WP-Safety

Split Pay – Stripe Connect Split Payments & Multi-Vendor Marketplace for WooCommerce Security & Risk Analysis

wordpress.org/plugins/bsd-woo-stripe-connect-split-pay

Split payments made in WooCommerce stores between multiple Stripe Connected Accounts and a Stripe Platform Account.

100 active installs v3.6.4 PHP 7.0+ WP 5.2.3+ Updated Apr 7, 2026
multi-vendor-marketplacesplit-paymentsstripe-connectvendor-payoutwoocommerce-marketplace
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Split Pay – Stripe Connect Split Payments & Multi-Vendor Marketplace for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Split Pay – Stripe Connect Split Payments & Multi-Vendor Marketplace for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The bsd-woo-stripe-connect-split-pay plugin v3.6.2 presents a mixed security posture. On the positive side, it demonstrates good practices by implementing nonce checks on all AJAX handlers and capability checks on its entry points, and it has no publicly known vulnerabilities. However, the static analysis reveals concerning areas. A significant portion of SQL queries (47%) do not utilize prepared statements, increasing the risk of SQL injection vulnerabilities. Furthermore, the taint analysis identified 4 high-severity flows with unsanitized paths, indicating potential injection vectors that could be exploited if not handled carefully. The proper output escaping is also only at 47%, which could lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is not consistently and correctly escaped before being displayed.

While the plugin's vulnerability history is clean, this does not negate the risks identified in the static and taint analyses. The presence of high-severity taint flows and a substantial percentage of unescaped output are critical areas that require immediate attention. The absence of recorded vulnerabilities might be due to the lack of rigorous external auditing or that the identified risks have not yet been exploited in the wild. Overall, the plugin has strengths in its access control mechanisms, but weaknesses in data sanitization and output escaping necessitate caution.

Key Concerns

  • High-severity taint flows found
  • Significant percentage of raw SQL queries
  • Low percentage of properly escaped output
Vulnerabilities
None known

Split Pay – Stripe Connect Split Payments & Multi-Vendor Marketplace for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Split Pay – Stripe Connect Split Payments & Multi-Vendor Marketplace for WooCommerce Release Timeline

v3.6.4Current
v3.6.3
v3.6.2
v3.6.1
v3.6.0
v3.5.9
v3.5.8
v3.5.7
v3.5.6
v3.5.5
v3.5.4
v3.5.3
v3.5.2
v3.5.1
v3.5.0
v3.4.9
v3.4.8
v3.4.7
v3.4.6
v3.4.5
Code Analysis
Analyzed Mar 16, 2026

Split Pay – Stripe Connect Split Payments & Multi-Vendor Marketplace for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
29
33 prepared
Unescaped Output
498
433 escaped
Nonce Checks
10
Capability Checks
12
File Operations
3
External Requests
0
Bundled Libraries
4

Bundled Libraries

Freemius1.0DataTablesSelect2Stripe PHP

SQL Query Safety

53% prepared62 total queries

Output Escaping

47% escaped931 total outputs
Data Flows · Security
5 unsanitized

Data Flow Analysis

10 flows5 with unsanitized paths
search_box (includes\admin\list-tables\class-bsd-split-pay-stripe-connect-woo-wp-list-table.php:359)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Split Pay – Stripe Connect Split Payments & Multi-Vendor Marketplace for WooCommerce Attack Surface

Entry Points8
Unprotected0

AJAX Handlers 7

authwp_ajax_fetch_accountsincludes\admin\class-bsd-sca.php:21
authwp_ajax_clear_accountsincludes\admin\class-bsd-sca.php:22
authwp_ajax_add_custom_accountincludes\admin\class-bsd-sca.php:23
authwp_ajax_fetch_more_filterincludes\admin\class-bsd-sca.php:31
authwp_ajax_fetch_search_resultincludes\admin\class-bsd-sca.php:32
authwp_ajax_save_product_bulk_editincludes\admin\class-bsd-sca.php:33
authwp_ajax_sync_webhooksincludes\admin\class-bsd-sca.php:58

