Does Whalet Payment have any unpatched vulnerabilities?

No. All known vulnerabilities in Whalet Payment have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Whalet Payment compatible with WordPress 6.8.5?

According to WordPress.org data, Whalet Payment 1.1.2 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Whalet Payment compatible with PHP 7.4+?

Whalet Payment requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Whalet Payment updated?

Whalet Payment was last updated on Jan 26, 2026. Frequent updates are generally a positive security signal.

What is Whalet Payment's security score?

Whalet Payment has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Whalet Payment Security & Risk Analysis

wordpress.org/plugins/whalet-payment

Secure and convenient online payment gateway for WordPress with WooCommerce integration and flexible payment solutions.

0 active installs v1.1.2 PHP 7.4+ WP 5.0+ Updated Jan 26, 2026

credit-cardecommerceonline-paymentpayment-gatewaywoocommerce-checkout

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Whalet Payment Safe to Use in 2026?

Generally Safe

Score 100/100

Whalet Payment has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago

Risk Assessment

The "whalet-payment" v1.1.2 plugin demonstrates a generally good security posture, with strong adoption of prepared statements for SQL queries and proper output escaping, both exceeding 85%. The absence of known vulnerabilities and CVEs in its history is a significant positive indicator. The plugin also implements a substantial number of nonce and capability checks, suggesting a proactive approach to securing its functionalities.

However, a key concern arises from the attack surface analysis, which reveals 14 AJAX handlers, with 2 of them lacking authentication checks. This presents a direct risk of unauthorized actions if these handlers are exploitable. Furthermore, the taint analysis identified 3 flows with unsanitized paths, although these did not reach critical or high severity levels. These flows, combined with the unprotected AJAX handlers, represent potential avenues for attackers to manipulate plugin behavior or access sensitive data, even if the immediate impact is not severe.

In conclusion, while "whalet-payment" exhibits many positive security practices, the presence of unprotected AJAX handlers and unsanitized code paths warrants attention. Addressing these specific weaknesses would significantly strengthen the plugin's overall security. The lack of historical vulnerabilities is reassuring, but it is crucial to address the identified immediate risks to maintain a robust security profile.

Key Concerns

AJAX handlers without authentication checks
Flows with unsanitized paths detected

Vulnerabilities

None known

Whalet Payment Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Whalet Payment Code Analysis

Dangerous Functions

Raw SQL Queries

51 prepared

Unescaped Output

476 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

88% prepared58 total queries

Output Escaping

87% escaped546 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

8 flows3 with unsanitized paths

clear_cart_on_request (whalet-payment.php:174)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Whalet Payment Attack Surface

Entry Points17

Unprotected2

AJAX Handlers 14

authwp_ajax_whalet_check_payment_statusincludes\api\class-ajax-handlers.php:37

noprivwp_ajax_whalet_check_payment_statusincludes\api\class-ajax-handlers.php:38

authwp_ajax_whalet_get_configincludes\api\class-ajax-handlers.php:39

noprivwp_ajax_whalet_get_configincludes\api\class-ajax-handlers.php:40

authwp_ajax_whalet_check_databaseincludes\api\class-ajax-handlers.php:41

authwp_ajax_whalet_recreate_databaseincludes\api\class-ajax-handlers.php:42

authwp_ajax_whalet_export_ordersincludes\api\class-ajax-handlers.php:43

authwp_ajax_whalet_export_orderincludes\api\class-ajax-handlers.php:44

authwp_ajax_whalet_bulk_delete_ordersincludes\api\class-ajax-handlers.php:45

authwp_ajax_whalet_process_refundincludes\api\class-ajax-handlers.php:46

authwp_ajax_whalet_get_logsincludes\api\class-ajax-handlers.php:47

authwp_ajax_whalet_update_shop_configincludes\api\class-ajax-handlers.php:48

authwp_ajax_whalet_save_settingsincludes\api\class-ajax-handlers.php:49

authwp_ajax_whalet_get_woocommerce_payment_urlincludes\api\class-ajax-handlers.php:50

