Does Asaas Gateway for WooCommerce have any unpatched vulnerabilities?

No. All known vulnerabilities in Asaas Gateway for WooCommerce have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Asaas Gateway for WooCommerce compatible with WordPress 6.7.5?

According to WordPress.org data, Asaas Gateway for WooCommerce 2.7.4 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is Asaas Gateway for WooCommerce compatible with PHP 7.0+?

Asaas Gateway for WooCommerce requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Asaas Gateway for WooCommerce updated?

Asaas Gateway for WooCommerce was last updated on Mar 10, 2026. Frequent updates are generally a positive security signal.

What is Asaas Gateway for WooCommerce's security score?

Asaas Gateway for WooCommerce has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Asaas Gateway for WooCommerce Security & Risk Analysis

wordpress.org/plugins/woo-asaas

Take transparent credit card and bank ticket payment checkouts on your store using Asaas.

9K active installs v2.7.4 PHP 7.0+ WP 4.4+ Updated Mar 10, 2026

asaascredit-cardpaymentpayment-gatewaywoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Asaas Gateway for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Asaas Gateway for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 24d ago

Risk Assessment

The "woo-asaas" plugin v2.7.4 exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices by utilizing prepared statements for all SQL queries and ensuring almost all output is properly escaped. It also includes a reasonable number of nonce and capability checks. However, a significant concern arises from the presence of 9 AJAX handlers, with a concerning 7 of them lacking authentication checks. This creates a substantial attack surface that could be exploited by unauthenticated users.

The static analysis did not reveal any critical or high severity taint flows, which is a positive sign. The single dangerous function identified, `unserialize`, while potentially risky, does not appear to be used in a way that leads to immediate exploitable vulnerabilities based on the provided data. The plugin's history of zero known CVEs is also encouraging, suggesting a generally stable codebase.

In conclusion, while the plugin has strong foundations in secure coding practices for SQL and output handling, the numerous unprotected AJAX endpoints represent a critical weakness. The absence of historical vulnerabilities is positive but should not overshadow the immediate risks identified in the static analysis. Addressing the unprotected AJAX handlers should be the highest priority.

Key Concerns

Large attack surface without auth on AJAX
Dangerous function identified (unserialize)

Vulnerabilities

None known

Asaas Gateway for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Asaas Gateway for WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

7 prepared

Unescaped Output

222 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$this->meta = unserialize( $meta ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.serialize_includes\meta-data\class-customer.php:66

SQL Query Safety

100% prepared7 total queries

Output Escaping

99% escaped224 total outputs

Attack Surface

7 unprotected

Asaas Gateway for WooCommerce Attack Surface

Entry Points9

Unprotected7

AJAX Handlers 9

authwp_ajax_check_anticipation_optionincludes\anticipation\hook\class-anticipation-ajax.php:56

authwp_ajax_check_anticipation_allowedincludes\anticipation\hook\class-anticipation-ajax.php:57

authwp_ajax_check_anticipation_allowed_person_typeincludes\anticipation\hook\class-anticipation-ajax.php:58

authwp_ajax_check_api_connection_statusincludes\connectivity\hook\class-api-connection-ajax.php:14

authwp_ajax_api_connection_health_checkincludes\connectivity\hook\class-api-connection-ajax.php:15

authwp_ajax_check_webhook_statusincludes\connectivity\hook\class-webhook-connection-ajax.php:53

authwp_ajax_webhook_health_checkincludes\connectivity\hook\class-webhook-connection-ajax.php:54

authwp_ajax_reenable_webhookincludes\connectivity\hook\class-webhook-connection-ajax.php:55

authwp_ajax_update_existing_webhook_emailincludes\connectivity\hook\class-webhook-connection-ajax.php:56

WordPress Hooks 78

actionadmin_noticesincludes\admin\class-plugin-dependency.php:98

actionrequests-requests.before_requestincludes\api\client\class-client.php:42

filterwoocommerce_form_field_radioincludes\checkout\form-field\class-one-click-options.php:58

