WP-Safety

Efí Bank Security & Risk Analysis

wordpress.org/plugins/woo-gerencianet-official

Receba pagamentos por Boleto bancário, Pix, Cartão de Crédito, Open Finance, Assinaturas via Boleto e/ou Cartão de Crédito em sua loja WooCommerce com …

500 active installs v3.1.3 PHP + WP + Updated Dec 4, 2025
gerencianetpaymentpixtransparent-checkoutwoocommerce
74
B · Generally Safe
CVEs total3
Unpatched1
Last CVEDec 31, 2025
Plugin page Download
Safety Verdict

Is Efí Bank Safe to Use in 2026?

Mostly Safe

Score 74/100

Efí Bank is generally safe to use. 3 past CVEs were resolved. Keep it updated.

3 known CVEs 1 unpatched Last CVE: Dec 31, 2025Updated 3mo ago
Risk Assessment

The "woo-gerencianet-official" plugin v3.1.3 presents a significant security risk due to a large attack surface comprised entirely of unprotected AJAX handlers. While the code shows some positive signs like 100% use of prepared statements for SQL queries and a high percentage of properly escaped output, the lack of authorization checks on all AJAX endpoints is a major concern. This could allow unauthorized users to trigger plugin functionalities, potentially leading to unintended actions or information exposure.

The taint analysis, while not revealing critical or high severity issues, did find 7 flows with unsanitized paths. This, combined with the unprotected AJAX handlers, suggests a potential for path traversal vulnerabilities or other file-related exploits. The plugin's history of 3 medium severity vulnerabilities, including Exposure of Sensitive Information, CSRF, and Missing Authorization, further reinforces the pattern of authorization and input validation weaknesses. The presence of an unpatched CVE, even if medium severity, is a direct and actionable risk that requires immediate attention.

In conclusion, the plugin has some good development practices regarding database interactions and output sanitization. However, the critical flaw of unprotected AJAX endpoints, coupled with historical vulnerabilities and taint analysis findings, creates a substantial security risk. The unpatched CVE is a particularly pressing issue that needs to be addressed promptly to mitigate known exploits. The overall security posture is concerning due to these critical weaknesses.

Key Concerns

  • All AJAX handlers lack authorization checks
  • 7 flows with unsanitized paths found
  • 1 unpatched CVE (medium severity)
  • History of Missing Authorization vulnerabilities
  • History of CSRF vulnerabilities
  • History of Exposure of Sensitive Information vulnerabilities
  • Only 1 nonce check for 8 AJAX handlers
  • Only 1 capability check for 8 AJAX handlers
  • Bundled Guzzle library
Vulnerabilities
3

Efí Bank Security Vulnerabilities

CVEs by Year

2 CVEs in 2023
2023
1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
3

3 total CVEs

CVE-2025-59136medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

Gerencianet Oficial <= 3.1.3 - Unauthenticated Information Exposure

Dec 31, 2025Unpatched
WF-5edaf310-c410-47dd-89cf-9aa15ab97acd-woo-gerencianet-officialmedium · 4.3Cross-Site Request Forgery (CSRF)

Gerencianet Oficial <= 1.4.8 - Cross-Site Request Forgery

Jan 26, 2023 Patched in 2.0.0 (362d)
WF-f440a5c5-2a48-4beb-849f-3f7cde5a8653-woo-gerencianet-officialmedium · 6.5Missing Authorization

Gerencianet Oficial <= 1.4.8 - Missing Authorization

Jan 26, 2023 Patched in 2.0.0 (362d)
Code Analysis
Analyzed Mar 16, 2026

Efí Bank Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
92
317 escaped
Nonce Checks
1
Capability Checks
1
File Operations
12
External Requests
0
Bundled Libraries
1

Bundled Libraries

Guzzle

Output Escaping

78% escaped409 total outputs
Data Flows
7 unsanitized

Data Flow Analysis

7 flows7 with unsanitized paths
init_gerencianet_open_finance (includes\payment-methods\class-wc-gerencianet-open-finance.php:5)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
8 unprotected

