Does WP Weixin Pay have any unpatched vulnerabilities?

No. All known vulnerabilities in WP Weixin Pay have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Weixin Pay compatible with WordPress 5.4.19?

According to WordPress.org data, WP Weixin Pay 1.3.15 has been tested up to WordPress 5.4.19. Check the plugin's changelog for the latest compatibility information.

Is WP Weixin Pay compatible with PHP 7.0+?

WP Weixin Pay requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WP Weixin Pay updated?

WP Weixin Pay was last updated on May 16, 2020. Frequent updates are generally a positive security signal.

What is WP Weixin Pay's security score?

WP Weixin Pay has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Weixin Pay Security & Risk Analysis

wordpress.org/plugins/wp-weixin-pay

Simple WeChat Pay integration for WordPress.

10 active installs v1.3.15 PHP 7.0+ WP 4.9.5+ Updated May 16, 2020

money-transferpaymentswechat-payments

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP Weixin Pay Safe to Use in 2026?

Generally Safe

Score 85/100

WP Weixin Pay has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago

Risk Assessment

The "wp-weixin-pay" plugin version 1.3.15 exhibits a concerning security posture primarily due to its extensive unprotected attack surface. While the code demonstrates good practices in SQL query handling and output escaping, the presence of seven AJAX handlers without authentication checks represents a significant risk. This means that any unauthenticated user could potentially trigger these handlers, leading to unintended actions or information disclosure. The taint analysis, while not revealing critical or high severity issues, did identify one flow with unsanitized paths, which could be a potential avenue for exploitation if combined with other vulnerabilities or misconfigurations.

The plugin's vulnerability history is currently clean, with no known CVEs. This is a positive indicator, suggesting that the developers have not historically introduced major security flaws. However, the lack of past vulnerabilities does not negate the immediate risks identified in the static analysis. The plugin's strengths lie in its secure handling of database interactions and output rendering, but these are overshadowed by the critical oversight of failing to implement proper authorization checks on its AJAX endpoints. Therefore, while the plugin has a good track record, the current version requires immediate attention to secure its entry points.

Key Concerns

Unprotected AJAX handlers
Flow with unsanitized paths (taint analysis)
Missing capability checks

Vulnerabilities

None known

WP Weixin Pay Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

WP Weixin Pay Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

20 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared2 total queries

Output Escaping

95% escaped21 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths

pre_basic_oauth (inc\class-wp-weixin-pay.php:918)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

