Does GoCardless for WooCommerce have any unpatched vulnerabilities?

No. All known vulnerabilities in GoCardless for WooCommerce have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is GoCardless for WooCommerce compatible with WordPress 6.9.4?

According to WordPress.org data, GoCardless for WooCommerce 2.9.9 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is GoCardless for WooCommerce compatible with PHP 7.4+?

GoCardless for WooCommerce requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is GoCardless for WooCommerce updated?

GoCardless for WooCommerce was last updated on Dec 17, 2025. Frequent updates are generally a positive security signal.

What is GoCardless for WooCommerce's security score?

GoCardless for WooCommerce has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

GoCardless for WooCommerce Security & Risk Analysis

wordpress.org/plugins/woocommerce-gateway-gocardless

Extends WooCommerce with a GoCardless gateway. A GoCardless merchant account is required.

1K active installs v2.9.9 PHP 7.4+ WP 6.7+ Updated Dec 17, 2025

direct-debitgocardlessinstant-bank-paywoocommerce

A · Safe

CVEs total1

Unpatched0

Last CVEJul 10, 2023

Plugin page Download

Safety Verdict

Is GoCardless for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

GoCardless for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jul 10, 2023Updated 3mo ago

Risk Assessment

The plugin "woocommerce-gateway-gocardless" v2.9.9 demonstrates a generally strong security posture based on the provided static analysis. The complete absence of unprotected entry points, the exclusive use of prepared statements for SQL queries, and the 100% proper escaping of output are significant strengths. Furthermore, the lack of critical or high-severity taint flows and dangerous functions indicates that the core code is likely robust against common injection-based attacks. The presence of nonces and capability checks on some code paths further reinforces this positive assessment.

Key Concerns

One medium severity CVE in history
One file operation detected
One external HTTP request detected

Vulnerabilities

GoCardless for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2023-37871medium · 6.5Authorization Bypass Through User-Controlled Key

WooCommerce GoCardless Gateway <= 2.5.6 - Unauthenticated Insecure Direct Object Reference

Jul 10, 2023 Patched in 2.5.7 (197d)

Code Analysis

Analyzed Mar 16, 2026

GoCardless for WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

14 prepared

Unescaped Output

113 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared14 total queries

Output Escaping

100% escaped113 total outputs

Attack Surface

GoCardless for WooCommerce Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 41

actionwc_ajax_gocardless_regenerate_webhook_secretincludes\class-wc-gocardless-ajax.php:34

filterwoocommerce_subscription_payment_metaincludes\class-wc-gocardless-gateway-addons.php:30

actionwoocommerce_subscription_validate_payment_metaincludes\class-wc-gocardless-gateway-addons.php:31

actionwoocommerce_subscription_status_updatedincludes\class-wc-gocardless-gateway-addons.php:38

filterwoocommerce_gocardless_payment_descriptionincludes\class-wc-gocardless-gateway-addons.php:171

actionwoocommerce_api_wc_gateway_gocardlessincludes\class-wc-gocardless-gateway.php:106

actionwoocommerce_update_options_payment_gatewaysincludes\class-wc-gocardless-gateway.php:109

actionadmin_noticesincludes\class-wc-gocardless-gateway.php:113

filterwoocommerce_payment_methods_list_itemincludes\class-wc-gocardless-gateway.php:116

actionwoocommerce_account_payment_methods_column_methodincludes\class-wc-gocardless-gateway.php:117

filterwoocommerce_subscription_use_pending_cancelincludes\class-wc-gocardless-gateway.php:1942

actionadmin_noticesincludes\class-wc-gocardless-order-admin.php:27

actionadmin_noticesincludes\class-wc-gocardless-order-admin.php:28

actionadmin_post_wc_connect_gocardlessincludes\class-wc-gocardless-order-admin.php:31

actionadmin_post_wc_disconnect_gocardlessincludes\class-wc-gocardless-order-admin.php:32

filtermanage_edit-shop_order_columnsincludes\class-wc-gocardless-order-admin.php:35

actionmanage_shop_order_posts_custom_columnincludes\class-wc-gocardless-order-admin.php:36

filterwoocommerce_shop_order_list_table_columnsincludes\class-wc-gocardless-order-admin.php:39

actionwoocommerce_shop_order_list_table_custom_columnincludes\class-wc-gocardless-order-admin.php:40

filterwoocommerce_admin_order_preview_get_order_detailsincludes\class-wc-gocardless-order-admin.php:43

