WP-Safety

Trust Payments Gateway for WooCommerce Security & Risk Analysis

wordpress.org/plugins/trust-payments-hosted-payment-pages-integration

This plugin offers a simple and easy to implement method for merchants to add e-payment capabilities to their WooCommerce online commerce setup.

400 active installs v2.1.1 PHP 8.1.20+ WP 4.7+ Updated Mar 11, 2026
apple-paycredit-cardgoogle-paytrust-payment-gatewaywallet
98
A · Safe
CVEs total1
Unpatched0
Last CVEMar 20, 2025
Plugin page Download
Safety Verdict

Is Trust Payments Gateway for WooCommerce Safe to Use in 2026?

Generally Safe

Score 98/100

Trust Payments Gateway for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Mar 20, 2025Updated 23d ago
Risk Assessment

The "trust-payments-hosted-payment-pages-integration" plugin v2.1.1 exhibits a mixed security posture. On the positive side, it demonstrates excellent practices regarding SQL queries, with all 8 utilizing prepared statements, and a very high percentage (97%) of output escaping, indicating a strong defense against common injection vulnerabilities. The absence of file operations and bundled libraries also reduces potential attack vectors.

However, there are notable areas of concern. The plugin presents a significant attack surface with 25 entry points, 4 of which lack authentication checks. This is a critical oversight as it allows unauthenticated users to trigger potentially sensitive actions. While taint analysis shows no critical or high severity flows, 2 flows with unsanitized paths warrant attention, as they could be exploited under certain conditions. Furthermore, the plugin has a history of one high severity CVE, a SQL Injection vulnerability, which, although currently patched, suggests a historical susceptibility to such attacks. The lack of capability checks on AJAX handlers is also a significant weakness that could be exploited.

In conclusion, while the plugin has implemented robust defenses against SQL injection and output escaping, the substantial number of unprotected AJAX handlers and the historical high-severity vulnerability are significant weaknesses. The presence of unsanitized paths in taint analysis, though not currently critical, should also be addressed. Improvements in authentication and authorization for entry points are crucial to enhance the overall security.

Key Concerns

  • Unprotected AJAX handlers
  • Flows with unsanitized paths
  • Historical high severity CVE
  • Lack of capability checks
Vulnerabilities
1

Trust Payments Gateway for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

High
1

1 total CVE

CVE-2025-28942high · 7.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Trust Payments Gateway for WooCommerce <= 1.1.4 - Unauthenticated SQL Injection

Mar 20, 2025 Patched in 2.0.0 (98d)
Code Analysis
Analyzed Mar 16, 2026

Trust Payments Gateway for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
8 prepared
Unescaped Output
22
624 escaped
Nonce Checks
14
Capability Checks
0
File Operations
0
External Requests
8
Bundled Libraries
0

SQL Query Safety

100% prepared8 total queries

Output Escaping

97% escaped646 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

5 flows2 with unsanitized paths
securetrading_render_payment_pages (includes\class-securetrading-moto-payment.php:87)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

Trust Payments Gateway for WooCommerce Attack Surface

Entry Points25
Unprotected4

AJAX Handlers 24

noprivwp_ajax_webservices_save_card_tokenincludes\class-trust-payments.php:177
authwp_ajax_webservices_save_card_tokenincludes\class-trust-payments.php:178
authwp_ajax_st_api_update_address_mystincludes\class-trust-payments.php:181
noprivwp_ajax_st_api_update_address_mystincludes\class-trust-payments.php:182
authwp_ajax_st_moto_api_update_jwt_mystincludes\class-trust-payments.php:185
noprivwp_ajax_st_moto_api_update_jwt_mystincludes\class-trust-payments.php:186
authwp_ajax_tp_order_pay_update_jwtincludes\class-trust-payments.php:189
noprivwp_ajax_tp_order_pay_update_jwtincludes\class-trust-payments.php:190
noprivwp_ajax_tp_process_orderincludes\class-trust-payments.php:193
authwp_ajax_tp_process_orderincludes\class-trust-payments.php:194
noprivwp_ajax_tp_log_note_orderincludes\class-trust-payments.php:197
authwp_ajax_tp_log_note_orderincludes\class-trust-payments.php:198
authwp_ajax_mgn_migrate_refund_purchaseincludes\class-trust-payments.php:201
noprivwp_ajax_mgn_migrate_refund_purchaseincludes\class-trust-payments.php:202
noprivwp_ajax_tp_apple_query_transactionincludes\class-trust-payments.php:211
authwp_ajax_tp_apple_query_transactionincludes\class-trust-payments.php:212
noprivwp_ajax_tp_pay_for_orderincludes\class-trust-payments.php:215
authwp_ajax_tp_pay_for_orderincludes\class-trust-payments.php:216
noprivwp_ajax_tp_loader_card_formincludes\class-trust-payments.php:219
authwp_ajax_tp_loader_card_formincludes\class-trust-payments.php:220
noprivwp_ajax_tp_apple_order_jwtincludes\class-trust-payments.php:248
authwp_ajax_tp_apple_order_jwtincludes\class-trust-payments.php:249
noprivwp_ajax_tp_wallet_estimate_shippingincludes\class-trust-payments.php:252
authwp_ajax_tp_wallet_estimate_shippingincludes\class-trust-payments.php:253

