Does pensopay Payments have any unpatched vulnerabilities?

No. All known vulnerabilities in pensopay Payments have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is pensopay Payments compatible with WordPress 6.8.5?

According to WordPress.org data, pensopay Payments 7.1.9 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is pensopay Payments updated?

pensopay Payments was last updated on Jan 9, 2026. Frequent updates are generally a positive security signal.

What is pensopay Payments's security score?

pensopay Payments has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

pensopay Payments Security & Risk Analysis

wordpress.org/plugins/woo-pensopay

Integrates the pensopay payment gateway into your WooCommerce installation.

2K active installs v7.1.9 PHP + WP 6.3+ Updated Jan 9, 2026

gatewaypaymentpensopaypspwoocommerce

A · Safe

CVEs total1

Unpatched0

Last CVESep 5, 2023

Plugin page Download

Safety Verdict

Is pensopay Payments Safe to Use in 2026?

Generally Safe

Score 100/100

pensopay Payments has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Sep 5, 2023Updated 2mo ago

Risk Assessment

The "woo-pensopay" plugin version 7.1.9 presents a mixed security posture. While the static analysis shows no critical or high severity taint flows and a lack of dangerous functions, several areas raise significant concerns. A substantial portion of the attack surface, specifically 5 out of 7 AJAX handlers and 1 REST API route, lack proper authentication or permission checks. This opens the door to unauthorized actions and potential privilege escalation if malicious input can be supplied. Furthermore, all SQL queries are executed without prepared statements, a practice that significantly increases the risk of SQL injection vulnerabilities. The output escaping is also a concern, with only 29% of outputs being properly sanitized, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities.

The plugin's vulnerability history, including a medium severity CVE related to XSS, reinforces the concerns about improper input handling and output sanitization. While there are no currently unpatched vulnerabilities, the past occurrence of XSS suggests a recurring pattern of insecure coding practices. The presence of nonce checks and capability checks indicates some awareness of security, but their limited implementation leaves many entry points vulnerable. The plugin's strengths lie in its clean code regarding dangerous functions and taint analysis, but these are overshadowed by the numerous unprotected entry points and the critical lack of prepared statements for SQL queries, making it a moderate to high risk.

Key Concerns

AJAX handlers without auth checks
REST API route without permission checks
SQL queries without prepared statements
Low percentage of properly escaped output
Medium severity CVE history

Vulnerabilities

pensopay Payments Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2023-41691medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WooCommerce PensoPay <= 6.3.1 - Reflected Cross-Site Scripting via 'pensopay_action'

Sep 5, 2023 Patched in 6.3.2 (140d)

Code Analysis

Analyzed Mar 16, 2026

pensopay Payments Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

105

43 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared4 total queries

Output Escaping

29% escaped148 total outputs

Data Flows

All sanitized

Data Flow Analysis

6 flows

handle_bulk_actions_orders (classes\modules\woocommerce-pensopay-admin-orders-lists-table.php:129)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

6 unprotected

pensopay Payments Attack Surface

Entry Points8

Unprotected6

AJAX Handlers 7

authwp_ajax_woocommerce_pensopay_flush_runtime_errorshelpers\notices.php:130

authwp_ajax_pensopay_manual_transaction_actionswoocommerce-pensopay.php:293

authwp_ajax_pensopay_empty_logswoocommerce-pensopay.php:294

authwp_ajax_pensopay_flush_cachewoocommerce-pensopay.php:295

authwp_ajax_pensopay_ping_apiwoocommerce-pensopay.php:296

authwp_ajax_pensopay_fetch_private_keywoocommerce-pensopay.php:297

authwp_ajax_pensopay_run_data_upgraderwoocommerce-pensopay.php:298

REST API Routes 1

POST/wp-json/pensopay/v1/callbackwoocommerce-pensopay.php:235

WordPress Hooks 99

filterwoocommerce_available_payment_gatewaysclasses\instances\anyday.php:20

filterwoocommerce_pensopay_cardtypelock_anyday-splitclasses\instances\anyday.php:21

