Does Mercado Pago payments for WooCommerce have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Mercado Pago payments for WooCommerce compatible with WordPress 6.9.4?

According to WordPress.org data, Mercado Pago payments for WooCommerce 8.7.17 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Mercado Pago payments for WooCommerce compatible with PHP 7.4+?

Mercado Pago payments for WooCommerce requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Mercado Pago payments for WooCommerce updated?

Mercado Pago payments for WooCommerce was last updated on Apr 1, 2026. Frequent updates are generally a positive security signal.

What is Mercado Pago payments for WooCommerce's security score?

Mercado Pago payments for WooCommerce has a WP-Safety security score of 95/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Mercado Pago payments for WooCommerce Security & Risk Analysis

wordpress.org/plugins/woocommerce-mercadopago

Offer to your clients the best experience in e-Commerce by using Mercado Pago as your payment method.

100K active installs v8.7.17 PHP 7.4+ WP 6.3+ Updated Apr 1, 2026

ecommercemercadopagowoocommerce

A · Safe

CVEs total4

Unpatched0

Last CVEMay 5, 2026

Plugin page Download

Safety Verdict

Is Mercado Pago payments for WooCommerce Safe to Use in 2026?

Generally Safe

Score 95/100

Mercado Pago payments for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

4 known CVEsLast CVE: May 5, 2026Updated 1mo ago

Risk Assessment

The static analysis for `woocommerce-mercadopago` v8.7.14 reveals a generally strong security posture concerning its direct attack surface and code hygiene. The absence of AJAX handlers, REST API routes, shortcodes, and cron events without authentication checks significantly limits potential entry points for attackers. The code also demonstrates good practices with a high percentage of properly escaped output, the absence of dangerous functions, and the exclusive use of prepared statements for SQL queries. File operations are present but likely managed with care given the lack of taint analysis findings.

However, the vulnerability history presents a significant concern. The presence of 3 known medium-severity vulnerabilities, specifically Path Traversal and CSRF, in the past, with the most recent occurring on July 19, 2024, indicates a pattern of past security weaknesses. Although none are currently unpatched, this history suggests a recurring need for diligent patching and potentially deeper code review to address underlying causes of these vulnerabilities. The plugin demonstrates strengths in its current code's immediate attack surface and hygiene but requires vigilance due to its historical vulnerability trends.

Key Concerns

History of medium severity vulnerabilities
Recent vulnerability reported (2024-07-19)
Some file operations present
Nonce checks present but limited (2)
Capability checks present but limited (2)

Vulnerabilities

4 published

Mercado Pago payments for WooCommerce Security Vulnerabilities

CVEs by Year

2 CVEs in 2023

2023

1 CVE in 2024

2024

1 CVE in 2026

2026

Patched Has unpatched

Severity Breakdown

Medium

4 total CVEs

CVE-2026-3208medium · 5.3Missing Authorization

Mercado Pago payments for WooCommerce <= 8.7.11 - Missing Authorization to Unauthenticated PIX Payment QR Code Image Disclosure

May 5, 2026 Patched in 8.7.12 (1d)

CVE-2024-3934medium · 6.5Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Mercado Pago payments for WooCommerce 7.3.0 - 7.6.1 - Authenticated (Subscriber+) Arbitrary File Download

Jul 19, 2024 Patched in 7.6.2 (1d)

CVE-2022-45068medium · 4.3Cross-Site Request Forgery (CSRF)

Mercado Pago payments for WooCommerce <= 6.3.1 - Cross-Site Request Forgery

Feb 6, 2023 Patched in 6.4.0 (351d)

WF-b20b4eba-54df-4e08-ba4c-96f8bb463125-woocommerce-mercadopagomedium · 4.3Cross-Site Request Forgery (CSRF)

Mercado Pago payments for WooCommerce <= 6.6.0 - Cross-Site Request Forgery

Jan 23, 2023 Patched in 6.7.0 (365d)

Version History

Mercado Pago payments for WooCommerce Release Timeline

v8.7.17Current

v8.7.16

v8.7.15

v8.7.14

v8.7.13

v8.7.12

v8.7.111 CVE

v8.7.101 CVE

v8.7.91 CVE

v8.7.81 CVE

v8.7.71 CVE

v8.7.61 CVE

v8.7.51 CVE

v8.7.41 CVE

v8.7.31 CVE

v8.7.21 CVE

v8.7.11 CVE

v8.7.01 CVE

v8.6.11 CVE

v8.6.01 CVE

Code Analysis

Analyzed Mar 16, 2026

Mercado Pago payments for WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

1023 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

99% escaped1032 total outputs

Attack Surface

Mercado Pago payments for WooCommerce Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 43