7 unprotected

WP Weixin Pay Attack Surface

Entry Points7

Unprotected7

AJAX Handlers 7

authwp_ajax_wp_weixin_payinc\class-wp-weixin-pay.php:37

noprivwp_ajax_wp_weixin_payinc\class-wp-weixin-pay.php:38

authwp_ajax_wp_weixin_pay_init_checkinc\class-wp-weixin-pay.php:40

noprivwp_ajax_wp_weixin_pay_init_checkinc\class-wp-weixin-pay.php:41

authwp_ajax_wp_weixin_pay_checkinc\class-wp-weixin-pay.php:43

noprivwp_ajax_wp_weixin_pay_checkinc\class-wp-weixin-pay.php:44

authwp_ajax_wp_weixin_pay_get_settings_qrinc\class-wp-weixin-pay.php:54

WordPress Hooks 28

actioninitinc\class-wp-weixin-pay.php:33

actionparse_requestinc\class-wp-weixin-pay.php:35

actionwp_weixin_handle_payment_notificationinc\class-wp-weixin-pay.php:46

actionwp_weixin_before_qr_settings_innerinc\class-wp-weixin-pay.php:48

actionwp_weixin_handle_auto_refundinc\class-wp-weixin-pay.php:50

actionadmin_enqueue_scriptsinc\class-wp-weixin-pay.php:52

filterquery_varsinc\class-wp-weixin-pay.php:57

actionparse_requestinc\class-wp-weixin-pay.php:60

actioninitinc\class-wp-weixin-pay.php:64

actioninitinc\class-wp-weixin-pay.php:66

actionwp_weixin_endpointsinc\class-wp-weixin-pay.php:68

actionwp_weixin_pay_wait_cleaninc\class-wp-weixin-pay.php:70

filterwp_weixin_settingsinc\class-wp-weixin-pay.php:73

filterwp_weixin_settings_fieldsinc\class-wp-weixin-pay.php:75

filterwp_weixin_show_settings_sectioninc\class-wp-weixin-pay.php:77

filterwp_weixin_jsapi_urlsinc\class-wp-weixin-pay.php:79

filterwp_weixin_pay_callback_endpointinc\class-wp-weixin-pay.php:81

filterwp_weixin_auth_neededinc\class-wp-weixin-pay.php:83

actionadmin_noticesinc\class-wp-weixin-pay.php:133

filterwp_weixin_pay_notify_resultsinc\class-wp-weixin-pay.php:461

actionwpinc\class-wp-weixin-pay.php:565

actionwp_footerinc\class-wp-weixin-pay.php:738

actionshutdowninc\class-wp-weixin-pay.php:739

actionwp_print_scriptsinc\class-wp-weixin-pay.php:745

actionwp_print_stylesinc\class-wp-weixin-pay.php:746

filtertemplate_redirectinc\class-wp-weixin-pay.php:778

actionwp_weixin_extensionswp-weixin-pay.php:46

actionplugins_loadedwp-weixin-pay.php:48

Scheduled Events 1

wp_weixin_pay_wait_clean

Maintenance & Trust

WP Weixin Pay Maintenance & Trust

Maintenance Signals

WordPress version tested5.4.19

Last updatedMay 16, 2020

PHP min version7.0

Downloads10K

Community Trust

Rating80/100

Number of ratings4

Active installs10

Alternatives

WP Weixin Pay Alternatives

Checkout with Zelle on Woocommerce

wc-zelle

Receive Zelle payments on your website with WooCommerce + Zelle

3K 1 CVE

Receive customer payments on Woocommerce

momo-venmo

100

Receive Venmo payments on your website with WooCommerce + Venmo

2K No CVEs

Payment gateway for WooCommerce – Woo WeChatPay

woo-wechatpay

WeChat Pay payment gateway for WooCommerce.

90 No CVEs

WeChat Payments for WooCommerce

wechat-payment-for-woo

100

WeChat Payments for WooCommerce is a Wordpress plugin that allows to accept payments at WooCommerce-powered online stores.

80 No CVEs

WooPayments: Integrated WooCommerce Payments

woocommerce-payments

Securely accept credit and debit cards on your WooCommerce store. Manage payments without leaving your WordPress dashboard. Only with WooPayments.

900K 7 CVEs

Developer Profile

WP Weixin Pay Developer Profile

Alexandre Froger

11 plugins · 8K total installs

trust score

Avg Security Score

88/100

Avg Patch Time

110 days

View full developer profile

Detection Fingerprints

How We Detect WP Weixin Pay

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-weixin-pay/assets/css/wxpay-style.css/wp-content/plugins/wp-weixin-pay/assets/js/wxpay-script.js/wp-content/plugins/wp-weixin-pay/assets/js/wxpay-admin-script.js

Script Paths

/wp-content/plugins/wp-weixin-pay/assets/js/wxpay-script.js/wp-content/plugins/wp-weixin-pay/assets/js/wxpay-admin-script.js

Version Parameters

wp-weixin-pay/assets/css/wxpay-style.css?ver=wp-weixin-pay/assets/js/wxpay-script.js?ver=wp-weixin-pay/assets/js/wxpay-admin-script.js?ver=

HTML / DOM Fingerprints

CSS Classes

wxpay-qr-code-containerwxpay-donate-button

HTML Comments

Data Attributes

data-wxpay-product-iddata-wxpay-amountdata-wxpay-description

JS Globals

wxpay_params

REST Endpoints

/wp-json/wp-weixin-pay/v1/create-payment/wp-json/wp-weixin-pay/v1/check-payment

Shortcode Output

[weixin_pay_qr][weixin_pay_donate]

FAQ