Does MercadoPago Plus para WooCommerce have any unpatched vulnerabilities?

No. All known vulnerabilities in MercadoPago Plus para WooCommerce have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is MercadoPago Plus para WooCommerce compatible with WordPress 6.9.4?

According to WordPress.org data, MercadoPago Plus para WooCommerce 2.2.6 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is MercadoPago Plus para WooCommerce compatible with PHP 7.1+?

MercadoPago Plus para WooCommerce requires PHP 7.1 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is MercadoPago Plus para WooCommerce updated?

MercadoPago Plus para WooCommerce was last updated on Jan 10, 2026. Frequent updates are generally a positive security signal.

What is MercadoPago Plus para WooCommerce's security score?

MercadoPago Plus para WooCommerce has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

MercadoPago Plus para WooCommerce Security & Risk Analysis

wordpress.org/plugins/woo-mercadopago-gateway-checkout

Conectá MercadoPago Plus para tu tienda de WooCommerce

50 active installs v2.2.6 PHP 7.1+ WP 4.8+ Updated Jan 10, 2026

mercado-pagomercadopagopayments

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is MercadoPago Plus para WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

MercadoPago Plus para WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago

Risk Assessment

The plugin 'woo-mercadopago-gateway-checkout' v2.2.6 exhibits a generally good security posture based on the static analysis and vulnerability history. The absence of known CVEs and the fact that all identified SQL queries utilize prepared statements are strong indicators of secure coding practices. Furthermore, the plugin demonstrates a commitment to proper output escaping, with a high percentage of outputs being secured. The limited attack surface, with no identified AJAX handlers, REST API routes, shortcodes, or cron events exposed without proper checks, is a significant positive security trait.

However, a notable concern arises from the presence of the `unserialize` function. While the analysis doesn't explicitly show a direct vulnerability stemming from it in this version, `unserialize` is inherently risky as it can lead to object injection vulnerabilities if used with untrusted input. The absence of nonces on any potential entry points (though none were identified) also leaves a theoretical window for certain types of attacks if new entry points were to be introduced or if existing ones were used improperly by other means. The vulnerability history shows a clean slate, which is excellent, but it's important to maintain vigilance, especially with functions like `unserialize`.

In conclusion, the plugin is performing well in terms of security. The lack of known vulnerabilities and the strong adherence to prepared statements and output escaping are commendable. The primary area for improvement and ongoing monitoring is the `unserialize` function and ensuring that any data processed by it is rigorously validated and sanitized to prevent potential object injection flaws.

Key Concerns

Presence of unserialize function
Missing nonce checks

Vulnerabilities

None known

MercadoPago Plus para WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

MercadoPago Plus para WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

22 prepared

Unescaped Output

31 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserializereturn unserialize( $row['cache_value'] );Database\CacheTable.php:83

SQL Query Safety

100% prepared22 total queries

Output Escaping

86% escaped36 total outputs

Attack Surface

MercadoPago Plus para WooCommerce Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 17

actionadd_meta_boxesOrders\Metabox.php:14

actionwoocommerce_blocks_loadedPaymentMethod\BlocksCheckoutIntegration.php:11

actionwoocommerce_blocks_payment_method_type_registrationPaymentMethod\BlocksCheckoutIntegration.php:15

filterwoocommerce_payment_gatewaysPaymentMethod\WC_MPP_Bricks_Method.php:27

actionwoocommerce_cart_calculate_feesPaymentMethod\WC_MPP_Bricks_Method.php:28

filterwoocommerce_is_rest_api_requestRest\Routes.php:19

actionrest_api_initRest\Routes.php:29

actionadmin_initSettings\MainSettings.php:10

actionadmin_menuSettings\MainSettings.php:11

actionadmin_enqueue_scriptsSettings\MainSettings.php:12

actionplugins_loadedwoocommerce-mercadopago-plus.php:51

actionadmin_enqueue_scriptswoocommerce-mercadopago-plus.php:52

actionwp_enqueue_scriptswoocommerce-mercadopago-plus.php:53

actionbefore_woocommerce_initwoocommerce-mercadopago-plus.php:55

actioninitwoocommerce-mercadopago-plus.php:56

actionadmin_noticeswoocommerce-mercadopago-plus.php:192

actionwoocommerce_blocks_loadedwoocommerce-mercadopago-plus.php:193

Maintenance & Trust

MercadoPago Plus para WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 10, 2026

PHP min version7.1

Downloads14K

Community Trust

Rating100/100

Number of ratings1

Active installs50

Alternatives

MercadoPago Plus para WooCommerce Alternatives

Promociones Mercado Pago

promociones-mercado-pago

Lists Mercado Pago credit and debit card active promotions.

10 No CVEs

PagoForms: Mercado Pago Payments

pagoforms

100

Accept Mercado Pago payments through WPForms. Credit cards, debit cards, cash payments, and digital wallets across Latin America.

0 No CVEs

WooPayments: Integrated WooCommerce Payments

woocommerce-payments

Securely accept credit and debit cards on your WooCommerce store. Manage payments without leaving your WordPress dashboard. Only with WooPayments.

900K 7 CVEs

WooCommerce PayPal Payments

woocommerce-paypal-payments

100

PayPal's latest payment processing solution. Accept PayPal, Pay Later, credit/debit cards, alternative digital wallets and bank accounts.

800K 1 CVE

WooCommerce Stripe Payment Gateway

woocommerce-gateway-stripe

Accept debit and credit cards in 135+ currencies, many local methods like Alipay, ACH, and SEPA, and express checkout with Apple Pay and Google Pay.

700K 4 CVEs

Developer Profile

MercadoPago Plus para WooCommerce Developer Profile

CRPlugins

4 plugins · 260 total installs

trust score

Avg Security Score

96/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect MercadoPago Plus para WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/woo-mercadopago-gateway-checkout/assets/js/surreal.js/wp-content/plugins/woo-mercadopago-gateway-checkout/assets/js/helper.js/wp-content/plugins/woo-mercadopago-gateway-checkout/assets/js/settings.js/wp-content/plugins/woo-mercadopago-gateway-checkout/assets/css/general.css

Script Paths

assets/js/surreal.jsassets/js/helper.jsassets/js/settings.js

Version Parameters

woo-mercadopago-gateway-checkout/assets/js/surreal.js?ver=woo-mercadopago-gateway-checkout/assets/js/helper.js?ver=woo-mercadopago-gateway-checkout/assets/js/settings.js?ver=woo-mercadopago-gateway-checkout/assets/css/general.css?ver=

HTML / DOM Fingerprints

CSS Classes

mercadopago-plus-containermpp-settings-fields-container

HTML Comments

CRPlugins MercadoPago PlusMercadoPago PlusMPEFMPP

Data Attributes

data-urldata-langdata-public-keydata-tokendata-site-id

JS Globals

wc_mercadopago_plus_helper_settingswc_mercadopago_plus_translation_texts

REST Endpoints

/wp-json/cr-mercadopago-plus/v1/health-check/wp-json/cr-mercadopago-plus/v1/logs

FAQ