actionwp_enqueue_scriptssrc\Gateways\CustomGateway.php:315

filtercron_schedulessrc\Helpers\Cron.php:34

actionwoocommerce_order_status_processingsrc\Helpers\Notices.php:80

actionadmin_noticessrc\Helpers\Notices.php:134

actionadmin_noticessrc\Helpers\Notices.php:151

actionadmin_noticessrc\Helpers\Notices.php:255

actionadmin_noticessrc\Helpers\Notices.php:286

actionadmin_noticessrc\Helpers\Notices.php:413

actionadmin_menusrc\Hooks\Admin.php:35

actionwoocommerce_blocks_enqueue_checkout_block_scripts_beforesrc\Hooks\Blocks.php:20

actionwoocommerce_cart_calculate_feessrc\Hooks\Cart.php:30

actionwoocommerce_before_checkout_formsrc\Hooks\Checkout.php:30

actionwoocommerce_review_order_before_paymentsrc\Hooks\Checkout.php:42

actionbefore_woocommerce_paysrc\Hooks\Checkout.php:54

actionwoocommerce_pay_order_before_submitsrc\Hooks\Checkout.php:66

filterwoocommerce_payment_gatewayssrc\Hooks\Gateway.php:87

filterwoocommerce_gateway_titlesrc\Hooks\Gateway.php:104

filterwoocommerce_available_payment_gatewayssrc\Hooks\Gateway.php:152

actionwoocommerce_settings_save_checkoutsrc\Hooks\Gateway.php:194

actionwoocommerce_before_thankyousrc\Hooks\Gateway.php:287

actionwoocommerce_after_settings_checkoutsrc\Hooks\Gateway.php:300

actionmercadopago_sync_pending_status_order_actionsrc\Hooks\Order.php:502

actionadd_meta_boxes_shop_ordersrc\Hooks\Order.php:579

actionadd_meta_boxes_woocommerce_page_wc-orderssrc\Hooks\Order.php:580

actionwoocommerce_order_details_after_order_tablesrc\Hooks\Order.php:609

actionwoocommerce_email_before_order_tablesrc\Hooks\Order.php:621

actionwoocommerce_admin_order_totals_after_totalsrc\Hooks\Order.php:633

actionwoocommerce_before_add_to_cart_formsrc\Hooks\Product.php:20

actionadmin_enqueue_scriptssrc\Hooks\Scripts.php:55

actionadmin_enqueue_scriptssrc\Hooks\Scripts.php:71

actionwp_enqueue_scriptssrc\Hooks\Scripts.php:86

actionwp_enqueue_scriptssrc\Hooks\Scripts.php:104

actionenqueue_block_assetssrc\Hooks\Scripts.php:325

actionadmin_noticessrc\Startup.php:34

actioninitsrc\WoocommerceMercadoPago.php:123

actioninitsrc\WoocommerceMercadoPago.php:124

filterquery_varssrc\WoocommerceMercadoPago.php:125

actionwoocommerce_blocks_payment_method_type_registrationsrc\WoocommerceMercadoPago.php:151

filterwoocommerce_my_account_my_orders_actionssrc\WoocommerceMercadoPago.php:188

actionadmin_enqueue_scriptssrc\WoocommerceMercadoPago.php:462

actionadmin_noticessrc\WoocommerceMercadoPago.php:472

actionbefore_woocommerce_initwoocommerce-mercadopago.php:37

filterupgrader_post_installwoocommerce-mercadopago.php:53

Maintenance & Trust

Mercado Pago payments for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedApr 1, 2026

PHP min version7.4

Downloads5.7M

Community Trust

Rating78/100

Number of ratings687

Active installs100K

Alternatives

Mercado Pago payments for WooCommerce Alternatives

Tools for MercadoPago and WooCommerce

wc-kmercadopago-gpl

Plataforma de pago MercadoPago para Argentina, Mexico, Brazil, Colombia, Chile, Peru and Uruguay. Solo Checkout Basico (Pro).

40 No CVEs

WooCommerce PayPal Payments

woocommerce-paypal-payments

100

PayPal's latest payment processing solution. Accept PayPal, Pay Later, credit/debit cards, alternative digital wallets and bank accounts.

800K 1 CVE

Mollie Payments for WooCommerce

mollie-payments-for-woocommerce

Accept all major payment methods in WooCommerce today. Credit cards, iDEAL and more! Fast, safe and intuitive.

100K 4 CVEs

TI WooCommerce Wishlist

ti-woocommerce-wishlist

Boost your sales with a free WooCommerce Wishlist feature. Let your customers save and share their favorite products!

100K 9 CVEs

WPML Multilingual & Multicurrency for WooCommerce

woocommerce-multilingual

Make your store multilingual and enable multiple currencies.

