Does Multiple Payment Gateways for WooCommerce (WCMPG) have any unpatched vulnerabilities?

No. All known vulnerabilities in Multiple Payment Gateways for WooCommerce (WCMPG) have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Multiple Payment Gateways for WooCommerce (WCMPG) compatible with WordPress 6.7.5?

According to WordPress.org data, Multiple Payment Gateways for WooCommerce (WCMPG) 1.71 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

What is Multiple Payment Gateways for WooCommerce (WCMPG)'s security score?

Multiple Payment Gateways for WooCommerce (WCMPG) has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Multiple Payment Gateways for WooCommerce (WCMPG) Security Review

Safety Verdict

Is Multiple Payment Gateways for WooCommerce (WCMPG) Safe to Use in 2026?

Generally Safe

Score 100/100

Multiple Payment Gateways for WooCommerce (WCMPG) has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 23d ago

Risk Assessment

The plugin "wcmpg" v1.71 exhibits a concerning security posture primarily due to its lack of authentication and authorization checks on its entry points. The analysis reveals one unprotected AJAX handler, which presents a significant risk as unauthenticated users could potentially trigger its functionality. Furthermore, the presence of dangerous `exec` functions within the code signals a potential for remote code execution if these functions are reachable through an insecure entry point. While the plugin demonstrates good practices in SQL query handling by exclusively using prepared statements, and its vulnerability history is clean, these strengths are overshadowed by the critical deficiencies in securing its attack surface.

Key Concerns

Unprotected AJAX handler
Dangerous function 'exec' found
Low percentage of properly escaped output
No nonce checks on entry points
No capability checks on entry points
High percentage of unsanitized paths in taint analysis

Vulnerabilities

None known

Multiple Payment Gateways for WooCommerce (WCMPG) Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Multiple Payment Gateways for WooCommerce (WCMPG) Code Analysis

Dangerous Functions

3

Raw SQL Queries

0

0 prepared

Unescaped Output

52

2 escaped

Nonce Checks

0

Capability Checks

0

File Operations

7

External Requests

1

Bundled Libraries

0

Dangerous Functions Found

exec$result = exec("$path_bin_request $param_test");includes\functions.php:260

exec$result = exec( $cmd );includes\sips\class-wcmpg-sips.php:303

exec$result = exec( $cmd );includes\sips\class-wcmpg-sips.php:330

Output Escaping

4% escaped54 total outputs

Data Flows

14 unsanitized

Data Flow Analysis

16 flows14 with unsanitized paths

admin_options (includes\axepta\class-wcmpg-axepta.php:75)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Multiple Payment Gateways for WooCommerce (WCMPG) Attack Surface

Entry Points1

Unprotected1

AJAX Handlers 1

authwp_ajax_wcmpg_sips_testwcmpg.php:142

WordPress Hooks 17

actionwoocommerce_update_options_payment_gatewaysadmin\class-wcmpg-licence.php:48

actionwoocommerce_update_options_payment_gatewaysincludes\axepta\class-wcmpg-axepta.php:66

actionafter_setup_themeincludes\functions.php:3

filterpost_date_column_timeincludes\functions.php:308

actionwoocommerce_update_options_payment_gatewaysincludes\mercanet\class-wcmpg-mercanet.php:66

actionwoocommerce_update_options_payment_gatewaysincludes\monetico\class-wcmpg-monetico.php:46

actionwoocommerce_update_options_payment_gatewaysincludes\paybox\class-wcmpg-paybox.php:347

actionwoocommerce_update_options_payment_gatewaysincludes\paypal\class-wcmpg-paypal.php:41

actionwoocommerce_update_options_payment_gatewaysincludes\sips\class-wcmpg-sips.php:71

actionwoocommerce_update_options_payment_gatewaysincludes\sips-paypage-post\class-wcmpg-sips-paypage-post.php:89

actionwoocommerce_update_options_payment_gatewaysincludes\systempay\class-wcmpg-systempay.php:52

actionplugins_loadedwcmpg.php:54

filterwoocommerce_payment_gatewayswcmpg.php:77

actionwoocommerce_blocks_loadedwcmpg.php:78

actionall_admin_noticeswcmpg.php:135

actiontemplate_redirectwcmpg.php:159

actionwoocommerce_blocks_payment_method_type_registrationwcmpg.php:183

Maintenance & Trust

Multiple Payment Gateways for WooCommerce (WCMPG) Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedMar 11, 2026

PHP min version

Downloads19K

Community Trust

Rating0/100

Number of ratings0

Active installs200

Alternatives

Multiple Payment Gateways for WooCommerce (WCMPG) Alternatives

Fr Multi Bank Transfer Payment Gateways for WooCommerce

fr-multi-bank-transfer-payment-gateways-for-woocommerce

A

100

Add multiple bank transfer payment gateways.

2K No CVEs

Payment Gateway – nexi Alpha Bank for WooCommerce

woo-alpha-bank-payment-gateway

A

92

This Plugin adds Alpha Bank paycenter as a payment gateway for WooCommerce.

2K No CVEs

Advance Bank Payment Transfer Gateway

advance-bank-payment-transfer-gateway

A

100

Short Description: This plugin clones the Direct Bank Transfer gateway to create another offline payment method. License: GPLv2 or later

1K No CVEs

Payment Gateway bKash for WC

woo-payment-bkash

B

78

You can easily pay via bKash.

1K 1 unpatched

Direct Payments for WooCommerce – Bank Transfer, Mobile Money, Crypto and Peer-to-Peer (P2P) Payments

direct-payments-for-woocommerce

A

100

Direct Payments for WooCommerce allows your store to accept instant payments via bank transfers, mobile money, crypto and popular P2P platforms global …

700 No CVEs

Developer Profile

Multiple Payment Gateways for WooCommerce (WCMPG) Developer Profile

ircf

5 plugins · 310 total installs

75

trust score

Avg Security Score

94/100

Avg Patch Time

282 days

View full developer profile

Detection Fingerprints

How We Detect Multiple Payment Gateways for WooCommerce (WCMPG)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wcmpg/admin/js/wcmpg-admin-script.js/wp-content/plugins/wcmpg/admin/css/wcmpg-admin-style.css/wp-content/plugins/wcmpg/includes/js/wcmpg-script.js/wp-content/plugins/wcmpg/includes/css/wcmpg-style.css

Script Paths

/wp-content/plugins/wcmpg/admin/js/wcmpg-admin-script.js/wp-content/plugins/wcmpg/includes/js/wcmpg-script.js

HTML / DOM Fingerprints

CSS Classes

wcmpg-licence-inputwcmpg-licence-save-buttonwcmpg-notice-dismisswcmpg-payment-gateway-settings

HTML Comments

TODO remove

Data Attributes

data-wcmpg-gateway-iddata-wcmpg-order-iddata-wcmpg-action

JS Globals

wcmpg_ajax_object

REST Endpoints

/wp-json/wcmpg/v1/settings/wp-json/wcmpg/v1/payment/status

FAQ

Multiple Payment Gateways for WooCommerce (WCMPG) Security & Risk Analysis