WP-Safety

Viva.com | Smart Checkout for WooCommerce Security & Risk Analysis

wordpress.org/plugins/viva-com-smart-for-woocommerce

Take secure online payments on your WooCommerce store with Viva.com Smart Checkout. ---

5K active installs v1.0.2 PHP 7.4+ WP 6.5+ Updated May 15, 2025
apple-paypaymentssepavivawoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Viva.com | Smart Checkout for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Viva.com | Smart Checkout for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10mo ago
Risk Assessment

The "viva-com-smart-for-woocommerce" plugin, version 1.0.2, exhibits a mixed security posture. On the positive side, it demonstrates strong adherence to secure coding practices by utilizing prepared statements for 96% of its SQL queries and properly escaping 91% of its output. The absence of known CVEs and a clean vulnerability history is also a significant strength, indicating a generally well-maintained codebase. The plugin also has no direct external HTTP requests, file operations, or cron events, further reducing its attack surface.

However, the static analysis reveals some critical areas of concern. The presence of the `unserialize` function, without explicit context on its usage, is a known potential vector for remote code execution if it processes untrusted data. This is further highlighted by the taint analysis, which identified 3 flows with unsanitized paths, all categorized as high severity. Although the specific nature of these unsanitized paths isn't detailed, the combination of `unserialize` and high-severity unsanitized flows strongly suggests a potential for security vulnerabilities.

Given the clean vulnerability history, it's possible these issues are not currently exploited or have been mitigated by other security controls not apparent in this analysis. Nevertheless, the potential for exploitation exists. The plugin's strength lies in its general good practices regarding SQL and output handling, but the identified `unserialize` function and high-severity unsanitized taint flows represent the most significant risks.

Key Concerns

  • High severity unsanitized taint flows detected
  • Use of unserialize function
  • No nonce checks
  • 1 capability check detected, suggesting potential access control gaps
Vulnerabilities
None known

Viva.com | Smart Checkout for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Viva.com | Smart Checkout for WooCommerce Code Analysis

Dangerous Functions
1
Raw SQL Queries
1
24 prepared
Unescaped Output
3
30 escaped
Nonce Checks
0
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
1

Dangerous Functions Found

unserialize$errors = unserialize( $e->getMessage() );wc-vivacom-smart.php:85

Bundled Libraries

Guzzle

SQL Query Safety

96% prepared25 total queries

Output Escaping

91% escaped33 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths
check_hook_response_success (includes\class-wc-vivacom-smart-endpoints.php:175)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Viva.com | Smart Checkout for WooCommerce Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 22
actionrest_api_initincludes\class-wc-vivacom-smart-endpoints.php:22
actionwoocommerce_api_wc_vivacom_smart_successincludes\class-wc-vivacom-smart-endpoints.php:23
actionwoocommerce_api_wc_vivacom_smart_failincludes\class-wc-vivacom-smart-endpoints.php:24
actionwoocommerce_thankyou_vivacom_smartincludes\class-wc-vivacom-smart-endpoints.php:25
filterwoocommerce_subscription_payment_method_to_displayincludes\class-wc-vivacom-smart-subscriptions.php:29
filterwoocommerce_subscription_payment_metaincludes\class-wc-vivacom-smart-subscriptions.php:30
filterwoocommerce_subscription_validate_payment_metaincludes\class-wc-vivacom-smart-subscriptions.php:31
actionwoocommerce_receipt_vivacom_smartincludes\class-wc-vivacom-smart.php:173
actionadmin_enqueue_scriptsincludes\class-wc-vivacom-smart.php:182
actionadmin_noticesincludes\class-wc-vivacom-smart.php:184
actionwoocommerce_settings_startincludes\class-wc-vivacom-smart.php:186
filterwoocommerce_order_actionsincludes\class-wc-vivacom-smart.php:189
actionwoocommerce_order_action_wc_viva_smart_captureincludes\class-wc-vivacom-smart.php:190
actionwoocommerce_order_action_wc_viva_smart_voidincludes\class-wc-vivacom-smart.php:191
actionplugins_loadedwc-vivacom-smart.php:57
actionadmin_noticeswc-vivacom-smart.php:86
actionwoocommerce_blocks_loadedwc-vivacom-smart.php:228
actionbefore_woocommerce_initwc-vivacom-smart.php:229
actionwoocommerce_blocks_payment_method_type_registrationwc-vivacom-smart.php:238
filterwoocommerce_payment_gatewayswc-vivacom-smart.php:265
filterplugin_row_metawc-vivacom-smart.php:267
filterplugin_localewc-vivacom-smart.php:326
Maintenance & Trust

Viva.com | Smart Checkout for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedMay 15, 2025
PHP min version7.4
Downloads11K

Community Trust

Rating46/100
Number of ratings7
Active installs5K
Alternatives

Viva.com | Smart Checkout for WooCommerce Alternatives

WooPayments: Integrated WooCommerce Payments

WooPayments: Integrated WooCommerce Payments

woocommerce-payments

A
97

Securely accept credit and debit cards on your WooCommerce store. Manage payments without leaving your WordPress dashboard. Only with WooPayments.

900K 6 CVEs
Stitch Express

Stitch Express

stitch-express

A
100

Stitch Express is the simplest way for your business to get paid securely online with superior customer support at every step.

300 No CVEs
Nomod for WooCommerce

Nomod for WooCommerce

nomod-for-woocommerce

A
100

Accept major cards, Apple Pay, Google Pay, Mada, Tabby & Tamara on your store. Get same-day payouts, no monthly fees & amazing support!

200 No CVEs
Total processing card payments for WooCommerce

Total processing card payments for WooCommerce

totalprocessing-card-payments

A
96

Accept Credit Cards and Debit Cards on your WooCommerce store.

100 3 CVEs
Crediviva

Crediviva

crediviva

A
100

Plug in para la integración con gateway de pago Crediviva

0 No CVEs
Developer Profile

Viva.com | Smart Checkout for WooCommerce Developer Profile

Viva.com Support

1 plugin · 5K total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Viva.com | Smart Checkout for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/viva-com-smart-for-woocommerce/assets/js/checkout.js/wp-content/plugins/viva-com-smart-for-woocommerce/assets/css/checkout.css
Script Paths
/wp-content/plugins/viva-com-smart-for-woocommerce/assets/js/checkout.js
Version Parameters
viva-com-smart-for-woocommerce/assets/js/checkout.js?ver=viva-com-smart-for-woocommerce/assets/css/checkout.css?ver=

HTML / DOM Fingerprints

CSS Classes
viva-checkout-wrapper
Data Attributes
data-viva-checkout-url
JS Globals
vivaSmartCheckout
FAQ

Frequently Asked Questions about Viva.com | Smart Checkout for WooCommerce