WP-Safety

UPI QR Code Payment Gateway for WooCommerce Security & Risk Analysis

wordpress.org/plugins/upi-qr-code-payment-for-woocommerce

This Plugin enables WooCommerce shop owners to get direct and instant payments through UPI apps like BHIM, GooglePay, PhonePe or any banking UPI app.

20K active installs v1.6.2 PHP 5.6+ WP 4.6+ Updated Jan 19, 2026
bhim-upiqr-codeupiupi-paymentwoocommerce
99
A · Safe
CVEs total1
Unpatched0
Last CVEJan 23, 2026
Plugin page Download
Safety Verdict

Is UPI QR Code Payment Gateway for WooCommerce Safe to Use in 2026?

Generally Safe

Score 99/100

UPI QR Code Payment Gateway for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jan 23, 2026Updated 2mo ago
Risk Assessment

The static analysis of "upi-qr-code-payment-for-woocommerce" v1.6.2 indicates a generally strong security posture. The plugin has a commendably small attack surface with no identified entry points, and importantly, none of these are unprotected. The code also demonstrates good practices by avoiding dangerous functions, using prepared statements for all SQL queries, and properly escaping the vast majority of its output. The presence of nonce and capability checks further contributes to its secure design.

Taint analysis revealed no critical or high-severity flows with unsanitized paths, suggesting that data input and processing are handled with care. The vulnerability history shows a single medium-severity vulnerability in the past, which is now patched. The common vulnerability type being 'Missing Authorization' in past issues is a pattern to note, though current analysis shows checks are in place.

Overall, the plugin appears to be well-developed from a security perspective. The lack of critical findings in static analysis and taint flows, combined with a low number of historical vulnerabilities, suggests a reliable plugin. The main area for continued vigilance would be ensuring that any future additions to the codebase maintain these high standards, particularly regarding authorization checks, given the historical pattern.

Key Concerns

  • Medium severity vulnerability history (patched)
  • Low percentage of output escaping (83%)
Vulnerabilities
1

UPI QR Code Payment Gateway for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-67969medium · 5.3Missing Authorization

UPI QR Code Payment Gateway for WooCommerce <= 1.5.1 - Missing Authorization

Jan 23, 2026 Patched in 1.6.1 (6d)
Code Analysis
Analyzed Mar 16, 2026

UPI QR Code Payment Gateway for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
12
60 escaped
Nonce Checks
2
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

83% escaped72 total outputs
Data Flows
All sanitized

Data Flow Analysis

4 flows
payment_fields (includes\class-payment.php:422)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

UPI QR Code Payment Gateway for WooCommerce Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 25
actionwp_enqueue_scriptsincludes\class-payment.php:100
actionwoocommerce_api_upiwc-paymentincludes\class-payment.php:106
filterwoocommerce_email_subject_customer_on_hold_orderincludes\class-payment.php:109
filterwoocommerce_email_heading_customer_on_hold_orderincludes\class-payment.php:112
filterwoocommerce_email_additional_content_customer_on_hold_orderincludes\class-payment.php:115
actionwoocommerce_email_after_order_tableincludes\class-payment.php:118
actionwoocommerce_valid_order_statuses_for_paymentincludes\class-payment.php:121
filterwoocommerce_get_checkout_payment_urlincludes\class-payment.php:124
filterwoocommerce_thankyou_order_received_textincludes\class-payment.php:127
filterwoocommerce_available_payment_gatewaysincludes\class-payment.php:130
filterwoocommerce_shop_order_list_table_columnsincludes\class-payment.php:133
actionmanage_woocommerce_page_wc-orders_custom_columnincludes\class-payment.php:134
filtermanage_edit-shop_order_columnsincludes\class-payment.php:137
actionmanage_shop_order_posts_custom_columnincludes\class-payment.php:138
actionadmin_initupi-qr-code-payment-for-woocommerce.php:140
actionadmin_noticesupi-qr-code-payment-for-woocommerce.php:141
actionplugins_loadedupi-qr-code-payment-for-woocommerce.php:215
filterplugin_row_metaupi-qr-code-payment-for-woocommerce.php:218
actionbefore_woocommerce_initupi-qr-code-payment-for-woocommerce.php:222
filterwoocommerce_payment_gatewaysupi-qr-code-payment-for-woocommerce.php:225
actionplugins_loadedupi-qr-code-payment-for-woocommerce.php:228
actionwoocommerce_blocks_loadedupi-qr-code-payment-for-woocommerce.php:229
actionadmin_noticesupi-qr-code-payment-for-woocommerce.php:232
actionadmin_initupi-qr-code-payment-for-woocommerce.php:233
actionwoocommerce_blocks_payment_method_type_registrationupi-qr-code-payment-for-woocommerce.php:312
Maintenance & Trust