filterwoocommerce_pensopay_checkout_gateway_iconclasses\instances\apple-pay.php:21

filterwoocommerce_available_payment_gatewaysclasses\instances\apple-pay.php:22

filterwoocommerce_available_payment_gatewaysclasses\instances\google-pay.php:36

filterwoocommerce_pensopay_checkout_gateway_iconclasses\instances\google-pay.php:37

filterwoocommerce_pensopay_cardtypelock_idealclasses\instances\ideal.php:20

filterwoocommerce_pensopay_cardtypelock_klarna-paymentsclasses\instances\klarna-payments.php:20

filterwoocommerce_pensopay_cardtypelock_klarnaclasses\instances\klarna.php:20

filterwoocommerce_pensopay_cardtypelock_mobilepay-subscriptionsclasses\instances\mobilepay-subscriptions.php:36

filterwoocommerce_pensopay_transaction_params_invoiceclasses\instances\mobilepay-subscriptions.php:38

filterwoocommerce_available_payment_gatewaysclasses\instances\mobilepay-subscriptions.php:39

actionwoocommerce_pensopay_callback_subscription_authorizedclasses\instances\mobilepay-subscriptions.php:41

actionwoocommerce_pensopay_scheduled_subscription_payment_afterclasses\instances\mobilepay-subscriptions.php:42

filterwoocommerce_pensopay_callback_payment_capturedclasses\instances\mobilepay-subscriptions.php:43

filterwoocommerce_subscription_payment_metaclasses\instances\mobilepay-subscriptions.php:44

actionwoocommerce_pensopay_callback_subscription_cancelledclasses\instances\mobilepay-subscriptions.php:45

filterwoocommerce_available_payment_gatewaysclasses\instances\mobilepay.php:20

filterwoocommerce_pensopay_cardtypelock_mobilepayclasses\instances\mobilepay.php:21

filterwoocommerce_pensopay_cardtypelock_pensopay_paypalclasses\instances\paypal.php:20

filterwoocommerce_pensopay_transaction_params_basketclasses\instances\paypal.php:21

filterwoocommerce_pensopay_transaction_params_shipping_rowclasses\instances\paypal.php:22

filterwoocommerce_pensopay_cardtypelock_resursclasses\instances\resurs.php:20

filterwoocommerce_pensopay_cardtypelock_sofortclasses\instances\sofort.php:20

actionwoocommerce_pensopay_accepted_callback_status_captureclasses\instances\sofort.php:21

filterwoocommerce_available_payment_gatewaysclasses\instances\swish.php:20

filterwoocommerce_available_payment_gatewaysclasses\instances\viabill.php:35

filterwoocommerce_pensopay_cardtypelock_viabillclasses\instances\viabill.php:36

filterwoocommerce_get_price_htmlclasses\instances\viabill.php:38

filterwoocommerce_cart_totals_order_total_htmlclasses\instances\viabill.php:39

filterwoocommerce_gateway_method_descriptionclasses\instances\viabill.php:40

actionwoocommerce_checkout_order_reviewclasses\instances\viabill.php:41

actionwdp_price_display_init_hooksclasses\instances\viabill.php:43

actionwdp_price_display_remove_hooksclasses\instances\viabill.php:44

filterwoocommerce_available_payment_gatewaysclasses\instances\vipps.php:20

filterwoocommerce_pensopay_cardtypelock_vippsclasses\instances\vipps.php:21

actionadmin_initclasses\modules\woocommerce-pensopay-admin-orders-lists-table.php:6

filterwoocommerce_subscription_bulk_actionsclasses\modules\woocommerce-pensopay-admin-orders-lists-table.php:30

actionadd_meta_boxesclasses\modules\woocommerce-pensopay-admin-orders-meta.php:11

filterwoocommerce_order_actionsclasses\modules\woocommerce-pensopay-admin-orders.php:12

