partial payments for WooCommerce products with flexible payment plans and installment options.

10 No CVEs
Online Course Content Selling Tool

Online Course Content Selling Tool

woo-installments

A
92

This is a great plugin to sell your products like courses and online classes with partial payments or deposits. Your audience will be really happy wit …

10 No CVEs
PlugStudio Installment Calculator for WooCommerce

PlugStudio Installment Calculator for WooCommerce

mz-calculate-fees

A
100

Display an installment dropdown on WooCommerce product pages and show the monthly payment amount based on months and interest settings.

0 No CVEs
Developer Profile

Sezzle Woocommerce Payment Developer Profile

Sezzle

1 plugin · 1K total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Sezzle Woocommerce Payment

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/sezzle-woocommerce-payment/assets/css/sezzle.css/wp-content/plugins/sezzle-woocommerce-payment/assets/js/sezzle.js
Script Paths
https://checkout-sdk.sezzle.com/express_checkout.min.js
Version Parameters
sezzle-woocommerce-payment/assets/css/sezzle.css?ver=sezzle-woocommerce-payment/assets/js/sezzle.js?ver=

HTML / DOM Fingerprints

CSS Classes
sezzle-logo-sm-100w.png
Data Attributes
data-sezzle-gateway-url
JS Globals
sezzleSezzlePayConfig
REST Endpoints
/wp-json/sezzle/v1/express-checkout
FAQ

Frequently Asked Questions about Sezzle Woocommerce Payment