WP-Safety

GF Stripe Extensions Security & Risk Analysis

wordpress.org/plugins/gf-stripe-extensions

Add Stripe functions to Wordpress including ApplePay, analytics, query transactions, limit payments and payment recovery to Gravity Forms.

10 active installs v2.6.7 PHP + WP 4.0.1+ Updated Jan 14, 2026
formsgformsgravitygravity-formsqueries
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is GF Stripe Extensions Safe to Use in 2026?

Generally Safe

Score 100/100

GF Stripe Extensions has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago
Risk Assessment

The "gf-stripe-extensions" v2.6.7 plugin exhibits a mixed security posture. While it demonstrates good practices by exclusively using prepared statements for SQL queries and has no recorded vulnerability history, there are significant concerns stemming from its attack surface and code signals. A high number of REST API routes (11 out of 11) lack permission callbacks, exposing them to potential unauthorized access and manipulation. Furthermore, the presence of the `passthru` function, a known dangerous function, combined with unsanitized path flows in the taint analysis, indicates a potential for command injection vulnerabilities if user input is not meticulously validated and sanitized. The low percentage of properly escaped output also raises concerns about cross-site scripting (XSS) vulnerabilities.

Key Concerns

  • High number of unprotected REST API routes
  • Dangerous function 'passthru' used
  • Unsanitized path flows in taint analysis
  • Low percentage of properly escaped output
  • Missing nonce checks on AJAX handlers
Vulnerabilities
None known

GF Stripe Extensions Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

GF Stripe Extensions Code Analysis

Dangerous Functions
3
Raw SQL Queries
0
15 prepared
Unescaped Output
132
44 escaped
Nonce Checks
0
Capability Checks
4
File Operations
11
External Requests
1
Bundled Libraries
1

Dangerous Functions Found

passthrupassthru('composer update', $returnStatus);inc\stripe\stripe-php\build.php:19
passthrupassthru(inc\stripe\stripe-php\build.php:26
passthrupassthru("./vendor/bin/phpunit -c $config", $returnStatus);inc\stripe\stripe-php\build.php:36

Bundled Libraries

Stripe PHP

SQL Query Safety

100% prepared15 total queries

Output Escaping

25% escaped176 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

5 flows2 with unsanitized paths
tags (gf-stripe-analytics.php:723)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
11 unprotected

GF Stripe Extensions Attack Surface

Entry Points13
Unprotected11

REST API Routes 11

GETPOST/wp-json/gf-queries/v1transactionsgf-stripe-analytics.php:157
GETPOST/wp-json/gf-stripe-extensions/v1transactionsgf-stripe-analytics.php:162
GETPOST/wp-json/gf-stripe-extensions/v1customersgf-stripe-analytics.php:167
GETPOST/wp-json/gf-stripe-extensions/v1recurringgf-stripe-analytics.php:172
GETPOST/wp-json/gf-stripe-extensions/v1tagsgf-stripe-analytics.php:177
GETPOST/wp-json/gf-stripe-extensions/v1campaignsgf-stripe-analytics.php:182
GETPOST/wp-json/gf-stripe-extensions/v1reconcilegf-stripe-analytics.php:187
GETPOST/wp-json/gf-stripe-extensions/v1check_customergf-stripe-analytics.php:192
GETPOST/wp-json/gf-stripe-extensions/v1autocompletegf-stripe-analytics.php:197
GETPOST/wp-json/gf-stripe-extensions/v1entrygf-stripe-analytics.php:202
GETPOST/wp-json/gf-stripe-extensions/v1applepaygf-stripe-apple-pay.php:5