actionwoocommerce_order_action_pensopay_create_payment_linkclasses\modules\woocommerce-pensopay-admin-orders.php:13

filterwoocommerce_pensopay_order_number_for_apiclasses\modules\woocommerce-pensopay-admin-orders.php:86

actionwoocommerce_blocks_loadedclasses\modules\woocommerce-pensopay-blocks-checkout.php:16

actionwp_print_footer_scriptsclasses\modules\woocommerce-pensopay-blocks-checkout.php:19

actionadmin_print_scriptsclasses\modules\woocommerce-pensopay-blocks-checkout.php:20

actionwoocommerce_blocks_payment_method_type_registrationclasses\modules\woocommerce-pensopay-blocks-checkout.php:43

filterwoocommerce_email_classesclasses\modules\woocommerce-pensopay-emails.php:17

actionwoocommerce_pensopay_order_action_payment_link_createdclasses\modules\woocommerce-pensopay-emails.php:18

actionwoocommerce_order_status_completedclasses\modules\woocommerce-pensopay-orders.php:10

actionwoocommerce_order_status_processingclasses\modules\woocommerce-pensopay-orders.php:11

actionwoocommerce_order_status_cancelledclasses\modules\woocommerce-pensopay-orders.php:12

actionwoocommerce_pensopay_callback_payment_authorizedclasses\modules\woocommerce-pensopay-orders.php:14

filterwoocommerce_gateway_descriptionclasses\modules\woocommerce-pensopay-subscriptions-change-payment-method.php:9

actionwoocommerce_pensopay_scheduled_subscription_payment_afterclasses\modules\woocommerce-pensopay-subscriptions-early-renewals.php:6

actionwoocommerce_pensopay_callback_subscription_authorizedclasses\modules\woocommerce-pensopay-subscriptions.php:12

actionadd_meta_boxesclasses\woocommerce-pensopay-virtualterminal-payment.php:100

actionadmin_footerclasses\woocommerce-pensopay-virtualterminal-payment.php:106

actionsave_postclasses\woocommerce-pensopay-virtualterminal-payment.php:114

actionadmin_noticesclasses\woocommerce-pensopay-virtualterminal-payment.php:121

filterwoocommerce_pensopay_languageextensions\polylang.php:19

filterwoocommerce_pensopay_languageextensions\wpml.php:19

actionadmin_noticeshelpers\notices.php:93

actionadmin_noticeshelpers\notices.php:119

filterallowed_redirect_hostshelpers\requests.php:5

actionplugins_loadedwoocommerce-pensopay.php:25

actionadmin_noticeswoocommerce-pensopay.php:51

actionwoocommerce_order_status_completedwoocommerce-pensopay.php:268

actionin_plugin_update_message-woocommerce-pensopay/woocommerce-pensopay.phpwoocommerce-pensopay.php:269

filterwc_subscriptions_renewal_order_datawoocommerce-pensopay.php:276

filterwoocommerce_subscription_payment_metawoocommerce-pensopay.php:277

actionadmin_footer-edit.phpwoocommerce-pensopay.php:288

actionload-edit.phpwoocommerce-pensopay.php:289

actionadmin_enqueue_scriptswoocommerce-pensopay.php:291

actionadmin_enqueue_scriptswoocommerce-pensopay.php:292

actionin_plugin_update_message-woocommerce-pensopay/woocommerce-pensopay.phpwoocommerce-pensopay.php:299