Efí Bank Attack Surface

Entry Points8
Unprotected8

AJAX Handlers 8

authwp_ajax_woocommerce_gerencianet_card_retryincludes\class-gerencianet-oficial.php:99
authwp_ajax_woocommerce_gerencianet_assinatura_retryincludes\class-gerencianet-oficial.php:100
authwp_ajax_check_pix_paymentincludes\class-gerencianet-oficial.php:103
noprivwp_ajax_check_pix_paymentincludes\class-gerencianet-oficial.php:104
authwp_ajax_gn_check_order_statusincludes\helpers.php:8
noprivwp_ajax_gn_check_order_statusincludes\helpers.php:9
authwp_ajax_woocommerce_gerencianet_cancel_subscriptionincludes\payment-methods\subscriptions\class-gerencianet-assinaturas.php:14
noprivwp_ajax_woocommerce_gerencianet_cancel_subscriptionincludes\payment-methods\subscriptions\class-gerencianet-assinaturas.php:15
WordPress Hooks 40
actionbefore_woocommerce_initgerencianet-oficial.php:62
actionplugins_loadedincludes\class-gerencianet-oficial.php:90
actionplugins_loadedincludes\class-gerencianet-oficial.php:91
actionplugins_loadedincludes\class-gerencianet-oficial.php:92
actionplugins_loadedincludes\class-gerencianet-oficial.php:93
actionplugins_loadedincludes\class-gerencianet-oficial.php:94
actionplugins_loadedincludes\class-gerencianet-oficial.php:95
actionplugins_loadedincludes\class-gerencianet-oficial.php:96
filterwoocommerce_payment_gatewaysincludes\class-gerencianet-oficial.php:107
filterplugin_action_links_woo-gerencianet-official/gerencianet-oficial.phpincludes\class-gerencianet-oficial.php:108
actionadmin_post_gn_download_logsincludes\class-gerencianet-oficial.php:111
actionadmin_post_register_webhookincludes\class-gerencianet-oficial.php:114
actionadmin_enqueue_scriptsincludes\class-gerencianet-oficial.php:116
actionplugins_loadedincludes\class-gerencianet-oficial.php:154
actionwoocommerce_thankyouincludes\class-gerencianet-oficial.php:180
actionwp_enqueue_scriptsincludes\class-gerencianet-oficial.php:182
filterwoocommerce_available_payment_gatewaysincludes\class-gerencianet-oficial.php:184
actionwoocommerce_admin_order_data_after_billing_addressincludes\payment-methods\class-wc-gerencianet-boleto.php:72
filterwoocommerce_my_account_my_orders_actionsincludes\payment-methods\class-wc-gerencianet-boleto.php:75
actionwp_enqueue_scriptsincludes\payment-methods\class-wc-gerencianet-cartao.php:63
actionwoocommerce_admin_order_data_after_billing_addressincludes\payment-methods\class-wc-gerencianet-open-finance.php:66
filterthe_titleincludes\payment-methods\class-wc-gerencianet-open-finance.php:70
filterwoocommerce_thankyou_order_received_textincludes\payment-methods\class-wc-gerencianet-open-finance.php:71
actionwoocommerce_admin_order_data_after_billing_addressincludes\payment-methods\class-wc-gerencianet-pix.php:72
filterwoocommerce_my_account_my_orders_actionsincludes\payment-methods\class-wc-gerencianet-pix.php:74
actioninitincludes\payment-methods\subscriptions\class-gerencianet-assinaturas.php:9
filtermanage_efi_assinaturas_posts_columnsincludes\payment-methods\subscriptions\class-gerencianet-assinaturas.php:10
actionmanage_efi_assinaturas_posts_custom_columnincludes\payment-methods\subscriptions\class-gerencianet-assinaturas.php:11
actionwoocommerce_admin_order_data_after_billing_addressincludes\payment-methods\subscriptions\class-gerencianet-assinaturas.php:12
actionadmin_enqueue_scriptsincludes\payment-methods\subscriptions\class-gerencianet-assinaturas.php:13
actionedit_form_after_titleincludes\payment-methods\subscriptions\class-gerencianet-assinaturas.php:16
actionwoocommerce_order_details_after_order_tableincludes\payment-methods\subscriptions\class-gerencianet-assinaturas.php:17
actionwoocommerce_order_status_cancelledincludes\payment-methods\subscriptions\class-gerencianet-assinaturas.php:18
actionwoocommerce_order_status_changedincludes\payment-methods\subscriptions\class-gerencianet-assinaturas.php:19
actionadd_meta_boxesincludes\payment-methods\subscriptions\class-gerencianet-planos.php:9
actionsave_post_productincludes\payment-methods\subscriptions\class-gerencianet-planos.php:10
filterwoocommerce_get_price_htmlincludes\payment-methods\subscriptions\class-gerencianet-planos.php:11
filterwoocommerce_add_to_cart_validationincludes\payment-methods\subscriptions\class-gerencianet-planos.php:12
actionwoocommerce_check_cart_itemsincludes\payment-methods\subscriptions\class-gerencianet-planos.php:13
actionwp_enqueue_scriptsincludes\payment-methods\subscriptions\class-wc-gerencianet-assinaturas-cartao.php:63
Maintenance & Trust