Shortcodes 2

[stripe_applepay] gf-stripe-apple-pay.php:13
[stripe_payment_recovery] gf-stripe-payment-recovery.php:7
WordPress Hooks 21
actionrest_api_initgf-stripe-analytics.php:142
actionadmin_menugf-stripe-analytics.php:143
filtergform_addon_navigationgf-stripe-analytics.php:144
actionrest_api_initgf-stripe-apple-pay.php:4
actionwp_enqueue_scriptsgf-stripe-apple-pay.php:11
actionwp_headgf-stripe-apple-pay.php:12
actionparse_requestgf-stripe-create-entries.php:4
actionplugins_loadedgf-stripe-extensions.php:42
actiongform_loadedgf-stripe-extensions.php:43
actionadmin_menugf-stripe-extensions.php:44
actionadmin_enqueue_scriptsgf-stripe-extensions.php:45
filtergform_stripe_subscription_params_pre_update_customergf-stripe-extensions.php:49
filtergform_enable_legacy_markupgf-stripe-extensions.php:50
filtergform_notificationgf-stripe-extensions.php:52
filtergform_paypal_hash_matchesgf-stripe-extensions.php:197
actionadmin_initgf-stripe-extensions.php:218
actiongform_post_payment_callbackgf-stripe-limit-payments.php:13
actionparse_requestgf-stripe-payment-recovery.php:5
filterwp_mail_fromgf-stripe-payment-recovery.php:117
filterwp_mail_from_namegf-stripe-payment-recovery.php:118
actionwp_mail_failedgf-stripe-payment-recovery.php:119
Maintenance & Trust

GF Stripe Extensions Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.0
Last updatedJan 14, 2026
PHP min version
Downloads12K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

GF Stripe Extensions Alternatives

Shortcodes for Gravity Forms

Shortcodes for Gravity Forms

shortcodes-for-gravity-forms

A
85

Shortcodes for Gravity Forms adds a column in form list to display form shortcodes in backend.

50 No CVEs
SV Gravity Forms Enhancer

SV Gravity Forms Enhancer

sv-gravity-forms-enhancer

A
85

Improves Gravity Forms in various ways.

10 No CVEs
Survey Reporting & Data Analysis Report Add-On for Gravity Forms

Survey Reporting & Data Analysis Report Add-On for Gravity Forms

survey-reporting-data-analysis-report-add-on-for-gravity-forms

A
85

This plugin extends the Gravity Forms plugin and adds a reporting tool onto any existing forms.

0 No CVEs
Gravity Forms Zero Spam

Gravity Forms Zero Spam

gravity-forms-zero-spam

A
100

Enhance your Gravity Forms to include anti-spam measures originally based on the work of David Walsh's "Zero Spam" technique.

100K No CVEs
Gravity Booster – Styles & Layouts for Gravity Forms

Gravity Booster – Styles & Layouts for Gravity Forms

styles-and-layouts-for-gravity-forms

A
100

Gravity Booster - Styles and Layouts for Gravity Forms plugin lets you design and style Gravity Forms without CSS coding. You can also use it for addi …

40K No CVEs
Developer Profile

GF Stripe Extensions Developer Profile

jamesdlow

11 plugins · 390 total installs

87
trust score
Avg Security Score
90/100
Avg Patch Time
9 days
View full developer profile
Detection Fingerprints

How We Detect GF Stripe Extensions

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/gf-stripe-extensions/assets/css/stripe-extensions.css/wp-content/plugins/gf-stripe-extensions/assets/js/stripe-extensions.js/wp-content/plugins/gf-stripe-extensions/assets/js/stripe-extensions-settings.js
Script Paths
/wp-content/plugins/gf-stripe-extensions/assets/js/stripe-extensions.js/wp-content/plugins/gf-stripe-extensions/assets/js/stripe-extensions-settings.js
Version Parameters
gf-stripe-extensions/assets/css/stripe-extensions.css?ver=gf-stripe-extensions/assets/js/stripe-extensions.js?ver=gf-stripe-extensions/assets/js/stripe-extensions-settings.js?ver=

HTML / DOM Fingerprints

CSS Classes
gfse-admin-wrapgfse-sub-settings
Data Attributes
data-gfse-input-typedata-gfse-analytics-form-iddata-gfse-analytics-entry-id
JS Globals
gfse_settingsgfse_admin
REST Endpoints
/wp-json/gf-stripe-extensions/v1/settings
FAQ

Frequently Asked Questions about GF Stripe Extensions