actionadd_meta_boxesincludes\class-wc-gocardless-order-admin.php:52

actionwoocommerce_order_actionsincludes\class-wc-gocardless-order-admin.php:151

actionwoocommerce_order_action_gocardless_cancel_paymentincludes\class-wc-gocardless-order-admin.php:152

actionwoocommerce_order_action_gocardless_retry_paymentincludes\class-wc-gocardless-order-admin.php:153

actioninitincludes\class-wc-gocardless-privacy.php:28

actionadmin_enqueue_scriptsincludes\class-wc-gocardless-reports.php:25

filterwoocommerce_rest_prepare_report_customersincludes\class-wc-gocardless-reports.php:26

filterwoocommerce_report_customers_export_columnsincludes\class-wc-gocardless-reports.php:28

filterwoocommerce_report_customers_prepare_export_itemincludes\class-wc-gocardless-reports.php:29

actionplugins_loadedwoocommerce-gateway-gocardless.php:85

filterwoocommerce_payment_gatewayswoocommerce-gateway-gocardless.php:86

actionadmin_noticeswoocommerce-gateway-gocardless.php:87

actioninitwoocommerce-gateway-gocardless.php:88

actionwoocommerce_gocardless_check_subscription_payment_statuswoocommerce-gateway-gocardless.php:96

actionwoocommerce_gocardless_process_webhook_payload_asyncwoocommerce-gateway-gocardless.php:97

actionbefore_woocommerce_initwoocommerce-gateway-gocardless.php:98

actionwoocommerce_blocks_loadedwoocommerce-gateway-gocardless.php:101

filterallowed_redirect_hostswoocommerce-gateway-gocardless.php:104

actionadmin_enqueue_scriptswoocommerce-gateway-gocardless.php:107

actioninitwoocommerce-gateway-gocardless.php:241

actionwoocommerce_blocks_payment_method_type_registrationwoocommerce-gateway-gocardless.php:579

Maintenance & Trust

GoCardless for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 17, 2025

PHP min version7.4

Downloads12K

Community Trust

Rating100/100

Number of ratings1

Active installs1K

Alternatives

GoCardless for WooCommerce Alternatives

Instant Bank Payments via GoCardless for WooCommerce

wc-gocardless-instant-bank-payments

Take instant bank payments on your WooCommerce store through open banking technology. Increase your conversions, reduce fees, reduce failed payments a …

100 No CVEs

GoCardless WordPress plugin

gocardless-wordpress-plugin

Create GoCardless subscriptions within WordPress.

40 No CVEs

IBANTEST for WooCommerce

ibantest-for-woocommerce

Provides direct debit payment with IBAN and BIC validation for WooCommerce

10 No CVEs

Essential Addons for Elementor – Popular Elementor Templates & Widgets

essential-addons-for-elementor-lite

Elementor addon offering 110+ widgets and templates — Elementor Gallery, Slider, Form, Post Grid, Menu, Accordion, WooCommerce & more.

2.0M 56 CVEs

Google for WooCommerce

google-listings-and-ads

Native integration with Google that allows merchants to easily display their products across Google’s network.

900K 1 CVE

Developer Profile

GoCardless for WooCommerce Developer Profile

GoCardless

1 plugin · 1K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

197 days

View full developer profile

Detection Fingerprints

How We Detect GoCardless for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/woocommerce-gateway-gocardless/assets/css/admin.css/wp-content/plugins/woocommerce-gateway-gocardless/assets/css/checkout.css/wp-content/plugins/woocommerce-gateway-gocardless/assets/js/checkout.js/wp-content/plugins/woocommerce-gateway-gocardless/assets/js/admin.js

Script Paths

/wp-content/plugins/woocommerce-gateway-gocardless/assets/js/checkout.js/wp-content/plugins/woocommerce-gateway-gocardless/assets/js/admin.js

Version Parameters

woocommerce-gateway-gocardless/assets/css/admin.css?ver=woocommerce-gateway-gocardless/assets/css/checkout.css?ver=woocommerce-gateway-gocardless/assets/js/checkout.js?ver=woocommerce-gateway-gocardless/assets/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

gocardless-checkout-descriptiongocardless-connect-noticegocardless-connect-button

HTML Comments

Data Attributes

data-gocardless-checkout-descriptiondata-gocardless-connect-noticedata-gocardless-connect-button

JS Globals

wc_gocardless_params

FAQ