Beyond Pay for Gravity Forms Security & Risk Analysis
wordpress.org/plugins/beyond-pay-for-gravity-formsSecurely accept credit card payments within Gravity Forms using Beyond Pay gateway and optimize your cost of acceptance on B2B/corporate cards.
Is Beyond Pay for Gravity Forms Safe to Use in 2026?
Generally Safe
Score 92/100Beyond Pay for Gravity Forms has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The 'beyond-pay-for-gravity-forms' plugin version 1.2.2 presents a mixed security posture. On the positive side, it demonstrates good practices regarding SQL queries, utilizing prepared statements exclusively, and a high percentage of properly escaped outputs. The absence of known vulnerabilities in its history, including critical or high-severity ones, is also a strong indicator of a generally secure development process. The plugin also avoids bundling external libraries, which can sometimes be a source of vulnerabilities.
However, the static analysis reveals a significant concern: a single AJAX handler that lacks authentication checks. This creates an unprotected entry point, which is a primary risk factor. While no dangerous functions or taint flows were identified, and SQL queries are secure, the presence of an unauthenticated AJAX endpoint can potentially be exploited for various malicious purposes depending on its functionality. The lack of nonce checks and capability checks on this handler further exacerbates the risk.
In conclusion, while the plugin benefits from a clean vulnerability history and secure database interactions, the unprotected AJAX endpoint is a critical weakness that needs immediate attention. This single flaw significantly outweighs the otherwise positive security attributes. Addressing this unauthenticated entry point should be the top priority to improve the plugin's overall security.
Key Concerns
- Unprotected AJAX handler
- Missing nonce checks
- Missing capability checks
- Unescaped output present
Beyond Pay for Gravity Forms Security Vulnerabilities
Beyond Pay for Gravity Forms Release Timeline
Beyond Pay for Gravity Forms Code Analysis
Output Escaping
Beyond Pay for Gravity Forms Attack Surface
AJAX Handlers 1
WordPress Hooks 5
Maintenance & Trust
Beyond Pay for Gravity Forms Maintenance & Trust
Maintenance Signals
Community Trust
Beyond Pay for Gravity Forms Alternatives
Gravity Forms Eway
gravityforms-eway
Easily create online payment forms with Gravity Forms and Eway.
Paystation (3 Party Hosted) for Gravity forms
gravity-forms-paystation-3-party-hosted
Integrates Gravity Forms with the Paystation 3 party hosted payment gateway allowing end-users to purchase goods and services via Gravity Forms.
Marketing 360® Payments for Gravity Forms
marketing-360-payments-for-gravity-forms
Create online payment forms with Gravity Forms and Marketing 360®, the #1 Marketing Platform® for Small Business.
Mijireh Checkout for Gravity Forms
mijireh-checkout-for-gravity-forms
Mijireh Checkout Plugin for accepting payments on with your Gravity Forms.
PayU GPO Payment for WooCommerce
woo-payu-payment-gateway
PayU fast online payments for WooCommerce. Banks, BLIK, credit or debit cards, Installments, Apple Pay, Google Pay.
Beyond Pay for Gravity Forms Developer Profile
2 plugins · 40 total installs
How We Detect Beyond Pay for Gravity Forms
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/beyond-pay-gravity-forms/assets/css/payment-styling.cssHTML / DOM Fingerprints
gf_payment_detailbeyond_pay_setting_test_onlybeyond_pay_setting_live_onlybeyond_pay_stylingonclick="beyondPayCapturePayment(onBeyondPayTestModeChanged(this)onBeyondPayStylingChanged(this)beyondPayCapturePaymentwp-json/beyond-pay-gravity-forms<div id="gf_beyond_pay_invnum" class="gf_payment_detail"><span id='gform_beyond_pay_invnum'>