100K 5 CVEs

Developer Profile

Mercado Pago payments for WooCommerce Developer Profile

Mercado Pago

2 plugins · 100K total installs

trust score

Avg Security Score

90/100

Avg Patch Time

180 days

View full developer profile

Detection Fingerprints

How We Detect Mercado Pago payments for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/woocommerce-mercadopago/build/common.js/wp-content/plugins/woocommerce-mercadopago/build/frontend.js/wp-content/plugins/woocommerce-mercadopago/build/checkout-blocks.js/wp-content/plugins/woocommerce-mercadopago/build/wc-custom-gateway.js/wp-content/plugins/woocommerce-mercadopago/build/wc-gateway-pagofacil.js/wp-content/plugins/woocommerce-mercadopago/build/wc-gateway-rapipago.js/wp-content/plugins/woocommerce-mercadopago/build/wc-gateway-mercadopago.js/wp-content/plugins/woocommerce-mercadopago/build/wc-gateway-creditcard.js+34 more

Script Paths

Version Parameters

woocommerce-mercadopago/build/common.js?ver=woocommerce-mercadopago/build/frontend.js?ver=woocommerce-mercadopago/build/checkout-blocks.js?ver=woocommerce-mercadopago/build/wc-custom-gateway.js?ver=woocommerce-mercadopago/build/wc-gateway-pagofacil.js?ver=woocommerce-mercadopago/build/wc-gateway-rapipago.js?ver=woocommerce-mercadopago/build/wc-gateway-mercadopago.js?ver=woocommerce-mercadopago/build/wc-gateway-creditcard.js?ver=woocommerce-mercadopago/build/wc-gateway-ticket.js?ver=woocommerce-mercadopago/build/wc-gateway-banktransfer.js?ver=woocommerce-mercadopago/build/wc-gateway-accountmoney.js?ver=woocommerce-mercadopago/build/wc-gateway-wallet-button.js?ver=woocommerce-mercadopago/build/wc-gateway-mercadopagocol.js?ver=woocommerce-mercadopago/build/wc-gateway-mercadopagomx.js?ver=woocommerce-mercadopago/build/wc-gateway-mercadopagopt.js?ver=woocommerce-mercadopago/build/wc-gateway-mercadopagoco.js?ver=woocommerce-mercadopago/build/wc-gateway-mercadopagouy.js?ver=woocommerce-mercadopago/build/wc-gateway-mercadopagopr.js?ver=woocommerce-mercadopago/build/wc-gateway-mercadopagope.js?ver=woocommerce-mercadopago/build/wc-gateway-mercadopagocr.js?ver=woocommerce-mercadopago/build/wc-gateway-mercadopagocl.js?ver=woocommerce-mercadopago/build/style.css?ver=woocommerce-mercadopago/build/frontend.css?ver=

HTML / DOM Fingerprints

CSS Classes

mp-checkout-custommp-checkout-wallet-buttonmp-payment-request-buttonmp-payment-optionsmp-payment-gateway-blockmp-gateway-mercadopagomp-gateway-custommp-gateway-pagofacil+14 more

HTML Comments

+11 more

Data Attributes

data-mercadopago-gatewaydata-mercadopago-gateway-iddata-mercadopago-localedata-mercadopago-site-iddata-mercadopago-amountdata-mercadopago-currency+1 more

JS Globals

MercadoPago.walletMercadoPago.checkoutMercadoPago.init

REST Endpoints

/wp-json/mercadopago/v1/webhooks/custom/wp-json/mercadopago/v1/webhooks/creditcard/wp-json/mercadopago/v1/webhooks/ticket/wp-json/mercadopago/v1/webhooks/banktransfer/wp-json/mercadopago/v1/webhooks/accountmoney/wp-json/mercadopago/v1/webhooks/walletbutton/wp-json/mercadopago/v1/webhooks/mercadopagocol/wp-json/mercadopago/v1/webhooks/mercadopagomx/wp-json/mercadopago/v1/webhooks/mercadopagopt/wp-json/mercadopago/v1/webhooks/mercadopagoco/wp-json/mercadopago/v1/webhooks/mercadopagouy/wp-json/mercadopago/v1/webhooks/mercadopagopr/wp-json/mercadopago/v1/webhooks/mercadopagope/wp-json/mercadopago/v1/webhooks/mercadopagocr/wp-json/mercadopago/v1/webhooks/mercadopagocl

FAQ

Mercado Pago payments for WooCommerce Security & Risk Analysis

Is Mercado Pago payments for WooCommerce Safe to Use in 2026?

Generally Safe

Key Concerns

Mercado Pago payments for WooCommerce Security Vulnerabilities

CVEs by Year

Severity Breakdown

Mercado Pago payments for WooCommerce Release Timeline

Mercado Pago payments for WooCommerce Code Analysis

Output Escaping

Mercado Pago payments for WooCommerce Attack Surface

Mercado Pago payments for WooCommerce Maintenance & Trust

Maintenance Signals

Community Trust

Mercado Pago payments for WooCommerce Alternatives

Tools for MercadoPago and WooCommerce

WooCommerce PayPal Payments

Mollie Payments for WooCommerce

TI WooCommerce Wishlist

WPML Multilingual & Multicurrency for WooCommerce

Mercado Pago payments for WooCommerce Developer Profile

How We Detect Mercado Pago payments for WooCommerce

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Mercado Pago payments for WooCommerce