WP-Safety

Easy Stripe – Tips, Payments, and Donations Security & Risk Analysis

wordpress.org/plugins/easy-stripe

Sell anything with Stripe today.

30 active installs v1.2 PHP 5.4+ WP 3.0+ Updated Dec 4, 2025
credit-carddonationspaymentsstripetips
95
A · Safe
CVEs total1
Unpatched0
Last CVEJul 3, 2025
Plugin page Download
Safety Verdict

Is Easy Stripe – Tips, Payments, and Donations Safe to Use in 2026?

Generally Safe

Score 95/100

Easy Stripe – Tips, Payments, and Donations has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jul 3, 2025Updated 4mo ago
Risk Assessment

The 'easy-stripe' v1.2 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices in several areas. All SQL queries are performed using prepared statements, and there are no identified file operations or external HTTP requests, which significantly reduces common attack vectors. The plugin also implements a substantial number of nonce and capability checks, indicating an effort to secure its functionalities. However, a notable concern is the presence of one unprotected AJAX handler, which represents a direct entry point into the plugin that could be exploited by unauthenticated users.

Further analysis of the code signals reveals a strong emphasis on secure coding, with no dangerous functions or critical/high severity taint flows identified. The high percentage of properly escaped output is also a positive indicator, mitigating risks of cross-site scripting (XSS). Despite these strengths, the vulnerability history is a significant red flag. The plugin has a past critical vulnerability related to code injection, and while currently unpatched vulnerabilities are zero, the history of a critical issue suggests potential for recurring or complex security flaws.

In conclusion, while 'easy-stripe' v1.2 shows promising security development practices with its use of prepared statements and output escaping, the unprotected AJAX endpoint and the history of a critical code injection vulnerability warrant careful consideration. The plugin's overall security is moderately compromised by these factors, suggesting a need for thorough auditing and prompt patching of any future discovered vulnerabilities.

Key Concerns

  • Unprotected AJAX handler
  • Past critical vulnerability (Code Injection)
  • High percentage of outputs properly escaped (76%)
Vulnerabilities
1

Easy Stripe – Tips, Payments, and Donations Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Critical
1

1 total CVE

CVE-2025-49302critical · 9.8Improper Control of Generation of Code ('Code Injection')

Easy Stripe <= 1.1 - Unauthenticated Remote Code Execution

Jul 3, 2025 Patched in 1.2 (6d)
Code Analysis
Analyzed Mar 16, 2026

Easy Stripe – Tips, Payments, and Donations Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
116
360 escaped
Nonce Checks
10
Capability Checks
6
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

76% escaped476 total outputs
Data Flows
All sanitized

Data Flow Analysis

5 flows
easystripe_get_shipping_types_callback (includes\admin\ajax_functions_admin.php:6)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Easy Stripe – Tips, Payments, and Donations Attack Surface

Entry Points11
Unprotected1

AJAX Handlers 7

authwp_ajax_easystripe_get_shipping_typesincludes\admin\ajax_functions_admin.php:32
authwp_ajax_easystripe_resend_customer_emailincludes\admin\ajax_functions_admin.php:60
authwp_ajax_easystripe_load_functionincludes\admin\ajax_functions_admin.php:156
authwp_ajax_easystripe_earnings_reportincludes\admin\reports\reports_ajax.php:756
authwp_ajax_easystripe_dismiss_ssl_noticeincludes\functions.php:43
authwp_ajax_easystripe_action_chargeincludes\process_payment.php:189
noprivwp_ajax_easystripe_action_chargeincludes\process_payment.php:190

Shortcodes 4

[easystripe] includes\shortcode_button.php:116
[easy-stripe] includes\shortcode_button.php:117
[easystripe_payment_confirmation] includes\shortcode_completed.php:48
[easystripe_payment_failed] includes\shortcode_failed.php:49
WordPress Hooks 33
actionadmin_noticeseasy-stripe.php:71
actionadmin_noticeseasy-stripe.php:75
actionadmin_initeasy-stripe.php:83
actionadd_meta_boxesincludes\admin\buttons.php:12
actionsave_postincludes\admin\buttons.php:203
filterwp_insert_post_dataincludes\admin\buttons.php:216
actioninitincludes\admin\editor_button_inserter.php:5
actionadmin_footerincludes\admin\editor_button_inserter.php:16
actionmedia_buttonsincludes\admin\editor_button_inserter.php:17
actionadmin_menuincludes\admin\menu.php:25
filterparent_fileincludes\admin\menu.php:47
actionadd_meta_boxesincludes\admin\orders.php:20
actionsave_postincludes\admin\orders.php:297
actioninitincludes\admin\post_types.php:63
actioninitincludes\admin\post_types.php:124
actioninitincludes\admin\post_types.php:140
actionadmin_menuincludes\admin\post_types.php:150
filtereasystripe_dashboard_arrayincludes\admin\settings\settings_dashboard_items.php:24
actionmanage_easystripe_order_posts_custom_columnincludes\admin\tables.php:43
actionmanage_easystripe_button_posts_custom_columnincludes\admin\tables.php:65
filtermanage_edit-easystripe_order_columnsincludes\admin\tables.php:83
filtermanage_edit-easystripe_button_columnsincludes\admin\tables.php:98
filterpost_row_actionsincludes\admin\tables.php:115
filterlist_table_primary_columnincludes\admin\tables.php:126
actionadmin_enqueue_scriptsincludes\enqueue.php:55
actionwp_enqueue_scriptsincludes\enqueue.php:84
filtersanitize_post_meta_currency_easystripeincludes\formatting.php:48
actionadmin_initincludes\functions.php:16
actionadmin_noticesincludes\functions.php:29
actionadmin_initincludes\functions.php:35
actionadmin_footerincludes\functions.php:60
actioneasystripe_dismiss_noticeincludes\functions.php:81
actionadmin_initincludes\settings\settings_api.php:1057
Maintenance & Trust

