Does SumUp Payment Gateway For WooCommerce have any unpatched vulnerabilities?

No. All known vulnerabilities in SumUp Payment Gateway For WooCommerce have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is SumUp Payment Gateway For WooCommerce compatible with WordPress 6.7.5?

According to WordPress.org data, SumUp Payment Gateway For WooCommerce 2.8.2 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is SumUp Payment Gateway For WooCommerce compatible with PHP 7.2+?

SumUp Payment Gateway For WooCommerce requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is SumUp Payment Gateway For WooCommerce updated?

SumUp Payment Gateway For WooCommerce was last updated on Mar 4, 2026. Frequent updates are generally a positive security signal.

What is SumUp Payment Gateway For WooCommerce's security score?

SumUp Payment Gateway For WooCommerce has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

SumUp Payment Gateway For WooCommerce Security & Risk Analysis

wordpress.org/plugins/sumup-payment-gateway-for-woocommerce

The SumUp plugin for WooCommerce allows businesses to securely process payments online. Accept payments from customers using a range of payment method …

10K active installs v2.8.2 PHP 7.2+ WP 5.0+ Updated Mar 4, 2026

ecommercepayment-gatewaypaymentssumupwoocommerce

A · Safe

CVEs total1

Unpatched0

Last CVEJan 19, 2026

Plugin page Download

Safety Verdict

Is SumUp Payment Gateway For WooCommerce Safe to Use in 2026?

Generally Safe

Score 99/100

SumUp Payment Gateway For WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jan 19, 2026Updated 29d ago

Risk Assessment

The "sumup-payment-gateway-for-woocommerce" plugin, version 2.8.2, exhibits a mixed security posture. On the positive side, it demonstrates good practices regarding SQL queries, utilizing prepared statements exclusively, and a reasonable proportion of output escaping. It also has a moderate number of capability checks, suggesting some effort towards access control.

However, several areas raise concerns. The plugin has a notable attack surface with two unprotected entry points: one AJAX handler and two REST API routes lacking permission callbacks. While no critical or high severity taint flows were identified, one flow with an unsanitized path exists. The plugin also has a history of vulnerabilities, specifically a medium severity one, indicating potential recurring weaknesses. The presence of only one nonce check for its attack surface is also a point of concern, especially with unprotected AJAX handlers.

Overall, while the plugin avoids critical code-level vulnerabilities in this version and has a good record with SQL, the unprotected entry points and the historical vulnerability pattern warrant attention. The presence of an unsanitized path flow, though not classified as critical, is a direct code-level risk that should be addressed. Users should be aware of these potential weaknesses and monitor for future updates that address these specific concerns.

Key Concerns

Unprotected REST API routes
Unprotected AJAX handler
Flow with unsanitized paths
Historical medium vulnerability
Limited nonce checks on attack surface

Vulnerabilities

SumUp Payment Gateway For WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2026

2026

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2026-24583medium · 5.3Missing Authorization

SumUp Payment Gateway For WooCommerce <= 2.7.9 - Missing Authorization

Jan 19, 2026 Patched in 2.7.10 (19d)

Code Analysis

Analyzed Mar 16, 2026

SumUp Payment Gateway For WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

50 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

78% escaped64 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

3 flows1 with unsanitized paths

check_redirect_flow (includes\class-wc-sumup-gateway.php:965)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

SumUp Payment Gateway For WooCommerce Attack Surface

Entry Points4

Unprotected2

AJAX Handlers 1

authwp_ajax_sumup_connectincludes\class-wc-sumup-onboarding.php:47

REST API Routes 3

GET/wp-json/sumup_connection/v1connectincludes\api\class-sumup-connect.php:8

GET/wp-json/sumup_disconnection/v1disconnectincludes\api\class-sumup-disconnect.php:12

GET/wp-json/sumup_connection/v1validateincludes\api\class-sumup-validate.php:8

WordPress Hooks 27

actionwoocommerce_api_sumup_api_handlerincludes\api\class-sumup-api-handler.php:19

actionrest_api_initincludes\api\class-sumup-connect.php:7

actionrest_api_initincludes\api\class-sumup-disconnect.php:11

actionrest_api_initincludes\api\class-sumup-validate.php:7

filtersumup_api_handlersincludes\api\handlers\class-sumup-connect-website-handler.php:12

filtersumup_api_handlersincludes\api\handlers\class-sumup-create-checkout.php:16

filtersumup_api_handlersincludes\api\handlers\class-sumup-validation-website-handler.php:13

