Does Wallet Up have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Wallet Up compatible with WordPress 6.8.5?

According to WordPress.org data, Wallet Up 4.2.0 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Wallet Up compatible with PHP 8.1+?

Wallet Up requires PHP 8.1 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Wallet Up updated?

Wallet Up was last updated on Oct 16, 2025. Frequent updates are generally a positive security signal.

What is Wallet Up's security score?

Wallet Up has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Wallet Up Security & Risk Analysis

wordpress.org/plugins/wallet-up

Accept payments via Cash App, Venmo, Zelle & PayPal with QR codes. Perfect for WooCommerce checkout & donation pages.

100 active installs v4.2.0 PHP 8.1+ WP 5.8+ Updated Oct 16, 2025

cash-apppaymentsqr-codevenmowoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Wallet Up Safe to Use in 2026?

Generally Safe

Score 100/100

Wallet Up has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7mo ago

Risk Assessment

The 'wallet-up' v4.2.0 plugin exhibits a mixed security posture. On the positive side, it has a clean vulnerability history with no recorded CVEs, indicating good development practices or a lack of past significant issues. The static analysis also shows a strong adherence to prepared statements for SQL queries (74%), good output escaping (82%), and a reasonable number of nonce and capability checks. However, there are notable security concerns.

The plugin has a significant attack surface with 43 AJAX handlers, and alarmingly, 13 of these lack authentication checks. This presents a considerable risk of unauthorized access or malicious function calls. Furthermore, the taint analysis reveals 7 flows with unsanitized paths, including 6 of high severity. This suggests that user-supplied data might be processed in a way that could lead to vulnerabilities like path traversal or arbitrary file read/write if exploited.

In conclusion, while the plugin benefits from a clean CVE history and good practices in areas like SQL and output escaping, the high number of unprotected AJAX endpoints and critical taint flows represent substantial risks that require immediate attention. The absence of known vulnerabilities doesn't negate the inherent dangers exposed by the static and taint analysis.

Key Concerns

AJAX handlers without auth checks
High severity unsanitized taint flows
Unsanitized paths in taint analysis
Bundled Freemius v1.0 library

Vulnerabilities

None known

Wallet Up Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Wallet Up Release Timeline

v4.2.0Current

v4.1.2

v4.1.1

v4.1.0

v3.4.9

v3.4.1

v3.4.0

Code Analysis

Analyzed Mar 16, 2026

Wallet Up Code Analysis

Dangerous Functions

Raw SQL Queries

64 prepared

Unescaped Output

402 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

TinyMCEFreemius1.0

SQL Query Safety

74% prepared86 total queries

Output Escaping

82% escaped488 total outputs

Data Flows · Security

7 unsanitized

Data Flow Analysis

17 flows7 with unsanitized paths

check_payment_response (src\WooCommerce\WalletUpGateway.php:1602)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

13 unprotected

Wallet Up Attack Surface

Entry Points45

Unprotected13

AJAX Handlers 43

authwp_ajax_wallet_up_generate_qr_with_logosrc\API\QRCodeEndpoint.php:55

noprivwp_ajax_wallet_up_generate_qr_with_logosrc\API\QRCodeEndpoint.php:56

authwp_ajax_wallet_up_process_logosrc\API\QRCodeEndpoint.php:59

noprivwp_ajax_wallet_up_process_logosrc\API\QRCodeEndpoint.php:60

authwp_ajax_wallet_up_test_qrsrc\API\QRCodeEndpoint.php:64

authwp_ajax_wallet_up_dismiss_welcome_noticesrc\Core\Activation\ActivationHandler.php:28

