WP-Safety

Payment Gateway for QPayPro on WooCommerce Security & Risk Analysis

wordpress.org/plugins/wc-qpaypro

This plugin allows your store to make payments via QPayProCard service.

20 active installs v1.0.0 PHP 5.2.4+ WP 4.6+ Updated May 19, 2024
credomaticqpayproqpaypro-guatemalavisanetvisanet-guatemala
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Payment Gateway for QPayPro on WooCommerce Safe to Use in 2026?

Generally Safe

Score 92/100

Payment Gateway for QPayPro on WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The "wc-qpaypro" v1.0.0 plugin exhibits a generally positive security posture based on the provided static analysis, with no identified direct attack vectors like AJAX handlers, REST API routes, or shortcodes lacking authentication or proper permission checks. The absence of dangerous functions and the exclusive use of prepared statements for SQL queries are significant strengths. However, the analysis does reveal some areas of concern. A notable weakness is the low percentage of properly escaped output (35%), which could lead to cross-site scripting (XSS) vulnerabilities if the unescaped output is rendered in a web browser.

The plugin's history of zero known CVEs is reassuring and suggests a track record of secure development or minimal exposure to discovered vulnerabilities. However, the lack of taint analysis results (0 flows analyzed) means that potential vulnerabilities related to data sanitization, particularly concerning file operations and external HTTP requests, might have been missed. While the plugin appears to have a small attack surface and adheres to good practices for database interactions, the insufficient output escaping presents a clear risk that needs attention. Overall, the plugin demonstrates a good foundation but requires further scrutiny regarding output sanitization to achieve a more robust security profile.

Key Concerns

  • Low output escaping percentage
  • No taint analysis performed
  • No capability checks
  • No nonce checks
Vulnerabilities
None known

Payment Gateway for QPayPro on WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Payment Gateway for QPayPro on WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
11
6 escaped
Nonce Checks
0
Capability Checks
0
File Operations
3
External Requests
1
Bundled Libraries
0

Output Escaping

35% escaped17 total outputs
Attack Surface

Payment Gateway for QPayPro on WooCommerce Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 6
actionwoocommerce_email_before_order_tableadmin\helpers\wp-qpaypro-woocommerce-admin.php:37
actionadmin_noticesadmin\helpers\wp-qpaypro-woocommerce-admin.php:38
actionplugins_loadedadmin\wp-actions.php:8
actionwp_enqueue_scriptsadmin\wp-actions.php:16
filterwoocommerce_payment_gatewaysadmin\wp-filters.php:9
actionplugins_loadedwp-qpaypro-woocommerce.php:49
Maintenance & Trust

Payment Gateway for QPayPro on WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8
Last updatedMay 19, 2024
PHP min version5.2.4
Downloads3K

Community Trust

Rating100/100
Number of ratings1
Active installs20
Alternatives

Payment Gateway for QPayPro on WooCommerce Alternatives

Pagalo – WooCommerce Payment Gateway

Pagalo – WooCommerce Payment Gateway

wp-pagalocard-woocommerce

A
92

This plugin allows your store to make payments via Pagalo service.

10 No CVEs
Payment Gateway for QPayPro on Formidable

Payment Gateway for QPayPro on Formidable

frm-qpaypro

A
85

Wordpress plugin that connects formidable forms with QPayPro payment gateway.

0 No CVEs
Developer Profile

Payment Gateway for QPayPro on WooCommerce Developer Profile

Edwin Xico (XicoOfficial)

6 plugins · 100 total installs

87
trust score
Avg Security Score
90/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Payment Gateway for QPayPro on WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wc-qpaypro/admin/helpers/ccs.png

HTML / DOM Fingerprints

CSS Classes
notice-infoform-row-firstwoocommerce-select
Data Attributes
id="qpaypro_visaencuotas"name="qpaypro_visaencuotas"id="qpaypro_ccnum"name="qpaypro_ccnum"id="qpaypro_cvv"name="qpaypro_cvv"
Shortcode Output
<p class="form-row "> <label for="is_ccnum">Credit Card Holder's name:<span class="required">*</span></label> <input type="text" class="input-text" id="_ccnum" name="qpaypro_ccname" required="" maxlength="60"> </p><p class="form-row "> <label for="is_ccnum">Credit Card Number:<span class="required">*</span></label> <input id="qpaypro_ccnum" class="input-text wc-credit-card-form-card-number" inputmode="numeric" autocomplete="cc-number" autocorrect="no" autocapitalize="no" spellcheck="no" type="tel" placeholder="•••• •••• •••• ••••" name="qpaypro_ccnum" maxlength="20" required > </p><p class="form-row form-row-first"><label for="cc-expire-month"> Expiry (MM/YY) <span class="required">*</span> </label> <input name="qpaypro_expdate" id="qpaypro_expdate" class="input-text wc-credit-card-form-card-expiry" inputmode="numeric" autocomplete="cc-exp" autocorrect="no" autocapitalize="no" spellcheck="no" type="tel" placeholder="MM / YY" /> </p><p class="form-row "> <label for="is_cvv">CVV <span class="required">*</span></label> <input type="number" class="input-text" id="qpaypro_cvv" name="qpaypro_cvv" max="9999" min="0" style="width:80px" required> <span style="padding-left: 10px;">3 or 4 digits</span>
FAQ

Frequently Asked Questions about Payment Gateway for QPayPro on WooCommerce