
Payment Gateway for Redsys & WooCommerce Lite Security & Risk Analysis
wordpress.org/plugins/woo-redsys-gateway-lightAdd Redsys Gateway, BIZUM, and Apple/Google Pay redirection to WooCommerce. Lite version of the premium Redsys plugin on WooCommerce.com.
Is Payment Gateway for Redsys & WooCommerce Lite Safe to Use in 2026?
Generally Safe
Score 96/100Payment Gateway for Redsys & WooCommerce Lite has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.
The "woo-redsys-gateway-light" v7.0.0 plugin exhibits a generally strong security posture based on the static analysis. The absence of any identified AJAX handlers, REST API routes, shortcodes, or cron events with unprotected entry points significantly reduces the attack surface. Furthermore, the code's adherence to using prepared statements for all SQL queries and a high percentage of properly escaped output are positive indicators. The low number of file operations and external HTTP requests also contribute to a more controlled environment. The lack of any recorded vulnerabilities, historical or current, suggests a history of stable and secure development.
However, there are minor areas for attention. The presence of file operations and external HTTP requests, while not inherently insecure, represent potential vectors if not meticulously handled. The plugin also relies on nonce checks, which are present, but the absence of capability checks for any entry points is a notable gap. While the attack surface is currently zero, future additions could introduce risks if proper authorization is not implemented from the outset. Overall, this plugin appears to be well-developed from a security perspective, with only minor considerations for continued vigilance.
Key Concerns
- Missing capability checks on entry points
- Presence of file operations
- Presence of external HTTP requests
Payment Gateway for Redsys & WooCommerce Lite Security Vulnerabilities
CVEs by Year
Severity Breakdown
2 total CVEs
Payment Gateway for Redsys & WooCommerce Lite <= 7.0.0 - Missing Authorization
Payment Gateway for Redsys & WooCommerce Lite <= 7.0.0 - Improper Verification of Cryptographic Signature to Unauthenticated Payment Status Manipulation
Payment Gateway for Redsys & WooCommerce Lite Release Timeline
Payment Gateway for Redsys & WooCommerce Lite Code Analysis
Output Escaping
Payment Gateway for Redsys & WooCommerce Lite Attack Surface
WordPress Hooks 27
Maintenance & Trust
Payment Gateway for Redsys & WooCommerce Lite Maintenance & Trust
Maintenance Signals
Community Trust
Payment Gateway for Redsys & WooCommerce Lite Alternatives
WooPayments: Integrated WooCommerce Payments
woocommerce-payments
Securely accept credit and debit cards on your WooCommerce store. Manage payments without leaving your WordPress dashboard. Only with WooPayments.
FunnelKit Payment Gateway for Stripe WooCommerce
funnelkit-stripe-woo-payment-gateway
FunnelKit Payment Gateway for Stripe WooCommerce is an integrated solution that lets you accept payments on your online store for web and mobile.
Sola Payment Gateway for WooCommerce
woo-cardknox-gateway
Accept payments with the Sola gateway.
tatrapay+ Payment Gateway
tatrapay-payment-gateway
Latest payment processing solution from Tatrabanka. Accept Pay Later, credit/debit cards and bank accounts.
Dominate Checkout Suite SaaS
iwd-checkout-connector
Cloud-based checkout for WooCommerce with a fast, customizable single-page experience.
Payment Gateway for Redsys & WooCommerce Lite Developer Profile
6 plugins · 21K total installs
How We Detect Payment Gateway for Redsys & WooCommerce Lite
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/woo-redsys-gateway-light/assets/css/welcome.css/wp-content/plugins/woo-redsys-gateway-light/assets/css/redsys-css.csswoo-redsys-gateway-light/assets/css/welcome.css?ver=woo-redsys-gateway-light/assets/css/redsys-css.css?ver=HTML / DOM Fingerprints
woocommerce-redsys-messagescontenido-redsys-noticeCopyright: (C) 2013 - 2021 José ContiGlobal class for global functions.PSD2 class for Redsys.id="message"class="updated woocommerce-message woocommerce-redsys-messages"REDSYS_WOOCOMMERCE_VERSIONREDSYS_PLUGIN_URLREDSYS_PLUGIN_PATHREDSYS_POST_UPDATE_URLREDSYS_TELEGRAM_URLREDSYS_REVIEW+5 more