authwp_ajax_wallet_up_preview_shortcodesrc\Core\Admin\AdminManager.php:96

authwp_ajax_wallet_up_download_previewsrc\Core\Admin\AdminManager.php:97

authwp_ajax_wallet_up_generate_business_qrsrc\Core\Admin\AdminManager.php:100

authwp_ajax_wallet_up_save_business_card_datasrc\Core\Admin\AdminManager.php:101

authwp_ajax_wallet_up_get_business_card_datasrc\Core\Admin\AdminManager.php:102

authwp_ajax_wallet_up_get_analyticssrc\Core\Admin\AdminManager.php:105

authwp_ajax_wallet_up_delete_analyticssrc\Core\Admin\AdminManager.php:106

authwp_ajax_wallet_up_save_settingssrc\Core\Admin\AdminManager.php:109

authwp_ajax_wallet_up_check_qr_statussrc\Core\Admin\AdminManager.php:116

authwp_ajax_wallet_up_check_chart_statussrc\Core\Admin\AdminManager.php:117

authwp_ajax_wallet_up_save_business_card_datasrc\Core\Admin\AdminManager.php:398

authwp_ajax_wallet_up_get_business_card_datasrc\Core\Admin\AdminManager.php:399

authwp_ajax_wallet_up_shorten_urlsrc\Core\Admin\AdminManager.php:400

noprivwp_ajax_wallet_up_shorten_urlsrc\Core\Admin\AdminManager.php:401

authwp_ajax_wallet_up_log_errorsrc\Core\Admin\AdminManager.php:404

authwp_ajax_wallet_up_dismiss_noticesrc\Core\Admin\Notices\WalletUpNoticeHandler.php:58

authwp_ajax_wallet_up_toggle_admin_themesrc\Core\Admin\Themes\AdminThemeManager.php:32

authwp_ajax_wallet_up_get_theme_statesrc\Core\Admin\Themes\AdminThemeManager.php:33

noprivwp_ajax_wallet_up_process_paymentsrc\Core\Security\SecurityManager.php:78

authwp_ajax_wallet_up_process_paymentsrc\Core\Security\SecurityManager.php:79

authwp_ajax_wallet_up_generate_qrsrc\Plugin.php:627

noprivwp_ajax_wallet_up_generate_qrsrc\Plugin.php:628

authwp_ajax_wallet_up_get_quick_access_countsrc\Plugin.php:629

authwp_ajax_wallet_up_increment_quick_accesssrc\Plugin.php:630

authwp_ajax_wallet_up_wc_payment_displaysrc\WooCommerce\WalletUpGateway.php:132

noprivwp_ajax_wallet_up_wc_payment_displaysrc\WooCommerce\WalletUpGateway.php:133

authwp_ajax_wallet_up_check_wc_statussrc\WooCommerce\WooCommerceHandler.php:121

authwp_ajax_wallet_up_wc_get_settingssrc\WooCommerce\WooCommerceIntegration.php:110

authwp_ajax_wallet_up_wc_save_settingssrc\WooCommerce\WooCommerceIntegration.php:112

authwp_ajax_wallet_up_get_wc_orderssrc\WooCommerce\WooCommerceIntegration.php:114

authwp_ajax_wallet_up_wc_check_paymentsrc\WooCommerce\WooCommerceIntegration.php:130