Shortcodes 3

[whalet_payment] includes\core\class-shortcodes.php:46

[whalet_button] includes\core\class-shortcodes.php:47

[whalet_pay] includes\core\class-shortcodes.php:48

WordPress Hooks 84

actionrest_api_initincludes\api\class-rest-api.php:31

filterwhalet_db_create_payment_orderincludes\core\class-database.php:37

filterwhalet_db_get_payment_order_by_order_idincludes\core\class-database.php:38

filterwhalet_db_update_payment_order_statusincludes\core\class-database.php:39

filterwhalet_db_get_orders_paginatedincludes\core\class-database.php:40

filterwhalet_db_get_payment_order_detailincludes\core\class-database.php:41

filterwhalet_db_get_order_by_unique_flagincludes\core\class-database.php:42

filterwhalet_db_delete_payment_orderincludes\core\class-database.php:43

filterwhalet_db_get_order_by_gateway_payment_idincludes\core\class-database.php:44

filterwhalet_db_update_payment_order_metadataincludes\core\class-database.php:45

filterwhalet_db_create_refund_orderincludes\core\class-database.php:49

filterwhalet_db_get_refund_order_by_refund_idincludes\core\class-database.php:50

filterwhalet_db_get_refunds_by_order_idincludes\core\class-database.php:51

filterwhalet_db_update_refund_order_statusincludes\core\class-database.php:52

filterwhalet_db_get_refund_record_by_gateway_idincludes\core\class-database.php:53

filterwhalet_db_get_refund_by_gateway_idincludes\core\class-database.php:54

filterwhalet_db_get_order_total_refundedincludes\core\class-database.php:55

filterwhalet_db_get_statisticsincludes\core\class-database.php:59

filterwhalet_payment_handler_create_payment_orderincludes\core\class-payment-handler.php:27

filterwhalet_payment_handler_process_gateway_paymentincludes\core\class-payment-handler.php:28

filterwhalet_payment_handler_handle_webhookincludes\core\class-payment-handler.php:29

filterwhalet_payment_handler_get_payment_statusincludes\core\class-payment-handler.php:30

actioninitincludes\core\class-shortcodes.php:35

actionwp_enqueue_scriptsincludes\core\class-shortcodes.php:36

actionwp_footerincludes\core\class-shortcodes.php:37

actioninitincludes\frontend\class-whalet-checkout-page.php:9

filterquery_varsincludes\frontend\class-whalet-checkout-page.php:10

filtertemplate_includeincludes\frontend\class-whalet-checkout-page.php:11

actionwp_enqueue_scriptsincludes\frontend\class-whalet-checkout-page.php:12

actionadmin_initincludes\frontend\class-whalet-checkout-page.php:13

filterscript_loader_tagincludes\frontend\class-whalet-checkout-page.php:58

filterwhalet_api_handler_get_api_base_urlincludes\handlers\class-whalet-api-handler.php:25

filterwhalet_api_handler_get_api_timeoutincludes\handlers\class-whalet-api-handler.php:26

filterwhalet_api_handler_post_to_payment_gatewayincludes\handlers\class-whalet-api-handler.php:27

filterwhalet_callback_handler_execute_payment_callbackincludes\handlers\class-whalet-callback-handler.php:43

filterwhalet_callback_handler_send_webhook_callbackincludes\handlers\class-whalet-callback-handler.php:44

filterwhalet_config_processor_update_shop_config_from_gatewayincludes\handlers\class-whalet-config-processor.php:31

filterwhalet_payment_processor_create_payment_orderincludes\handlers\class-whalet-payment-processor.php:39

filterwhalet_payment_processor_process_status_updateincludes\handlers\class-whalet-payment-processor.php:40

filterwhalet_payment_processor_process_gateway_paymentincludes\handlers\class-whalet-payment-processor.php:41

filterwhalet_payment_processor_get_payment_statusincludes\handlers\class-whalet-payment-processor.php:42

filterwhalet_payment_processor_create_gateway_paymentincludes\handlers\class-whalet-payment-processor.php:43

filterwhalet_refund_processor_create_refundincludes\handlers\class-whalet-refund-processor.php:35

filterwhalet_refund_processor_process_refund_webhookincludes\handlers\class-whalet-refund-processor.php:36

filterwhalet_refund_processor_sync_refund_statusincludes\handlers\class-whalet-refund-processor.php:37

filterwhalet_webhook_handler_handle_webhookincludes\handlers\class-whalet-webhook-handler.php:31

filterwhalet_webhook_processor_process_webhookincludes\handlers\class-whalet-webhook-processor.php:33

