WP-Safety

Pay for Payment for WooCommerce Security & Risk Analysis

wordpress.org/plugins/woocommerce-pay-for-payment

Setup individual charges for each payment method in WooCommerce.

10K active installs v2.2.1 PHP + WP 4.6+ Updated Nov 13, 2025
ecommercefeepayment-gatewaywoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Pay for Payment for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Pay for Payment for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago
Risk Assessment

The "woocommerce-pay-for-payment" v2.2.1 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by avoiding dangerous functions, using prepared statements for all SQL queries, and performing capability checks. The absence of external HTTP requests and file operations also reduces potential attack vectors.

However, significant concerns arise from the static analysis. The presence of one AJAX handler without authentication checks presents a direct, unprotected entry point. Furthermore, the taint analysis reveals two flows with unsanitized paths, which, while not classified as critical or high, still indicate potential weaknesses where user input might not be adequately validated or escaped before use, especially given the absence of nonce checks on AJAX handlers.

The plugin's vulnerability history is a strong positive, with zero known CVEs and no recorded vulnerabilities. This suggests a history of stable and likely well-maintained code. Despite the identified entry point without authentication and the taint flow issues, the lack of past vulnerabilities indicates that these may not have been exploited or that the impact is limited. Overall, the plugin has strengths in its SQL handling and lack of historical vulnerabilities, but the unprotected AJAX handler and unsanitized taint flows are notable risks that require attention.

Key Concerns

  • Unprotected AJAX handler
  • Taint flows with unsanitized paths
  • No nonce checks on AJAX handlers
Vulnerabilities
None known

Pay for Payment for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Pay for Payment for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
4
23 escaped
Nonce Checks
0
Capability Checks
3
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

85% escaped27 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths
update_payment_options (inc\class-pay4pay-admin.php:243)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Pay for Payment for WooCommerce Attack Surface

Entry Points1
Unprotected1

AJAX Handlers 1

authwp_ajax_woocommerce_pay4pay_ratedwoocommerce-payforpayment.php:116
WordPress Hooks 37
actionwp_loadedinc\class-pay4pay-admin.php:23
actionwoocommerce_update_options_checkoutinc\class-pay4pay-admin.php:24
actionadmin_initinc\class-pay4pay-admin.php:25
filterwoocommerce_payment_gateways_setting_columnsinc\class-pay4pay-admin.php:28
actionwoocommerce_payment_gateways_setting_column_pay4pay_extrainc\class-pay4pay-admin.php:29
actionwp_loadedinc\class-pay4pay-admin.php:33
actionload-woocommerce_page_wc-settingsinc\class-pay4pay-admin.php:37
filteradmin_footer_textinc\class-pay4pay-admin.php:40
actionadmin_noticesinc\class-pay4pay-admin.php:52
actionadmin_noticesinc\class-pay4pay-admin.php:272
actionwc_price_based_country_frontend_princing_initinc\class-pay4pay-price-based-country.php:24
filterwoocommerce_pay4pay_charges_fixedinc\class-pay4pay-price-based-country.php:31
filterwoocommerce_pay4pay_charges_minimuminc\class-pay4pay-price-based-country.php:32
filterwoocommerce_pay4pay_charges_maximuminc\class-pay4pay-price-based-country.php:33
actionadmin_enqueue_scriptsinc\class-pay4pay-settings-tab.php:64
filterwoocommerce_pay4pay_charges_fixedinc\class-pay4pay-wcml.php:25
filterwoocommerce_pay4pay_charges_minimuminc\class-pay4pay-wcml.php:26
filterwoocommerce_pay4pay_charges_maximuminc\class-pay4pay-wcml.php:27
filterwoocommerce_pay4pay_charges_fixedinc\class-pay4pay-woo-multi-currency.php:24
filterwoocommerce_pay4pay_charges_minimuminc\class-pay4pay-woo-multi-currency.php:25
filterwoocommerce_pay4pay_charges_maximuminc\class-pay4pay-woo-multi-currency.php:26
filterwoocommerce_pay4pay_charges_fixedinc\class-pay4pay-woocommerce-multicurrency.php:24
filterwoocommerce_pay4pay_charges_minimuminc\class-pay4pay-woocommerce-multicurrency.php:25
filterwoocommerce_pay4pay_charges_maximuminc\class-pay4pay-woocommerce-multicurrency.php:26
filterwoocommerce_pay4pay_charges_fixedinc\class-pay4pay-woocs.php:24
filterwoocommerce_pay4pay_charges_minimuminc\class-pay4pay-woocs.php:25
filterwoocommerce_pay4pay_charges_maximuminc\class-pay4pay-woocs.php:26
actionwoocommerce_calculate_totalsinc\class-pay4pay.php:41
actionwoocommerce_cart_calculate_feesinc\class-pay4pay.php:43
actionwoocommerce_review_order_after_submitinc\class-pay4pay.php:44
actionadmin_initinc\class-pay4pay.php:45
actionplugins_loadedinc\class-pay4pay.php:46
actionadmin_noticesinc\class-pay4pay.php:56
actionplugins_loadedwoocommerce-payforpayment.php:27
actionadmin_noticeswoocommerce-payforpayment.php:32
filterwoocommerce_get_settings_pageswoocommerce-payforpayment.php:50
actionbefore_woocommerce_initwoocommerce-payforpayment.php:100
Maintenance & Trust