actionwp_enqueue_scriptsincludes\class-wc-sumup-gateway.php:241

actionwoocommerce_before_thankyouincludes\class-wc-sumup-gateway.php:242

actionwoocommerce_api_wc_gateway_sumupincludes\class-wc-sumup-gateway.php:243

actiontemplate_redirectincludes\class-wc-sumup-gateway.php:244

actionprocess_webhook_orderincludes\class-wc-sumup-gateway.php:245

actionprocess_webhook_order_priorityincludes\class-wc-sumup-gateway.php:246

actionwoocommerce_before_checkout_formincludes\class-wc-sumup-gateway.php:1010

actionadmin_noticessumup-payment-gateway-for-woocommerce.php:36

actionadmin_noticessumup-payment-gateway-for-woocommerce.php:41

filterplugin_row_metasumup-payment-gateway-for-woocommerce.php:70

actionadmin_noticessumup-payment-gateway-for-woocommerce.php:83

actionadmin_noticessumup-payment-gateway-for-woocommerce.php:142

filterwoocommerce_payment_gatewayssumup-payment-gateway-for-woocommerce.php:184

actionplugins_loadedsumup-payment-gateway-for-woocommerce.php:187

actionadmin_enqueue_scriptssumup-payment-gateway-for-woocommerce.php:246

actionwoocommerce_blocks_loadedsumup-payment-gateway-for-woocommerce.php:248

actionwp_enqueue_scriptssumup-payment-gateway-for-woocommerce.php:256

actionwoocommerce_blocks_payment_method_type_registrationsumup-payment-gateway-for-woocommerce.php:268

actionbefore_woocommerce_initsumup-payment-gateway-for-woocommerce.php:276

actionplugins_loadedsumup-payment-gateway-for-woocommerce.php:295

Maintenance & Trust

SumUp Payment Gateway For WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedMar 4, 2026

PHP min version7.2

Downloads259K

Community Trust

Rating46/100

Number of ratings36

Active installs10K

Alternatives

SumUp Payment Gateway For WooCommerce Alternatives

MONEI Payments for WooCommerce

monei

100

Accept Card, Apple Pay, Google Pay, Bizum, PayPal and many more payment methods in your WooCommerce store using MONEI payment gateway.

400 No CVEs

Paystation Payment Gateway for woocommerce

paystation-woocommerce-payment-gateway

100

Take credit card payments on your store via Paystation.

100 No CVEs

Ecart Pay

ecart-pay

100

Ecart Pay allows online merchants to quickly and securely accept payments through WooCommerce. With multiple payment options, this plugin is easy to s …

80 No CVEs

kevin. Payment Gateway for WooCommerce

e-commerce-payment-gateway-kevin

100

kevin. Payment Gateway plugin for WooCommerce. Let your customers make fast, simple and secure payments directly from their bank accounts across Europ …

30 No CVEs

Nimbbl

nimbbl-for-woocommerce

100

Welcome to the official Nimbbl WooCommerce plugin, support auto-fill address. Get higher conversions with multiple payment gateways, COD, UPI, BNPL an …

20 No CVEs

Developer Profile

SumUp Payment Gateway For WooCommerce Developer Profile

sumup

1 plugin · 10K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

19 days

View full developer profile

Detection Fingerprints

How We Detect SumUp Payment Gateway For WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/sumup-payment-gateway-for-woocommerce/assets/css/settings.css/wp-content/plugins/sumup-payment-gateway-for-woocommerce/assets/js/settings.min.js/wp-content/plugins/sumup-payment-gateway-for-woocommerce/assets/js/sumup-checkout.min.js/wp-content/plugins/sumup-payment-gateway-for-woocommerce/assets/js/sumup-onboarding.min.js

Script Paths

/wp-content/plugins/sumup-payment-gateway-for-woocommerce/assets/js/settings.min.js/wp-content/plugins/sumup-payment-gateway-for-woocommerce/assets/js/sumup-checkout.min.js/wp-content/plugins/sumup-payment-gateway-for-woocommerce/assets/js/sumup-onboarding.min.js

Version Parameters

sumup-payment-gateway-for-woocommerce/assets/css/settings.css?ver=sumup-payment-gateway-for-woocommerce/assets/js/settings.min.js?ver=sumup-payment-gateway-for-woocommerce/assets/js/sumup-checkout.min.js?ver=sumup-payment-gateway-for-woocommerce/assets/js/sumup-onboarding.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

sumup-payment-gateway-for-woocommerce

Data Attributes

data-sumup-api-keydata-sumup-gateway-urldata-sumup-gateway-currencydata-sumup-checkout-url

JS Globals

sumup_checkoutsumup_connectsumup_onboarding_init

REST Endpoints

/wp-json/sumup-payment-gateway-for-woocommerce/v1/connect/wp-json/sumup-payment-gateway-for-woocommerce/v1/disconnect

FAQ