WP-Safety

TrustistEcommerce Security & Risk Analysis

wordpress.org/plugins/trustistecommerce

Securely accept bank transfers, Apple Pay, Google Pay, and card payments on your website using TrustistPay. From only 0.29% per transaction!

0 active installs v1.0.9 PHP 7.2+ WP 5.4+ Updated Apr 14, 2025
open-bankingpayment-gatewaypayment-platformpaymentssubscriptions
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is TrustistEcommerce Safe to Use in 2026?

Generally Safe

Score 92/100

TrustistEcommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The "trustistecommerce" v1.0.9 plugin exhibits a generally strong security posture based on the provided static analysis. It demonstrates excellent adherence to secure coding practices, with 100% of SQL queries using prepared statements and all output properly escaped. The absence of dangerous functions, file operations, and external HTTP requests further contributes to a reduced attack surface. Furthermore, the plugin successfully implements nonce checks on entry points, indicating an effort to mitigate cross-site request forgery. The zero-known CVEs and lack of historical vulnerabilities suggest a mature and well-maintained codebase.

However, a significant concern arises from the taint analysis. Four flows were identified with "unsanitized paths." While the analysis does not report critical or high severity for these, unsanitized paths can be a precursor to injection vulnerabilities if not handled carefully in downstream logic. The absence of capability checks on the entry points is another area for potential improvement, as it implies that any authenticated user, regardless of their role, could potentially interact with these features. The bundled Guzzle library, while not inherently a vulnerability, should be monitored for potential security issues if it becomes outdated.

In conclusion, the plugin is strong in its core secure coding practices. The primary areas for attention are the identified unsanitized paths in the taint analysis and the lack of explicit capability checks on its entry points. Addressing these would further solidify its security, especially considering its otherwise clean history and adherence to best practices.

Key Concerns

  • Flows with unsanitized paths identified
  • No capability checks on entry points
  • Bundled Guzzle library
Vulnerabilities
None known

TrustistEcommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

TrustistEcommerce Release Timeline

v1.0.9Current
v1.0.8
v1.0.7
v1.0.6
v1.0.5
v1.0.4
v1.0.3
v1.0.2
v1.0.1
v1.0.0
v0.3.2
Code Analysis
Analyzed Apr 16, 2026

TrustistEcommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
55 escaped
Nonce Checks
3
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
1

Bundled Libraries

Guzzle

Output Escaping

100% escaped55 total outputs
Data Flows · Security
4 unsanitized

Data Flow Analysis

4 flows4 with unsanitized paths
trustist_payments_process_response (includes/woocommerce/TrustistPaymentsWC.php:165)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

TrustistEcommerce Attack Surface

Entry Points8
Unprotected0

AJAX Handlers 4

authwp_ajax_process_paymentincludes/shortcodes/payment_button_shortcode.php:56
noprivwp_ajax_process_paymentincludes/shortcodes/payment_button_shortcode.php:57
authwp_ajax_process_paymentincludes/shortcodes/payment_form_shortcode.php:46
noprivwp_ajax_process_paymentincludes/shortcodes/payment_form_shortcode.php:47

Shortcodes 4

[trustist_payment_button] includes/shortcodes/payment_button_shortcode.php:52
[trustist_payment_result] includes/shortcodes/payment_button_shortcode.php:53
[trustist_payment_button] includes/shortcodes/payment_form_shortcode.php:42
[trustist_payment_result] includes/shortcodes/payment_form_shortcode.php:43
WordPress Hooks 22
actionwpincludes/gravityforms/TrustistGFPayments.php:31
actionwp_enqueue_scriptsincludes/gravityforms/TrustistGFPayments.php:36
actiongform_payment_statusincludes/gravityforms/TrustistGFPayments.php:72
actiongform_payment_dateincludes/gravityforms/TrustistGFPayments.php:73
actiongform_payment_transaction_idincludes/gravityforms/TrustistGFPayments.php:74
actiongform_payment_amountincludes/gravityforms/TrustistGFPayments.php:75
actiongform_after_update_entryincludes/gravityforms/TrustistGFPayments.php:76
actiongform_loadedincludes/gravityforms/load_gravityforms.php:8
actionadmin_initincludes/settings/load_settings.php:180
actionadmin_menuincludes/settings/load_settings.php:181
actionadded_optionincludes/settings/load_settings.php:279
actionupdated_optionincludes/settings/load_settings.php:280
actionadmin_enqueue_scriptsincludes/settings/load_settings.php:321
actionwp_enqueue_scriptsincludes/shortcodes/payment_button_shortcode.php:106
actionwp_enqueue_scriptsincludes/shortcodes/payment_button_shortcode.php:113
actionwp_enqueue_scriptsincludes/shortcodes/payment_form_shortcode.php:94
actionwp_enqueue_scriptsincludes/shortcodes/payment_form_shortcode.php:101
filterwoocommerce_payment_gatewaysincludes/woocommerce/load_woocommerce.php:9
actionplugins_loadedincludes/woocommerce/load_woocommerce.php:19
actionwoocommerce_blocks_loadedincludes/woocommerce/load_woocommerce.php:30
actionwoocommerce_blocks_payment_method_type_registrationincludes/woocommerce/load_woocommerce.php:34
actionwoocommerce_blocks_payment_method_type_registrationincludes/woocommerce/load_woocommerce.php:39
Maintenance & Trust

TrustistEcommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedApr 14, 2025
PHP min version7.2
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

TrustistEcommerce Alternatives

Total processing card payments for WooCommerce

Total processing card payments for WooCommerce

totalprocessing-card-payments

A
97

Accept Credit Cards and Debit Cards on your WooCommerce store.

100 3 CVEs
ECOMMPAY Payments

ECOMMPAY Payments

ecommpay-payments

A
100

Accept bank transfers, cards, local payment methods and cryptocurrencies. Boost conversion with a customisable checkout form.

10 No CVEs
Metadologie : Payments and Subscriptions

Metadologie : Payments and Subscriptions

metadologie-payments-and-subscriptions

A
100

Accept payments via Metadologie with WooCommerce/WordPress. Features include secure Email Payment Links and a dedicated ACH Bank Transfer portal.

0 No CVEs
SureCart – Ecommerce Made Easy For Selling Physical Products, Digital Downloads, Subscriptions, Donations, & Payments

SureCart – Ecommerce Made Easy For Selling Physical Products, Digital Downloads, Subscriptions, Donations, & Payments

surecart

A
96

Make ecommerce easy with a simple-to-use, all-in-one platform that anyone can set up in just a few minutes!

90K 3 CVEs
elegro Crypto Payment

elegro Crypto Payment

elegro-payment

A
85

Increase your customers base by accepting cryptocurrencies.

20K No CVEs
Developer Profile

TrustistEcommerce Developer Profile

trustist

1 plugin · 0 total installs

88
trust score
Avg Security Score
92/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect TrustistEcommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/trustistecommerce/js/trustistpayments-gravityforms.js
Version Parameters
trustistpayments-gravityforms.js?ver=trustist-payments-nonce

HTML / DOM Fingerprints

CSS Classes
trustist-payments-gravityforms
Data Attributes
id="payment_status"name="payment_status"id="payment_date"name="payment_date"id="trustist_transaction_id"name="trustist_transaction_id"+3 more
JS Globals
TRUSTISTPLUGIN_VERSIONTRUSTISTPLUGIN_SLUGTRUSTISTPLUGIN_NAMETRUSTISTPLUGIN_FILETRUSTISTPLUGIN_HOOKTRUSTISTPLUGIN_PATH+2 more
FAQ

Frequently Asked Questions about TrustistEcommerce