Easy Stripe – Tips, Payments, and Donations Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 4, 2025
PHP min version5.4
Downloads4K

Community Trust

Rating100/100
Number of ratings1
Active installs30
Alternatives

Easy Stripe – Tips, Payments, and Donations Alternatives

WooCommerce Stripe Payment Gateway

WooCommerce Stripe Payment Gateway

woocommerce-gateway-stripe

A
98

Accept debit and credit cards in 135+ currencies, many local methods like Alipay, ACH, and SEPA, and express checkout with Apple Pay and Google Pay.

700K 4 CVEs
Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions

Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions

wp-full-stripe-free

A
92

🚀 Create Stripe payment forms for WordPress. Accept credit cards, Apple Pay, donations, subscriptions & more. Easy setup, no coding needed!

10K 5 CVEs
Payment Gateway of Stripe for WooCommerce

Payment Gateway of Stripe for WooCommerce

payment-gateway-stripe-and-woocommerce-integration

A
96

Integrate Stripe Payment Gateway in WooCommerce and accept cards, Google Pay, Apple Pay, Klarna, Alipay, and more with seamless, secure checkout.

9K 4 CVEs
Stripe Payment Forms by WP Simple Pay – Accept Credit Card Payments + Subscriptions with Stripe

Stripe Payment Forms by WP Simple Pay – Accept Credit Card Payments + Subscriptions with Stripe

stripe

A
100

🤩 Accept Stripe payments and recurring subscriptions on your WordPress using WP Simple Pay, the best Stripe payments plugin! 🚀

9K No CVEs
Contact Form 7 – PayPal & Stripe Add-on

Contact Form 7 – PayPal & Stripe Add-on

contact-form-7-paypal-add-on

A
96

Easily add PayPal and Stripe to Contact Form 7. Accept credit card payments with Stripe & PayPal on your site today. Offical PayPal & Stripe Partner.

8K 5 CVEs
Developer Profile

Easy Stripe – Tips, Payments, and Donations Developer Profile

Scott Paterson

12 plugins · 44K total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
267 days
View full developer profile
Detection Fingerprints

How We Detect Easy Stripe – Tips, Payments, and Donations

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/easy-stripe/assets/css/admin.css/wp-content/plugins/easy-stripe/assets/css/jquery-ui-datepicker-only-custom-min.css/wp-content/plugins/easy-stripe/assets/js/admin.js/wp-content/plugins/easy-stripe/assets/js/settings.js/wp-content/plugins/easy-stripe/assets/js/reports.js/wp-content/plugins/easy-stripe/assets/js/admin_tabs.js/wp-content/plugins/easy-stripe/assets/js/jquery.flot.min.js/wp-content/plugins/easy-stripe/assets/js/jquery.flot.resize.min.js+1 more
Script Paths
/wp-content/plugins/easy-stripe/assets/js/admin.js/wp-content/plugins/easy-stripe/assets/js/settings.js/wp-content/plugins/easy-stripe/assets/js/reports.js/wp-content/plugins/easy-stripe/assets/js/admin_tabs.js/wp-content/plugins/easy-stripe/assets/js/jquery.flot.min.js/wp-content/plugins/easy-stripe/assets/js/jquery.flot.resize.min.js+1 more
Version Parameters
easy-stripe/assets/css/admin.css?ver=easy-stripe/assets/css/jquery-ui-datepicker-only-custom-min.css?ver=easy-stripe/assets/js/admin.js?ver=easy-stripe/assets/js/settings.js?ver=easy-stripe/assets/js/reports.js?ver=easy-stripe/assets/js/admin_tabs.js?ver=easy-stripe/assets/js/jquery.flot.min.js?ver=easy-stripe/assets/js/jquery.flot.resize.min.js?ver=easy-stripe/assets/js/jqPlot/jquery.jqplot.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
easystripe-admin-csseasystripe-jquery-ui-datepicker-css
Data Attributes
data-nonce
JS Globals
easystripe_ajax
FAQ

Frequently Asked Questions about Easy Stripe – Tips, Payments, and Donations