WP-Safety

Click & Pledge Plugin for WooCommerce Security & Risk Analysis

wordpress.org/plugins/woocommerce-click-pledge-gateway

The Click & Pledge Plugin for WooCommerce enables seamless online payment processing in your WordPress store. Once connected to your Click & P …

20 active installs v26.02000000-WP6.9.1-WC10.5.2 PHP + WP 5.0+ Updated Feb 25, 2026
clickandpledgecnppayment-gatewaywoocommercewoothemes
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Click & Pledge Plugin for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Click & Pledge Plugin for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago
Risk Assessment

The WooCommerce Click Pledge Gateway plugin exhibits significant security concerns, primarily stemming from its extensive unprotected attack surface and a lack of essential security checks. With all 12 identified AJAX handlers lacking authentication, this presents a substantial risk of unauthorized actions being performed on a WordPress site. The taint analysis further highlights this by revealing 3 flows with unsanitized paths, indicating potential vulnerabilities where user-supplied data could be manipulated to execute unintended code or access sensitive information. While the plugin has no recorded vulnerability history and largely utilizes prepared statements for SQL queries, these positive aspects are overshadowed by the critical lack of basic security implementations like nonces and capability checks.

Key Concerns

  • All AJAX handlers lack authentication checks
  • 3 critical severity taint flows with unsanitized paths
  • 0 Nonce checks present
  • 0 Capability checks present
  • Low percentage of properly escaped output
Vulnerabilities
None known

Click & Pledge Plugin for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Click & Pledge Plugin for WooCommerce Release Timeline

v26.02000000-WP6.9.1-WC10.5.2Current
v25.12000001-WP6.9-WC10.3.6
v25.12000000-WP6.9-WC10.3.6
v25.020002-WP6.7.1-WC9.6.1
v25.020001-WP6.7.1-WC9.6.1
v25.020000-WP6.7.1-WC9.6.1
v2.2110000000-WP5.8.1-WC5.8.0
v2.2107000000-WP5.8-WC5.5.2
v02.2105000000-WP5.7.2-WC5.3.0
v02.2104000000-WP5.7-WC5.1.0
v02.2102000000-WP5.6.1-WC5.0.0
v002.2012340000-WP5.6-WC4.8.0
v02.2011330000-WP5.5.3-WC4.6.1
v02.2010320000-WP5.5.1-WC4.5.2
v02.2003310000-WP5.3.2-WC3.9.2
v2.24070000-WP6.6.1-WC9.1.2
v2.24050000-WP6.5.3-WC8.8.3
v2.24050000-WP6.5.2-WC8.8.3
v2.24040000-WP6.5.2-WC8.7.0
v2.24030000-WP6.4.3-WC8.7.0
Code Analysis
Analyzed Mar 16, 2026

Click & Pledge Plugin for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
5
16 prepared
Unescaped Output
119
59 escaped
Nonce Checks
0
Capability Checks
0
File Operations
2
External Requests
5
Bundled Libraries
0

SQL Query Safety

76% prepared21 total queries

Output Escaping

33% escaped178 total outputs
Data Flows · Security
3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths
woocommerce_clickandpledge_init (gateway-clickandpledge.php:200)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
12 unprotected