Efí Bank Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5
Last updatedDec 4, 2025
PHP min version
Downloads48K

Community Trust

Rating72/100
Number of ratings19
Active installs500
Alternatives

Efí Bank Alternatives

Pix por Piggly (para Woocommerce)

Pix por Piggly (para Woocommerce)

pix-por-piggly

A
92

Pix por Piggly v2.1.2

5K No CVEs
OpenPix for WooCommerce

OpenPix for WooCommerce

openpix-for-woocommerce

B
78

Accept Pix payments with real-time updates and seamless checkout.

600 1 unpatched
Pix Automático com Pagarme para WooCommerce

Pix Automático com Pagarme para WooCommerce

wc-pagarme-pix-payment

A
92

Pagamentos Pix com compensação automática, status do pedido é alterado automaticamente.

600 No CVEs
WP28 Pague com Pix

WP28 Pague com Pix

wp28-pague-com-pix

A
85

Add Pix as WooCommerce payment method. Adiciona ao WooCommerce o método de pagamento Pix

30 No CVEs
Parcelow

Parcelow

parcelow

A
100

Payment method that can be easily integrated

10 No CVEs
Developer Profile

Efí Bank Developer Profile

Efí Bank

1 plugin · 500 total installs

61
trust score
Avg Security Score
74/100
Avg Patch Time
362 days
View full developer profile
Detection Fingerprints

How We Detect Efí Bank

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/woo-gerencianet-official/assets/css/gerencianet-styles.css/wp-content/plugins/woo-gerencianet-official/assets/css/gerencianet-checkout-styles.css/wp-content/plugins/woo-gerencianet-official/assets/js/gerencianet-checkout.js/wp-content/plugins/woo-gerencianet-official/assets/js/gerencianet-pix.js/wp-content/plugins/woo-gerencianet-official/assets/js/gerencianet-card-form.js/wp-content/plugins/woo-gerencianet-official/assets/js/gerencianet-assinaturas.js/wp-content/plugins/woo-gerencianet-official/assets/js/gerencianet-admin.js
Script Paths
/wp-content/plugins/woo-gerencianet-official/assets/js/gerencianet-checkout.js/wp-content/plugins/woo-gerencianet-official/assets/js/gerencianet-pix.js/wp-content/plugins/woo-gerencianet-official/assets/js/gerencianet-card-form.js/wp-content/plugins/woo-gerencianet-official/assets/js/gerencianet-assinaturas.js/wp-content/plugins/woo-gerencianet-official/assets/js/gerencianet-admin.js
Version Parameters
woo-gerencianet-official/assets/css/gerencianet-styles.css?ver=woo-gerencianet-official/assets/css/gerencianet-checkout-styles.css?ver=woo-gerencianet-official/assets/js/gerencianet-checkout.js?ver=woo-gerencianet-official/assets/js/gerencianet-pix.js?ver=woo-gerencianet-official/assets/js/gerencianet-card-form.js?ver=woo-gerencianet-official/assets/js/gerencianet-assinaturas.js?ver=woo-gerencianet-official/assets/js/gerencianet-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
gerencianet-pix-qrcodegerencianet-pix-copy-codegerencianet-pix-codegerencianet-pix-formgerencianet-card-numbergerencianet-card-expirygerencianet-card-cvcgerencianet-card-holder+7 more
HTML Comments
<!-- PIX Fields --><!-- card Fields --><!-- Assinaturas Fields --><!-- Gerencianet Payment Options -->+4 more
Data Attributes
data-gn-pix-qrcode-urldata-gn-pix-codedata-gn-card-form-endpointdata-gn-signature-form-endpointdata-gn-admin-ajax-url
JS Globals
gerencianet_checkout_paramsgerencianet_pix_paramsgerencianet_card_form_paramsgerencianet_assinaturas_paramsGN_AJAX_URL
REST Endpoints
/wp-json/gerencianet-oficial/v1/pix-payment-status
Shortcode Output
[gerencianet_pix_qrcode][gerencianet_pix_copy_code][gerencianet_boleto_details][gerencianet_card_form]
FAQ

Frequently Asked Questions about Efí Bank