WP-Safety

TradeSafe Payment Gateway for WooCommerce Security & Risk Analysis

wordpress.org/plugins/tradesafe-payment-gateway

The official TradeSafe plugin for WooCommerce

40 active installs v2.22.2 PHP 8.0+ WP 5.5+ Updated Aug 27, 2025
credit-carddokanescrowpayment-gatewaywoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is TradeSafe Payment Gateway for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

TradeSafe Payment Gateway for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7mo ago
Risk Assessment

The 'tradesafe-payment-gateway' plugin v2.22.2 exhibits a generally strong security posture based on the provided static analysis. The absence of known CVEs and unpatched vulnerabilities is a significant positive indicator. The code also demonstrates good practices by using prepared statements for all SQL queries and performing a high percentage of output escaping. The limited attack surface with zero identified entry points without authentication checks further strengthens its security.

However, there are a few areas that warrant attention. The presence of one unsanitized path flow in the taint analysis, although not categorized as critical or high severity, indicates a potential weakness that could be exploited under specific conditions. Additionally, the plugin utilizes the Guzzle library, which, if not kept up-to-date, could introduce vulnerabilities. While the code has nonces and some capability checks, the complete lack of capability checks on REST API routes and AJAX handlers (as indicated by the count of 0) is a notable gap, meaning sensitive operations might be accessible without proper authorization if such endpoints existed.

Overall, the plugin appears to be developed with security in mind, evident in its proactive measures like prepared SQL statements and good output escaping. The lack of historical vulnerabilities is reassuring. The primary areas for improvement are addressing the unsanitized path flow, ensuring the bundled Guzzle library is up-to-date, and implementing capability checks for any potential future or existing, but not explicitly listed, entry points to achieve a more robust security profile.

Key Concerns

  • Unsanitized path flow in taint analysis
  • Bundled Guzzle library
  • Zero capability checks on REST API routes
  • Zero capability checks on AJAX handlers
Vulnerabilities
None known

TradeSafe Payment Gateway for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

TradeSafe Payment Gateway for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
19
152 escaped
Nonce Checks
3
Capability Checks
0
File Operations
1
External Requests
0
Bundled Libraries
1

Bundled Libraries

Guzzle

Output Escaping

89% escaped171 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

4 flows1 with unsanitized paths
edit_user_profile_token (src\class-tradesafeprofile.php:509)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

TradeSafe Payment Gateway for WooCommerce Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 46
actionwoocommerce_order_status_completedsrc\class-tradesafe.php:23
actionwoocommerce_order_status_completed_to_deliveredsrc\class-tradesafe.php:32
actionwoocommerce_order_status_processing_to_deliveredsrc\class-tradesafe.php:41
actionwoocommerce_order_status_refundedsrc\class-tradesafe.php:50
actionwoocommerce_order_status_cancelledsrc\class-tradesafe.php:51
actionwoocommerce_review_order_before_paymentsrc\class-tradesafe.php:52
actionadmin_headsrc\class-tradesafe.php:55
actionwp_headsrc\class-tradesafe.php:59
filterpre_update_option_dokan_sellingsrc\class-tradesafe.php:62
filterwoocommerce_available_payment_gatewayssrc\class-tradesafe.php:64
filterwoocommerce_checkout_fieldssrc\class-tradesafe.php:66
filterwc_order_statusessrc\class-tradesafe.php:68
filterbulk_actions-edit-shop_ordersrc\class-tradesafe.php:69
actionparse_requestsrc\class-tradesafe.php:74
filterquery_varssrc\class-tradesafe.php:83
actiondokan_store_profile_savedsrc\class-tradesafedokan.php:21
actiondokan_seller_wizard_payment_field_savesrc\class-tradesafedokan.php:22
actiondokan_after_withdraw_requestsrc\class-tradesafedokan.php:31
actiondokan_withdraw_contentsrc\class-tradesafedokan.php:32
actiondokan_dashboard_left_widgetssrc\class-tradesafedokan.php:33
actiondokan_withdraw_request_approvedsrc\class-tradesafedokan.php:34
filterdokan_withdraw_methodssrc\class-tradesafedokan.php:37
filterdokan_get_seller_active_withdraw_methodssrc\class-tradesafedokan.php:38
filterdokan_payment_settings_required_fieldssrc\class-tradesafedokan.php:39
filterdokan_withdraw_is_valid_requestsrc\class-tradesafedokan.php:40
filterquery_varssrc\class-tradesafeprofile.php:31
actionwoocommerce_checkout_update_customersrc\class-tradesafeprofile.php:35
actionwoocommerce_account_tradesafe-withdrawal_endpointsrc\class-tradesafeprofile.php:48
filterwoocommerce_account_menu_itemssrc\class-tradesafeprofile.php:57
filterthe_titlesrc\class-tradesafeprofile.php:64
actionedit_user_profilesrc\class-tradesafeprofile.php:71
actionshow_user_profilesrc\class-tradesafeprofile.php:72
actionwoocommerce_admin_order_data_after_order_detailssrc\class-wc-gateway-tradesafe.php:57
actionwoocommerce_receipt_tradesafesrc\class-wc-gateway-tradesafe.php:58
actionpost_action_tradesafe_deliversrc\class-wc-gateway-tradesafe.php:59
actionadmin_noticessrc\class-wc-gateway-tradesafe.php:60
actioninittradesafe-payment-gateway.php:70
actioninittradesafe-payment-gateway.php:71
actioninittradesafe-payment-gateway.php:72
filterwoocommerce_payment_gatewaystradesafe-payment-gateway.php:75
actionplugins_loadedtradesafe-payment-gateway.php:78
actionplugins_loadedtradesafe-payment-gateway.php:79
actionbefore_woocommerce_inittradesafe-payment-gateway.php:80
actionwoocommerce_blocks_loadedtradesafe-payment-gateway.php:81
filterplugin_row_metatradesafe-payment-gateway.php:128
actionwoocommerce_blocks_payment_method_type_registrationtradesafe-payment-gateway.php:380
Maintenance & Trust