Shortcodes 1

[securetrading_iframe] includes\class-trust-payments.php:172
WordPress Hooks 63
actionadmin_enqueue_scriptsadmin\class-tp-admin-assets.php:23
filterlist_table_primary_columnadmin\securetrading-transaction-columns.php:18
actionmanage_shop_order_placehold_posts_custom_columnadmin\securetrading-transaction-columns.php:21
actionmanage_shop_order_posts_custom_columnadmin\securetrading-transaction-columns.php:22
actionadd_meta_boxesadmin\securetrading-transaction-columns.php:26
actionadd_meta_boxesadmin\securetrading-transaction-columns.php:27
actionrestrict_manage_postsadmin\securetrading-transaction-columns.php:28
filterparse_queryadmin\securetrading-transaction-columns.php:29
filterpost_row_actionsadmin\securetrading-transaction-columns.php:30
actionrest_api_initincludes\class-rest-api-controller.php:22
actionrest_urlincludes\class-rest-api-controller.php:23
actionwoocommerce_checkout_update_order_metaincludes\class-securetrading-api-form.php:137
actionwoocommerce_order_action_st_api_capture_paymentincludes\class-securetrading-api-form.php:140
actionwoocommerce_order_action_st_api_cancel_paymentincludes\class-securetrading-api-form.php:141
actionwoocommerce_order_action_tp_gateway_cancel_paymentincludes\class-securetrading-api-form.php:145
filterwoocommerce_available_payment_gatewaysincludes\class-securetrading-api-form.php:149
actionwoocommerce_order_action_st_apple_capture_paymentincludes\class-securetrading-apple-payment.php:196
actionwoocommerce_order_action_st_apple_cancel_paymentincludes\class-securetrading-apple-payment.php:197
filterwoocommerce_checkout_posted_dataincludes\class-securetrading-apple-payment.php:200
actionwoocommerce_checkout_update_order_metaincludes\class-securetrading-google-payment.php:176
actionwoocommerce_order_action_st_google_capture_paymentincludes\class-securetrading-google-payment.php:179
actionwoocommerce_order_action_st_google_cancel_paymentincludes\class-securetrading-google-payment.php:180
actionwoocommerce_order_action_st_capture_paymentincludes\class-securetrading-iframe-form.php:216
actionwoocommerce_order_action_st_cancel_paymentincludes\class-securetrading-iframe-form.php:217
filterwoocommerce_available_payment_gatewaysincludes\class-securetrading-iframe-form.php:221
actionadmin_menuincludes\class-securetrading-moto-payment.php:26
actionadmin_headincludes\class-securetrading-moto-payment.php:27
actionwoocommerce_page_wc-ordersincludes\class-securetrading-moto-payment.php:28
actionwoocommerce_before_checkout_formincludes\class-securetrading-paypal-payment.php:101
actionwoocommerce_checkout_update_order_metaincludes\class-securetrading-paypal-payment.php:104
actionwoocommerce_order_action_st_capture_paymentincludes\class-securetrading-paypal-payment.php:107
actionwoocommerce_order_action_st_cancel_paymentincludes\class-securetrading-paypal-payment.php:108
actionwoocommerce_initincludes\class-tp-frontend-scripts.php:59
actionwp_enqueue_scriptsincludes\class-tp-frontend-scripts.php:60
actioninitincludes\class-tp-install.php:42
actionafter_setup_themeincludes\class-trust-payments.php:141
filterwoocommerce_get_order_item_totalsincludes\class-trust-payments.php:143
filterplugin_row_metaincludes\class-trust-payments.php:144
actioninitincludes\class-trust-payments.php:145
actioninitincludes\class-trust-payments.php:146
filterwoocommerce_payment_gatewaysincludes\class-trust-payments.php:171
filterwoocommerce_order_actionsincludes\class-trust-payments.php:173
filtertheme_page_templatesincludes\class-trust-payments.php:174
filterwoocommerce_update_order_review_fragmentsincludes\class-trust-payments.php:205
filterwoocommerce_checkout_posted_dataincludes\class-trust-payments.php:208
actionwoocommerce_review_order_after_submitincludes\class-trust-payments.php:223
actionwoocommerce_pay_order_after_submitincludes\class-trust-payments.php:224
filterwoocommerce_available_payment_gatewaysincludes\class-trust-payments.php:227
filterposts_clausesincludes\class-trust-payments.php:230
filterwoocommerce_payment_gateway_get_saved_payment_method_option_htmlincludes\class-trust-payments.php:233
actionwoocommerce_api_trust-paymentsincludes\class-trust-payments.php:236
actionwoocommerce_api_trust-moto-paymentsincludes\class-trust-payments.php:237
actionwoocommerce_api_trust-confirmincludes\class-trust-payments.php:238
actionwoocommerce_api_trust-iframeincludes\class-trust-payments.php:239
filterwoocommerce_checkout_fieldsincludes\class-trust-payments.php:242
actiontrustpayments_processedincludes\class-trust-payments.php:245
actionadd_meta_boxesincludes\class-trust-payments.php:256
actionwoocommerce_checkout_processincludes\class-trust-payments.php:259
filterwc_get_templateincludes\class-trust-payments.php:262
actionwoocommerce_after_checkout_validationincludes\class-trust-payments.php:265
actionwoocommerce_before_checkout_formincludes\class-trust-payments.php:268
actionwp_footerincludes\class-trust-payments.php:742
actionwoocommerce_loadedwoocommerce-securetrading-gateway.php:39
Maintenance & Trust

