WP-Safety

Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit Security & Risk Analysis

wordpress.org/plugins/woo-rede

Payment Gateway for Rede Itaú for WooCommerce - PIX, Credit Card and Debit Cards.

1K active installs v5.3.1 PHP 7.2+ WP 5.0+ Updated Mar 9, 2026
cartao-creditoitaupagamentopixrede
98
A · Safe
CVEs total2
Unpatched0
Last CVEJan 15, 2026
Download
Safety Verdict

Is Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit Safe to Use in 2026?

Generally Safe

Score 98/100

Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Jan 15, 2026Updated 24d ago
Risk Assessment

The "woo-rede" plugin v5.3.3 exhibits a concerning security posture primarily due to its large, unprotected attack surface. While the code demonstrates good practices like 100% prepared SQL statements and a high percentage of output escaping, the significant number of unprotected AJAX handlers and REST API routes presents a considerable risk. These entry points, if vulnerable to injection or manipulation, could be exploited by unauthenticated users, leading to unauthorized actions or data breaches.

The taint analysis, while limited, did reveal one flow with unsanitized paths, which is a potential concern for path traversal or file inclusion vulnerabilities, though it was not categorized as critical or high severity. The vulnerability history shows two past medium severity CVEs, including "Missing Authentication for Critical Function" and "Insufficient Verification of Data Authenticity." The fact that the last vulnerability was recorded in 2026 suggests potential for outdated security practices or a lack of ongoing maintenance, even though there are currently no unpatched CVEs.

In conclusion, the plugin's strengths lie in its secure handling of SQL queries and output. However, the overwhelming majority of its attack surface is exposed without authentication, creating a significant risk profile. The historical vulnerability types further highlight the need for robust authentication and input validation on all public-facing endpoints. The plugin is not recommended for production environments without significant security hardening.

Key Concerns

  • High number of unprotected AJAX handlers
  • High number of unprotected REST API routes
  • Taint flow with unsanitized paths
  • Past medium severity CVEs
Vulnerabilities
2

Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit Security Vulnerabilities

CVEs by Year

2 CVEs in 2026
2026
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2026-0942medium · 5.3Missing Authentication for Critical Function

Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit <= 5.1.5 - Missing Authorization to Unauthenticated Rede Order Logs Deletion

Jan 15, 2026 Patched in 5.1.6 (14d)
CVE-2026-0939medium · 5.3Insufficient Verification of Data Authenticity

Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit <= 5.1.2 - Unauthenticated Order Status Manipulation

Jan 15, 2026 Patched in 5.1.3 (4d)
Code Analysis
Analyzed Mar 16, 2026

Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
8 prepared
Unescaped Output
18
381 escaped
Nonce Checks
10
Capability Checks
7
File Operations
2
External Requests
19
Bundled Libraries
0

SQL Query Safety

100% prepared8 total queries

Output Escaping

95% escaped399 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

3 flows1 with unsanitized paths
ajax_get_recent_rede_orders (Includes\LknIntegrationRedeForWoocommerce.php:1761)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
21 unprotected

Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit Attack Surface

Entry Points22
Unprotected21

AJAX Handlers 15

authwp_ajax_lkn_get_rede_credit_dataIncludes\LknIntegrationRedeForWoocommerce.php:265
noprivwp_ajax_lkn_get_rede_credit_dataIncludes\LknIntegrationRedeForWoocommerce.php:266
authwp_ajax_lkn_get_rede_debit_dataIncludes\LknIntegrationRedeForWoocommerce.php:269
noprivwp_ajax_lkn_get_rede_debit_dataIncludes\LknIntegrationRedeForWoocommerce.php:270
authwp_ajax_lkn_get_maxipago_credit_dataIncludes\LknIntegrationRedeForWoocommerce.php:273
noprivwp_ajax_lkn_get_maxipago_credit_dataIncludes\LknIntegrationRedeForWoocommerce.php:274
authwp_ajax_lkn_update_installment_sessionIncludes\LknIntegrationRedeForWoocommerce.php:279
noprivwp_ajax_lkn_update_installment_sessionIncludes\LknIntegrationRedeForWoocommerce.php:280
authwp_ajax_lkn_generate_new_google_pay_keysIncludes\LknIntegrationRedeForWoocommerce.php:287
authwp_ajax_update_installment_sessionIncludes\LknIntegrationRedeForWoocommerce.php:1243
noprivwp_ajax_update_installment_sessionIncludes\LknIntegrationRedeForWoocommerce.php:1244
authwp_ajax_lkn_get_offline_bin_cardIncludes\LknIntegrationRedeForWoocommerce.php:1247
noprivwp_ajax_lkn_get_offline_bin_cardIncludes\LknIntegrationRedeForWoocommerce.php:1248
authwp_ajax_lkn_get_recent_rede_ordersIncludes\LknIntegrationRedeForWoocommerce.php:1256
noprivwp_ajax_lkn_get_recent_rede_ordersIncludes\LknIntegrationRedeForWoocommerce.php:1257