actioninitincludes\class-wc-asaas.php:73

actionadmin_initincludes\class-wc-asaas.php:76

actioninitincludes\class-wc-asaas.php:82

actioninitincludes\class-wc-asaas.php:83

actioninitincludes\class-wc-asaas.php:84

actionremove_expired_ticketincludes\class-wc-asaas.php:85

actionremove_expired_pix_asaasincludes\class-wc-asaas.php:86

actionadmin_enqueue_scriptsincludes\class-wc-asaas.php:87

actionwp_enqueue_scriptsincludes\class-wc-asaas.php:88

filterwoocommerce_payment_gatewaysincludes\class-wc-asaas.php:89

filterwoocommerce_asaas_payment_dataincludes\class-wc-asaas.php:90

actioninitincludes\class-wc-asaas.php:92

filterwoocommerce_asaas_ticket_payment_fieldsincludes\class-wc-asaas.php:94

filterwoocommerce_asaas_cc_payment_fieldsincludes\class-wc-asaas.php:95

filterwoocommerce_asaas_ticket_settings_fieldsincludes\class-wc-asaas.php:96

filterwoocommerce_asaas_cc_settings_fieldsincludes\class-wc-asaas.php:97

filterwoocommerce_asaas_cc_settings_sectionsincludes\class-wc-asaas.php:98

filterwoocommerce_asaas_cc_settings_fieldsincludes\class-wc-asaas.php:99

filterwoocommerce_asaas_settings_sectionsincludes\class-wc-asaas.php:101

filterwoocommerce_asaas_settings_fieldsincludes\class-wc-asaas.php:102

actionwoocommerce_system_status_reportincludes\class-wc-asaas.php:103

actionadmin_noticesincludes\class-wc-asaas.php:104

filterwoocommerce_asaas_cc_settings_sectionsincludes\class-wc-asaas.php:106

filterwoocommerce_asaas_cc_settings_fieldsincludes\class-wc-asaas.php:107

actionadmin_noticesincludes\class-wc-asaas.php:108

filterwcs_is_early_renewal_enabledincludes\class-wc-asaas.php:110

filterwcs_is_early_renewal_via_modal_enabledincludes\class-wc-asaas.php:111

filterwoocommerce_subscription_settingsincludes\class-wc-asaas.php:112

filterwoocommerce_subscription_settingsincludes\class-wc-asaas.php:113

filterwoocommerce_asaas_settings_sectionsincludes\class-wc-asaas.php:114

filterwoocommerce_subscription_settingsincludes\class-wc-asaas.php:115

filterwoocommerce_asaas_settings_sectionsincludes\class-wc-asaas.php:116

actionpre_post_updateincludes\class-wc-asaas.php:118

filterwoocommerce_asaas_settings_sectionsincludes\class-wc-asaas.php:120

actionwoocommerce_product_options_general_product_dataincludes\class-wc-asaas.php:121

filterwoocommerce_available_payment_gatewaysincludes\class-wc-asaas.php:122

actionwoocommerce_coupon_optionsincludes\class-wc-asaas.php:123

filterwoocommerce_can_subscription_be_updated_to_activeincludes\class-wc-asaas.php:125

actionwoocommerce_subscription_status_changedincludes\class-wc-asaas.php:126

actionwoocommerce_checkout_order_createdincludes\class-wc-asaas.php:128

filterwoocommerce_subscriptions_synced_first_payment_date_stringincludes\class-wc-asaas.php:129

filterwoocommerce_my_account_my_orders_actionsincludes\class-wc-asaas.php:132

actionadmin_noticesincludes\class-wc-asaas.php:134

actionadmin_noticesincludes\class-wc-asaas.php:135

actionadmin_initincludes\class-wc-asaas.php:137

filterwoocommerce_asaas_request_urlincludes\connectivity\hook\class-connection-ajax.php:15

filterwoocommerce_asaas_request_api_keyincludes\connectivity\hook\class-connection-ajax.php:21

actionwoocommerce_view_orderincludes\gateway\class-credit-card.php:49

actionwoocommerce_settings_checkoutincludes\gateway\class-gateway.php:125

actionwoocommerce_checkout_update_user_metaincludes\gateway\class-gateway.php:130

actionwoocommerce_after_checkout_validationincludes\gateway\class-gateway.php:131

actionwoocommerce_view_orderincludes\gateway\class-pix.php:48

actionwoocommerce_view_orderincludes\gateway\class-ticket.php:43

filterwoocommerce_asaas_should_enqueue_scriptincludes\split\hook\class-split-assets-hook.php:10

filterwoocommerce_asaas_payment_dataincludes\split\hook\class-split-checkout-hook.php:18

filterwoocommerce_payment_successful_resultincludes\split\hook\class-split-checkout-hook.php:19

filterplugin_action_linksincludes\split\hook\class-split-plugins-list-hook.php:10

filterwoocommerce_asaas_settings_sectionsincludes\split\hook\class-split-settings-hook.php:13

filterwoocommerce_asaas_settings_fieldsincludes\split\hook\class-split-settings-hook.php:14