TradeSafe Payment Gateway for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedAug 27, 2025
PHP min version8.0
Downloads12K

Community Trust

Rating100/100
Number of ratings2
Active installs40
Alternatives

TradeSafe Payment Gateway for WooCommerce Alternatives

Asaas Gateway for WooCommerce

Asaas Gateway for WooCommerce

woo-asaas

A
100

Take transparent credit card and bank ticket payment checkouts on your store using Asaas.

9K No CVEs
Gestpay for WooCommerce

Gestpay for WooCommerce

gestpay-for-woocommerce

A
99

Axerve Free Plugin for Woocommerce extends WooCommerce providing the payment gateway Axerve.

1K 3 CVEs
PayPlus Payment Gateway

PayPlus Payment Gateway

payplus-payment-gateway

A
93

Accept credit/debit card payments or other methods such as bit, Apple Pay, Google Pay in one page. Create digitally signed invoices & much more!

1K 3 CVEs
WC Moneris Payment Gateway

WC Moneris Payment Gateway

wc-moneris-payment-gateway

A
100

A simple plugin that easily add moneris payment gateway to your WooCommerce website.

900 No CVEs
WC Shop Sync – Square Payment Gateway and Product Synchronization for WooCommerce

WC Shop Sync – Square Payment Gateway and Product Synchronization for WooCommerce

woosquare

A
99

Want to add Square Payment Gateway for WooCommerce? Download WC Shop Sync plugin to add Square payments, inventory sync, customer data, orders, etc.

900 2 CVEs
Developer Profile

TradeSafe Payment Gateway for WooCommerce Developer Profile

TradeSafe Escrow

1 plugin · 40 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect TradeSafe Payment Gateway for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/tradesafe-payment-gateway/assets/css/admin/tradesafe-admin-style.css/wp-content/plugins/tradesafe-payment-gateway/assets/css/admin/tradesafe-admin-style-vue.css/wp-content/plugins/tradesafe-payment-gateway/assets/css/frontend/tradesafe-frontend-style.css/wp-content/plugins/tradesafe-payment-gateway/assets/js/admin/tradesafe-admin-script.js/wp-content/plugins/tradesafe-payment-gateway/assets/js/admin/tradesafe-admin-script-vue.js/wp-content/plugins/tradesafe-payment-gateway/assets/js/frontend/tradesafe-frontend-script.js
Script Paths
/wp-content/plugins/tradesafe-payment-gateway/assets/js/admin/tradesafe-admin-script.js/wp-content/plugins/tradesafe-payment-gateway/assets/js/admin/tradesafe-admin-script-vue.js/wp-content/plugins/tradesafe-payment-gateway/assets/js/frontend/tradesafe-frontend-script.js
Version Parameters
tradesafe-payment-gateway/assets/css/admin/tradesafe-admin-style.css?ver=tradesafe-payment-gateway/assets/css/admin/tradesafe-admin-style-vue.css?ver=tradesafe-payment-gateway/assets/css/frontend/tradesafe-frontend-style.css?ver=tradesafe-payment-gateway/assets/js/admin/tradesafe-admin-script.js?ver=tradesafe-payment-gateway/assets/js/admin/tradesafe-admin-script-vue.js?ver=tradesafe-payment-gateway/assets/js/frontend/tradesafe-frontend-script.js?ver=

HTML / DOM Fingerprints

CSS Classes
tradesafe-logotradesafe-admin-wrappertradesafe-payment-methodstradesafe-payment-gateway-button
HTML Comments
<!-- TradeSafe Payment Gateway Settings --><!-- TradeSafe Payment Gateway Frontend -->
Data Attributes
data-tradesafe-payment-urldata-tradesafe-order-iddata-tradesafe-nonce
JS Globals
tradesafe_frontend_params
REST Endpoints
/wp-json/tradesafe/v1/payment/create/wp-json/tradesafe/v1/payment/status
FAQ

Frequently Asked Questions about TradeSafe Payment Gateway for WooCommerce