WP-Safety

Add Stripe Payments for Contact Form 7 Security & Risk Analysis

wordpress.org/plugins/add-stripe-payments-for-contact-form-7

This plugin seamlessly integrates Stripe with Contact Form 7. Official Stripe Partner.

10 active installs v2.0.3 PHP 7.2+ WP 3.0.1+ Updated Feb 22, 2022
contact-form-7contact-form-7-paymentscontactform7stripe-paymentstripe-payments
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Add Stripe Payments for Contact Form 7 Safe to Use in 2026?

Generally Safe

Score 85/100

Add Stripe Payments for Contact Form 7 has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago
Risk Assessment

The static analysis of add-stripe-payments-for-contact-form-7 v2.0.3 indicates a generally strong security posture, with no known CVEs and a commitment to using prepared statements for SQL queries. The absence of direct entry points like AJAX handlers, REST API routes, and shortcodes is a positive sign, limiting the plugin's attack surface. However, the presence of two 'Dangerous functions' specifically `unserialize` is a significant concern. While taint analysis shows no critical or high severity flows originating from these, the potential for insecure deserialization remains if the serialized data is not strictly controlled and originates from an untrusted source. Furthermore, only 82% of output is properly escaped, which could lead to cross-site scripting (XSS) vulnerabilities if the remaining 18% handles user-supplied data without sufficient sanitization.

Despite the lack of a vulnerability history, which is a very positive indicator, the identified code signals warrant attention. The `unserialize` function, even without current exploitable taint flows, represents a latent risk that could be triggered by future changes or specific configurations. The capability checks being present are good, but the lack of nonce checks on any potential (though currently absent) AJAX handlers is a standard security practice that is not being implemented. The overall security is good due to the lack of history and limited entry points, but the `unserialize` function and imperfect output escaping are notable weaknesses.

Key Concerns

  • Dangerous function: unserialize found
  • Output escaping is not 100%
  • No nonce checks found
Vulnerabilities
None known

Add Stripe Payments for Contact Form 7 Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Add Stripe Payments for Contact Form 7 Release Timeline

v2.0.2
v2.0.1
v2.0.0
v1.0.1
v1.0
Code Analysis
Analyzed Apr 16, 2026

Add Stripe Payments for Contact Form 7 Code Analysis

Dangerous Functions
2
Raw SQL Queries
0
0 prepared
Unescaped Output
35
155 escaped
Nonce Checks
0
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
1

Dangerous Functions Found

unserialize$data = unserialize( $post_meta );admin/partials/sp4cf7-admin-transaction-details.php:107
unserialize$data = unserialize( $post_meta );admin/partials/sp4cf7-admin-transaction-details.php:161

Bundled Libraries

Select2

Output Escaping

82% escaped190 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
manage_posts_filters (admin/SP4CF7_Admin.php:397)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Add Stripe Payments for Contact Form 7 Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 34
actionadmin_noticesadd-stripe-payments-for-contact-form-7.php:38
actionplugins_loadedadd-stripe-payments-for-contact-form-7.php:97
actionadmin_noticesadd-stripe-payments-for-contact-form-7.php:100
actionadmin_noticesadmin/SP4CF7_Admin.php:68
actionplugins_loadedincludes/classes/Main.php:153
actionadmin_enqueue_scriptsincludes/classes/Main.php:168
actionadmin_enqueue_scriptsincludes/classes/Main.php:169
actionwpcf7_admin_initincludes/classes/Main.php:170
actioninitincludes/classes/Main.php:172
actionadd_meta_boxesincludes/classes/Main.php:173
actionwpcf7_save_contact_formincludes/classes/Main.php:176
actionpre_get_postsincludes/classes/Main.php:180
actionparse_queryincludes/classes/Main.php:181
actionrestrict_manage_postsincludes/classes/Main.php:182
filterwpcf7_editor_panelsincludes/classes/Main.php:187
filterpost_row_actionsincludes/classes/Main.php:188
actionadmin_print_styles-post-new.phpincludes/classes/Main.php:194
actionadmin_print_styles-post.phpincludes/classes/Main.php:195
filterplugin_action_linksincludes/classes/Main.php:198
actionwp_enqueue_scriptsincludes/classes/Main.php:213
actionwp_enqueue_scriptsincludes/classes/Main.php:214
filterwpcf7_form_class_attrincludes/classes/Main.php:216
actioninitincludes/classes/Main.php:218
actionwpcf7_initincludes/classes/Main.php:220
actionwpcf7_before_send_mailincludes/classes/Main.php:223
actioninitincludes/classes/Main.php:270
filterwpcf7_validate_stripepublic/SP4CF7_Public.php:184
filterwpcf7_skip_mailpublic/SP4CF7_Public.php:371
filterwpcf7_skip_mailpublic/SP4CF7_Public.php:400
filterwpcf7_skip_mailpublic/SP4CF7_Public.php:478
filterwpcf7_mail_tag_replacedpublic/SP4CF7_Public.php:530
filterwpcf7_display_messagepublic/SP4CF7_Public.php:556
filterwpcf7_ajax_json_echopublic/SP4CF7_Public.php:561
filterwpcf7_skip_mailpublic/SP4CF7_Public.php:598
Maintenance & Trust

Add Stripe Payments for Contact Form 7 Maintenance & Trust

Maintenance Signals

WordPress version tested5.8.13
Last updatedFeb 22, 2022
PHP min version7.2
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Add Stripe Payments for Contact Form 7 Alternatives

Accept Stripe Payments

Accept Stripe Payments

stripe-payments

A
97

Easily accept payments on your WordPress site via Stripe payment gateway.