filterpost_row_actionsincludes\split\hook\class-split-wallet-admin-table-hook.php:16

actionadmin_noticesincludes\split\hook\class-split-wallet-edit-page-hook.php:15

filterenter_title_hereincludes\split\hook\class-split-wallet-edit-page-hook.php:16

actionpost_submitbox_misc_actionsincludes\split\hook\class-split-wallet-edit-page-hook.php:17

actionwoocommerce_asaas_add_inline_scriptincludes\split\hook\class-split-wallet-edit-page-hook.php:18

actionpost_submitbox_misc_actionsincludes\split\hook\class-split-wallet-edit-page-hook.php:62

actionwoocommerce_asaas_add_inline_scriptincludes\split\hook\class-split-wallet-edit-page-hook.php:63

actioninitincludes\split\hook\class-split-wallet-post-type-hook.php:15

actionadd_meta_boxesincludes\split\hook\class-split-wallet-post-type-hook.php:16

actionadmin_action_editpostincludes\split\hook\class-split-wallet-save-hook.php:25

filterredirect_post_locationincludes\split\hook\class-split-wallet-save-hook.php:26

filterwp_insert_post_empty_contentincludes\split\hook\class-split-wallet-save-hook.php:106

actiontemplate_redirectincludes\webhook\class-endpoint.php:97

filterquery_varsincludes\webhook\class-endpoint.php:99

actionwoocommerce_order_after_calculate_totalsincludes\webhook\class-webhook.php:90

actionplugins_loadedwoo-asaas.php:23

Scheduled Events 2

remove_expired_pix_asaas

remove_expired_ticket

Maintenance & Trust

Asaas Gateway for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedMar 10, 2026

PHP min version7.0

Downloads178K

Community Trust

Rating78/100

Number of ratings17

Active installs9K

Alternatives

Asaas Gateway for WooCommerce Alternatives

Gestpay for WooCommerce

gestpay-for-woocommerce

Axerve Free Plugin for Woocommerce extends WooCommerce providing the payment gateway Axerve.

1K 3 CVEs

PayPlus Payment Gateway

payplus-payment-gateway

Accept credit/debit card payments or other methods such as bit, Apple Pay, Google Pay in one page. Create digitally signed invoices & much more!

1K 3 CVEs

WC Moneris Payment Gateway

wc-moneris-payment-gateway

100

A simple plugin that easily add moneris payment gateway to your WooCommerce website.

900 No CVEs

WC Shop Sync – Square Payment Gateway and Product Synchronization for WooCommerce

woosquare

Want to add Square Payment Gateway for WooCommerce? Download WC Shop Sync plugin to add Square payments, inventory sync, customer data, orders, etc.

900 2 CVEs

Sola Payment Gateway for WooCommerce

woo-cardknox-gateway

100

Accept payments with the Sola gateway.

700 No CVEs

Developer Profile

Asaas Gateway for WooCommerce Developer Profile

Asaas

2 plugins · 9K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Asaas Gateway for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/woo-asaas/build/css/admin.css/wp-content/plugins/woo-asaas/build/css/checkout.css/wp-content/plugins/woo-asaas/build/css/frontend.css/wp-content/plugins/woo-asaas/build/js/admin.js/wp-content/plugins/woo-asaas/build/js/checkout.js/wp-content/plugins/woo-asaas/build/js/frontend.js

Version Parameters

/wp-content/plugins/woo-asaas/build/css/admin.css?ver=/wp-content/plugins/woo-asaas/build/css/checkout.css?ver=/wp-content/plugins/woo-asaas/build/css/frontend.css?ver=/wp-content/plugins/woo-asaas/build/js/admin.js?ver=/wp-content/plugins/woo-asaas/build/js/checkout.js?ver=/wp-content/plugins/woo-asaas/build/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

asaas-gateway-cc-fieldasaas-gateway-ticket-fieldwc-asaas-admin-noticewc-asaas-cc-installment-fieldwc-asaas-cc-installment-groupwc-asaas-cc-settings-fieldswc-asaas-checkout-fieldwc-asaas-discount-coupon-field+12 more

HTML Comments

Data Attributes

data-asaas-cc-numberdata-asaas-cc-expirationdata-asaas-cc-security-codedata-asaas-cc-holder-namedata-asaas-installment-countdata-asaas-installment-value+1 more

JS Globals

WooAsaasFrontendWooAsaasCheckoutWooAsaasAdminwoo_asaas_params

REST Endpoints

/wp-json/wc-asaas/v1/settings/wp-json/wc-asaas/v1/webhook

FAQ