REST API Routes 7

POST/wp-json/redePRO/redePixListenerIncludes\LknIntegrationRedeForWoocommerceWcEndpoint.php:135
POST/wp-json/redeIntegration/pixListenerIncludes\LknIntegrationRedeForWoocommerceWcEndpoint.php:142
GET/wp-json/redeIntegration/verifyPixRedeStatusIncludes\LknIntegrationRedeForWoocommerceWcEndpoint.php:148
POST/wp-json/redeIntegration/maxipagoDebitListenerIncludes\LknIntegrationRedeForWoocommerceWcEndpoint.php:154
DELETE/wp-json/redeIntegration/clearOrderLogsIncludes\LknIntegrationRedeForWoocommerceWcEndpoint.php:160
POST/wp-json/woorede/sIncludes\LknIntegrationRedeForWoocommerceWcEndpoint.php:166
POST/wp-json/woorede/fIncludes\LknIntegrationRedeForWoocommerceWcEndpoint.php:172
WordPress Hooks 50
actionwoocommerce_initIncludes\LknIntegrationRedeForWoocommerce.php:138
actionadmin_noticesIncludes\LknIntegrationRedeForWoocommerce.php:166
filterintegration_rede_for_woocommerce_get_card_tokenIncludes\LknIntegrationRedeForWoocommerce.php:192
filterintegration_rede_for_woocommerce_set_supportsIncludes\LknIntegrationRedeForWoocommerce.php:193
actionadmin_enqueue_scriptsIncludes\LknIntegrationRedeForWoocommerce.php:207
actionadmin_enqueue_scriptsIncludes\LknIntegrationRedeForWoocommerce.php:208
actionwoocommerce_admin_order_data_after_billing_addressIncludes\LknIntegrationRedeForWoocommerce.php:211
actionwoocommerce_admin_order_data_after_billing_addressIncludes\LknIntegrationRedeForWoocommerce.php:212
actionwoocommerce_order_details_after_order_tableIncludes\LknIntegrationRedeForWoocommerce.php:213
actionwoocommerce_order_status_cancelledIncludes\LknIntegrationRedeForWoocommerce.php:217
actionwoocommerce_order_status_cancelledIncludes\LknIntegrationRedeForWoocommerce.php:218
actionwoocommerce_api_wc_rede_creditIncludes\LknIntegrationRedeForWoocommerce.php:221
filterwoocommerce_get_order_item_totalsIncludes\LknIntegrationRedeForWoocommerce.php:222
actionwoocommerce_admin_order_data_after_billing_addressIncludes\LknIntegrationRedeForWoocommerce.php:223
actionwoocommerce_api_wc_rede_creditIncludes\LknIntegrationRedeForWoocommerce.php:228
filterwoocommerce_get_order_item_totalsIncludes\LknIntegrationRedeForWoocommerce.php:229
actionwoocommerce_admin_order_data_after_billing_addressIncludes\LknIntegrationRedeForWoocommerce.php:230
actionwoocommerce_admin_order_data_after_billing_addressIncludes\LknIntegrationRedeForWoocommerce.php:233
actionadmin_noticesIncludes\LknIntegrationRedeForWoocommerce.php:235
actionwoocommerce_admin_order_data_after_billing_addressIncludes\LknIntegrationRedeForWoocommerce.php:238
filterlknRedeGetMerchantAuthIncludes\LknIntegrationRedeForWoocommerce.php:239
filterplugin_row_metaIncludes\LknIntegrationRedeForWoocommerce.php:245
actionrest_api_initIncludes\LknIntegrationRedeForWoocommerce.php:247
filterwoocommerce_gateway_titleIncludes\LknIntegrationRedeForWoocommerce.php:248
actionadd_meta_boxesIncludes\LknIntegrationRedeForWoocommerce.php:250
actionadmin_noticesIncludes\LknIntegrationRedeForWoocommerce.php:252
actionadmin_noticesIncludes\LknIntegrationRedeForWoocommerce.php:255
filterwoocommerce_order_actionsIncludes\LknIntegrationRedeForWoocommerce.php:258
actionwoocommerce_order_action_verify_pix_statusIncludes\LknIntegrationRedeForWoocommerce.php:259
actionupgrader_process_completeIncludes\LknIntegrationRedeForWoocommerce.php:262
actionwp_enqueue_scriptsIncludes\LknIntegrationRedeForWoocommerce.php:277
actionadmin_enqueue_scriptsIncludes\LknIntegrationRedeForWoocommerce.php:283
filterwoocommerce_analytics_report_menu_itemsIncludes\LknIntegrationRedeForWoocommerce.php:284
actionwp_enqueue_scriptsIncludes\LknIntegrationRedeForWoocommerce.php:1225
actionwp_enqueue_scriptsIncludes\LknIntegrationRedeForWoocommerce.php:1226
filterwoocommerce_payment_gatewaysIncludes\LknIntegrationRedeForWoocommerce.php:1228
actionwoocommerce_checkout_fieldsIncludes\LknIntegrationRedeForWoocommerce.php:1232
actionwoocommerce_checkout_fieldsIncludes\LknIntegrationRedeForWoocommerce.php:1233
actionwp_enqueue_scriptsIncludes\LknIntegrationRedeForWoocommerce.php:1234
actionwp_enqueue_scriptsIncludes\LknIntegrationRedeForWoocommerce.php:1235
actionwp_enqueue_scriptsIncludes\LknIntegrationRedeForWoocommerce.php:1236
actionwp_enqueue_scriptsIncludes\LknIntegrationRedeForWoocommerce.php:1237
actionbefore_woocommerce_initIncludes\LknIntegrationRedeForWoocommerce.php:1239
actionwoocommerce_blocks_payment_method_type_registrationIncludes\LknIntegrationRedeForWoocommerce.php:1240
filterwoocommerce_new_order_note_dataIncludes\LknIntegrationRedeForWoocommerce.php:1251
actionwoocommerce_review_order_after_order_totalIncludes\LknIntegrationRedeForWoocommerce.php:1254
actioninitIncludes\LknIntegrationRedeForWoocommerceWcRedeDebit.php:75
actioninitIncludes\LknIntegrationRedeForWoocommerceWcRedeDebit.php:78
actionadmin_noticesIncludes\LknIntegrationRedeForWoocommerceWcRedeDebit.php:793
actionadmin_noticesIncludes\LknIntegrationRedeForWoocommerceWcRedeDebit.php:806

