WP-Safety

Formipay – Donations & Instant Payment Forms (Paystack, Flutterwave & More) Security & Risk Analysis

wordpress.org/plugins/formipay

Receive donations and payments instantly via Paystack and Flutterwave using lightweight, secure, and conversion-focused forms.

10 active installs v2.0.1 PHP 7.2+ WP 6.7+ Updated Unknown
donationflutterwavenigeriapaymentpaystack
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Formipay – Donations & Instant Payment Forms (Paystack, Flutterwave & More) Safe to Use in 2026?

Generally Safe

Score 100/100

Formipay – Donations & Instant Payment Forms (Paystack, Flutterwave & More) has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs
Risk Assessment

The plugin "formipay" v2.0.1 exhibits a generally good security posture with several positive indicators. The absence of any recorded vulnerabilities, including critical or high severity ones, is a significant strength. Furthermore, the code demonstrates good practices with 100% of SQL queries using prepared statements and a high percentage (94%) of output properly escaped, mitigating common attack vectors like SQL injection and Cross-Site Scripting (XSS). Taint analysis also found no critical or high severity flows with unsanitized paths. However, the plugin does present some areas of concern. It has two AJAX handlers that lack authentication checks, representing a direct entry point for potential unauthorized actions or information disclosure if these handlers perform sensitive operations. While the total number of entry points is relatively small, these unprotected AJAX handlers are a notable weakness. The presence of one file operation and two external HTTP requests, while not inherently malicious, warrants careful scrutiny for potential vulnerabilities if not handled securely, especially in conjunction with the unprotected AJAX endpoints. Overall, the plugin is built on a solid foundation with good security practices, but the unprotected AJAX handlers introduce a specific, actionable risk that needs attention.

Key Concerns

  • AJAX handlers without authentication checks
Vulnerabilities
None known

Formipay – Donations & Instant Payment Forms (Paystack, Flutterwave & More) Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Formipay – Donations & Instant Payment Forms (Paystack, Flutterwave & More) Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
1 prepared
Unescaped Output
11
188 escaped
Nonce Checks
6
Capability Checks
1
File Operations
1
External Requests
2
Bundled Libraries
0

SQL Query Safety

100% prepared1 total queries

Output Escaping

94% escaped199 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
filter_transactions (includes\class-formipay-transaction-logger.php:129)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Formipay – Donations & Instant Payment Forms (Paystack, Flutterwave & More) Attack Surface

Entry Points7
Unprotected2

AJAX Handlers 4

authwp_ajax_formipay_verify_paymentincludes\class-formipay-ajax-handler.php:9
noprivwp_ajax_formipay_verify_paymentincludes\class-formipay-ajax-handler.php:10
authwp_ajax_formipay_query_transactionincludes\class-formipay-ajax-handler.php:12
noprivwp_ajax_formipay_query_transactionincludes\class-formipay-ajax-handler.php:13

Shortcodes 3

[formipay] includes\class-formipay-shortcode.php:9
[formipay_donate] includes\class-formipay-shortcode.php:10
[formipay_checker] includes\class-formipay-shortcode.php:11
WordPress Hooks 24
actionplugins_loadedformipay.php:83
actionelementor/widgets/registerformipay.php:98
actionadmin_menuincludes\class-formipay-admin-settings.php:9
actionadmin_initincludes\class-formipay-admin-settings.php:10
actionadmin_enqueue_scriptsincludes\class-formipay-admin-settings.php:11
filterwp_mail_content_typeincludes\class-formipay-ajax-handler.php:132
actioninitincludes\class-formipay-form-cpt.php:9
actionadd_meta_boxesincludes\class-formipay-form-cpt.php:10
actionsave_postincludes\class-formipay-form-cpt.php:11
filtermanage_formipay_form_posts_columnsincludes\class-formipay-form-cpt.php:12
actionmanage_formipay_form_posts_custom_columnincludes\class-formipay-form-cpt.php:13
actionadmin_enqueue_scriptsincludes\class-formipay-form-cpt.php:14
actionwp_enqueue_scriptsincludes\class-formipay-shortcode.php:12
actioninitincludes\class-formipay-transaction-logger.php:9
filtermanage_formipay_transaction_posts_columnsincludes\class-formipay-transaction-logger.php:10
actionmanage_formipay_transaction_posts_custom_columnincludes\class-formipay-transaction-logger.php:11
actionadmin_menuincludes\class-formipay-transaction-logger.php:12
filterpost_row_actionsincludes\class-formipay-transaction-logger.php:15
actionrestrict_manage_postsincludes\class-formipay-transaction-logger.php:16
actionpre_get_postsincludes\class-formipay-transaction-logger.php:17
actionadmin_initincludes\class-formipay-transaction-logger.php:18
filterviews_edit-formipay_transactionincludes\class-formipay-transaction-logger.php:19
actionadmin_footerincludes\class-formipay-transaction-logger.php:21
filterposts_searchincludes\class-formipay-transaction-logger.php:22
Maintenance & Trust

Formipay – Donations & Instant Payment Forms (Paystack, Flutterwave & More) Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedUnknown
PHP min version7.2
Downloads334

Community Trust

Rating100/100
Number of ratings1
Active installs10
Alternatives

Formipay – Donations & Instant Payment Forms (Paystack, Flutterwave & More) Alternatives

ZERTH Pay Payment Gateway

ZERTH Pay Payment Gateway

zerth-pay-payment-gateway

A
100

ZERTH Pay for WooCommerce allows your store in Nigeria to accept secure payments via Bank transfer witthin Nigeria banks and cryptocurrency payment ch …

0 No CVEs
Better Payment – Instant Payments, Donations, Fundraising with Subscriptions & More

Better Payment – Instant Payments, Donations, Fundraising with Subscriptions & More

better-payment

A
100

Better Payment allows you to automate payment transactions to manage payments, donations, subscriptions, sell products, etc on your Elementor website.

6K No CVEs
Payment Forms for Paystack

Payment Forms for Paystack

payment-forms-for-paystack

A
97

Create forms with multiple input fields and have your users pay before submission. Form submission results are available on your dashboard.

3K 3 CVEs
Flutterwave WooCommerce

Flutterwave WooCommerce

rave-woocommerce-payment-gateway

A
100

The WooCommerce Plugin makes it very easy and quick to add Flutterwave Payment option on Checkout for your online store. Accept Credit card, Debit car …

3K No CVEs
Paystack Easy Digital Downloads Payment Gateway

Paystack Easy Digital Downloads Payment Gateway

edd-paystack

A
100

Paystack for Easy Digital Downloads allows your store to accept secure payments from multiple local and global payment channels.

400 No CVEs
Developer Profile

Formipay – Donations & Instant Payment Forms (Paystack, Flutterwave & More) Developer Profile

Jackson Jonah

2 plugins · 50 total installs

91
trust score
Avg Security Score
96/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Formipay – Donations & Instant Payment Forms (Paystack, Flutterwave & More)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/formipay/assets/js/formipay-admin.js
Version Parameters
formipay-admin-js?ver=

HTML / DOM Fingerprints

CSS Classes
formipay-donation-form
HTML Comments
<!-- wp:paragraph --><!-- /wp:paragraph -->
Data Attributes
data-formipay-gatewaydata-formipay-amountdata-formipay-currencydata-formipay-emaildata-formipay-namedata-formipay-phone+3 more
JS Globals
window.formipay_gatewaywindow.formipay_paystack_pkwindow.formipay_flutterwave_pkwindow.formipay_currency
Shortcode Output
[formipay_donation_form]
FAQ

Frequently Asked Questions about Formipay – Donations & Instant Payment Forms (Paystack, Flutterwave & More)