authwp_ajax_wallet_up_toggle_wpformssrc\WpForms\Forms\WPFormsService.php:73

authwp_ajax_wallet_up_refresh_wpformssrc\WpForms\Forms\WPFormsService.php:77

noprivwp_ajax_wallet_up_refresh_wpformssrc\WpForms\Forms\WPFormsService.php:78

authwp_ajax_wallet_up_check_premium_statuswallet-up.php:141

authwp_ajax_wallet_up_get_enabled_methodswallet-up.php:326

noprivwp_ajax_wallet_up_get_enabled_methodswallet-up.php:327

Shortcodes 2

[wallet_up] src\Core\PaymentRegistry.php:139

[wallet_up] src\Core\Shortcodes\ShortcodeManager.php:71

WordPress Hooks 134

actionrest_api_initsrc\API\ClassManagerREST.php:132

actionrest_api_initsrc\API\QRCodeEndpoint.php:52

actionadmin_initsrc\Compatibility\walletUpCompatibilityHandler.php:41

actionadmin_noticessrc\Compatibility\walletUpCompatibilityHandler.php:42

actionadmin_headsrc\Compatibility\walletUpCompatibilityHandler.php:43

actionadmin_initsrc\Core\Activation\ActivationHandler.php:26

actionadmin_noticessrc\Core\Activation\ActivationHandler.php:27

actioninitsrc\Core\Admin\AdminManager.php:61

actioninitsrc\Core\Admin\AdminManager.php:64

actionadmin_menusrc\Core\Admin\AdminManager.php:67

actionadmin_enqueue_scriptssrc\Core\Admin\AdminManager.php:68

actionwpsrc\Core\Admin\AdminManager.php:77

actionthe_contentsrc\Core\Admin\AdminManager.php:81

filterthe_contentsrc\Core\Admin\AdminManager.php:84

actioninitsrc\Core\Admin\AdminManager.php:94

actionadmin_initsrc\Core\Admin\AdminManager.php:121

actionshutdownsrc\Core\Admin\AdminManager.php:133

actionadmin_noticessrc\Core\Admin\AdminManager.php:1229

actionadmin_initsrc\Core\Admin\AdminManager.php:1413

actioninitsrc\Core\Admin\Notices\WalletUpNoticeHandler.php:49

actionadmin_enqueue_scriptssrc\Core\Admin\Notices\WalletUpNoticeHandler.php:50

actionadmin_noticessrc\Core\Admin\Notices\WalletUpNoticeHandler.php:51

actioninitsrc\Core\Admin\Themes\AdminThemeManager.php:29

actionadmin_enqueue_scriptssrc\Core\Admin\Themes\AdminThemeManager.php:49

actionadmin_headsrc\Core\Admin\Themes\AdminThemeManager.php:50

filteradmin_body_classsrc\Core\Admin\Themes\AdminThemeManager.php:51

actionadmin_menusrc\Core\Admin\Themes\AdminThemeManager.php:52

filterwp_nav_menu_argssrc\Core\Admin\Themes\AdminThemeManager.php:53

filtershow_admin_barsrc\Core\Admin\Themes\AdminThemeManager.php:56

actionadmin_menusrc\Core\Admin\Themes\AdminThemeManager.php:162

actioninitsrc\Core\Ajax\AjaxHandler.php:28

actionadmin_initsrc\Core\Ajax\AjaxHandler.php:49

actionadmin_enqueue_scriptssrc\Core\Assets\AssetManager.php:66

filterscript_loader_tagsrc\Core\Assets\AssetManager.php:173

actionadmin_footersrc\Core\Assets\AssetManager.php:233

actionwallet_up_cleanup_urlssrc\Core\Cron\URLCleanup.php:18

actionadmin_noticessrc\Core\Error\ErrorHandler.php:601

actionadmin_initsrc\Core\Manager\PremiumFeaturesManager.php:36

actionafter_license_activationsrc\Core\Manager\PremiumFeaturesManager.php:39

actionafter_license_changesrc\Core\Manager\PremiumFeaturesManager.php:40

actioninitsrc\Core\Security\SecurityManager.php:69

filterwp_headerssrc\Core\Security\SecurityManager.php:70

actionadmin_initsrc\Core\Security\SecurityManager.php:74

filterrest_authentication_errorssrc\Core\Security\SecurityManager.php:82

filterwallet_up_process_requestsrc\Core\Security\SecurityServiceProvider.php:22

filterwidget_textsrc\Core\Shortcodes\ShortcodeManager.php:83

filterwidget_textsrc\Core\Shortcodes\ShortcodeManager.php:84

actionplugins_loadedsrc\Plugin.php:120

filterwoocommerce_payment_gatewayssrc\Plugin.php:121

actioninitsrc\Plugin.php:190

actionwoocommerce_blocks_loadedsrc\Plugin.php:292

actionwoocommerce_blocks_payment_method_type_registrationsrc\Plugin.php:303

actionbefore_woocommerce_initsrc\Plugin.php:312

actionplugins_loadedsrc\Plugin.php:551

filterwoocommerce_payment_gatewayssrc\Plugin.php:562

actionwoocommerce_loadedsrc\Plugin.php:610

filterwoocommerce_payment_gatewayssrc\Plugin.php:613

actioninitsrc\Services\ChartService.php:50

actionadmin_noticessrc\Services\QRCodeService.php:4707

actioninitsrc\WooCommerce\Blocks\WalletUpBlocksSupport.php:88

actionwoocommerce_blocks_loadedsrc\WooCommerce\Blocks\WalletUpBlocksSupport.php:89

actionwp_enqueue_scriptssrc\WooCommerce\Blocks\WalletUpBlocksSupport.php:114

actionwoocommerce_blocks_payment_method_type_registrationsrc\WooCommerce\Blocks\WalletUpBlocksSupport.php:133

filterscript_loader_tagsrc\WooCommerce\Blocks\WalletUpBlocksSupport.php:193

filterscript_loader_tagsrc\WooCommerce\Blocks\WalletUpBlocksSupport.php:392

actionwoocommerce_after_cart_totalssrc\WooCommerce\Blocks\WalletUpBlocksSupport.php:612

actionwoocommerce_blocks_loadedsrc\WooCommerce\Blocks\WalletUpBlocksSupport.php:628

actionwoocommerce_blocks_payment_method_type_registrationsrc\WooCommerce\Blocks\WalletUpBlocksSupport.php:629

