Does ZaakPay have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is ZaakPay compatible with WordPress 6.8.5?

According to WordPress.org data, ZaakPay 1.0.1 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is ZaakPay compatible with PHP 7.4+?

ZaakPay requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is ZaakPay updated?

ZaakPay was last updated on Dec 24, 2025. Frequent updates are generally a positive security signal.

What is ZaakPay's security score?

ZaakPay has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

ZaakPay Security & Risk Analysis

wordpress.org/plugins/zaakpay

Seamlessly integrate Zaakpay payment gateway with WooCommerce for secure and reliable online payments.

20 active installs v1.0.1 PHP 7.4+ WP 6.0+ Updated Dec 24, 2025

credit-card-paymentsonline-paymentspayment-gatewaypayment-processorsecure-payments

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is ZaakPay Safe to Use in 2026?

Generally Safe

Score 100/100

ZaakPay has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago

Risk Assessment

The ZaakPay plugin v1.0.1 presents a concerning security posture due to a significant attack surface without authentication. All four identified AJAX handlers lack authorization checks, leaving them open to exploitation by unauthenticated users. While the code demonstrates good practices in other areas, such as 100% proper output escaping and the exclusive use of prepared statements for SQL queries, these strengths are overshadowed by the critical vulnerability of unprotected entry points. The absence of any known vulnerabilities or past CVEs is a positive indicator, suggesting a generally well-maintained codebase. However, this lack of history cannot compensate for the readily identifiable risks in the current version's attack surface. The plugin's security is heavily reliant on its limited number of AJAX endpoints being properly secured by the WordPress environment or other security measures, which is not ideal. The potential for privilege escalation or unauthorized actions is high given the unprotected AJAX handlers.

Key Concerns

AJAX handlers without authentication
All AJAX handlers unprotected
No nonce checks on AJAX handlers
No capability checks on AJAX handlers

Vulnerabilities

None known

ZaakPay Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

ZaakPay Release Timeline

v1.0.1Current

v1.0.0

Code Analysis

Analyzed Mar 16, 2026

ZaakPay Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

20 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped20 total outputs

Attack Surface

4 unprotected

ZaakPay Attack Surface

Entry Points4

Unprotected4

AJAX Handlers 4

authwp_ajax_zaakpay_payment_gateway_response_callbackadmin\partial\class-zaakpay-payment-gateway.php:40

noprivwp_ajax_zaakpay_payment_gateway_response_callbackadmin\partial\class-zaakpay-payment-gateway.php:41

authwp_ajax_ced_zaakpay_webhookadmin\partial\class-zaakpay-payment-gateway.php:44

noprivwp_ajax_ced_zaakpay_webhookadmin\partial\class-zaakpay-payment-gateway.php:45

WordPress Hooks 15

actionwoocommerce_update_options_payment_gatewaysadmin\partial\class-zaakpay-payment-gateway.php:36

actionwoocommerce_order_details_after_order_tableadmin\partial\class-zaakpay-payment-gateway.php:42

actionadmin_noticesincludes\class-zaakpay-payment-gateway-main.php:12

actionadmin_initincludes\class-zaakpay-payment-gateway-main.php:13

filtercron_schedulesincludes\class-zaakpay-payment-gateway-main.php:14

actionced_zaakpay_refund_updatesincludes\class-zaakpay-payment-gateway-main.php:15

actionced_zaakpay_transaction_updatesincludes\class-zaakpay-payment-gateway-main.php:16

filterwoocommerce_payment_gatewaysincludes\class-zaakpay-payment-gateway-main.php:350

actionwoocommerce_order_refundedincludes\class-zaakpay-payment-gateway-main.php:352

actionwoocommerce_blocks_loadedincludes\class-zaakpay-payment-gateway-main.php:359

actionwp_enqueue_scriptsincludes\class-zaakpay-payment-gateway-main.php:362

actionwoocommerce_blocks_payment_method_type_registrationpublic\class-zaakpay-payment-gateway-public.php:20

actionadmin_noticeszaakpay-payment-gateway.php:54

actionadmin_initzaakpay-payment-gateway.php:72

actionadmin_noticeszaakpay-payment-gateway.php:82

Scheduled Events 2

ced_zaakpay_refund_updates

ced_zaakpay_transaction_updates

Maintenance & Trust

ZaakPay Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedDec 24, 2025

PHP min version7.4

Downloads310

Community Trust

Rating0/100

Number of ratings0

Active installs20

Alternatives

ZaakPay Alternatives

Paystation (3 Party Hosted) for Gravity forms

gravity-forms-paystation-3-party-hosted

Integrates Gravity Forms with the Paystation 3 party hosted payment gateway allowing end-users to purchase goods and services via Gravity Forms.

30 No CVEs

Bykea.Cash – Online Payments

bykea-cash-online-payments

The Bykea Cash plugin allows you to collect payments on your WordPress WooCommerce website instantly using Credit/Debit Cards (VISA, MasterCard, PayPa …

200 No CVEs

Paystation Payment Gateway for woocommerce

paystation-woocommerce-payment-gateway

100

Take credit card payments on your store via Paystation.

100 No CVEs

Click & Pledge WPJobBoard

click-pledge-wpjobboard

Click & Pledge payment gateway integration for WPJobBoard with Salesforce support.

40 1 CVE

Click & Pledge for Gravity Forms

gravity-forms-click-pledge

100

Add a credit card payment gateway for Click & Pledge to the Gravity Forms plugin

30 No CVEs

Developer Profile

ZaakPay Developer Profile

zaakpay

1 plugin · 20 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect ZaakPay

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/zaakpay/assets/js/zaakpay_checkout.js/wp-content/plugins/zaakpay/assets/css/zaakpay_checkout.css

Version Parameters

zaakpay/assets/js/zaakpay_checkout.js?ver=zaakpay/assets/css/zaakpay_checkout.css?ver=

HTML / DOM Fingerprints

CSS Classes

zaakpay_payment_formzaakpay_checkout_wrapper

HTML Comments

Data Attributes

data-zaakpay-order-iddata-zaakpay-payment-tokendata-zaakpay-merchant-id

JS Globals

ZaakpayCheckout

REST Endpoints

/wp-json/zaakpay/v1/process_payment/wp-json/zaakpay/v1/payment_callback

Shortcode Output

[zaakpay_payment_form]

FAQ