actionwoocommerce_email_before_order_tablewoocommerce-pensopay.php:301

filtermanage_edit-shop_order_columnswoocommerce-pensopay.php:304

actionwoocommerce_pensopay_accepted_callbackwoocommerce-pensopay.php:305

actionadd_meta_boxeswoocommerce-pensopay.php:308

actionadmin_noticeswoocommerce-pensopay.php:309

actioninitwoocommerce-pensopay.php:312

filterwoocommerce_gateway_iconwoocommerce-pensopay.php:313

filterqtranslate_language_detect_redirectwoocommerce-pensopay.php:316

filterwpss_misc_form_spam_check_bypasswoocommerce-pensopay.php:317

filterwoocommerce_order_needs_paymentwoocommerce-pensopay.php:320

filterwoocommerce_valid_order_statuses_for_paymentwoocommerce-pensopay.php:321

actionwoocommerce_order_status_changedwoocommerce-pensopay.php:324

filterdetermine_localewoocommerce-pensopay.php:327

actionwp_headwoocommerce-pensopay.php:329

actionwoocommerce_order_status_refundedwoocommerce-pensopay.php:331

filterwoocommerce_payment_gatewayswoocommerce-pensopay.php:1755

filterwoocommerce_pensopay_load_instanceswoocommerce-pensopay.php:1756

actioninitwoocommerce-pensopay.php:1758

actionrest_api_initwoocommerce-pensopay.php:1759

actionadmin_menuwoocommerce-pensopay.php:1771

actioninitwoocommerce-pensopay.php:1780

actionpensopay_virtualpayments_updatewoocommerce-pensopay.php:1792

filterwoocommerce_pensopay_languagewoocommerce-pensopay.php:1805

actionbefore_woocommerce_initwoocommerce-pensopay.php:1822

Scheduled Events 1

pensopay_virtualpayments_update

Maintenance & Trust

pensopay Payments Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJan 9, 2026

PHP min version

Downloads59K

Community Trust

Rating100/100

Number of ratings1

Active installs2K

Alternatives

pensopay Payments Alternatives

pensopay Payments v2

pensopay-payments-v2

100

Integrates your pensopay V2 payment gateway into your WooCommerce installation.

1K No CVEs

Payment Gateway Based Fees and Discounts for WooCommerce

checkout-fees-for-woocommerce

Set fees and discounts for WooCommerce payment gateways.

30K 1 CVE

Paystack WooCommerce Payment Gateway

woo-paystack

100

Paystack for WooCommerce allows your WooCommerce store to accept secure payments from multiple local and global payment channels.

30K No CVEs

Montonio for WooCommerce

montonio-for-woocommerce

100

Montonio is a complete checkout solution for online stores that includes all popular payment methods (local banks, card payments, Apple Pay, Google Pa …

10K No CVEs

NETOPIA Payments Payment Gateway

netopia-payments-payment-gateway

NETOPIA Payments Payment Gateway extends WooCommerce payment options by adding NETOPIA's Payment Gateway options.

10K No CVEs

Developer Profile

pensopay Payments Developer Profile

pensopay

2 plugins · 3K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

140 days

View full developer profile

Detection Fingerprints

How We Detect pensopay Payments

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/woo-pensopay/classes/api/woocommerce-pensopay-api-payment.php/wp-content/plugins/woo-pensopay/classes/api/woocommerce-pensopay-api-transaction.php/wp-content/plugins/woo-pensopay/classes/woocommerce-pensopay-log.php/wp-content/plugins/woo-pensopay/classes/woocommerce-pensopay-helper.php/wp-content/plugins/woo-pensopay/classes/woocommerce-pensopay-settings.php/wp-content/plugins/woo-pensopay/classes/woocommerce-pensopay-order.php/wp-content/plugins/woo-pensopay/classes/woocommerce-pensopay-subscription.php/wp-content/plugins/woo-pensopay/classes/woocommerce-pensopay-countries.php+47 more

Version Parameters

woo-pensopay/style.css?ver=woo-pensopay/assets/css/frontend.min.css?ver=woo-pensopay/assets/css/blocks.style.build.css?ver=woo-pensopay/assets/js/frontend.min.js?ver=woo-pensopay/assets/js/blocks.frontend.build.js?ver=woo-pensopay/assets/js/admin.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

pensopay-formpensopay-payment-methodpensopay-payment-iconspensopay-payment-icons-wrapper

HTML Comments

+1 more

Data Attributes

data-gateway-iddata-payment-method

JS Globals

wc_pensopay_settings

REST Endpoints

/pensopay/v1/callback

FAQ