Does ЮKassa для WooCommerce have any unpatched vulnerabilities?

No. All known vulnerabilities in ЮKassa для WooCommerce have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is ЮKassa для WooCommerce compatible with WordPress 6.9.4?

According to WordPress.org data, ЮKassa для WooCommerce 2.15.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is ЮKassa для WooCommerce compatible with PHP 5.6.20+?

ЮKassa для WooCommerce requires PHP 5.6.20 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is ЮKassa для WooCommerce updated?

ЮKassa для WooCommerce was last updated on Mar 11, 2026. Frequent updates are generally a positive security signal.

What is ЮKassa для WooCommerce's security score?

ЮKassa для WooCommerce has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

ЮKassa для WooCommerce Security & Risk Analysis

wordpress.org/plugins/yookassa

Прием платежей на сайтах WooCommerce. Разработка и поддержка — компания ЮMoney

9K active installs v2.15.0 PHP 5.6.20+ WP 5.2+ Updated Mar 11, 2026

gateway%d1%8ekassapaymentwoocommerceyookassa

A · Safe

CVEs total2

Unpatched0

Last CVEJul 29, 2022

Plugin page Download

Safety Verdict

Is ЮKassa для WooCommerce Safe to Use in 2026?

Generally Safe

Score 99/100

ЮKassa для WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Jul 29, 2022Updated 23d ago

Risk Assessment

The Yookassa plugin v2.15.0 exhibits a mixed security posture. While it demonstrates good practices in areas like SQL query preparation and the absence of bundled libraries, significant concerns arise from its attack surface and output sanitization. The presence of four AJAX handlers without authentication checks is a major vulnerability, opening the door for unauthorized actions. Furthermore, the low percentage of properly escaped output suggests a high risk of Cross-Site Scripting (XSS) vulnerabilities, allowing attackers to inject malicious scripts into the site.

Key Concerns

AJAX handlers without auth checks
Low percentage of properly escaped output
Flows with unsanitized paths
Past vulnerabilities: High severity
Past vulnerabilities: Medium severity

Vulnerabilities

ЮKassa для WooCommerce Security Vulnerabilities

CVEs by Year

2 CVEs in 2022

2022

Patched Has unpatched

Severity Breakdown

High

Medium

2 total CVEs

CVE-2022-36379high · 8.8Cross-Site Request Forgery (CSRF)

ЮKassa для WooCommerce <= 2.3.0 - Cross-Site Request Forgery to Settings Update

Jul 29, 2022 Patched in 2.3.1 (543d)

CVE-2022-34868medium · 5.4Missing Authorization

ЮKassa для WooCommerce <= 2.3.0 - Missing Authorization

Jul 29, 2022 Patched in 2.3.1 (543d)

Code Analysis

Analyzed Mar 16, 2026

ЮKassa для WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

14 prepared

Unescaped Output

215

24 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

93% prepared15 total queries

Output Escaping

10% escaped239 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths

get_tab_content (admin\YooKassaAdmin.php:419)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