20K 5 CVEs
Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions

Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions

wp-full-stripe-free

A
94

🚀 Create Stripe payment forms for WordPress. Accept credit cards, Apple Pay, donations, subscriptions & more. Easy setup, no coding needed!

10K 5 CVEs
Stripe Payment Forms by WP Simple Pay – Accept Credit Card Payments + Subscriptions with Stripe

Stripe Payment Forms by WP Simple Pay – Accept Credit Card Payments + Subscriptions with Stripe

stripe

A
100

🤩 Accept Stripe payments and recurring subscriptions on your WordPress using WP Simple Pay, the best Stripe payments plugin! 🚀

9K No CVEs
Payment Gateway of Stripe for WooCommerce

Payment Gateway of Stripe for WooCommerce

payment-gateway-stripe-and-woocommerce-integration

A
96

Integrate Stripe Payment Gateway in WooCommerce and accept cards, Google Pay, Apple Pay, Klarna, Alipay, and more with seamless, secure checkout.

8K 4 CVEs
Contact Form 7 Signature Addon

Contact Form 7 Signature Addon

contact-form-7-signature-addon

A
85

Easily add an handwritten signature field to Contact Form 7

6K No CVEs
Developer Profile

Add Stripe Payments for Contact Form 7 Developer Profile

performa

1 plugin · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Add Stripe Payments for Contact Form 7

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/add-stripe-payments-for-contact-form-7/autoloader.php/wp-content/plugins/add-stripe-payments-for-contact-form-7/includes/functions.php/wp-content/plugins/add-stripe-payments-for-contact-form-7/admin/css/select2.min.css/wp-content/plugins/add-stripe-payments-for-contact-form-7/admin/css/sp4cf7-admin.css/wp-content/plugins/add-stripe-payments-for-contact-form-7/admin/css/tooltipster.bundle.min.css/wp-content/plugins/add-stripe-payments-for-contact-form-7/admin/js/select2.min.js/wp-content/plugins/add-stripe-payments-for-contact-form-7/admin/js/jquery.mask.min.js/wp-content/plugins/add-stripe-payments-for-contact-form-7/admin/js/sp4cf7-admin.js+2 more
Script Paths
/wp-content/plugins/add-stripe-payments-for-contact-form-7/admin/js/select2.min.js/wp-content/plugins/add-stripe-payments-for-contact-form-7/admin/js/jquery.mask.min.js/wp-content/plugins/add-stripe-payments-for-contact-form-7/admin/js/sp4cf7-admin.js/wp-content/plugins/add-stripe-payments-for-contact-form-7/admin/js/tooltipster.bundle.min.js/wp-content/plugins/add-stripe-payments-for-contact-form-7/admin/js/sp4cf7-admin-help-tips.js
Version Parameters
/wp-content/plugins/add-stripe-payments-for-contact-form-7/admin/css/select2.min.css?ver=4.0.13/wp-content/plugins/add-stripe-payments-for-contact-form-7/admin/css/sp4cf7-admin.css?ver=/wp-content/plugins/add-stripe-payments-for-contact-form-7/admin/css/tooltipster.bundle.min.css?ver=/wp-content/plugins/add-stripe-payments-for-contact-form-7/admin/js/select2.min.js?ver=4.0.13/wp-content/plugins/add-stripe-payments-for-contact-form-7/admin/js/jquery.mask.min.js?ver=/wp-content/plugins/add-stripe-payments-for-contact-form-7/admin/js/sp4cf7-admin.js?ver=/wp-content/plugins/add-stripe-payments-for-contact-form-7/admin/js/tooltipster.bundle.min.js?ver=/wp-content/plugins/add-stripe-payments-for-contact-form-7/admin/js/sp4cf7-admin-help-tips.js?ver=

HTML / DOM Fingerprints

CSS Classes
sp4cf7-admin-csssp4cf7-admin-help-tooltipster-csssp4cf7-admin-help-tips-js
HTML Comments
<!-- BEGIN Shortcode: stripe --><!-- END Shortcode: stripe -->
Data Attributes
data-stripe-emaildata-stripe-pricedata-stripe-descriptiondata-stripe-labeldata-stripe-namedata-stripe-image+2 more
JS Globals
SP4CF7_DOMAIN
Shortcode Output
[stripe]
FAQ

Frequently Asked Questions about Add Stripe Payments for Contact Form 7