UPI QR Code Payment Gateway for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 19, 2026
PHP min version5.6
Downloads410K

Community Trust

Rating96/100
Number of ratings248
Active installs20K
Alternatives

UPI QR Code Payment Gateway for WooCommerce Alternatives

UPI QR Code Payment Gateway

UPI QR Code Payment Gateway

upi-qr-code-payment-gateway

A
92

This Plugin enables WooCommerce shop owners to get direct and instant payments through UPI apps like GPay, PhonePe, Paytm or any banking UPI app.

1K No CVEs
Knit Pay UPI – Paytm for Business, PhonePe Business, BharatPe, HDFC

Knit Pay UPI – Paytm for Business, PhonePe Business, BharatPe, HDFC

knit-pay-upi

A
100

Knit Pay UPI simplifies UPI QR code integration for your website and updates the payment status as soon as your customer completes the transaction.

300 No CVEs
Integrate PhonePe with WooCommerce

Integrate PhonePe with WooCommerce

wc-phonepe

A
85

Allows customers to use PhonePe payment gateway with the WooCommerce Plugin.

200 No CVEs
Autopilot For UPI QR Code Payment Gateway for WooCommerce

Autopilot For UPI QR Code Payment Gateway for WooCommerce

autopilot-for-upi-qr-code-payment-gateway

A
92

This plugin automates the payment verification process for WooCommerce orders made through the UPI QR Code Payment Gateway for WooCommerce, facilitati &hellip;

90 No CVEs
Easy UPI Payment

Easy UPI Payment

easy-upi-payment

A
85

Easy UPI Payment plugin (for WooCommerce ) helps you accept payments online from your Customers instantly & directly into your bank account (witho &hellip;

60 No CVEs
Developer Profile

UPI QR Code Payment Gateway for WooCommerce Developer Profile

knitpay

6 plugins · 24K total installs

100
trust score
Avg Security Score
100/100
Avg Patch Time
6 days
View full developer profile
Detection Fingerprints

How We Detect UPI QR Code Payment Gateway for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/upi-qr-code-payment-for-woocommerce/admin/css/upiwc-admin.css/wp-content/plugins/upi-qr-code-payment-for-woocommerce/admin/js/upiwc-admin.js/wp-content/plugins/upi-qr-code-payment-for-woocommerce/frontend/css/upiwc-frontend.css/wp-content/plugins/upi-qr-code-payment-for-woocommerce/frontend/js/upiwc-frontend.js
Version Parameters
upi-qr-code-payment-for-woocommerce/admin/css/upiwc-admin.css?ver=upi-qr-code-payment-for-woocommerce/admin/js/upiwc-admin.js?ver=upi-qr-code-payment-for-woocommerce/frontend/css/upiwc-frontend.css?ver=upi-qr-code-payment-for-woocommerce/frontend/js/upiwc-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
upiwc-notice
JS Globals
upi_qr_code_payment_params
FAQ

Frequently Asked Questions about UPI QR Code Payment Gateway for WooCommerce