Does PromptPay have any unpatched vulnerabilities?

No. All known vulnerabilities in PromptPay have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is PromptPay compatible with WordPress 5.4.19?

According to WordPress.org data, PromptPay 1.2.2 has been tested up to WordPress 5.4.19. Check the plugin's changelog for the latest compatibility information.

How often is PromptPay updated?

PromptPay was last updated on Aug 4, 2020. Frequent updates are generally a positive security signal.

What is PromptPay's security score?

PromptPay has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

PromptPay Security & Risk Analysis

wordpress.org/plugins/wp-promptpay

PromptPay integration for WordPress, contract creator if any

100 active installs v1.2.2 PHP + WP 3.0.1+ Updated Aug 4, 2020

paymentpromptpayqrcodewoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is PromptPay Safe to Use in 2026?

Generally Safe

Score 85/100

PromptPay has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago

Risk Assessment

The wp-promptpay plugin v1.2.2 exhibits a generally strong security posture based on the provided static analysis. The absence of dangerous functions, external HTTP requests, file operations, and SQL queries without prepared statements are significant strengths. Furthermore, the plugin has no recorded vulnerabilities, which suggests a history of responsible development and maintenance.

However, there are notable areas for improvement. The lack of nonce checks and capability checks, especially with a shortcode present, represents a potential weakness. If the shortcode's functionality can be exploited, an attacker might be able to trigger it without proper authorization. Additionally, the 33% of outputs that are not properly escaped could lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is involved in these outputs.

In conclusion, while the plugin is free of known critical issues and demonstrates good coding practices in several areas, the identified weaknesses in authorization checks and output escaping warrant attention. Addressing these concerns would significantly enhance the plugin's overall security.

Key Concerns

No nonce checks found
No capability checks found
Outputs not properly escaped (33%)

Vulnerabilities

None known

PromptPay Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

PromptPay Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

2 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

67% escaped3 total outputs

Attack Surface

PromptPay Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[promptpayqr] promptpay.php:63

WordPress Hooks 6

actionadmin_menupromptpay.php:52

actionadmin_initpromptpay.php:53

filterplugin_action_linkspromptpay.php:56

actionwp_enqueue_scriptspromptpay.php:59

actionadmin_enqueue_scriptspromptpay.php:60

actionwoocommerce_order_details_after_order_tablepromptpay.php:66

Maintenance & Trust

PromptPay Maintenance & Trust

Maintenance Signals

WordPress version tested5.4.19

Last updatedAug 4, 2020

PHP min version

Downloads4K

Community Trust

Rating80/100

Number of ratings4

Active installs100

Alternatives

PromptPay Alternatives

Razorpay Payment Links for WooCommerce

rzp-woocommerce

100

The easiest and most secure solution to collect payments with WooCommerce. Allow customers to securely pay via Razorpay (Credit/Debit Cards, NetBankin …

1K No CVEs

UPI QR Code Payment Gateway

upi-qr-code-payment-gateway

This Plugin enables WooCommerce shop owners to get direct and instant payments through UPI apps like GPay, PhonePe, Paytm or any banking UPI app.

1K No CVEs

sqrip.ch

sqrip-swiss-qr-invoice

sqrip – A comprehensive, flexible and clever WooCommerce finance tool for the most widely used payment method in Switzerland: the bank transfers.

100 No CVEs

Autopilot For UPI QR Code Payment Gateway for WooCommerce

autopilot-for-upi-qr-code-payment-gateway

This plugin automates the payment verification process for WooCommerce orders made through the UPI QR Code Payment Gateway for WooCommerce, facilitati …

90 No CVEs

Negpay qrcode Payment Gateway

integration-qr-code-payment-gateway

100

This Plugin enables WooCommerce shopowners to instant payments through bank apps like banking app to save payment gateway charges in Mongolia.

0 No CVEs

Developer Profile

PromptPay Developer Profile

jojoee

6 plugins · 2K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect PromptPay

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Script Paths

/wp-content/plugins/wp-promptpay/js/promptpay.js

Version Parameters

wp-promptpay/js/promptpay.js?ver=

HTML / DOM Fingerprints

CSS Classes

ppy-card

HTML Comments

+8 more

Data Attributes

data-promptpay-iddata-amountdata-show-promptpay-logodata-show-promptpay-iddata-account-namedata-shop-name+1 more

Shortcode Output

<div class="ppy-card"

FAQ