Does UddoktaPay have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is UddoktaPay compatible with WordPress 6.9.4?

According to WordPress.org data, UddoktaPay 2.6.3 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is UddoktaPay compatible with PHP 7.4+?

UddoktaPay requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is UddoktaPay updated?

UddoktaPay was last updated on Dec 31, 2025. Frequent updates are generally a positive security signal.

What is UddoktaPay's security score?

UddoktaPay has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

UddoktaPay Security & Risk Analysis

wordpress.org/plugins/uddoktapay-gateway

UddoktaPay Plugin for WooCommerce.

1K active installs v2.6.3 PHP 7.4+ WP 6.0+ Updated Dec 31, 2025

bdpaymentgatewaybkashnagadpaypaluddoktapay

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is UddoktaPay Safe to Use in 2026?

Generally Safe

Score 100/100

UddoktaPay has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago

Risk Assessment

The "uddoktapay-gateway" plugin v2.6.3 exhibits a strong security posture based on the provided static analysis. There are no identified AJAX handlers, REST API routes, shortcodes, or cron events, resulting in a zero-point attack surface. Furthermore, the code signals indicate robust security practices, with no dangerous functions, all SQL queries using prepared statements, and all output properly escaped. File operations and external HTTP requests are present but do not appear to be a source of immediate concern without further context.

The taint analysis, however, reveals a potential area of concern with 4 flows identified with unsanitized paths. While no critical or high severity issues were flagged, this indicates that data might be flowing into sensitive functions without proper sanitization, which could be a vector for vulnerabilities if combined with other factors or specific input. The complete lack of known CVEs or historical vulnerabilities is a positive indicator, suggesting the developers are either highly diligent or the plugin has not been a target of past exploits. However, the presence of unsanitized paths, even without immediate exploitable consequences, warrants attention.

In conclusion, the plugin demonstrates good development practices regarding input validation, SQL security, and output escaping. The absence of historical vulnerabilities is a significant strength. The primary weakness identified is the presence of unsanitized paths in the taint analysis, which, while not currently leading to critical issues, represents a latent risk that should be investigated and remediated to further strengthen the plugin's security.

Key Concerns

Unsanitized paths in taint flows
Missing nonce checks
Missing capability checks

Vulnerabilities

None known

UddoktaPay Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

UddoktaPay Release Timeline

v2.6.3Current

v2.6.2

v2.6.1

v2.6.0

v2.5.6

v2.5.5

v2.5.4

v2.5.3

v2.5.2

v2.5.1

v2.5.0

v2.4.5

v2.4.4

v2.4.3

v2.4.2

v2.4.1

v2.4

v2.3.0

v2.2.2

v2.2.1

Code Analysis

Analyzed Mar 16, 2026

UddoktaPay Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

30 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped30 total outputs

Data Flows · Security

4 unsanitized

Data Flow Analysis

4 flows4 with unsanitized paths

handle_webhook (src\InternationalGateway.php:393)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

UddoktaPay Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 13

actionwoocommerce_admin_order_data_after_billing_addresssrc\InternationalGateway.php:112

filterwoocommerce_payment_complete_order_statussrc\InternationalGateway.php:628

actionwoocommerce_admin_order_data_after_billing_addresssrc\LocalGateway.php:112

filterwoocommerce_payment_complete_order_statussrc\LocalGateway.php:628

filterdoing_it_wrong_trigger_erroruddoktapay-gateway.php:72

actioninituddoktapay-gateway.php:73

actionplugins_loadeduddoktapay-gateway.php:74

actionwoocommerce_blocks_loadeduddoktapay-gateway.php:75

actionbefore_woocommerce_inituddoktapay-gateway.php:76

actionadmin_noticesuddoktapay-gateway.php:84

filterwoocommerce_payment_gatewaysuddoktapay-gateway.php:124

actionwp_enqueue_scriptsuddoktapay-gateway.php:160

actionwoocommerce_blocks_payment_method_type_registrationuddoktapay-gateway.php:219

Maintenance & Trust

UddoktaPay Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 31, 2025

PHP min version7.4

Downloads19K

Community Trust

Rating100/100

Number of ratings3

Active installs1K

Alternatives

UddoktaPay Alternatives

SoftTech-IT bKash, Rocket, Nagad

bkash

Easy to use bKash , Rocket and Nagad Payment Gateway for Woocommerce

6K No CVEs

Bangladeshi Payments Mobile – QR Code & Transaction Reports

bangladeshi-payments-mobile

100

Accept Mobile Payments in Bangladesh – WooCommerce Gateway for bKash, Nagad, Rocket & Upay with QR Code & Transaction Reports.

1K No CVEs

BanglaPress – bKash, & Mobile Payment with Order Tracking & Invoice & Shipping Label Printing for WooCommerce

bangla-press

100

bKash, Nagad, Rocket & Upay for WooCommerce — Label Print, Invoice, Order Tracker, Orders Manager.

300 No CVEs

CodeCareBD – Payment Gateway for WooCommerce

codecarebd-bkash-nagad-rocket-payoneer-gateway

100

CodeCareBD - Payment Gateway plugin integrates bKash, Nagad, Rocket, and Payoneer Payment Gateways with WooCommerce.

300 No CVEs

Flying Pay

flying-pay-gateway

100

A seamless and secure payment gateway integration for WooCommerce featuring Mobile Banking, 4 Major Banks, and Crypto support with an interactive UI.

40 No CVEs

Developer Profile

UddoktaPay Developer Profile

UddoktaPay

1 plugin · 1K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect UddoktaPay

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/uddoktapay-gateway/assets/css/uddoktapay.css/wp-content/plugins/uddoktapay-gateway/assets/js/uddoktapay.js

Script Paths

/wp-content/plugins/uddoktapay-gateway/assets/js/uddoktapay.js

Version Parameters

uddoktapay-gateway/assets/css/uddoktapay.css?ver=uddoktapay-gateway/assets/js/uddoktapay.js?ver=

HTML / DOM Fingerprints

CSS Classes

uddoktapay-gateway-form

Data Attributes

data-uddoktapay-gateway

JS Globals

uddoktapay_params

REST Endpoints

/wp-json/uddoktapay/v1/gateway/process

FAQ