filterwoocommerce_locate_templatesrc\WooCommerce\ThankYouPageHandler.php:73

filtertemplate_includesrc\WooCommerce\ThankYouPageHandler.php:74

actionwoocommerce_thankyousrc\WooCommerce\ThankYouPageHandler.php:77

actionwp_enqueue_scriptssrc\WooCommerce\ThankYouPageHandler.php:78

actionwoocommerce_before_thankyousrc\WooCommerce\ThankYouPageHandler.php:81

filterwoocommerce_endpoint_order-received_titlesrc\WooCommerce\ThankYouPageHandler.php:84

filterscript_loader_tagsrc\WooCommerce\ThankYouPageHandler.php:391

actionwoocommerce_blocks_loadedsrc\WooCommerce\WalletUpGateway.php:77

actionwoocommerce_blocks_loadedsrc\WooCommerce\WalletUpGateway.php:102

actionwoocommerce_api_wallet_upsrc\WooCommerce\WalletUpGateway.php:129

actioninitsrc\WooCommerce\WalletUpGateway.php:136

filterscript_loader_tagsrc\WooCommerce\WalletUpGateway.php:687

actionplugins_loadedsrc\WooCommerce\WooCommerceHandler.php:95

filterwoocommerce_payment_gatewayssrc\WooCommerce\WooCommerceHandler.php:102

filterwoocommerce_currenciessrc\WooCommerce\WooCommerceHandler.php:103

filterwoocommerce_currency_symbolssrc\WooCommerce\WooCommerceHandler.php:104

actionwoocommerce_checkout_processsrc\WooCommerce\WooCommerceHandler.php:107

actionwoocommerce_checkout_update_order_metasrc\WooCommerce\WooCommerceHandler.php:108

actionwoocommerce_checkout_order_processedsrc\WooCommerce\WooCommerceHandler.php:109

actionwoocommerce_checkout_before_order_reviewsrc\WooCommerce\WooCommerceHandler.php:112

actionwp_footersrc\WooCommerce\WooCommerceHandler.php:113

actionwp_enqueue_scriptssrc\WooCommerce\WooCommerceHandler.php:117

actionbefore_woocommerce_initsrc\WooCommerce\WooCommerceHandler.php:138

actionwoocommerce_order_status_completedsrc\WooCommerce\WooCommerceHandler.php:141

actionwoocommerce_order_status_refundedsrc\WooCommerce\WooCommerceHandler.php:142

filterwallet_up_admin_datasrc\WooCommerce\WooCommerceHandler.php:170

filterwoocommerce_payment_gatewayssrc\WooCommerce\WooCommerceHandler.php:207

filterscript_loader_tagsrc\WooCommerce\WooCommerceHandler.php:407

actionwp_footersrc\WooCommerce\WooCommerceHandler.php:734

actionplugins_loadedsrc\WooCommerce\WooCommerceIntegration.php:101

filterwoocommerce_payment_gatewayssrc\WooCommerce\WooCommerceIntegration.php:103

filterwallet_up_admin_datasrc\WooCommerce\WooCommerceIntegration.php:104

actionwoocommerce_order_status_changedsrc\WooCommerce\WooCommerceIntegration.php:118

actionwoocommerce_new_ordersrc\WooCommerce\WooCommerceIntegration.php:119

actionwoocommerce_payment_completesrc\WooCommerce\WooCommerceIntegration.php:122

actionwoocommerce_order_status_changedsrc\WooCommerce\WooCommerceIntegration.php:123

actionwoocommerce_order_status_on-holdsrc\WooCommerce\WooCommerceIntegration.php:124

actionwoocommerce_order_status_failedsrc\WooCommerce\WooCommerceIntegration.php:125

actionwoocommerce_order_status_refundedsrc\WooCommerce\WooCommerceIntegration.php:126

actionwoocommerce_review_order_before_paymentsrc\WooCommerce\WooCommerceIntegration.php:134

actionwoocommerce_after_checkout_formsrc\WooCommerce\WooCommerceIntegration.php:135

actionplugins_loadedsrc\WooCommerce\WooCommerceIntegration.php:1026

actionwoocommerce_loadedsrc\WooCommerce\WooCommerceIntegration.php:1028

actionwoocommerce_loadedsrc\WooCommerce\WooCommerceOptimizer.php:35

actionwoocommerce_initsrc\WooCommerce\WooCommerceOptimizer.php:38

actionwp_enqueue_scriptssrc\WooCommerce\WooCommerceOptimizer.php:44

filterwallet_up_wc_analytics_querysrc\WooCommerce\WooCommerceOptimizer.php:88

filterquerysrc\WooCommerce\WooCommerceOptimizer.php:126

filterscript_loader_tagsrc\WooCommerce\WooCommerceOptimizer.php:147

actionplugins_loadedsrc\WooCommerce\WooCommerceServiceProvider.php:62

actionplugins_loadedsrc\WooCommerce\WooCommerceServiceProvider.php:89

filterwoocommerce_payment_gatewayssrc\WooCommerce\WooCommerceServiceProvider.php:113

