WP-Safety

Payment gateway for WooCommerce – Woo WeChatPay Security & Risk Analysis

wordpress.org/plugins/woo-wechatpay

WeChat Pay payment gateway for WooCommerce.

90 active installs v1.3.16 PHP 7.0+ WP 4.9.5+ Updated Mar 12, 2024
paymentswechatwechat-paymentswechatpayweixin
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Payment gateway for WooCommerce – Woo WeChatPay Safe to Use in 2026?

Generally Safe

Score 85/100

Payment gateway for WooCommerce – Woo WeChatPay has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago
Risk Assessment

The "woo-wechatpay" v1.3.16 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by using prepared statements for all SQL queries, a high percentage of properly escaped outputs, and a lack of dangerous functions or file operations. The absence of any recorded vulnerabilities in its history suggests a generally stable and well-maintained codebase.

However, a significant concern arises from its attack surface. All four identified AJAX handlers lack authentication checks, presenting a direct pathway for unauthenticated attackers to interact with the plugin's functionalities. While no taint flows with unsanitized paths were detected, the lack of capability checks on AJAX endpoints means that any user, regardless of their role or permissions, could potentially trigger these handlers. This opens the door to potential privilege escalation or other unintended actions if these handlers perform sensitive operations.

In conclusion, while the plugin avoids common pitfalls like raw SQL or vulnerable bundled libraries, the unprotected AJAX endpoints are a critical weakness. The absence of vulnerability history is reassuring but doesn't negate the immediate risk posed by the exposed AJAX functionality. It is strongly recommended to implement nonce and capability checks for all AJAX handlers to secure these entry points.

Key Concerns

  • AJAX handlers without authentication checks
  • AJAX handlers without capability checks
Vulnerabilities
None known

Payment gateway for WooCommerce – Woo WeChatPay Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Payment gateway for WooCommerce – Woo WeChatPay Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
4 prepared
Unescaped Output
5
60 escaped
Nonce Checks
1
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared4 total queries

Output Escaping

92% escaped65 total outputs
Attack Surface
4 unprotected

Payment gateway for WooCommerce – Woo WeChatPay Attack Surface

Entry Points4
Unprotected4

AJAX Handlers 4

authwp_ajax_woowechatpay_holdinc\class-wc-wechatpay.php:88
noprivwp_ajax_woowechatpay_holdinc\class-wc-wechatpay.php:89
authwp_ajax_woowechatpay_payment_heartbeatinc\class-woo-wechatpay.php:59
noprivwp_ajax_woowechatpay_payment_heartbeatinc\class-woo-wechatpay.php:60
WordPress Hooks 39
actionwoowechatpay_orphan_transaction_notificationinc\class-wc-email-wechatpay-orphan-transaction.php:24
filterwcml_emails_options_to_translateinc\class-wc-email-wechatpay-orphan-transaction.php:27
filterwcml_emails_section_name_to_translateinc\class-wc-email-wechatpay-orphan-transaction.php:28
actionwp_enqueue_scriptsinc\class-wc-wechatpay.php:82
actionwoocommerce_api_wc_wechatpayinc\class-wc-wechatpay.php:84
actionwoocommerce_create_refundinc\class-wc-wechatpay.php:86
actionwp_weixin_handle_auto_refundinc\class-wc-wechatpay.php:91
actionwp_weixin_handle_payment_notificationinc\class-wc-wechatpay.php:93
filtersanitize_userinc\class-wc-wechatpay.php:96
filterwoocommerce_available_payment_gatewaysinc\class-wc-wechatpay.php:98
filterwp_weixin_ecommerce_descriptioninc\class-wc-wechatpay.php:102
actionadmin_noticesinc\class-wc-wechatpay.php:386
filterwp_weixin_pay_notify_resultsinc\class-wc-wechatpay.php:669
actionadmin_noticesinc\class-woo-wechatpay.php:20
actioninitinc\class-woo-wechatpay.php:28
actioninitinc\class-woo-wechatpay.php:30
actionwp_enqueue_scriptsinc\class-woo-wechatpay.php:32
actionwp_weixin_endpointsinc\class-woo-wechatpay.php:34
actionparse_requestinc\class-woo-wechatpay.php:36
actionadmin_enqueue_scriptsinc\class-woo-wechatpay.php:38
filterwp_weixin_settings_fieldsinc\class-woo-wechatpay.php:40
filterwp_weixin_settingsinc\class-woo-wechatpay.php:42
actionwpinc\class-woo-wechatpay.php:44
filterwoocommerce_payment_gatewaysinc\class-woo-wechatpay.php:47
filterwoocommerce_get_order_item_totalsinc\class-woo-wechatpay.php:51
filterquery_varsinc\class-woo-wechatpay.php:53
filterwoocommerce_email_classesinc\class-woo-wechatpay.php:55
actionwoocommerce_receipt_wechatpayinc\class-woo-wechatpay.php:62
filterwp_weixin_show_settings_sectioninc\class-woo-wechatpay.php:69
filterwp_weixin_jsapi_urlsinc\class-woo-wechatpay.php:71
filterwp_weixin_pay_callback_endpointinc\class-woo-wechatpay.php:73
actionadmin_noticesinc\class-woo-wechatpay.php:127
actionwp_footerinc\class-woo-wechatpay.php:243
actionshutdowninc\class-woo-wechatpay.php:244
actionwp_print_scriptsinc\class-woo-wechatpay.php:252
actionwp_print_stylesinc\class-woo-wechatpay.php:253
actiontemplate_redirectinc\class-woo-wechatpay.php:255
actionwp_weixin_extensionswoo-wechatpay.php:57
actionplugins_loadedwoo-wechatpay.php:59
Maintenance & Trust