actionplugins_loadedincludes\utils\install.php:429

actioninitwhalet-payment.php:97

actionadmin_initwhalet-payment.php:100

actionadmin_menuwhalet-payment.php:103

actionadmin_enqueue_scriptswhalet-payment.php:106

actionwp_enqueue_scriptswhalet-payment.php:107

actionwp_footerwhalet-payment.php:110

actionplugins_loadedwhalet-payment.php:113

actioninitwhalet-payment.php:116

actionwp_enqueue_scriptswoocommerce\card\class-wc-gateway-card.php:92

filterwoocommerce_gateway_titlewoocommerce\card\class-wc-gateway-card.php:95

actioninitwoocommerce\card\class-wc-gateway-card.php:98

actionwp_enqueue_scriptswoocommerce\class-wc-gateway.php:90

filterwoocommerce_gateway_titlewoocommerce\class-wc-gateway.php:93

actioninitwoocommerce\class-wc-gateway.php:97

actionwhalet_payment_status_updatedwoocommerce\class-wc-hooks.php:25

actionwhalet_refund_status_updatedwoocommerce\class-wc-hooks.php:26

actioninitwoocommerce\class-wc-order-status.php:37

filterwc_order_statuseswoocommerce\class-wc-order-status.php:38

filterwoocommerce_valid_order_statuses_for_payment_completewoocommerce\class-wc-order-status.php:41

filterwoocommerce_valid_order_statuses_for_processingwoocommerce\class-wc-order-status.php:42

filterwoocommerce_valid_order_statuses_for_completewoocommerce\class-wc-order-status.php:43

filterwoocommerce_valid_order_statuses_for_cancelwoocommerce\class-wc-order-status.php:44

filterwoocommerce_order_is_editablewoocommerce\class-wc-order-status.php:47

filterwc_order_is_editablewoocommerce\class-wc-order-status.php:48

filterwoocommerce_can_order_be_updated_to_statuswoocommerce\class-wc-order-status.php:51

filterwoocommerce_order_can_update_statuswoocommerce\class-wc-order-status.php:54

filterwoocommerce_valid_order_statuses_for_paymentwoocommerce\class-wc-order-status.php:55

actionwoocommerce_order_status_changedwoocommerce\class-wc-order-status.php:58

filterwhalet_process_paymentwoocommerce\class-wc-payment-handler.php:19

actionadmin_initwoocommerce\class-whalet-onboarding-gateway.php:33

actionwp_enqueue_scriptswoocommerce\local\class-wc-gateway.php:91

filterwoocommerce_gateway_titlewoocommerce\local\class-wc-gateway.php:94

actioninitwoocommerce\local\class-wc-gateway.php:98

actionwoocommerce_update_orderwoocommerce\logistics-sync\class-wc-logistics-sync.php:41

filterwoocommerce_payment_gatewayswoocommerce\woocommerce-loader.php:75

actionwoocommerce_blocks_payment_method_type_registrationwoocommerce\woocommerce-loader.php:77

Scheduled Events 2

whalet_cleanup_expired_orders

whalet_sync_payment_status

Maintenance & Trust

Whalet Payment Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJan 26, 2026

PHP min version7.4

Downloads523

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Whalet Payment Alternatives

Paystation Payment Gateway for woocommerce

paystation-woocommerce-payment-gateway

100

Take credit card payments on your store via Paystation.

100 No CVEs

MONEI Payments for WooCommerce

monei

100

Accept Card, Apple Pay, Google Pay, Bizum, PayPal and many more payment methods in your WooCommerce store using MONEI payment gateway.

400 No CVEs

FeexPay

feexpay

A secure plugin to accept Mobile Money and Credit Card payments.

100 No CVEs

Pay Advantage

pay-advantage

Instantly accept Visa, Mastercard and American Express from your site with fast settlement to any Australian bank account.

40 No CVEs

Beanstream for WooCommerce

beanstream-gateway-for-woocommerce

A Payment Gateway for WooCommerce allowing you to take credit card payments using Beanstream.

30 No CVEs

Developer Profile

Whalet Payment Developer Profile

whalet

1 plugin · 0 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Whalet Payment

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/whalet-payment/assets/css/whalet-admin.css/wp-content/plugins/whalet-payment/assets/css/whalet-refund.css/wp-content/plugins/whalet-payment/assets/js/whalet-admin.js/wp-content/plugins/whalet-payment/assets/js/whalet-payment.js

Script Paths

/wp-content/plugins/whalet-payment/assets/js/whalet-admin.js/wp-content/plugins/whalet-payment/assets/js/whalet-payment.js

Version Parameters

whalet-payment/assets/css/whalet-admin.css?ver=whalet-payment/assets/css/whalet-refund.css?ver=whalet-payment/assets/js/whalet-admin.js?ver=whalet-payment/assets/js/whalet-payment.js?ver=

HTML / DOM Fingerprints

JS Globals

whalet_payment_ajax_object

REST Endpoints

/wp-json/whalet-payment/v1/get-order/wp-json/whalet-payment/v1/capture-payment

Shortcode Output

[whalet_payment_button]

FAQ