WP-Safety

e-SCOTT Smart pro for WooCommerce Security & Risk Analysis

wordpress.org/plugins/woo-sonypayment

e-SCOTT Smart pro for WooCommerce plugin allows you to accept Credit Cards, Convenience Stores, Pay-easy, E-money Payments via e-SCOTT Smart system Po …

20 active installs v2.0.4 PHP 7.4+ WP 5.6+ Updated Unknown
credit-carde-scottpaymentsubscriptionswoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is e-SCOTT Smart pro for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

e-SCOTT Smart pro for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs
Risk Assessment

The "woo-sonypayment" plugin v2.0.4 exhibits a generally strong security posture based on the provided static analysis and vulnerability history. The plugin demonstrates good practices by implementing nonce checks and capability checks on a significant portion of its entry points, and the vast majority of its SQL queries utilize prepared statements, greatly mitigating the risk of SQL injection. Furthermore, the high percentage of properly escaped outputs reduces the likelihood of cross-site scripting (XSS) vulnerabilities. The absence of any known CVEs or historical vulnerabilities is a positive indicator of consistent security maintenance.

However, there are a few areas that warrant attention. The presence of three unsanitized paths identified during taint analysis, although not classified as critical or high severity, indicates potential weaknesses where user-supplied input might not be adequately validated or cleaned before being used in sensitive operations. While the attack surface is small and all identified entry points have authentication checks, the existence of file operations without further context on their nature could present a risk if not handled with extreme care. The plugin's reliance on no bundled libraries is also a positive sign, reducing the risk of exploiting known vulnerabilities in third-party code. Overall, the plugin is well-secured, but the identified unsanitized paths should be thoroughly investigated and remediated to further strengthen its security.

Key Concerns

  • Flows with unsanitized paths
Vulnerabilities
None known

e-SCOTT Smart pro for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

e-SCOTT Smart pro for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
22 prepared
Unescaped Output
26
300 escaped
Nonce Checks
5
Capability Checks
6
File Operations
1
External Requests
0
Bundled Libraries
0

SQL Query Safety

96% prepared23 total queries

Output Escaping

92% escaped326 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

5 flows3 with unsanitized paths
response_handler (includes\class-spfwc-payment-response-handler.php:33)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

e-SCOTT Smart pro for WooCommerce Attack Surface

Entry Points1
Unprotected0

AJAX Handlers 1

authwp_ajax_spfwc_settlement_actionsincludes\class-spfwc-admin-order.php:32
WordPress Hooks 55
filtermanage_shop_order_posts_columnsincludes\class-spfwc-admin-order.php:26
filtermanage_woocommerce_page_wc-orders_columnsincludes\class-spfwc-admin-order.php:27
filtermanage_shop_order_posts_custom_columnincludes\class-spfwc-admin-order.php:28
actionmanage_woocommerce_page_wc-orders_custom_columnincludes\class-spfwc-admin-order.php:29
actionadd_meta_boxesincludes\class-spfwc-admin-order.php:31
actionadmin_enqueue_scriptsincludes\class-spfwc-admin-order.php:33
actionadmin_print_footer_scriptsincludes\class-spfwc-admin-order.php:34
filterwoocommerce_get_query_varsincludes\class-spfwc-myaccount.php:29
filterwoocommerce_account_menu_itemsincludes\class-spfwc-myaccount.php:30
actionwoocommerce_account_edit-cardmember_endpointincludes\class-spfwc-myaccount.php:31
filterwoocommerce_endpoint_edit-cardmember_titleincludes\class-spfwc-myaccount.php:32
actiontemplate_redirectincludes\class-spfwc-myaccount.php:34
actiontemplate_redirectincludes\class-spfwc-myaccount.php:36
actiontemplate_redirectincludes\class-spfwc-myaccount.php:38
actionwp_enqueue_scriptsincludes\class-spfwc-myaccount.php:39
actionwp_enqueue_scriptsincludes\class-spfwc-payment-gateway-cvs.php:104
actionwoocommerce_email_after_order_tableincludes\class-spfwc-payment-gateway-cvs.php:106
filterwcs_view_subscription_actionsincludes\class-spfwc-payment-gateway-subscriptions.php:44
filterspfwc_display_save_payment_method_checkboxincludes\class-spfwc-payment-gateway-subscriptions.php:45
filterspfwc_display_howtopay_selectincludes\class-spfwc-payment-gateway-subscriptions.php:46
filterspfwc_deletable_cardmemberincludes\class-spfwc-payment-gateway-subscriptions.php:47
filterspfwc_save_cardmemberincludes\class-spfwc-payment-gateway-subscriptions.php:48
actionwp_enqueue_scriptsincludes\class-spfwc-payment-gateway.php:170
filterwoocommerce_payment_complete_order_statusincludes\class-spfwc-payment-gateway.php:172
actionwoocommerce_delete_order_itemincludes\class-spfwc-payment-logger.php:24
actionwoocommerce_deleted_order_itemsincludes\class-spfwc-payment-logger.php:25
actionwp_enqueue_scriptsincludes\class-spfwc-payment-request.php:37
actionwc_ajax_spfwc_get_card_memberincludes\class-spfwc-payment-request.php:38
actionwoocommerce_api_wc_sonypaymentincludes\class-spfwc-payment-response-handler.php:24
actionwoocommerce_api_wc_sonypayment_transferincludes\class-spfwc-payment-response-handler.php:25
actionspfwc_delete_card_memberincludes\class-spfwc-payment-support.php:29
actionshow_user_profileincludes\class-spfwc-payment-support.php:55
actionedit_user_profileincludes\class-spfwc-payment-support.php:56
actionpersonal_options_updateincludes\class-spfwc-payment-support.php:57
actionedit_user_profile_updateincludes\class-spfwc-payment-support.php:58
filterwoocommerce_default_address_fieldsincludes\class-spfwc-payment-support.php:70
actionwoocommerce_formatted_address_replacementsincludes\class-spfwc-payment-support.php:71
filterwoocommerce_localisation_address_formatsincludes\class-spfwc-payment-support.php:72
filterwoocommerce_my_account_my_address_formatted_addressincludes\class-spfwc-payment-support.php:73
filterwoocommerce_order_formatted_billing_addressincludes\class-spfwc-payment-support.php:74
filterwoocommerce_order_formatted_shipping_addressincludes\class-spfwc-payment-support.php:75
filterwoocommerce_get_order_addressincludes\class-spfwc-payment-support.php:76
filterwoocommerce_customer_meta_fieldsincludes\class-spfwc-payment-support.php:77
filterwoocommerce_admin_billing_fieldsincludes\class-spfwc-payment-support.php:78
filterwoocommerce_admin_shipping_fieldsincludes\class-spfwc-payment-support.php:79
actionadmin_initincludes\class-spfwc.php:40
actionplugins_loadedincludes\class-spfwc.php:41
filterwoocommerce_payment_gatewaysincludes\class-spfwc.php:131
filterwoocommerce_get_sections_checkoutincludes\class-spfwc.php:134
actionadmin_enqueue_scriptsincludes\class-spfwc.php:136
actionadmin_print_stylesincludes\class-spfwc.php:137
actionwoocommerce_blocks_payment_method_type_registrationwoo-sonypayment.php:44
actionwoocommerce_blocks_payment_method_type_registrationwoo-sonypayment.php:51
actionwoocommerce_blocks_loadedwoo-sonypayment.php:59
actionbefore_woocommerce_initwoo-sonypayment.php:61
Maintenance & Trust

