Does zipMoney(Zip Co) Payments Plugin for WooCommerce have any unpatched vulnerabilities?

No. All known vulnerabilities in zipMoney(Zip Co) Payments Plugin for WooCommerce have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is zipMoney(Zip Co) Payments Plugin for WooCommerce compatible with WordPress 6.8.5?

According to WordPress.org data, zipMoney(Zip Co) Payments Plugin for WooCommerce 2.3.30 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

What is zipMoney(Zip Co) Payments Plugin for WooCommerce's security score?

zipMoney(Zip Co) Payments Plugin for WooCommerce has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

zipMoney(Zip Co) Payments Plugin for WooCommerce Security & Risk Analysis

wordpress.org/plugins/zipmoney-payments-woocommerce

Sell more online & in-store with Zip.

2K active installs v2.3.30 PHP + WP 6.5+ Updated Oct 24, 2025

zipmoney-for-woocommercezipmoney-payment-gateway-for-woocommercezipmoney-payments-module-for-woocommercezipmoney-payments-woocommercezipmoney-woocommerce-addon

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is zipMoney(Zip Co) Payments Plugin for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

zipMoney(Zip Co) Payments Plugin for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5mo ago

Risk Assessment

The zipmoney-payments-woocommerce plugin, version 2.3.30, exhibits a generally strong security posture regarding its attack surface. The analysis shows zero entry points such as AJAX handlers, REST API routes, shortcodes, or cron events that are exposed without proper authentication or permission checks. This significantly limits the potential for unauthorized access or manipulation through common WordPress vectors.

However, the static analysis reveals several areas for concern. Notably, all three detected SQL queries are not using prepared statements, indicating a significant risk of SQL injection vulnerabilities. Additionally, while a majority of output is properly escaped, 27% of outputs are not, potentially exposing the site to cross-site scripting (XSS) attacks. The presence of unsanitized paths in taint analysis flows, although not flagged as critical or high severity, warrants attention as it suggests potential for path traversal or file inclusion issues. The plugin also makes an external HTTP request without explicit details on its security implications.

Fortunately, the plugin has no recorded vulnerability history, with zero known CVEs. This suggests a history of responsible development or a lack of past security flaws being publicly disclosed. Despite the positive history, the identified code signals, particularly the raw SQL queries and unescaped outputs, present immediate risks that should be addressed to maintain a secure environment.

Key Concerns

Raw SQL queries detected
Unescaped output detected
Taint flows with unsanitized paths
External HTTP request
Missing Nonce checks
Missing Capability checks

Vulnerabilities

None known

zipMoney(Zip Co) Payments Plugin for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

zipMoney(Zip Co) Payments Plugin for WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

45 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared3 total queries

Output Escaping

73% escaped62 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

_handle_charge_request (includes\class-wc-zipmoney-payment-gateway.php:453)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

zipMoney(Zip Co) Payments Plugin for WooCommerce Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 32

actionwp_footerincludes\class-wc-zipmoney-payment-gateway-widget.php:11

filterwoocommerce_gateway_descriptionincludes\class-wc-zipmoney-payment-gateway-widget.php:13

filterwoocommerce_order_button_htmlincludes\class-wc-zipmoney-payment-gateway-widget.php:19

actionwoocommerce_checkout_update_order_reviewincludes\class-wc-zipmoney-payment-gateway-widget.php:23

actionadmin_enqueue_scriptsincludes\class-wc-zipmoney-payment-gateway-widget.php:36

actionwp_enqueue_scriptsincludes\class-wc-zipmoney-payment-gateway-widget.php:37

actionwoocommerce_order_item_add_action_buttonsincludes\class-wc-zipmoney-payment-gateway-widget.php:40

filterwoocommerce_valid_order_statuses_for_payment_completeincludes\class-wc-zipmoney-payment-gateway-widget.php:43

filterwoocommerce_available_payment_gatewaysincludes\class-wc-zipmoney-payment-gateway-widget.php:46

actionwoocommerce_before_checkout_formincludes\class-wc-zipmoney-payment-gateway-widget.php:49

filterscript_loader_tagincludes\class-wc-zipmoney-payment-gateway-widget.php:52

actionwoocommerce_single_product_summaryincludes\class-wc-zipmoney-payment-gateway-widget.php:115

