Better Payment – Instant Payments, Donations, Fundraising with Subscriptions & More Security & Risk Analysis

Better Payment allows you to automate payment transactions to manage payments, donations, subscriptions, sell products, etc on your Elementor website.

6K active installs v2.0.3 PHP 7.4+ WP 6.0+ Updated Feb 22, 2026

donationfundraisingpaymentsrecurring-donationsstripe-paypal-paystack

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Better Payment – Instant Payments, Donations, Fundraising with Subscriptions & More Safe to Use in 2026?

Generally Safe

Score 100/100

Better Payment – Instant Payments, Donations, Fundraising with Subscriptions & More has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

This plugin exhibits a generally good security posture, with strong adherence to best practices like output escaping and the use of prepared statements for SQL queries. The vast majority of outputs are properly escaped, and a significant percentage of SQL queries utilize prepared statements, indicating a developer who is aware of common web security vulnerabilities. The presence of numerous nonce and capability checks further suggests a deliberate effort to secure its entry points.

However, there are notable concerns arising from the static analysis. Specifically, the presence of 15 AJAX handlers, with 3 of them lacking authentication checks, presents a significant attack surface. Furthermore, the taint analysis revealed 4 high-severity flows with unsanitized paths. These unsanitized paths, especially within an attack surface that includes unprotected AJAX handlers, could potentially lead to vulnerabilities if they involve sensitive operations or user-controlled input. The plugin's clean vulnerability history is a positive sign, suggesting that past development was secure, but it does not negate the risks identified in the current static analysis.

In conclusion, while the plugin demonstrates strong foundational security practices, the unprotected AJAX handlers and high-severity taint flows introduce tangible risks that require immediate attention. The lack of known past vulnerabilities is encouraging, but the current analysis highlights areas where security could be significantly improved.

Key Concerns

Unprotected AJAX handlers
High severity unsanitized taint flows
File operations present
External HTTP requests present
Bundled library (Select2)

Vulnerabilities

None known

Better Payment – Instant Payments, Donations, Fundraising with Subscriptions & More Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Better Payment – Instant Payments, Donations, Fundraising with Subscriptions & More Code Analysis

Dangerous Functions

Raw SQL Queries

33 prepared

Unescaped Output

1690 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2

SQL Query Safety

77% prepared43 total queries

Output Escaping

97% escaped1740 total outputs

Data Flows

5 unsanitized

Data Flow Analysis

9 flows5 with unsanitized paths

send_data (includes\Classes\Plugin_Usage_Tracker.php:460)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

3 unprotected

Better Payment – Instant Payments, Donations, Fundraising with Subscriptions & More Attack Surface

Entry Points15

Unprotected3

AJAX Handlers 15

authwp_ajax_better_payment_settings_actionincludes\Admin\Settings.php:45

authwp_ajax_better-payment-delete-transactionincludes\Admin\Settings.php:48

authwp_ajax_better-payment-filter-transactionincludes\Admin\Settings.php:49

authwp_ajax_better-payment-view-transactionincludes\Admin\Settings.php:50

authwp_ajax_better-payment-mark-as-completedincludes\Admin\Settings.php:51

authwp_ajax_better_payment_dismiss_progress_barincludes\Admin\Settings.php:54

authwp_ajax_save_setup_wizard_dataincludes\Admin\Setup_Wizard.php:33

authwp_ajax_bp_quick_setup_save_trackingincludes\Admin\Setup_Wizard.php:34

authwp_ajax_better_payment_select2_search_postincludes\Admin.php:298

authwp_ajax_better_payment_select2_get_titleincludes\Admin.php:300

authwp_ajax_better-payment-transactions-exportincludes\Admin.php:307

authwp_ajax_better_payment_stripe_get_tokenincludes\Classes\Actions.php:29

noprivwp_ajax_better_payment_stripe_get_tokenincludes\Classes\Actions.php:30

authwp_ajax_better_payment_paystack_get_tokenincludes\Classes\Actions.php:32

noprivwp_ajax_better_payment_paystack_get_tokenincludes\Classes\Actions.php:33

WordPress Hooks 38

actionplugins_loadedbetter-payment.php:49

actionsave_postbetter-payment.php:126

actionwp_loadedbetter-payment.php:169

actionelementor/widgets/registerincludes\Admin\Elementor\EL_Integration.php:40

actionelementor/widgets/registerincludes\Admin\Elementor\EL_Integration.php:41

actionelementor-pro/forms/pre_renderincludes\Admin\Elementor\EL_Integration.php:42