e-SCOTT Smart pro for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedUnknown
PHP min version7.4
Downloads5K

Community Trust

Rating0/100
Number of ratings0
Active installs20
Alternatives

e-SCOTT Smart pro for WooCommerce Alternatives

PayPlus Payment Gateway

PayPlus Payment Gateway

payplus-payment-gateway

A
93

Accept credit/debit card payments or other methods such as bit, Apple Pay, Google Pay in one page. Create digitally signed invoices & much more!

1K 3 CVEs
e-SCOTT Smart light for WooCommerce

e-SCOTT Smart light for WooCommerce

sonypayment-light-for-woocommerce

A
100

e-SCOTT Smart light for WooCommerce plugin allows you to accept Credit Cards, Convenience Stores, Pay-easy, E-money Payments via e-SCOTT Smart system …

100 No CVEs
Beyond Pay for WooCommerce

Beyond Pay for WooCommerce

beyond-pay-for-woocommerce

A
92

Securely accept credit card payments using Beyond Pay gateway and optimize your cost of acceptance on B2B/corporate cards.

40 No CVEs
WooPayments: Integrated WooCommerce Payments

WooPayments: Integrated WooCommerce Payments

woocommerce-payments

A
97

Securely accept credit and debit cards on your WooCommerce store. Manage payments without leaving your WordPress dashboard. Only with WooPayments.

900K 6 CVEs
WooCommerce PayPal Payments

WooCommerce PayPal Payments

woocommerce-paypal-payments

A
100

PayPal's latest payment processing solution. Accept PayPal, Pay Later, credit/debit cards, alternative digital wallets and bank accounts.

800K 1 CVE
Developer Profile

e-SCOTT Smart pro for WooCommerce Developer Profile

info@welcart

2 plugins · 20K total installs

58
trust score
Avg Security Score
70/100
Avg Patch Time
852 days
View full developer profile
Detection Fingerprints

How We Detect e-SCOTT Smart pro for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/woo-sonypayment/assets/css/spfwc-admin.css/wp-content/plugins/woo-sonypayment/assets/js/spfwc-admin.js/wp-content/plugins/woo-sonypayment/assets/js/spfwc-cvs.js
Script Paths
/wp-content/plugins/woo-sonypayment/assets/js/spfwc-admin.js/wp-content/plugins/woo-sonypayment/assets/js/spfwc-cvs.js
Version Parameters
woo-sonypayment/assets/css/spfwc-admin.css?ver=woo-sonypayment/assets/js/spfwc-admin.js?ver=woo-sonypayment/assets/js/spfwc-cvs.js?ver=

HTML / DOM Fingerprints

CSS Classes
order-spfwc-statuscvs-expiredcvs-delcvs-paidcvs-unpaidcard-refundcard-voidspfwc-settlement-actions
HTML Comments
<!-- HPOS -->
Data Attributes
data-spfwc-order-id
JS Globals
spfwc_payment_params
FAQ

Frequently Asked Questions about e-SCOTT Smart pro for WooCommerce