WP-Safety

Wonderful Payments – Pay by Bank and Open Banking for Woo (UK) Security & Risk Analysis

wordpress.org/plugins/wonderful-payments-for-woocommerce

Accept Pay by Bank payments in WooCommerce using Open Banking. Instant settlement, lower fees, bank-level security. UK merchants only.

20 active installs v0.8.5 PHP 8.0+ WP 6.5+ Updated Feb 6, 2026
instant-settlementopen-bankingpay-by-bankuk-paymentswoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Wonderful Payments – Pay by Bank and Open Banking for Woo (UK) Safe to Use in 2026?

Generally Safe

Score 100/100

Wonderful Payments – Pay by Bank and Open Banking for Woo (UK) has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The "wonderful-payments-for-woocommerce" plugin v0.8.5 exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and a high percentage of properly escaped output. The absence of known CVEs and a clean vulnerability history are also encouraging signs, suggesting a relatively stable and well-maintained codebase.

However, significant concerns arise from the static analysis. The plugin exposes two unprotected entry points: one AJAX handler and one REST API route that lacks permission callbacks. This presents a notable attack surface where unauthenticated or unauthorized users could potentially interact with sensitive functionalities. The presence of one flow with an unsanitized path in the taint analysis, while not classified as critical or high, warrants further investigation as it indicates a potential avenue for injection attacks if exploited correctly.

In conclusion, while the plugin benefits from strong data handling and a clear vulnerability history, the exposed, unprotected entry points and the identified unsanitized path are critical weaknesses that elevate the risk profile. These areas require immediate attention to mitigate potential security breaches.

Key Concerns

  • Unprotected AJAX handler
  • Unprotected REST API route
  • Flow with unsanitized path
  • Limited nonce checks
Vulnerabilities
None known

Wonderful Payments – Pay by Bank and Open Banking for Woo (UK) Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Wonderful Payments – Pay by Bank and Open Banking for Woo (UK) Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
12
65 escaped
Nonce Checks
1
Capability Checks
6
File Operations
6
External Requests
8
Bundled Libraries
0

Output Escaping

84% escaped77 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths
<class-gateway> (class-gateway.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Wonderful Payments – Pay by Bank and Open Banking for Woo (UK) Attack Surface

Entry Points3
Unprotected2

AJAX Handlers 2

authwp_ajax_wonderful_disconnectclass-gateway.php:70
authwp_ajax_refund_via_wonderfulwoocommerce-wonderful-payments.php:255

REST API Routes 1

POST/wp-json/wonderful/v1/webhookclass-gateway.php:104
WordPress Hooks 18
actionadmin_initclass-gateway.php:66
actionadmin_initclass-gateway.php:67
actionadmin_initclass-gateway.php:68
actionrest_api_initclass-gateway.php:69
actionadmin_footerclass-gateway.php:71
actionwoocommerce_blocks_payment_method_type_registrationwoocommerce-wonderful-payments.php:76
actionadmin_enqueue_scriptswoocommerce-wonderful-payments.php:99
actionwp_enqueue_scriptswoocommerce-wonderful-payments.php:113
actionwoocommerce_admin_order_data_after_billing_addresswoocommerce-wonderful-payments.php:115
actionwoocommerce_order_details_after_order_tablewoocommerce-wonderful-payments.php:134
actionwoocommerce_order_item_add_action_buttonswoocommerce-wonderful-payments.php:158
actionwoocommerce_order_item_add_action_buttonswoocommerce-wonderful-payments.php:160
filterwoocommerce_available_payment_gatewayswoocommerce-wonderful-payments.php:312
actionplugins_loadedwoocommerce-wonderful-payments.php:315
filterwoocommerce_payment_gatewayswoocommerce-wonderful-payments.php:316
actionbefore_woocommerce_initwoocommerce-wonderful-payments.php:317
actionwoocommerce_blocks_loadedwoocommerce-wonderful-payments.php:318
actionwp_enqueue_scriptswoocommerce-wonderful-payments.php:332
Maintenance & Trust

Wonderful Payments – Pay by Bank and Open Banking for Woo (UK) Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 6, 2026
PHP min version8.0
Downloads3K

Community Trust

Rating100/100
Number of ratings1
Active installs20
Alternatives

Wonderful Payments – Pay by Bank and Open Banking for Woo (UK) Alternatives

Total processing card payments for WooCommerce

Total processing card payments for WooCommerce

totalprocessing-card-payments

A
96

Accept Credit Cards and Debit Cards on your WooCommerce store.

100 3 CVEs
Instant Bank Payments via GoCardless for WooCommerce

Instant Bank Payments via GoCardless for WooCommerce

wc-gocardless-instant-bank-payments

A
85

Take instant bank payments on your WooCommerce store through open banking technology. Increase your conversions, reduce fees, reduce failed payments a &hellip;

100 No CVEs
Vendreo Open Banking Gateway

Vendreo Open Banking Gateway

vendreo-open-banking-gateway

A
92

Vendreo's latest payment solution. Accept Open Banking payments online through your WooCommerce store safely and securely.

0 No CVEs
Essential Addons for Elementor – Popular Elementor Templates & Widgets

Essential Addons for Elementor – Popular Elementor Templates & Widgets

essential-addons-for-elementor-lite

B
76

Elementor addon offering 110+ widgets and templates — Elementor Gallery, Slider, Form, Post Grid, Menu, Accordion, WooCommerce & more.

2.0M 56 CVEs
Google for WooCommerce

Google for WooCommerce

google-listings-and-ads

A
99

Native integration with Google that allows merchants to easily display their products across Google’s network.

900K 1 CVE
Developer Profile

Wonderful Payments – Pay by Bank and Open Banking for Woo (UK) Developer Profile

Wonderful Payments

1 plugin · 20 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Wonderful Payments – Pay by Bank and Open Banking for Woo (UK)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wonderful-payments-for-woocommerce/assets/logo.png/wp-content/plugins/wonderful-payments-for-woocommerce/custom-admin-scripts.js/wp-content/plugins/wonderful-payments-for-woocommerce/wonderful-payments.js
Script Paths
/wp-content/plugins/wonderful-payments-for-woocommerce/custom-admin-scripts.js/wp-content/plugins/wonderful-payments-for-woocommerce/wonderful-payments.js
Version Parameters
wonderful-payments-for-woocommerce/custom-admin-scripts.js?ver=wonderful-payments-for-woocommerce/wonderful-payments.js?ver=

HTML / DOM Fingerprints

CSS Classes
refund-via-wonderfulwc-order-refund-via-wonderful-itemswc-order-wonderful-logowc-order-successful-refund-panelwc-order-failed-refund-panelwonderful-refund-failure-reason
Data Attributes
data-wonderful-payment-iddata-wonderful-order-iddata-wonderful-payment-ref
Shortcode Output
<p><strong>Wonderful Payment ID:</strong><p><strong>Wonderful Order ID:</strong><p><strong>Wonderful Payments Ref:</strong><button type="button" class="button refund-via-wonderful">Refund via Wonderful</button>
FAQ

Frequently Asked Questions about Wonderful Payments – Pay by Bank and Open Banking for Woo (UK)