WP-Safety

Accept Stripe Payments Using Contact Form 7 Security & Risk Analysis

wordpress.org/plugins/accept-stripe-payments-using-contact-form-7

Contact Form 7 - Integrate Stripe payment gateway for making your payments through Contact Form 7.

100 active installs v3.3 PHP 5.6+ WP 4.9+ Updated Jan 8, 2026
donationonline-paymentpaymentpaymentsstripe
96
A · Safe
CVEs total3
Unpatched0
Last CVEDec 11, 2025
Download
Safety Verdict

Is Accept Stripe Payments Using Contact Form 7 Safe to Use in 2026?

Generally Safe

Score 96/100

Accept Stripe Payments Using Contact Form 7 has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Dec 11, 2025Updated 2mo ago
Risk Assessment

The plugin "accept-stripe-payments-using-contact-form-7" v3.3 exhibits a generally good security posture based on the static analysis. It demonstrates strong adherence to secure coding practices by not utilizing dangerous functions, employing prepared statements for all SQL queries, and showing a high percentage of properly escaped output. The presence of nonce and capability checks, along with a limited number of file operations and no external HTTP requests, further contribute to a secure foundation. However, the taint analysis revealing two flows with unsanitized paths, even if not critical, presents a potential concern for input validation weaknesses that could be exploited. The vulnerability history, with three medium-severity CVEs related to Cross-site Scripting and Sensitive Information Exposure, indicates a pattern of past vulnerabilities that required patching. While there are currently no unpatched vulnerabilities, this history suggests a tendency for certain types of flaws to emerge. Overall, the plugin has strengths in its secure coding implementation and recent patch status but requires attention to the identified unsanitized input flows and awareness of its past vulnerability trends.

Key Concerns

  • Taint flows with unsanitized paths detected
  • Past medium severity CVEs indicate potential recurring issues
  • Bundled Select2 library (potential for outdated components)
Vulnerabilities
3

Accept Stripe Payments Using Contact Form 7 Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
2 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
3

3 total CVEs

CVE-2025-12834medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Accept Stripe Payments Using Contact Form 7 <= 3.1 - Reflected Cross-Site Scripting via failure_message

Dec 11, 2025 Patched in 3.2 (8d)
CVE-2025-53309medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

Accept Stripe Payments Using Contact Form 7 <= 3.0 - Unauthenticated Information Exposure

Jun 27, 2025 Patched in 3.1 (11d)
CVE-2024-12255medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

Accept Stripe Payments Using Contact Form 7 <= 2.5 - Unauthenticated Information Exposure

Dec 11, 2024 Patched in 2.6 (1d)
Code Analysis
Analyzed Mar 16, 2026

Accept Stripe Payments Using Contact Form 7 Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
13
262 escaped
Nonce Checks
1
Capability Checks
3
File Operations
2
External Requests
0
Bundled Libraries
1

