WP-Safety

sqrip.ch Security & Risk Analysis

wordpress.org/plugins/sqrip-swiss-qr-invoice

sqrip – A comprehensive, flexible and clever WooCommerce finance tool for the most widely used payment method in Switzerland: the bank transfers.

100 active installs v1.8.4 PHP 7.0+ WP 4.7+ Updated May 21, 2024
paymentqrqrcodesqripwoocommerce
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is sqrip.ch Safe to Use in 2026?

Generally Safe

Score 92/100

sqrip.ch has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The "sqrip-swiss-qr-invoice" plugin, version 1.8.4, exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices by utilizing prepared statements for all SQL queries and has no recorded vulnerability history, suggesting a generally well-maintained codebase. However, a significant concern arises from the attack surface analysis. With a total of 10 AJAX handlers, half of them (5) lack authentication checks. This presents a direct pathway for unauthenticated users to potentially interact with sensitive functionality. While taint analysis didn't reveal critical or high-severity issues, the presence of 3 flows with unsanitized paths is a red flag, especially in conjunction with the unprotected AJAX endpoints, as it could lead to unexpected behavior or data manipulation if those paths are triggered by malicious input.

The absence of any historical CVEs is a strong indicator of good security stewardship. However, this should not breed complacency, particularly given the identified weaknesses in the current version. The plugin's strengths lie in its SQL handling and lack of historical vulnerabilities, but the significant number of unprotected AJAX endpoints and the potential for unsanitized path flows represent a notable risk that needs to be addressed to improve its overall security.

Key Concerns

  • Unprotected AJAX handlers
  • Flows with unsanitized paths
  • Low capability check coverage
Vulnerabilities
None known

sqrip.ch Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

sqrip.ch Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
23
97 escaped
Nonce Checks
5
Capability Checks
1
File Operations
4
External Requests
6
Bundled Libraries
0

Output Escaping

81% escaped120 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

4 flows3 with unsanitized paths
sqrip_generate_new_qr_code (inc\sqrip-ajax.php:11)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
5 unprotected

sqrip.ch Attack Surface

Entry Points10
Unprotected5

AJAX Handlers 10

authwp_ajax_sqrip_generate_new_qr_codeinc\sqrip-ajax.php:9
authwp_ajax_sqrip_get_shop_nameinc\sqrip-ajax.php:35
authwp_ajax_sqrip_preview_addressinc\sqrip-ajax.php:50
authwp_ajax_sqrip_validation_ibaninc\sqrip-ajax.php:72
authwp_ajax_sqrip_validation_tokeninc\sqrip-ajax.php:127
authwp_ajax_sqrip_mark_refund_paidinc\sqrip-ajax.php:187
authwp_ajax_sqrip_mark_refund_unpaidinc\sqrip-ajax.php:217
authwp_ajax_sqrip_validation_refund_tokeninc\sqrip-ajax.php:251
authwp_ajax_sqrip_payment_confirmedinc\sqrip-ajax.php:267
noprivwp_ajax_sqrip_payment_confirmedinc\sqrip-ajax.php:268
WordPress Hooks 35
filterwoocommerce_payment_gatewayssqrip-woocommerce.php:45
actionplugins_loadedsqrip-woocommerce.php:59
actionplugins_loadedsqrip-woocommerce.php:66
actionadmin_noticessqrip-woocommerce.php:89
actionadmin_enqueue_scriptssqrip-woocommerce.php:140
actionwp_enqueue_scriptssqrip-woocommerce.php:203
actionbefore_woocommerce_initsqrip-woocommerce.php:225
actionadd_meta_boxessqrip-woocommerce.php:238
filterwoocommerce_email_attachmentssqrip-woocommerce.php:407
actionwoocommerce_order_details_after_order_tablesqrip-woocommerce.php:456
filterwp_insert_post_datasqrip-woocommerce.php:521
actionwoocommerce_after_order_refund_item_namesqrip-woocommerce.php:669
actionwoocommerce_order_refundedsqrip-woocommerce.php:713
actionshow_user_profilesqrip-woocommerce.php:749
actionedit_user_profilesqrip-woocommerce.php:750
actionpersonal_options_updatesqrip-woocommerce.php:779
actionedit_user_profile_updatesqrip-woocommerce.php:780
actionupdated_post_metasqrip-woocommerce.php:817
filterwoocommerce_validate_postcodesqrip-woocommerce.php:820
actioninitsqrip-woocommerce.php:843
actioninitsqrip-woocommerce.php:866
actioninitsqrip-woocommerce.php:889
actioninitsqrip-woocommerce.php:912
filterwc_order_statusessqrip-woocommerce.php:935
filterwc_order_statusessqrip-woocommerce.php:959
filterwc_order_statusessqrip-woocommerce.php:982
filterwc_order_statusessqrip-woocommerce.php:1007
filterwoocommerce_admin_order_actionssqrip-woocommerce.php:1010
actionwoocommerce_order_status_changedsqrip-woocommerce.php:1067
actionwoocommerce_thankyousqrip-woocommerce.php:1117
actionwoocommerce_admin_order_data_after_order_detailssqrip-woocommerce.php:1141
filterbulk_actions-edit-shop_ordersqrip-woocommerce.php:1162
filterhandle_bulk_actions-edit-shop_ordersqrip-woocommerce.php:1188
actionwoocommerce_blocks_loadedsqrip-woocommerce.php:1223
actionwoocommerce_blocks_payment_method_type_registrationsqrip-woocommerce.php:1228
Maintenance & Trust