Pay for Payment for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedNov 13, 2025
PHP min version
Downloads341K

Community Trust

Rating94/100
Number of ratings71
Active installs10K
Alternatives

Pay for Payment for WooCommerce Alternatives

PayFeez: Payment Gateway-Based Fees for WooCommerce

PayFeez: Payment Gateway-Based Fees for WooCommerce

payfeez

A
92

Apply fees based on the WooCommerce payment gateway selected by the customer.

20 No CVEs
SumUp Payment Gateway For WooCommerce

SumUp Payment Gateway For WooCommerce

sumup-payment-gateway-for-woocommerce

A
99

The SumUp plugin for WooCommerce allows businesses to securely process payments online. Accept payments from customers using a range of payment method …

10K 1 CVE
Bold pagos en linea

Bold pagos en linea

bold-pagos-en-linea

A
99

Recibe pagos en tu tienda de forma segura con diferentes métodos de pago confiables.

4K 1 CVE
Pay in Store WooCommerce Payment Gateway

Pay in Store WooCommerce Payment Gateway

pay-in-store-woocommerce-payment-gateway

A
85

Provides a Pay in Store upon pick up Payment Gateway for Woocommerce.

3K No CVEs
Robokassa payment gateway for Woocommerce

Robokassa payment gateway for Woocommerce

robokassa

B
75

Позволяет использовать интерфейс (платежный шлюз) для оплаты через Робокассу в WooCommerce. Поддерживает интеграцию чеков (закон 54-ФЗ)

3K 1 unpatched
Developer Profile

Pay for Payment for WooCommerce Developer Profile

Karolina Vyskocilova

5 plugins · 24K total installs

77
trust score
Avg Security Score
97/100
Avg Patch Time
993 days
View full developer profile
Detection Fingerprints

How We Detect Pay for Payment for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/woocommerce-pay-for-payment/css/pay4pay-settings-checkout.css/wp-content/plugins/woocommerce-pay-for-payment/js/pay4pay-settings-checkout.js
Script Paths
/wp-content/plugins/woocommerce-pay-for-payment/js/pay4pay-settings-checkout.js
Version Parameters
woocommerce-pay-for-payment/css/pay4pay-settings-checkout.css?ver=woocommerce-pay-for-payment/js/pay4pay-settings-checkout.js?ver=

HTML / DOM Fingerprints

CSS Classes
pay4pay-title
Data Attributes
data-setchangehandlerdata-reference-name
FAQ

Frequently Asked Questions about Pay for Payment for WooCommerce