Shortcodes 1

[fee] includes\class-bsd-split-pay-stripe-connect-woo.php:640
WordPress Hooks 41
filterplugin_iconbsd-split-pay-stripe-connect-woo.php:124
actioninitbsd-split-pay-stripe-connect-woo.php:136
actionadmin_initbsd-split-pay-stripe-connect-woo.php:137
actionadmin_menubsd-split-pay-stripe-connect-woo.php:138
actionadmin_noticesbsd-split-pay-stripe-connect-woo.php:148
actionadmin_noticesbsd-split-pay-stripe-connect-woo.php:152
actionadmin_initincludes\admin\class-bsd-sca.php:17
actionadmin_initincludes\admin\class-bsd-sca.php:19
actionadmin_initincludes\admin\class-bsd-sca.php:20
actionwp_loadedincludes\admin\class-bsd-sca.php:24
actionadmin_initincludes\admin\class-bsd-sca.php:25
actionadmin_initincludes\admin\class-bsd-sca.php:26
actionplugins_loadedincludes\admin\class-bsd-sca.php:27
actionplugins_loadedincludes\admin\class-bsd-sca.php:28
actionplugins_loadedincludes\admin\class-bsd-sca.php:29
actionadmin_noticesincludes\admin\class-bsd-sca.php:30
filterwc_get_templateincludes\admin\class-bsd-sca.php:36
filterwoocommerce_email_classesincludes\admin\class-bsd-sca.php:42
filterpre_update_optionincludes\admin\class-bsd-sca.php:45
actionadmin_noticesincludes\admin\class-bsd-sca.php:56
actionplugins_loadedincludes\admin\class-bsd-sca.php:59
actionadmin_noticesincludes\admin\class-bsd-sca.php:60
actionadmin_noticesincludes\admin\class-bsd-sca.php:1651
actionwoocommerce_order_transfer_successincludes\admin\class-wc-transfer-order-email.php:44
actionadmin_enqueue_scriptsincludes\admin\init.php:9
actionadmin_headincludes\admin\list-tables\class-bsd-split-pay-stripe-connect-woo-table-transfers.php:27
actionadmin_footerincludes\admin\list-tables\class-bsd-split-pay-stripe-connect-woo-wp-list-table.php:172
actionwoocommerce_api_wc_stripeincludes\class-bsd-split-pay-stripe-connect-woo.php:27
filterplugin_row_metaincludes\class-bsd-split-pay-stripe-connect-woo.php:33
filterwoocommerce_product_data_tabsincludes\class-bsd-split-pay-stripe-connect-woo.php:40
actionwoocommerce_product_data_panelsincludes\class-bsd-split-pay-stripe-connect-woo.php:47
actionwoocommerce_product_after_variable_attributesincludes\class-bsd-split-pay-stripe-connect-woo.php:50
actioninitincludes\class-bsd-split-pay-stripe-connect-woo.php:58
actionbsd_migrate_existing_split_type_valuesincludes\class-bsd-split-pay-stripe-connect-woo.php:59
actionbefore_woocommerce_initincludes\class-bsd-split-pay-stripe-connect-woo.php:60
actionadd_meta_boxesincludes\class-bsd-split-pay-stripe-connect-woo.php:63
actionsave_postincludes\class-bsd-split-pay-stripe-connect-woo.php:64
actionwoocommerce_order_refundedincludes\class-bsd-split-pay-stripe-connect-woo.php:66
filterwoocommerce_order_actionsincludes\class-bsd-split-pay-stripe-connect-woo.php:72
actionwoocommerce_order_action_spp_retry_transfersincludes\class-bsd-split-pay-stripe-connect-woo.php:78
filterwoocommerce_email_order_items_argswc-templates\emails\email-order-details.php:59
Maintenance & Trust

Split Pay – Stripe Connect Split Payments & Multi-Vendor Marketplace for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 7, 2026
PHP min version7.0
Downloads11K

Community Trust

Rating100/100
Number of ratings20
Active installs100
Alternatives

Split Pay – Stripe Connect Split Payments & Multi-Vendor Marketplace for WooCommerce Alternatives

CollabPay ‑ Split Profits

CollabPay ‑ Split Profits

collabpay

A
92

Automatically calculate, split & pay profits to product creators, influencers or sales reps!