actionwoocommerce_proceed_to_checkoutincludes\class-wc-zipmoney-payment-gateway-widget.php:120

actionwoocommerce_before_main_contentincludes\class-wc-zipmoney-payment-gateway-widget.php:182

actionwoocommerce_before_main_contentincludes\class-wc-zipmoney-payment-gateway-widget.php:186

actionwoocommerce_before_main_contentincludes\class-wc-zipmoney-payment-gateway-widget.php:190

actionwoocommerce_before_main_contentincludes\class-wc-zipmoney-payment-gateway-widget.php:194

actioninitincludes\class-wc-zipmoney-payment-gateway.php:58

actioninitincludes\class-wc-zipmoney-payment-gateway.php:59

filterwc_order_statusesincludes\class-wc-zipmoney-payment-gateway.php:61

actionparse_requestincludes\class-wc-zipmoney-payment-gateway.php:63

actionadmin_noticesincludes\class-wc-zipmoney-payment-gateway.php:66

actionadmin_noticesincludes\class-wc-zipmoney-payment-gateway.php:71

actionadmin_noticesincludes\class-wc-zipmoney-payment-gateway.php:72

filterwoocommerce_order_get_payment_method_titleincludes\class-wc-zipmoney-payment-gateway.php:73

actionwp_footerincludes\class-wc-zipmoney-payment-gateway.php:75

filterwoocommerce_payment_gatewayszipmoney-payment-gateway.php:89

actionplugins_loadedzipmoney-payment-gateway.php:115

actionplugins_loadedzipmoney-payment-gateway.php:116

actionwoocommerce_blocks_loadedzipmoney-payment-gateway.php:119

actionwoocommerce_blocks_payment_method_type_registrationzipmoney-payment-gateway.php:124

actionbefore_woocommerce_initzipmoney-payment-gateway.php:133

Maintenance & Trust

zipMoney(Zip Co) Payments Plugin for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedOct 24, 2025

PHP min version

Downloads137K

Community Trust

Rating60/100

Number of ratings7

Active installs2K

Alternatives

zipMoney(Zip Co) Payments Plugin for WooCommerce Alternatives

No alternatives data available yet.

Developer Profile

zipMoney(Zip Co) Payments Plugin for WooCommerce Developer Profile

Zip Co Limited

1 plugin · 2K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect zipMoney(Zip Co) Payments Plugin for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/zipmoney-payments-woocommerce/assets/css/zipmoney.css/wp-content/plugins/zipmoney-payments-woocommerce/assets/js/zipmoney.js/wp-content/plugins/zipmoney-payments-woocommerce/assets/js/zipmoney-widget.js/wp-content/plugins/zipmoney-payments-woocommerce/assets/js/zipmoney-checkout.js/wp-content/plugins/zipmoney-payments-woocommerce/assets/js/zipmoney-express.js

Script Paths

/wp-content/plugins/zipmoney-payments-woocommerce/assets/js/zipmoney.js/wp-content/plugins/zipmoney-payments-woocommerce/assets/js/zipmoney-widget.js/wp-content/plugins/zipmoney-payments-woocommerce/assets/js/zipmoney-checkout.js/wp-content/plugins/zipmoney-payments-woocommerce/assets/js/zipmoney-express.js

Version Parameters

zipmoney-payments-woocommerce/assets/css/zipmoney.css?ver=zipmoney-payments-woocommerce/assets/js/zipmoney.js?ver=zipmoney-payments-woocommerce/assets/js/zipmoney-widget.js?ver=zipmoney-payments-woocommerce/assets/js/zipmoney-checkout.js?ver=zipmoney-payments-woocommerce/assets/js/zipmoney-express.js?ver=

HTML / DOM Fingerprints

CSS Classes

zipmoney-widgetzip-widgetzipmoney-express-checkout-buttonzip-express-checkout-button

HTML Comments

+1 more

Data Attributes

data-zipmoney-order-iddata-zipmoney-payment-urldata-zipmoney-public-keydata-zipmoney-is-iframe-flowdata-zipmoney-merchant-id

JS Globals

zipmoneyConfigzipWidgetzipmoney_express_checkout

REST Endpoints

/wp-json/zipmoney/v1/payment/create/wp-json/zipmoney/v1/payment/update/wp-json/zipmoney/v1/payment/cancel

FAQ