Scheduled Events 1

lkn_verify_pix_payment
Maintenance & Trust

Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 9, 2026
PHP min version7.2
Downloads37K

Community Trust

Rating96/100
Number of ratings8
Active installs1K
Alternatives

Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit Alternatives

Virtuaria Rede ( Itaú ) Pagamentos

Virtuaria Rede ( Itaú ) Pagamentos

virtuaria-eredeitau

A
100

Pagamentos via Pix e Cartão de Crédito na sua loja virtual com a confiabilidade da Rede / Itaú diretamente em seu WooCommerce.

60 No CVEs
PagHiper Boleto e PIX para WooCommerce

PagHiper Boleto e PIX para WooCommerce

woo-boleto-paghiper

A
100

Ofereça a seus clientes pagamento boleto bancário com a PagHiper. Fácil, prático e rapido!

1K No CVEs
CIELO API PIX, credit card, debit payment for WooCommerce

CIELO API PIX, credit card, debit payment for WooCommerce

lkn-wc-gateway-cielo

A
100

Payment Gateway for Cielo API for WooCommerce - PIX, Google Pay, Credit Card and Debit Cards.

800 No CVEs
Pix Automático com Pagarme para WooCommerce

Pix Automático com Pagarme para WooCommerce

wc-pagarme-pix-payment

A
92

Pagamentos Pix com compensação automática, status do pedido é alterado automaticamente.

600 No CVEs
iPag Pagamentos Digitais

iPag Pagamentos Digitais

ipag-woocommerce

A
100

Facilite pagamentos online com segurança e rapidez, integrando sua loja ao nosso gateway e PSP.

100 No CVEs
Developer Profile

Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit Developer Profile

linknacional

18 plugins · 5K total installs

99
trust score
Avg Security Score
98/100
Avg Patch Time
6 days
View full developer profile
Detection Fingerprints

How We Detect Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/woo-rede/css/lkn-integration-rede-for-woocommerce-admin.css/wp-content/plugins/woo-rede/js/lkn-integration-rede-for-woocommerce-admin-pro-fields.js/wp-content/plugins/woo-rede/js/lkn-integration-rede-for-woocommerce-admin-pro-installments.js/wp-content/plugins/woo-rede/js/lkn-integration-rede-for-woocommerce-admin.js
Script Paths
js/lkn-integration-rede-for-woocommerce-admin-pro-fields.jsjs/lkn-integration-rede-for-woocommerce-admin-pro-installments.jsjs/lkn-integration-rede-for-woocommerce-admin.js
Version Parameters
woo-rede/css/lkn-integration-rede-for-woocommerce-admin.css?ver=woo-rede/js/lkn-integration-rede-for-woocommerce-admin-pro-fields.js?ver=woo-rede/js/lkn-integration-rede-for-woocommerce-admin-pro-installments.js?ver=woo-rede/js/lkn-integration-rede-for-woocommerce-admin.js?ver=

HTML / DOM Fingerprints

JS Globals
lknPhpProFieldsVariableslknPhpVariables
FAQ

Frequently Asked Questions about Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit