Does Create a payment request. Donation form (Stripe) have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Create a payment request. Donation form (Stripe) compatible with WordPress 6.3.8?

According to WordPress.org data, Create a payment request. Donation form (Stripe) 4.1 has been tested up to WordPress 6.3.8. Check the plugin's changelog for the latest compatibility information.

What is Create a payment request. Donation form (Stripe)'s security score?

Create a payment request. Donation form (Stripe) has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Create a payment request. Donation form (Stripe) Security & Risk Analysis

wordpress.org/plugins/create-payment-stripe-gateway

Stripe payment gateway. You can create a payment request for your client. There is functionality to create a Donation page.

10 active installs v4.1 PHP + WP 4.9+ Updated Aug 25, 2023

3d-secure3dspaymentpayment-gatewaystripe

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Create a payment request. Donation form (Stripe) Safe to Use in 2026?

Generally Safe

Score 85/100

Create a payment request. Donation form (Stripe) has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago

Risk Assessment

The plugin "create-payment-stripe-gateway" v4.1 exhibits a mixed security posture. On the positive side, it has a relatively small attack surface with no exposed REST API routes and a low number of AJAX handlers and shortcodes. Crucially, all identified entry points have authentication checks, and there are a reasonable number of nonce and capability checks in place. However, significant concerns arise from the static analysis of its code. The plugin utilizes raw SQL queries without prepared statements, which is a critical security risk for data integrity and can lead to SQL injection vulnerabilities. Furthermore, a substantial portion of output is not properly escaped, creating potential for cross-site scripting (XSS) attacks. The taint analysis reveals two high-severity flows with unsanitized paths, indicating that user-supplied data is not being adequately validated before being used in sensitive operations.

Key Concerns

SQL queries without prepared statements
Insufficient output escaping
High severity taint flows (unsanitized paths)

Vulnerabilities

None known

Create a payment request. Donation form (Stripe) Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Create a payment request. Donation form (Stripe) Release Timeline

v4.1Current

v4.0

v3.2

v3.1

v3.0

v2.0

v1.0

Code Analysis

Analyzed Mar 17, 2026

Create a payment request. Donation form (Stripe) Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

44 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Stripe PHP

SQL Query Safety

0% prepared4 total queries

Output Escaping

35% escaped124 total outputs

Data Flows · Security

2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths

<metaboxes> (includes\admin\classes\metaboxes.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Create a payment request. Donation form (Stripe) Attack Surface

Entry Points5

Unprotected0

AJAX Handlers 3

authwp_ajax_mxcpfc_send_payment_to_clientincludes\admin\classes\send-payment-to-client.php:18

authwp_ajax_mxcpfc_options_updateincludes\admin\models\MXCPFC_Main_Page_Model.php:18

authwp_ajax_mxcpfc_set_meta_payment_confirmincludes\frontend\classes\ajax.php:22

Shortcodes 2

[mxcpfc_payment_confirm_page] includes\frontend\classes\create-shortcode.php:22

[mxcpfc_payment_donation_page] includes\frontend\classes\create-shortcode.php:25

WordPress Hooks 19

actionplugins_loadedcreate-payment-for-client.php:110

filterplugin_action_linkscreate-payment-for-client.php:119

actioninitincludes\admin\classes\cpt.php:22

filterdefault_contentincludes\admin\classes\cpt.php:31

actionadmin_enqueue_scriptsincludes\admin\classes\enqueue-scripts.php:23

actionadd_meta_boxesincludes\admin\classes\metaboxes.php:24

actionsave_postincludes\admin\classes\metaboxes.php:27

actionsave_postincludes\admin\classes\metaboxes.php:30

actionsave_postincludes\admin\classes\metaboxes.php:33

actionsave_postincludes\admin\classes\metaboxes.php:36

actionsave_postincludes\admin\classes\metaboxes.php:39

actionsave_postincludes\admin\classes\metaboxes.php:42

actionsave_postincludes\admin\classes\metaboxes.php:45

actionadmin_footerincludes\admin\classes\payment-to-client-handler.php:22

actionadmin_noticesincludes\core\error_handle\Display-Error.php:27

actionadmin_noticesincludes\core\error_handle\Display_Error.php:26

actionadmin_menuincludes\core\Route-Registrar.php:155

filterwp_mail_content_typeincludes\frontend\classes\ajax.php:43

actionwp_enqueue_scriptsincludes\frontend\classes\enqueue-scripts.php:23

Maintenance & Trust

Create a payment request. Donation form (Stripe) Maintenance & Trust

Maintenance Signals

WordPress version tested6.3.8

Last updatedAug 25, 2023

PHP min version

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Create a payment request. Donation form (Stripe) Alternatives

EveryPay Payment Gateway for WooCommerce

everypay-payment-gateway

100

Accept Credit Cards and Debit Cards on your WooCommerce store.

300 No CVEs

StellarPay – Stripe Payment Gateway for WooCommerce

stellarpay

100

StellarPay is a free Stripe WordPress plugin that makes online payments simple for WooCommerce stores.

200 No CVEs

Payment Gateway for WooCommerce with Stripe – by Pay Addons

payment-addons-for-woocommerce

100

The easiest and fastest way to add 30+ payment methods (Also PayPal) to your WooCommerce website powered by Stripe! Payment methods all-in-one form.

60 No CVEs

Music Store – Stripe Add On

music-store-stripe-add-on

100

Integrates the Stripe payment gateway with the Music Store for accepting payments with credit and debit cards.

50 No CVEs

Recurring payment and donation through Stripe

recurring-payment-donation-through-stripe

Easy, simple setup of stripe payment gateway for accepting donations and payment seamlessly with WordPress.

30 No CVEs

Developer Profile

Create a payment request. Donation form (Stripe) Developer Profile

Maksym Marko

12 plugins · 1K total installs

trust score

Avg Security Score

82/100

Avg Patch Time

881 days

View full developer profile

Detection Fingerprints

How We Detect Create a payment request. Donation form (Stripe)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/create-payment-stripe-gateway/assets/font-awesome-4.6.3/css/font-awesome.min.css/wp-content/plugins/create-payment-stripe-gateway/includes/admin/assets/css/style.css/wp-content/plugins/create-payment-stripe-gateway/includes/admin/assets/js/script.js/wp-content/plugins/create-payment-stripe-gateway/includes/frontend/assets/css/style.css/wp-content/plugins/create-payment-stripe-gateway/includes/frontend/assets/js/script.js

Script Paths

https://js.stripe.com/v3/

Version Parameters

create-payment-stripe-gatewaymxcpfc_font_awesomemxcpfc_admin_stylemxcpfc_admin_scriptmxcpfc_stylemxcpfc_script_stripemxcpfc_script

HTML / DOM Fingerprints

CSS Classes

mxcpfc_payment_confirm_pagemxcpfc_payment_donation_page

HTML Comments

Data Attributes

data-publishable-keydata-amountdata-currencydata-emaildata-id

JS Globals

mxcpfc_js_obj

REST Endpoints

/wp-json/mxcpfc/v1/create-payment/wp-json/mxcpfc/v1/stripe-payment-confirm

Shortcode Output

[mxcpfc_payment_confirm_page][mxcpfc_payment_donation_page]

FAQ