4 unprotected

ЮKassa для WooCommerce Attack Surface

Entry Points4

Unprotected4

AJAX Handlers 4

authwp_ajax_yookassa_get_tabadmin\YooKassaAdmin.php:66

authwp_ajax_yookassa_save_settingsadmin\YooKassaAdmin.php:67

authwp_ajax_yookassa_get_oauth_tokenadmin\YooKassaAdmin.php:68

authwp_ajax_yookassa_get_oauth_urladmin\YooKassaAdmin.php:69

WordPress Hooks 11

actionwoocommerce_update_options_payment_gatewaysgateway\YooKassaGateway.php:117

actionadmin_noticesgateway\YooKassaWidgetGateway.php:50

actiontemplate_redirectgateway\YooKassaWidgetGateway.php:51

actionwoocommerce_initincludes\YooKassaNotice.php:24

actionwp_loadedincludes\YooKassaPayment.php:74

filterquery_varsincludes\YooKassaPayment.php:78

actiontemplate_redirectincludes\YooKassaPayment.php:85

actionbefore_woocommerce_inityookassa.php:76

actionupgrader_process_completeyookassa.php:90

actionwoocommerce_blocks_loadedyookassa.php:104

actionwoocommerce_blocks_payment_method_type_registrationyookassa.php:113

Maintenance & Trust

ЮKassa для WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 11, 2026

PHP min version5.6.20

Downloads162K

Community Trust

Rating70/100

Number of ratings27

Active installs9K

Alternatives

ЮKassa для WooCommerce Alternatives

Payment Gateway Based Fees and Discounts for WooCommerce

checkout-fees-for-woocommerce

Set fees and discounts for WooCommerce payment gateways.

30K 1 CVE

Paystack WooCommerce Payment Gateway

woo-paystack

100

Paystack for WooCommerce allows your WooCommerce store to accept secure payments from multiple local and global payment channels.

30K No CVEs

Montonio for WooCommerce

montonio-for-woocommerce

100

Montonio is a complete checkout solution for online stores that includes all popular payment methods (local banks, card payments, Apple Pay, Google Pa …

10K No CVEs

NETOPIA Payments Payment Gateway

netopia-payments-payment-gateway

NETOPIA Payments Payment Gateway extends WooCommerce payment options by adding NETOPIA's Payment Gateway options.

10K No CVEs

SumUp Payment Gateway For WooCommerce

sumup-payment-gateway-for-woocommerce

The SumUp plugin for WooCommerce allows businesses to securely process payments online. Accept payments from customers using a range of payment method …

10K 1 CVE

Developer Profile

ЮKassa для WooCommerce Developer Profile

yoomoney

1 plugin · 9K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

543 days

View full developer profile

Detection Fingerprints

How We Detect ЮKassa для WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/yookassa/admin/css/bootstrap-datetimepicker.min.css/wp-content/plugins/yookassa/admin/css/bootstrap.min.css/wp-content/plugins/yookassa/admin/css/colorbox.css/wp-content/plugins/yookassa/admin/css/jquery-ui.css/wp-content/plugins/yookassa/admin/css/yookassa_admin.css/wp-content/plugins/yookassa/admin/js/bootstrap-datetimepicker.min.js/wp-content/plugins/yookassa/admin/js/bootstrap.min.js/wp-content/plugins/yookassa/admin/js/bootstrap.bundle.min.js+5 more

Script Paths

/wp-content/plugins/yookassa/admin/js/bootstrap-datetimepicker.min.js/wp-content/plugins/yookassa/admin/js/bootstrap.min.js/wp-content/plugins/yookassa/admin/js/bootstrap.bundle.min.js/wp-content/plugins/yookassa/admin/js/jquery.colorbox-min.js/wp-content/plugins/yookassa/admin/js/jquery-ui.js/wp-content/plugins/yookassa/admin/js/yookassa_admin.js+1 more

Version Parameters

yookassa/admin/css/bootstrap-datetimepicker.min.css?ver=yookassa/admin/css/bootstrap.min.css?ver=yookassa/admin/css/colorbox.css?ver=yookassa/admin/css/jquery-ui.css?ver=yookassa/admin/css/yookassa_admin.css?ver=yookassa/admin/js/bootstrap-datetimepicker.min.js?ver=yookassa/admin/js/bootstrap.min.js?ver=yookassa/admin/js/bootstrap.bundle.min.js?ver=yookassa/admin/js/jquery.colorbox-min.js?ver=yookassa/admin/js/jquery-ui.js?ver=yookassa/admin/js/yookassa_admin.js?ver=yookassa/assets/css/yookassa-checkout.css?ver=yookassa/assets/js/yookassa-checkout.js?ver=

HTML / DOM Fingerprints

CSS Classes

yookassa_wrapyookassa_titleyookassa_inputyookassa_button

HTML Comments

Data Attributes

data-yookassa-payment-gatewaydata-yookassa-order-id

JS Globals

YooKassaCheckoutYooKassa

REST Endpoints

/wp-json/yookassa/v1/order/capture/wp-json/yookassa/v1/order/refund

Shortcode Output

[yookassa_payment_button]

FAQ