actionbefore_woocommerce_initsrc\WooCommerce\WooCommerceServiceProvider.php:129

actionwpforms_loadedsrc\WpForms\Forms\Templates\WalletUpForWpForms.php:1387

actionwpforms_loadedsrc\WpForms\Forms\Templates\WalletUpPayTemplate.php:191

actionwpforms_loadedsrc\WpForms\Forms\Templates\WalUpPayForWpForms.php:1034

actionplugins_loadedsrc\WpForms\Forms\WPFormsService.php:68

actionwpforms_loadedsrc\WpForms\Forms\WPFormsService.php:71

actionadmin_enqueue_scriptssrc\WpForms\Forms\WPFormsService.php:75

actioninitsrc\WpForms\Forms\WPFormsService.php:81

actionadmin_noticeswallet-up.php:88

actionadmin_noticeswallet-up.php:193

actionadmin_noticeswallet-up.php:244

actionplugins_loadedwallet-up.php:257

actionadmin_noticeswallet-up.php:264

actionplugins_loadedwallet-up.php:278

Scheduled Events 1

wallet_up_cleanup_urls

Maintenance & Trust

Wallet Up Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedOct 16, 2025

PHP min version8.1

Downloads12K

Community Trust

Rating100/100

Number of ratings1

Active installs100

Alternatives

Wallet Up Alternatives

Receive customer payments on Woocommerce

momo-venmo

100

Receive Venmo payments on your website with WooCommerce + Venmo

2K No CVEs

Checkout with Cash App on WooCommerce

wc-cashapp

The #1 finance app in the App Store now available on WordPress. Receive Cash App payments on your website with WooCommerce + Cash App

2K 1 CVE

Checkout Gateway for IRIS

checkout-gateway-iris

Unofficial IRIS checkout payment gateway for WooCommerce. Accept payments via IRIS and manage order statuses efficiently.

1K 1 CVE

Knit Pay UPI – Paytm for Business, PhonePe Business, BharatPe, HDFC

knit-pay-upi

100

Knit Pay UPI simplifies UPI QR code integration for your website and updates the payment status as soon as your customer completes the transaction.

300 No CVEs

FM: QR Code Gateway for WooCommerce

fm-qr-code-gateway

100

Accept UPI payments via QR code in WooCommerce. Customers enter Transaction ID at checkout. Lightweight & easy to configure.

30 No CVEs

Developer Profile

Wallet Up Developer Profile

Wallet Up

3 plugins · 110 total installs

trust score

Avg Security Score

95/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Wallet Up

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wallet-up/assets/css/wallet-up.css/wp-content/plugins/wallet-up/assets/js/wallet-up.js/wp-content/plugins/wallet-up/assets/js/backend/admin-script.js/wp-content/plugins/wallet-up/assets/js/frontend/qr-generator.js/wp-content/plugins/wallet-up/assets/js/frontend/wallet-up-script.js

Script Paths

/wp-content/plugins/wallet-up/assets/js/wallet-up.js/wp-content/plugins/wallet-up/assets/js/backend/admin-script.js/wp-content/plugins/wallet-up/assets/js/frontend/qr-generator.js/wp-content/plugins/wallet-up/assets/js/frontend/wallet-up-script.js

Version Parameters

wallet-up/assets/css/wallet-up.css?ver=wallet-up/assets/js/wallet-up.js?ver=wallet-up/assets/js/backend/admin-script.js?ver=wallet-up/assets/js/frontend/qr-generator.js?ver=wallet-up/assets/js/frontend/wallet-up-script.js?ver=

HTML / DOM Fingerprints

CSS Classes

wallet-up-qr-code-container

Data Attributes

data-wallet-up-currencydata-wallet-up-amountdata-wallet-up-methoddata-wallet-up-recipientdata-wallet-up-notedata-wallet-up-qr-code-size+2 more

JS Globals

walletUpAdmin

REST Endpoints

/wp-json/wallet-up/v1/generate-qr

Shortcode Output

[wallet-up-qr-code]

FAQ