Payment gateway for WooCommerce – Woo WeChatPay Maintenance & Trust

Maintenance Signals

WordPress version tested6.4.8
Last updatedMar 12, 2024
PHP min version7.0
Downloads9K

Community Trust

Rating100/100
Number of ratings5
Active installs90
Alternatives

Payment gateway for WooCommerce – Woo WeChatPay Alternatives

WeChat Payments for WooCommerce

WeChat Payments for WooCommerce

wechat-payment-for-woo

A
100

WeChat Payments for WooCommerce is a Wordpress plugin that allows to accept payments at WooCommerce-powered online stores.

80 No CVEs
WP Weixin Pay

WP Weixin Pay

wp-weixin-pay

A
85

Simple WeChat Pay integration for WordPress.

10 No CVEs
Airwallex Online Payments Gateway

Airwallex Online Payments Gateway

airwallex-online-payments-gateway

A
100

Accept credit/debit card, Apple Pay, Google Pay, and 30+ local payment methods on your WooCommerce Store with Airwallex.

3K No CVEs
China Payments Plugin | Accept WeChat Pay, Alipay & UnionPay | Chinese Checkout Optimization

China Payments Plugin | Accept WeChat Pay, Alipay & UnionPay | Chinese Checkout Optimization

wp-stripe-global-payments

A
100

Accept WeChat Pay, Alipay & UnionPay via Stripe. Chinese checkout optimization with localization, multi-currency display & CNY conversion for …

300 No CVEs
[Aotuman] Grab WeChat Articles

[Aotuman] Grab WeChat Articles

apoyl-grabweixin

A
100

Enter the WeChat Official Account article link in the editor, click "Grab WeChat Articles," and the content will be automatically captured i …

70 No CVEs
Developer Profile

Payment gateway for WooCommerce – Woo WeChatPay Developer Profile

Alexandre Froger

11 plugins · 8K total installs

71
trust score
Avg Security Score
88/100
Avg Patch Time
110 days
View full developer profile
Detection Fingerprints

How We Detect Payment gateway for WooCommerce – Woo WeChatPay

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/woo-wechatpay/images/wechatpay-logo.png/wp-content/plugins/woo-wechatpay/images/browser-qr-footer.png/wp-content/plugins/woo-wechatpay/images/phone-bg.png/wp-content/plugins/woo-wechatpay/images/qr-placeholder.png

HTML / DOM Fingerprints

Data Attributes
data-wechatpay-gateway-active
JS Globals
wc_wechatpay_params
REST Endpoints
/wp-json/wc-wechatpay/v1/order-status
FAQ

Frequently Asked Questions about Payment gateway for WooCommerce – Woo WeChatPay