actionwp_enqueue_scriptsincludes\Admin\Elementor\EL_Integration.php:43

actionadmin_enqueue_scriptsincludes\Admin\Menu.php:36

actionwp_enqueue_scriptsincludes\Admin\Menu.php:38

actioninitincludes\Admin\ReactAdmin.php:40

actionadmin_menuincludes\Admin\ReactAdmin.php:41

actionadmin_enqueue_scriptsincludes\Admin\ReactAdmin.php:42

actionadmin_enqueue_scriptsincludes\Admin\ReactAdmin.php:43

actionelementor/editor/before_enqueue_scriptsincludes\Admin\ReactAdmin.php:46

filteradmin_body_classincludes\Admin\ReactAdmin.php:140

filteradmin_footer_textincludes\Admin\ReactAdmin.php:301

filterupdate_footerincludes\Admin\ReactAdmin.php:302

actionadmin_menuincludes\Admin\Settings.php:44

actionelementor/editor/before_enqueue_scriptsincludes\Admin\Settings.php:57

actionadmin_enqueue_scriptsincludes\Admin\Setup_Wizard.php:31

actionadmin_menuincludes\Admin\Setup_Wizard.php:32

actionin_admin_headerincludes\Admin\Setup_Wizard.php:35

actionadmin_noticesincludes\Admin.php:52

actionbetter_payment_admin_noticesincludes\Admin.php:53

filterplugin_action_linksincludes\Admin.php:57

actionin_admin_headerincludes\Admin.php:65

actionadmin_noticesincludes\Admin.php:273

actionelementor/controls/controls_registeredincludes\Admin.php:303

actionadmin_post_better-payment-transactions-importincludes\Admin.php:306

actionelementor/elements/categories_registeredincludes\Admin.php:310

actionrest_api_initincludes\API\AdminAPI.php:41

actionrest_api_initincludes\API.php:27

actionwp_enqueue_scriptsincludes\Assets.php:27

actionadmin_enqueue_scriptsincludes\Assets.php:28

actionelementor/editor/before_enqueue_scriptsincludes\Assets.php:29

actionadmin_post_paypal_form_handleincludes\Classes\Actions.php:26

actionadmin_post_nopriv_paypal_form_handleincludes\Classes\Actions.php:27

actionadmin_footer-plugins.phpincludes\Classes\Plugin_Usage_Tracker.php:185

Maintenance & Trust

Better Payment – Instant Payments, Donations, Fundraising with Subscriptions & More Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 22, 2026

PHP min version7.4

Downloads184K

Community Trust

Rating90/100

Number of ratings13

Active installs6K

Alternatives

Better Payment – Instant Payments, Donations, Fundraising with Subscriptions & More Alternatives

GiveWP – Donation Plugin and Fundraising Platform

give

Accept donations and begin fundraising with GiveWP, the highest rated WordPress donation plugin for online giving.

100K 69 CVEs

Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More

charitable

The best WordPress donation plugin. Create fundraising donation forms, accept recurring donations, easy donor management, add crowdfunding, and more.

10K 14 CVEs

Leyka

leyka

Leyka is a plugin for crowdfunding and donations collection via WordPress website.

2K 2 unpatched

Kudos Donations: Easy Donations with Mollie | One-off & Recurring | PDF Invoices | Buttons & Forms

kudos-donations

Add a donation button to any page on your website. Easy & fast setup. Works with Mollie payments.

100 3 CVEs

Buy Me a Coffee button & widgets – Fundraise with Stripe and PayPal

buy-me-coffee

100

Easy way to collect donations like "buy me a coffee" directly your own Stripe and PayPal for free.

50 No CVEs

Developer Profile

Better Payment – Instant Payments, Donations, Fundraising with Subscriptions & More Developer Profile

WPDeveloper

46 plugins · 4.0M total installs

trust score

Avg Security Score

91/100

Avg Patch Time

163 days

View full developer profile

Detection Fingerprints

How We Detect Better Payment – Instant Payments, Donations, Fundraising with Subscriptions & More

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/better-payment/assets/css/common-style.css/wp-content/plugins/better-payment/assets/css/style.css/wp-content/plugins/better-payment/assets/css/admin-style.css/wp-content/plugins/better-payment/assets/js/common-script.js/wp-content/plugins/better-payment/assets/js/script.js

Script Paths

/wp-content/plugins/better-payment/assets/js/common-script.js/wp-content/plugins/better-payment/assets/js/script.js

Version Parameters

better-payment/assets/css/common-style.css?ver=better-payment/assets/css/style.css?ver=better-payment/assets/css/admin-style.css?ver=better-payment/assets/js/common-script.js?ver=better-payment/assets/js/script.js?ver=better-payment-elbp-icon-frontbetter-payment-stylebetter-payment-common-stylebetter-payment-admin-stylebetter-payment-common-scriptbetter-payment

HTML / DOM Fingerprints

CSS Classes

bp-iconbp-payment-form

Data Attributes

data-form-id

JS Globals

better_payment_ajax_object

REST Endpoints

/wp-json/better-payment/v1/get_form_fields/wp-json/better-payment/v1/get_form_data/wp-json/better-payment/v1/process_payment

Shortcode Output

[better_payment_form]

FAQ