Trust Payments Gateway for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 11, 2026
PHP min version8.1.20
Downloads8K

Community Trust

Rating0/100
Number of ratings0
Active installs400
Alternatives

Trust Payments Gateway for WooCommerce Alternatives

WooPayments: Integrated WooCommerce Payments

WooPayments: Integrated WooCommerce Payments

woocommerce-payments

A
97

Securely accept credit and debit cards on your WooCommerce store. Manage payments without leaving your WordPress dashboard. Only with WooPayments.

900K 6 CVEs
Payment Plugins for Stripe WooCommerce

Payment Plugins for Stripe WooCommerce

woo-stripe-payment

A
100

Accept Credit Cards, Google Pay, ApplePay, Afterpay, Affirm, ACH, Klarna, iDEAL and more all in one plugin for free!

100K No CVEs
Payment Gateway of Stripe for WooCommerce

Payment Gateway of Stripe for WooCommerce

payment-gateway-stripe-and-woocommerce-integration

A
96

Integrate Stripe Payment Gateway in WooCommerce and accept cards, Google Pay, Apple Pay, Klarna, Alipay, and more with seamless, secure checkout.

9K 4 CVEs
Sola Payment Gateway for WooCommerce

Sola Payment Gateway for WooCommerce

woo-cardknox-gateway

A
100

Accept payments with the Sola gateway.

700 No CVEs
Mobipaid

Mobipaid

mobipaid

A
100

Payments over multiple channels

50 No CVEs
Developer Profile

Trust Payments Gateway for WooCommerce Developer Profile

Trust Payments

2 plugins · 700 total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
299 days
View full developer profile
Detection Fingerprints

How We Detect Trust Payments Gateway for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/trust-payments-hosted-payment-pages-integration/assets/js/tp-admin.js/wp-content/plugins/trust-payments-hosted-payment-pages-integration/assets/css/tp-admin.css
Script Paths
https://securetrading.com/v2/api/js/securetrading.js
Version Parameters
trust-payments-hosted-payment-pages-integration/assets/js/tp-admin.js?ver=trust-payments-hosted-payment-pages-integration/assets/css/tp-admin.css?ver=

HTML / DOM Fingerprints

CSS Classes
tp_admin_headingtp_admin_tab_linkstp_admin_submit_buttontp_admin_field_labeltp_admin_field_inputtp_admin_error_messagetp_admin_success_messagetp_admin_settings_form+2 more
HTML Comments
<!-- Trust Payments Gateway Settings --><!-- End Trust Payments Gateway Settings --><!-- Trust Payments Hosted Payment Pages Integration --><!-- End Trust Payments Hosted Payment Pages Integration -->+2 more
Data Attributes
data-tp-payment-methoddata-tp-order-iddata-tp-transaction-iddata-tp-redirect-urldata-tp-merchant-iddata-tp-site-reference+1 more
JS Globals
tp_admin
REST Endpoints
/wp-json/trust-payments/v1/process-payment/wp-json/trust-payments/v1/webhook
Shortcode Output
[trust_payments_payment_form][trust_payments_order_status][trust_payments_subscription_form]
FAQ

Frequently Asked Questions about Trust Payments Gateway for WooCommerce