Yotta Pay Payment Gateway Security & Risk Analysis

wordpress.org/plugins/yottapay-payment-gateway

Yotta Pay is the fastest and most secure way to accept payments via bank account.

40 active installs v4.0.1 PHP 7.0+ WP 5.3+ Updated Dec 23, 2025
checkoutecommerceonline-bankingonline-paymentsyotta-pay
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is Yotta Pay Payment Gateway Safe to Use in 2026?

Generally Safe

Score 100/100

Yotta Pay Payment Gateway has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6mo ago
Risk Assessment

The "yottapay-payment-gateway" v4.0.1 plugin exhibits a generally strong security posture based on the provided static analysis and vulnerability history. The complete absence of known CVEs and a clean vulnerability history suggest a commitment to security maintenance. The code analysis further supports this, with no dangerous functions identified, all SQL queries using prepared statements, and a reasonable percentage of output escaping (72%). The presence of nonce and capability checks, along with a single file operation and two external HTTP requests, are also managed with some level of security consideration.

However, there are areas for improvement. The static analysis indicates a total of 74 output operations, of which 28% (74 * 0.28 = ~20.72) are not properly escaped. This could potentially lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is not adequately sanitized before being displayed. Additionally, the single file operation, while not inherently insecure, warrants attention as file manipulation can be a vector for attacks if not handled with extreme care and validation. The zero taint flows are positive, but this is often due to the limited scope of analysis or the absence of complex data manipulation that would trigger such flows.

Key Concerns

  • Unescaped output identified
  • File operations present
Vulnerabilities
None known

Yotta Pay Payment Gateway Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Yotta Pay Payment Gateway Release Timeline

v4.0.1Current
v4.0.0
v3.0.3
v3.0.2
v3.0.1
v3.0.0
v2.0.3
v2.0.2
v2.0.1
v2.0.0
v1.4.2
v1.4.1
v1.4.0
v1.3.4
v1.3.3
v1.3.2
v1.3.1
v1.3.0
v1.2.4
v1.2.3
Code Analysis
Analyzed Mar 16, 2026

Yotta Pay Payment Gateway Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
21
53 escaped
Nonce Checks
1
Capability Checks
1
File Operations
1
External Requests
2
Bundled Libraries
0

Output Escaping

72% escaped74 total outputs
Attack Surface

Yotta Pay Payment Gateway Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 31
actioninitincludes\common\hooks\class-wc-yottapay-actions.php:19
actionwoocommerce_account_yottapay-refund-request-form_endpointincludes\common\hooks\class-wc-yottapay-actions.php:20
actionadmin_headincludes\common\hooks\class-wc-yottapay-actions.php:23
actionwp_headincludes\common\hooks\class-wc-yottapay-actions.php:24
actionwoocommerce_review_order_before_paymentincludes\common\hooks\class-wc-yottapay-actions.php:25
actionwpincludes\common\hooks\class-wc-yottapay-actions.php:28
actionyottapay_scheduled_action_reload_client_user_dataincludes\common\hooks\class-wc-yottapay-actions.php:29
actionupdated_optionincludes\common\hooks\class-wc-yottapay-actions.php:33
actionwoocommerce_settings_checkoutincludes\common\hooks\class-wc-yottapay-actions.php:36
actionwoocommerce_checkout_initincludes\common\hooks\class-wc-yottapay-actions.php:43
actionwoocommerce_email_order_metaincludes\common\hooks\class-wc-yottapay-actions.php:46
actionwoocommerce_api_yottapay_authorizeincludes\common\hooks\class-wc-yottapay-actions.php:55
actionwoocommerce_api_yottapay_authorize_webhookincludes\common\hooks\class-wc-yottapay-actions.php:56
actionwoocommerce_api_yottapay_payment_cancellation_webhookincludes\common\hooks\class-wc-yottapay-actions.php:59
actionwoocommerce_api_yottapay_payment_webhookincludes\common\hooks\class-wc-yottapay-actions.php:60
actionwoocommerce_api_yottapay_refundincludes\common\hooks\class-wc-yottapay-actions.php:69
actionwoocommerce_api_yottapay_refund_webhookincludes\common\hooks\class-wc-yottapay-actions.php:70
actionwoocommerce_api_yottapay_loyaltyincludes\common\hooks\class-wc-yottapay-actions.php:73
filtercron_schedulesincludes\common\hooks\class-wc-yottapay-filters.php:19
filterwoocommerce_payment_gatewaysincludes\common\hooks\class-wc-yottapay-filters.php:22
filterplugin_row_metaincludes\common\hooks\class-wc-yottapay-filters.php:25
filterwoocommerce_gateway_titleincludes\common\hooks\class-wc-yottapay-filters.php:27
filterwoocommerce_gateway_iconincludes\common\hooks\class-wc-yottapay-filters.php:28
filterwoocommerce_order_details_before_order_tableincludes\common\hooks\class-wc-yottapay-filters.php:29
filterwoocommerce_order_details_after_order_tableincludes\common\hooks\class-wc-yottapay-filters.php:30
filterwoocommerce_my_account_my_orders_actionsincludes\common\hooks\class-wc-yottapay-filters.php:31
filterwoocommerce_order_actionsincludes\common\hooks\class-wc-yottapay-filters.php:34
actionadmin_noticesincludes\common\workers\class-wc-yottapay-load-worker.php:77
actionadmin_noticesincludes\common\workers\class-wc-yottapay-load-worker.php:83
actionbefore_woocommerce_inityottapay-payment-gateway.php:32
actionplugins_loadedyottapay-payment-gateway.php:33
Maintenance & Trust

Yotta Pay Payment Gateway Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedDec 23, 2025
PHP min version7.0
Downloads3K

Community Trust

Rating0/100
Number of ratings0
Active installs40
Developer Profile

Yotta Pay Payment Gateway Developer Profile

yottapay

1 plugin · 40 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Yotta Pay Payment Gateway

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/yottapay-payment-gateway/assets/css/yottapay.css/wp-content/plugins/yottapay-payment-gateway/assets/js/yottapay.js/wp-content/plugins/yottapay-payment-gateway/assets/js/yottapay-checkout.js
Script Paths
/wp-content/plugins/yottapay-payment-gateway/assets/js/yottapay.js/wp-content/plugins/yottapay-payment-gateway/assets/js/yottapay-checkout.js
Version Parameters
yottapay-payment-gateway/assets/css/yottapay.css?ver=yottapay-payment-gateway/assets/js/yottapay.js?ver=yottapay-payment-gateway/assets/js/yottapay-checkout.js?ver=

HTML / DOM Fingerprints

CSS Classes
yottapay-payment-gateway-settingsyottapay-checkout-containeryottapay-refund-request-form
HTML Comments
TODO: SuperCheckout
Data Attributes
data-yottapay-gateway-id
JS Globals
yottapay_settingsYottaPayYottaPayCheckout
REST Endpoints
/wp-json/yottapay/v1/authorize/wp-json/yottapay/v1/payment/wp-json/yottapay/v1/refund/wp-json/yottapay/v1/loyalty
FAQ

Frequently Asked Questions about Yotta Pay Payment Gateway