40 No CVEs
WCFM – Frontend Manager for WooCommerce

WCFM – Frontend Manager for WooCommerce

wc-frontend-manager

A
88

Professional frontend dashboard for WooCommerce and multivendor marketplaces. Supports WCFM Marketplace, Dokan, WC Vendors, WC Product Vendors.

20K 10 CVEs
WCFM Marketplace – Multivendor Marketplace for WooCommerce

WCFM Marketplace – Multivendor Marketplace for WooCommerce

wc-multivendor-marketplace

D
37

The most featured and powerful multi vendor plugin for WordPress, setup fantastic woocommerce marketplace store in minutes.

10K 2 unpatched
MultiVendorX – WooCommerce Multivendor Marketplace Solutions

MultiVendorX – WooCommerce Multivendor Marketplace Solutions

dc-woocommerce-multi-vendor

A
86

MultiVendorX: WordPress multivendor plugin to build your dream marketplace. Top-rated multi-vendor plugin to launch your dream WooCommerce marketplace …

3K 23 CVEs
WCFM – WCFM Marketplace integrate Elementor

WCFM – WCFM Marketplace integrate Elementor

wc-frontend-manager-elementor

A
92

Create your marketplace store page using Elementor with your own design. Easily and Beatifully.

1K No CVEs
Developer Profile

Split Pay – Stripe Connect Split Payments & Multi-Vendor Marketplace for WooCommerce Developer Profile

Brandon Ernst

7 plugins · 11K total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
11 days
View full developer profile
Detection Fingerprints

How We Detect Split Pay – Stripe Connect Split Payments & Multi-Vendor Marketplace for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/bsd-woo-stripe-connect-split-pay/assets/css/bsd-scsp-styles.css/wp-content/plugins/bsd-woo-stripe-connect-split-pay/assets/js/bsd-scsp-admin-scripts.js/wp-content/plugins/bsd-woo-stripe-connect-split-pay/assets/js/bsd-scsp-frontend-scripts.js/wp-content/plugins/bsd-woo-stripe-connect-split-pay/assets/js/bsd-scsp-stripe-connect-scripts.js
Script Paths
/wp-content/plugins/bsd-woo-stripe-connect-split-pay/assets/js/bsd-scsp-admin-scripts.js/wp-content/plugins/bsd-woo-stripe-connect-split-pay/assets/js/bsd-scsp-frontend-scripts.js/wp-content/plugins/bsd-woo-stripe-connect-split-pay/assets/js/bsd-scsp-stripe-connect-scripts.js
Version Parameters
bsd-woo-stripe-connect-split-pay/assets/css/bsd-scsp-styles.css?ver=bsd-woo-stripe-connect-split-pay/assets/js/bsd-scsp-admin-scripts.js?ver=bsd-woo-stripe-connect-split-pay/assets/js/bsd-scsp-frontend-scripts.js?ver=bsd-woo-stripe-connect-split-pay/assets/js/bsd-scsp-stripe-connect-scripts.js?ver=

HTML / DOM Fingerprints

CSS Classes
bsd-scsp-admin-wrapperbsd-scsp-settings-sectionbsd-scsp-account-listbsd-scsp-account-item
HTML Comments
<!-- BSD Split Pay for Stripe Connect --><!-- BSD SCSP Admin Settings --><!-- BSD SCSP Account Management -->
Data Attributes
data-bsd-scsp-account-iddata-bsd-scsp-stripe-connect-iddata-bsd-scsp-action
JS Globals
window.bsd_scsp_admin_paramswindow.bsd_scsp_frontend_paramsvar bsd_scsp_admin_paramsvar bsd_scsp_frontend_params
REST Endpoints
/wp-json/bsd-scsp/v1/settings/wp-json/bsd-scsp/v1/accounts
Shortcode Output
[bsd_split_pay_stripe_connect]
FAQ

Frequently Asked Questions about Split Pay – Stripe Connect Split Payments & Multi-Vendor Marketplace for WooCommerce