WP-Safety

CashFlow Subscriptions Security & Risk Analysis

wordpress.org/plugins/cashflow-subscriptions

Simple, modern Stripe subscriptions for WordPress. Create paywalls, manage members, and restrict content without WooCommerce or heavy plugins.

10 active installs v1.2 PHP 7.4+ WP 5.5+ Updated Dec 23, 2025
membershipmonthly-paymentsrecurring-paymentsstripesubscriptions
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is CashFlow Subscriptions Safe to Use in 2026?

Generally Safe

Score 100/100

CashFlow Subscriptions has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago
Risk Assessment

The cashflow-subscriptions v1.2 plugin exhibits a generally strong security posture, with a notable absence of critical code vulnerabilities in static analysis and a clean vulnerability history. The code demonstrates good practices such as 100% prepared SQL statements, a very high rate of output escaping (98%), and the presence of nonce and capability checks for most entry points. The bundling of the Stripe PHP library is also a positive sign of leveraging reputable external components.

However, a significant concern arises from the presence of one unprotected AJAX handler. This represents a direct entry point that could be exploited if not properly secured on the application level. While the taint analysis found no flows with unsanitized paths, the existence of an unprotected AJAX handler bypasses the need for such analysis on that specific endpoint. The plugin's vulnerability history is a major strength, indicating a well-maintained and secure development process thus far. Overall, the plugin is well-developed from a security perspective, with the primary risk stemming from the single unprotected AJAX endpoint.

Key Concerns

  • AJAX handler without authentication
Vulnerabilities
None known

CashFlow Subscriptions Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

CashFlow Subscriptions Release Timeline

No version history available.
Code Analysis
Analyzed Mar 16, 2026

CashFlow Subscriptions Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
1
64 escaped
Nonce Checks
3
Capability Checks
5
File Operations
1
External Requests
0
Bundled Libraries
1

Bundled Libraries

Stripe PHP

Output Escaping

98% escaped65 total outputs
Attack Surface
1 unprotected

CashFlow Subscriptions Attack Surface

Entry Points4
Unprotected1

AJAX Handlers 1

authwp_ajax_cfwp_dismiss_noticecashflow-subscriptions.php:141

Shortcodes 3

[cashflow_subscribe_form] cashflow-subscriptions.php:854
[cashflow_subscription_profile] cashflow-subscriptions.php:915
[cashflow_manage_billing] cashflow-subscriptions.php:952
WordPress Hooks 15
actionplugins_loadedcashflow-subscriptions.php:23
actionadmin_noticescashflow-subscriptions.php:63
actionadmin_noticescashflow-subscriptions.php:77
actionadmin_initcashflow-subscriptions.php:86
actionadmin_enqueue_scriptscashflow-subscriptions.php:115
actionwp_enqueue_scriptscashflow-subscriptions.php:146
actionadmin_initcashflow-subscriptions.php:193
actionadmin_menucashflow-subscriptions.php:239
actionadmin_noticescashflow-subscriptions.php:769
actionadmin_initcashflow-subscriptions.php:773
filterthe_contentcashflow-subscriptions.php:966
actiontemplate_redirectcashflow-subscriptions.php:1016
actionadd_meta_boxescashflow-subscriptions.php:1020
actionsave_postcashflow-subscriptions.php:1058
actioninitincludes\webhook-handler.php:11
Maintenance & Trust

CashFlow Subscriptions Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 23, 2025
PHP min version7.4
Downloads328

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

CashFlow Subscriptions Alternatives

Memberful – Membership Plugin

Memberful – Membership Plugin

memberful-wp

A
97

Sell memberships and restrict access to content with WordPress and Memberful.

1K 3 CVEs
Subscription Manager for Stripe

Subscription Manager for Stripe

subscription-manager-for-stripe

A
100

The only WordPress subscription plugin with 0% transaction fees, usage-based billing, and full Stripe-native integration. Built for SaaS founders and …

0 No CVEs
Crowdfunding and Fundraising Campaign Builder for PayForm

Crowdfunding and Fundraising Campaign Builder for PayForm

crowdfunding-and-fundraising-campaign-builder-by-payform

A
85

Add a crowdfunding campaign to any Wordpress website in seconds, connected to Stripe or PayPal, using Crowdfunding for PayForm

40 No CVEs
Hype

Hype

pico

C
63

Intelligent popups and landing pages to fully manage email and phone number signups, newsletters, subscriptions, donations, and memberships.

30 1 unpatched
Wallkit Subscriptions & Paywall Plugin for WordPress

Wallkit Subscriptions & Paywall Plugin for WordPress

wallkit

A
92

A Plug & Play paid-content system to manage subscribers, gather fees and drive additional content sales.

20 No CVEs
Developer Profile

CashFlow Subscriptions Developer Profile

durantdigital

1 plugin · 10 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect CashFlow Subscriptions

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/cashflow-subscriptions/css/style.css
Version Parameters
cashflow-subscriptions/css/style.css?ver=

HTML / DOM Fingerprints

CSS Classes
cfwp-noticecfwp-subscribecfwp-subscribe-buttoncfwp-profile-container
Data Attributes
data-notice
JS Globals
ajaxurl
REST Endpoints
/wp-json/cashflow-subscriptions/v1/webhook
FAQ

Frequently Asked Questions about CashFlow Subscriptions