Does CardCom Payment Gateway have any unpatched vulnerabilities?

Yes — CardCom Payment Gateway currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is CardCom Payment Gateway compatible with WordPress 6.7.5?

According to WordPress.org data, CardCom Payment Gateway 3.5.0.5 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is CardCom Payment Gateway compatible with PHP 7.2+?

CardCom Payment Gateway requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is CardCom Payment Gateway updated?

CardCom Payment Gateway was last updated on Nov 12, 2025. Frequent updates are generally a positive security signal.

What is CardCom Payment Gateway's security score?

CardCom Payment Gateway has a WP-Safety security score of 78/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

CardCom Payment Gateway Security & Risk Analysis

wordpress.org/plugins/woo-cardcom-payment-gateway

Cardcom payment-gateway plugin for WooCommerce.

3K active installs v3.5.0.5 PHP 7.2+ WP 3.3+ Updated Nov 12, 2025

checkoutpayment-gatewaywoocommerce

B · Generally Safe

CVEs total1

Unpatched1

Last CVESep 22, 2025

Plugin page Download

Safety Verdict

Is CardCom Payment Gateway Safe to Use in 2026?

Mostly Safe

Score 78/100

CardCom Payment Gateway is generally safe to use. 1 past CVE were resolved. Keep it updated.

1 known CVE 1 unpatched Last CVE: Sep 22, 2025Updated 4mo ago

Risk Assessment

The "woo-cardcom-payment-gateway" plugin v3.5.0.5 presents a mixed security posture. On the positive side, the static analysis shows no readily identifiable dangerous functions, all SQL queries utilize prepared statements, and there are no detected taint flows. The plugin also demonstrates some good security practices with the presence of nonce and capability checks.

However, significant concerns arise from the output escaping, where only 50% of outputs are properly escaped, leaving potential for Cross-Site Scripting (XSS) vulnerabilities. Furthermore, the plugin has a history of vulnerabilities, including one currently unpatched medium severity CVE. The fact that the last vulnerability was in September 2025 and remains unpatched is a critical red flag, indicating a lack of ongoing maintenance and a potential for exploit. The presence of external HTTP requests without further context also warrants caution.

While the plugin's attack surface appears minimal and it employs some security controls, the unpatched vulnerability and insufficient output escaping significantly lower its overall security standing. Users should exercise extreme caution and prioritize updating or seeking alternative solutions if a patch is not promptly released.

Key Concerns

Unpatched CVE
Insufficient Output Escaping
External HTTP Requests (potential risk)

Vulnerabilities

CardCom Payment Gateway Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-57976medium · 6.5Missing Authorization

CardCom Payment Gateway <= 3.5.0.4 - Missing Authorization

Sep 22, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

CardCom Payment Gateway Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

6 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

50% escaped12 total outputs

Attack Surface

CardCom Payment Gateway Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 28

actionplugins_loadedcardcom.php:12

actioninitcardcom.php:23

actionwoocommerce_receipt_cardcomcardcom.php:176

actionwoocommerce_api_wc_gateway_cardcomcardcom.php:180

actionvalid-cardcom-ipn-requestcardcom.php:181

actionvalid-cardcom-successful-requestcardcom.php:182

actionvalid-cardcom-cancel-requestcardcom.php:183

actionvalid-cardcom-failed-requestcardcom.php:184

filterwoocommerce_payment_complete_order_statuscardcom.php:191

actionwoocommerce_order_status_completedcardcom.php:192

actionwoocommerce_order_status_processingcardcom.php:193

actionadmin_noticescardcom.php:196

actionwoocommerce_order_actionscardcom.php:197

actionadmin_enqueue_scriptscardcom.php:200

actionwoocommerce_subscription_payment_completecardcom.php:208

actionwoocommerce_subscription_renewal_payment_completecardcom.php:209

actionwoocommerce_subscription_payment_failedcardcom.php:210

actionwoocommerce_subscription_renewal_payment_failedcardcom.php:211

actionwoocommerce_subscription_status_updatedcardcom.php:213

actionwoocommerce_subscription_status_activecardcom.php:214

actionwoocommerce_subscription_status_cancelledcardcom.php:215

actionwoocommerce_subscription_status_expiredcardcom.php:216

actionwoocommerce_subscription_status_on-holdcardcom.php:217

actionvalid-paypal-standard-ipn-requestcardcom.php:258

filterwoocommerce_payment_gatewayscardcom.php:3286

actionwoocommerce_blocks_loadedcardcom.php:3289

actionwoocommerce_blocks_payment_method_type_registrationcardcom.php:3295

actionadmin_noticescardcom.php:3306

Maintenance & Trust

CardCom Payment Gateway Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedNov 12, 2025

PHP min version7.2

Downloads70K

Community Trust

Rating20/100

Number of ratings1

Active installs3K

Alternatives

CardCom Payment Gateway Alternatives

Custom Payment Gateways for WooCommerce

custom-payment-gateways-woocommerce

100

Custom payment gateways for WooCommerce - create custom payment gateways to never miss out any payments for your WooCommerce Store.

9K No CVEs

myPOS Checkout

mypos-virtual-for-woocommerce

100

One-click checkout with instant settlement. Accept all major cards, Apple Pay and Google Pay. No setup costs or monthly fees.

4K No CVEs

NOWPayments for WooCommerce – Crypto Payment Gateway

nowpayments-for-woocommerce

100

Accept Bitcoin, Ethereum, and 300+ cryptocurrencies in WooCommerce using the official NOWPayments crypto payment gateway.

3K No CVEs

Payment Gateways by User Roles for WooCommerce

payment-gateways-by-user-roles-for-woocommerce

100

Set user roles to include/exclude for WooCommerce payment gateways to show up.

3K No CVEs

imoje

100

Add payment via imoje to WooCommerce

2K No CVEs

Developer Profile

CardCom Payment Gateway Developer Profile

CardCom

1 plugin · 3K total installs

trust score

Avg Security Score

78/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect CardCom Payment Gateway

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/woo-cardcom-payment-gateway/assets/css/cardcom-checkout.css/wp-content/plugins/woo-cardcom-payment-gateway/assets/js/cardcom-checkout.js

Script Paths

/wp-content/plugins/woo-cardcom-payment-gateway/assets/js/cardcom-checkout.js

Version Parameters

woo-cardcom-payment-gateway/assets/css/cardcom-checkout.css?ver=woo-cardcom-payment-gateway/assets/js/cardcom-checkout.js?ver=

HTML / DOM Fingerprints

CSS Classes

cardcom-checkout-form

Data Attributes

data-cardcom-terminal-id

JS Globals

cardcom_checkout_params

FAQ