Does Dropp Pay Per Use have any unpatched vulnerabilities?

No. All known vulnerabilities in Dropp Pay Per Use have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Dropp Pay Per Use compatible with WordPress 6.7.5?

According to WordPress.org data, Dropp Pay Per Use 1.2.0 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is Dropp Pay Per Use compatible with PHP 7.2+?

Dropp Pay Per Use requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Dropp Pay Per Use updated?

Dropp Pay Per Use was last updated on May 9, 2025. Frequent updates are generally a positive security signal.

What is Dropp Pay Per Use's security score?

Dropp Pay Per Use has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Dropp Pay Per Use Security Review — Score 100/100 (safe)

Safety Verdict

Is Dropp Pay Per Use Safe to Use in 2026?

Generally Safe

Score 100/100

Dropp Pay Per Use has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10mo ago

Risk Assessment

The "dropp-pay-per-use" v1.2.0 plugin exhibits a mixed security posture. While the plugin demonstrates good practices in SQL query preparation and output escaping, with 80% and 90% respectively, there are significant concerns regarding its attack surface. A substantial portion of the plugin's entry points, specifically 9 out of 13, are unprotected by authentication checks. Furthermore, the taint analysis reveals 7 flows with unsanitized paths, with 5 classified as high severity, indicating a potential for malicious data to be processed without proper validation. The absence of any recorded historical vulnerabilities is a positive sign, suggesting that the developers may have a generally cautious approach to security. However, this historical data is limited and doesn't negate the immediate risks identified in the static analysis, particularly the numerous unprotected AJAX handlers and the high-severity taint flows, which represent tangible security weaknesses that should be addressed.

Key Concerns

Unprotected AJAX handlers
High severity taint flows
Unsanitized paths in taint analysis

Vulnerabilities

None known

Dropp Pay Per Use Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Dropp Pay Per Use Code Analysis

Dangerous Functions

0

Raw SQL Queries

11

44 prepared

Unescaped Output

32

275 escaped

Nonce Checks

6

Capability Checks

1

File Operations

6

External Requests

1

Bundled Libraries

0

SQL Query Safety

80% prepared55 total queries

Output Escaping

90% escaped307 total outputs

Data Flows

7 unsanitized

Data Flow Analysis

8 flows7 with unsanitized paths

process_signed_payment (includes\class-droppcc-paywall-payment-processor.php:234)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

9 unprotected

Dropp Pay Per Use Attack Surface

Entry Points13

Unprotected9

AJAX Handlers 9

authwp_ajax_dropcc_paywall_add_new_restrictionsincludes\class-droppcc-paywall-admin-ajax.php:21

authwp_ajax_dropcc_paywall_update_restrictionsincludes\class-droppcc-paywall-admin-ajax.php:22

authwp_ajax_dropcc_paywall_fetch_taxonomy_listincludes\class-droppcc-paywall-admin-ajax.php:23

authwp_ajax_dropcc_paywall_delete_planincludes\class-droppcc-paywall-admin-ajax.php:24

authwp_ajax_dropcc_paywall_enable_disabled_planincludes\class-droppcc-paywall-admin-ajax.php:25

authwp_ajax_dropcc_paywall_create_pagesincludes\class-droppcc-paywall-admin-ajax.php:27

authwp_ajax_dropcc_paywall_create_sample_plansincludes\class-droppcc-paywall-admin-ajax.php:28

authwp_ajax_dropcc_paywall_set_cookieincludes\class-droppcc-paywall-frontend-ajax.php:21

noprivwp_ajax_dropcc_paywall_set_cookieincludes\class-droppcc-paywall-frontend-ajax.php:22

Shortcodes 4

[dropp_ref] includes\class-droppcc-paywall-frontend.php:20

[dropp_url] includes\class-droppcc-paywall-frontend.php:21

[dropp_expiry] includes\class-droppcc-paywall-frontend.php:22

[dropp_my_subscriptions] includes\class-droppcc-paywall-frontend.php:23

WordPress Hooks 19

actioninitdropp-pay-per-use.php:215

actionwp_enqueue_scriptsincludes\class-droppcc-paywall-frontend.php:25

actionwp_headincludes\class-droppcc-paywall-frontend.php:27

actionadmin_initincludes\class-droppcc-paywall-log.php:20

actioninitincludes\class-droppcc-paywall-log.php:21

actiondropp_paywall_data_log_cronincludes\class-droppcc-paywall-log.php:22

actionadd_meta_boxesincludes\class-droppcc-paywall-metabox.php:20

actionsave_postincludes\class-droppcc-paywall-metabox.php:21

actiontemplate_redirectincludes\class-droppcc-paywall-payment-processor.php:44

actionwpincludes\class-droppcc-paywall-restrict-content.php:26

filterthe_excerptincludes\class-droppcc-paywall-restrict-content.php:36

filterget_the_excerptincludes\class-droppcc-paywall-restrict-content.php:38

filterthe_contentincludes\class-droppcc-paywall-restrict-content.php:43

filterthe_contentincludes\class-droppcc-paywall-restrict-content.php:46

actionadmin_menuincludes\class-droppcc-paywall-settings-page.php:21

actionadmin_initincludes\class-droppcc-paywall-settings-page.php:22

actionadmin_enqueue_scriptsincludes\class-droppcc-paywall-settings-page.php:23

actionadmin_noticesincludes\class-droppcc-paywall-settings-page.php:24

actionadmin_initincludes\class-droppcc-paywall-subscribers.php:20

Scheduled Events 1

dropp_paywall_data_log_cron

Maintenance & Trust

Dropp Pay Per Use Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedMay 9, 2025

PHP min version7.2

Downloads2K

Community Trust

Rating100/100

Number of ratings1

Active installs10

Alternatives

Dropp Pay Per Use Alternatives

Transact

transact

A

100

Micropayments from $0.01. Receive payments for digital content on WordPress.

10 No CVEs

PREMIUUM Content Monetization

premiuum-content-monetization

A

85

Revenue-per-Link™ content monetization. PREMIUUM makes it easy to sell articles, music, videos, files & links via subscriptions and/or micropayments.

0 No CVEs

codoc

A

99

A WordPress plugin for monetizing your website with paid articles, Reader Plans, and tipping.

2K 1 CVE

Memberful – Membership Plugin

memberful-wp

A

97

Sell memberships and restrict access to content with WordPress and Memberful.

1K 3 CVEs

Leaky Paywall

leaky-paywall

A

95

The subscription engine for news & niche publishers.

800 5 CVEs

Developer Profile

Dropp Pay Per Use Developer Profile

Dropp Payment App

4 plugins · 20 total installs

91

trust score

Avg Security Score

96/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Dropp Pay Per Use

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/dropp-pay-per-use/build/index.js/wp-content/plugins/dropp-pay-per-use/build/index.asset.php

Script Paths

/wp-content/plugins/dropp-pay-per-use/build/index.js

HTML / DOM Fingerprints

FAQ

Dropp Pay Per Use Security & Risk Analysis