Click & Pledge Plugin for WooCommerce Attack Surface

Entry Points12
Unprotected12

AJAX Handlers 12

authwp_ajax_cnp_toggle_feeclass-wc-gateway-clickandpledge-blocks.php:27
noprivwp_ajax_cnp_toggle_feeclass-wc-gateway-clickandpledge-blocks.php:28
authwp_ajax_cnp_toggle_feegateway-clickandpledge.php:130
noprivwp_ajax_cnp_toggle_feegateway-clickandpledge.php:131
authwp_ajax_cnp_getAccountsgateway-clickandpledge.php:211
noprivwp_ajax_cnp_getAccountsgateway-clickandpledge.php:212
authwp_ajax_cnp_getcodegateway-clickandpledge.php:213
noprivwp_ajax_cnp_getcodegateway-clickandpledge.php:214
authwp_ajax_getWCCnPAccountListgateway-clickandpledge.php:215
noprivwp_ajax_getWCCnPAccountListgateway-clickandpledge.php:216
authwp_ajax_getCnPUserEmailAccountListgateway-clickandpledge.php:217
noprivwp_ajax_getCnPUserEmailAccountListgateway-clickandpledge.php:218
WordPress Hooks 17
actionwoocommerce_cart_calculate_feesclass-wc-gateway-clickandpledge-blocks.php:25
actionwp_enqueue_scriptsclass-wc-gateway-clickandpledge-blocks.php:29
actionplugins_loadedgateway-clickandpledge.php:13
actionbefore_woocommerce_initgateway-clickandpledge.php:15
actionwoocommerce_cart_calculate_feesgateway-clickandpledge.php:31
actionwoocommerce_review_order_after_cart_contentsgateway-clickandpledge.php:81
actionwp_footergateway-clickandpledge.php:144
filterdefault_checkout_billing_countrygateway-clickandpledge.php:165
filterdefault_checkout_billing_stategateway-clickandpledge.php:166
filterwoocommerce_cart_needs_paymentgateway-clickandpledge.php:171
filterwoocommerce_order_needs_paymentgateway-clickandpledge.php:172
actionadmin_noticesgateway-clickandpledge.php:202
actionadmin_noticesgateway-clickandpledge.php:915
actionwoocommerce_blocks_loadedgateway-clickandpledge.php:4447
actionwoocommerce_blocks_payment_method_type_registrationgateway-clickandpledge.php:4454
actionwp_enqueue_scriptsgateway-clickandpledge.php:4470
filterwoocommerce_payment_gatewaysgateway-clickandpledge.php:4478
Maintenance & Trust

Click & Pledge Plugin for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 25, 2026
PHP min version
Downloads8K

Community Trust

Rating0/100
Number of ratings0
Active installs20
Alternatives

Click & Pledge Plugin for WooCommerce Alternatives

Paystack WooCommerce Payment Gateway

Paystack WooCommerce Payment Gateway

woo-paystack

A
100

Paystack for WooCommerce allows your WooCommerce store to accept secure payments from multiple local and global payment channels.

30K No CVEs
Montonio for WooCommerce

Montonio for WooCommerce

montonio-for-woocommerce

A
100

Montonio is a complete checkout solution for online stores that includes all popular payment methods (local banks, card payments, Apple Pay, Google Pa …

10K No CVEs
NETOPIA Payments Payment Gateway

NETOPIA Payments Payment Gateway

netopia-payments-payment-gateway

A
100

NETOPIA Payments Payment Gateway extends WooCommerce payment options by adding NETOPIA's Payment Gateway options.

10K No CVEs
SumUp Payment Gateway For WooCommerce

SumUp Payment Gateway For WooCommerce

sumup-payment-gateway-for-woocommerce

A
99

The SumUp plugin for WooCommerce allows businesses to securely process payments online. Accept payments from customers using a range of payment method …

10K 1 CVE
Pledged Plugins Secure Gateway for Authorize.net and WooCommerce

Pledged Plugins Secure Gateway for Authorize.net and WooCommerce

woo-authorize-net-gateway-aim

A
100

Authorize.net payment gateway integration for WooCommerce to accept credit cards directly on WordPress e-commerce websites.

10K No CVEs
Developer Profile

Click & Pledge Plugin for WooCommerce Developer Profile

ClickandPledge

5 plugins · 200 total installs

93
trust score
Avg Security Score
98/100
Avg Patch Time
27 days
View full developer profile
Detection Fingerprints

How We Detect Click & Pledge Plugin for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/woocommerce-click-pledge-gateway/classes/clickandpledge-request.php/wp-content/plugins/woocommerce-click-pledge-gateway/class-wc-gateway-clickandpledge-blocks.php
Version Parameters
woocommerce-click-pledge-gateway/style.css?ver=woocommerce-click-pledge-gateway/script.js?ver=

HTML / DOM Fingerprints

CSS Classes
cnp-fee-row
Data Attributes
name="cnp_fee_choice"data-cnp-user-id
JS Globals
cnp_wc_admin_ajax_urlcnp_wc_noncecnp_wc_connect_url
REST Endpoints
/wp-json/cnp/v1/accounts/wp-json/cnp/v1/connect-code
FAQ

Frequently Asked Questions about Click & Pledge Plugin for WooCommerce