sqrip.ch Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8
Last updatedMay 21, 2024
PHP min version7.0
Downloads14K

Community Trust

Rating100/100
Number of ratings5
Active installs100
Alternatives

sqrip.ch Alternatives

Razorpay Payment Links for WooCommerce

Razorpay Payment Links for WooCommerce

rzp-woocommerce

A
100

The easiest and most secure solution to collect payments with WooCommerce. Allow customers to securely pay via Razorpay (Credit/Debit Cards, NetBankin …

1K No CVEs
UPI QR Code Payment Gateway

UPI QR Code Payment Gateway

upi-qr-code-payment-gateway

A
92

This Plugin enables WooCommerce shop owners to get direct and instant payments through UPI apps like GPay, PhonePe, Paytm or any banking UPI app.

1K No CVEs
PromptPay

PromptPay

wp-promptpay

A
85

PromptPay integration for WordPress, contract creator if any

100 No CVEs
Autopilot For UPI QR Code Payment Gateway for WooCommerce

Autopilot For UPI QR Code Payment Gateway for WooCommerce

autopilot-for-upi-qr-code-payment-gateway

A
92

This plugin automates the payment verification process for WooCommerce orders made through the UPI QR Code Payment Gateway for WooCommerce, facilitati …

90 No CVEs
Negpay qrcode Payment Gateway

Negpay qrcode Payment Gateway

integration-qr-code-payment-gateway

A
100

This Plugin enables WooCommerce shopowners to instant payments through bank apps like banking app to save payment gateway charges in Mongolia.

0 No CVEs
Developer Profile

sqrip.ch Developer Profile

netmex

1 plugin · 100 total installs

88
trust score
Avg Security Score
92/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect sqrip.ch

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/sqrip-swiss-qr-invoice/css/sqrip-admin.css/wp-content/plugins/sqrip-swiss-qr-invoice/js/sqrip-admin.js/wp-content/plugins/sqrip-swiss-qr-invoice/js/sqrip-order.js/wp-content/plugins/sqrip-swiss-qr-invoice/css/sqrip-order.css/wp-content/plugins/sqrip-swiss-qr-invoice/js/sqrip-fe.js
Script Paths
https://cdn.jsdelivr.net/npm/select2@4.1.0/dist/js/select2.min.js
Version Parameters
sqrip-admin.css?ver=sqrip-admin.js?ver=sqrip-order.js?ver=sqrip-order.css?ver=sqrip-fe.js?ver=select2@4.1.0/dist/css/select2.min.cssselect2@4.1.0/dist/js/select2.min.js

HTML / DOM Fingerprints

JS Globals
sqrip
FAQ

Frequently Asked Questions about sqrip.ch