Bundled Libraries

Select2

Output Escaping

95% escaped275 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths
action__restrict_manage_posts (inc\admin\class.cf7sa.admin.action.php:421)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Accept Stripe Payments Using Contact Form 7 Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 29
actioninitinc\admin\class.cf7sa.admin.action.php:24
actioninitinc\admin\class.cf7sa.admin.action.php:25
actionadd_meta_boxesinc\admin\class.cf7sa.admin.action.php:26
actionwpcf7_save_contact_forminc\admin\class.cf7sa.admin.action.php:29
actionmanage_cf7sa_data_posts_custom_columninc\admin\class.cf7sa.admin.action.php:31
actionpre_get_postsinc\admin\class.cf7sa.admin.action.php:33
actionrestrict_manage_postsinc\admin\class.cf7sa.admin.action.php:34
actionparse_queryinc\admin\class.cf7sa.admin.action.php:35
actionadmin_noticesinc\admin\class.cf7sa.admin.action.php:92
actionadmin_noticesinc\admin\class.cf7sa.admin.action.php:482
filterwpcf7_editor_panelsinc\admin\class.cf7sa.admin.filter.php:25
filterpost_row_actionsinc\admin\class.cf7sa.admin.filter.php:26
filtermanage_edit-cf7sa_data_sortable_columnsinc\admin\class.cf7sa.admin.filter.php:28
filtermanage_cf7sa_data_posts_columnsinc\admin\class.cf7sa.admin.filter.php:29
filterbulk_actions-edit-cf7sa_datainc\admin\class.cf7sa.admin.filter.php:30
filterplugin_action_linksinc\admin\class.cf7sa.admin.filter.php:31
actionadmin_menuinc\admin\class.cf7sa.admin.php:26
actionadmin_print_footer_scriptsinc\admin\template\cf7sa.template.php:416
actionplugins_loadedinc\class.cf7sa.php:38
actionsetup_themeinc\class.cf7sa.php:39
actionadmin_noticesinc\class.cf7sa.php:45
actioninitinc\class.cf7sa.php:50
actionwpcf7_admin_initinc\class.cf7sa.php:53
actionwp_enqueue_scriptsinc\front\class.cf7sa.front.action.php:24
filterwpcf7_form_class_attrinc\front\class.cf7sa.front.filter.php:27
filterwpcf7_form_taginc\front\class.cf7sa.front.filter.php:29
filterwpcf7_form_taginc\front\class.cf7sa.front.filter.php:31
filterquery_varsinc\front\class.cf7sa.front.php:32
filtertemplate_includeinc\front\class.cf7sa.front.php:33
Maintenance & Trust

Accept Stripe Payments Using Contact Form 7 Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 8, 2026
PHP min version5.6
Downloads8K

Community Trust

Rating100/100
Number of ratings13
Active installs100
Alternatives

Accept Stripe Payments Using Contact Form 7 Alternatives

Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions

Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions

wp-full-stripe-free

A
92

🚀 Create Stripe payment forms for WordPress. Accept credit cards, Apple Pay, donations, subscriptions & more. Easy setup, no coding needed!

10K 5 CVEs
Better Payment – Instant Payments, Donations, Fundraising with Subscriptions & More

Better Payment – Instant Payments, Donations, Fundraising with Subscriptions & More

better-payment

A
100

Better Payment allows you to automate payment transactions to manage payments, donations, subscriptions, sell products, etc on your Elementor website.

6K No CVEs
AidWP – Donation & Payment Forms (Stripe Powered)

AidWP – Donation & Payment Forms (Stripe Powered)

wp-stripe-donation

A
99

Create fast donation and payment forms. Accept payments on WordPress with Stripe — no WooCommerce required.

900 2 CVEs
Church Tithe WP

Church Tithe WP

churchtithewp

A
100

Smoothly, easily, and quickly accepting online tithes and donations is an important thing for every church today. Church Tithe WP makes it simple for &hellip;

200 No CVEs
Buy Me a Coffee button & widgets – Fundraise with Stripe and PayPal

Buy Me a Coffee button & widgets – Fundraise with Stripe and PayPal

buy-me-coffee

A
100

Easy way to collect donations like "buy me a coffee" directly your own Stripe and PayPal for free.

50 No CVEs
Developer Profile

Accept Stripe Payments Using Contact Form 7 Developer Profile

ZealousWeb

18 plugins · 7K total installs

87
trust score
Avg Security Score
98/100
Avg Patch Time
88 days
View full developer profile
Detection Fingerprints

How We Detect Accept Stripe Payments Using Contact Form 7

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/accept-stripe-payments-using-contact-form-7/inc/admin/template/cf7sa.template.php
Version Parameters
accept-stripe-payments-using-contact-form-7/style.css?ver=accept-stripe-payments-using-contact-form-7/js/cf7sa_admin_js.js?ver=

HTML / DOM Fingerprints

CSS Classes
stripe-add-oncf7sa_data
Data Attributes
data-cf7sa-form-id
JS Globals
cf7sa_admin_js
Shortcode Output
[stripe_amount][stripe_currency][stripe_description]
FAQ

Frequently Asked Questions about Accept Stripe Payments Using Contact Form 7