WP-Safety

GF Stripe Extensions Security & Risk Analysis

wordpress.org/plugins/gf-stripe-extensions

Add Stripe functions to Wordpress including ApplePay, analytics, query transactions, limit payments and payment recovery to Gravity Forms.

10 active installs v2.6.9 PHP + WP 4.0.1+ Updated Mar 31, 2026
formsgformsgravitygravity-formsqueries
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is GF Stripe Extensions Safe to Use in 2026?

Generally Safe

Score 100/100

GF Stripe Extensions has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The "gf-stripe-extensions" v2.6.7 plugin exhibits a mixed security posture. While it demonstrates good practices by exclusively using prepared statements for SQL queries and has no recorded vulnerability history, there are significant concerns stemming from its attack surface and code signals. A high number of REST API routes (11 out of 11) lack permission callbacks, exposing them to potential unauthorized access and manipulation. Furthermore, the presence of the `passthru` function, a known dangerous function, combined with unsanitized path flows in the taint analysis, indicates a potential for command injection vulnerabilities if user input is not meticulously validated and sanitized. The low percentage of properly escaped output also raises concerns about cross-site scripting (XSS) vulnerabilities.

Key Concerns

  • High number of unprotected REST API routes
  • Dangerous function 'passthru' used
  • Unsanitized path flows in taint analysis
  • Low percentage of properly escaped output
  • Missing nonce checks on AJAX handlers
Vulnerabilities
None known

GF Stripe Extensions Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

GF Stripe Extensions Release Timeline

v2.6.9Current
v2.6.8
v2.6.7
v2.6.6
v2.6.5
v2.6.4
v2.6.3
v2.6.2
v2.6.1
v2.6.0
v2.5.9
v2.5.8
v2.5.7
v2.5.6
v2.5.5
v2.5.4
v2.5.3
v2.5.2
v2.5.1
v2.5.0
Code Analysis
Analyzed Mar 17, 2026

GF Stripe Extensions Code Analysis

Dangerous Functions
3
Raw SQL Queries
0
15 prepared
Unescaped Output
132
44 escaped
Nonce Checks
0
Capability Checks
4
File Operations
11
External Requests
1
Bundled Libraries
1

Dangerous Functions Found

passthrupassthru('composer update', $returnStatus);inc\stripe\stripe-php\build.php:19
passthrupassthru(inc\stripe\stripe-php\build.php:26
passthrupassthru("./vendor/bin/phpunit -c $config", $returnStatus);inc\stripe\stripe-php\build.php:36

Bundled Libraries

Stripe PHP

SQL Query Safety

100% prepared15 total queries

Output Escaping

25% escaped176 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

5 flows2 with unsanitized paths
tags (gf-stripe-analytics.php:723)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
11 unprotected

GF Stripe Extensions Attack Surface

Entry Points13
Unprotected11

REST API Routes 11

GETPOST/wp-json/gf-queries/v1transactionsgf-stripe-analytics.php:157
GETPOST/wp-json/gf-stripe-extensions/v1transactionsgf-stripe-analytics.php:162
GETPOST/wp-json/gf-stripe-extensions/v1customersgf-stripe-analytics.php:167
GETPOST/wp-json/gf-stripe-extensions/v1recurringgf-stripe-analytics.php:172
GETPOST/wp-json/gf-stripe-extensions/v1tagsgf-stripe-analytics.php:177
GETPOST/wp-json/gf-stripe-extensions/v1campaignsgf-stripe-analytics.php:182
GETPOST/wp-json/gf-stripe-extensions/v1reconcilegf-stripe-analytics.php:187
GETPOST/wp-json/gf-stripe-extensions/v1check_customergf-stripe-analytics.php:192
GETPOST/wp-json/gf-stripe-extensions/v1autocompletegf-stripe-analytics.php:197
GETPOST/wp-json/gf-stripe-extensions/v1entrygf-stripe-analytics.php:202
GETPOST/wp-json/gf-stripe-extensions/v1applepaygf-stripe-apple-pay.php:5

Shortcodes 2

[stripe_applepay] gf-stripe-apple-pay.php:13
[stripe_payment_recovery] gf-stripe-payment-recovery.php:7
WordPress Hooks 21
actionrest_api_initgf-stripe-analytics.php:142
actionadmin_menugf-stripe-analytics.php:143
filtergform_addon_navigationgf-stripe-analytics.php:144
actionrest_api_initgf-stripe-apple-pay.php:4
actionwp_enqueue_scriptsgf-stripe-apple-pay.php:11
actionwp_headgf-stripe-apple-pay.php:12
actionparse_requestgf-stripe-create-entries.php:4
actionplugins_loadedgf-stripe-extensions.php:42
actiongform_loadedgf-stripe-extensions.php:43
actionadmin_menugf-stripe-extensions.php:44
actionadmin_enqueue_scriptsgf-stripe-extensions.php:45
filtergform_stripe_subscription_params_pre_update_customergf-stripe-extensions.php:49
filtergform_enable_legacy_markupgf-stripe-extensions.php:50
filtergform_notificationgf-stripe-extensions.php:52
filtergform_paypal_hash_matchesgf-stripe-extensions.php:197
actionadmin_initgf-stripe-extensions.php:218
actiongform_post_payment_callbackgf-stripe-limit-payments.php:13
actionparse_requestgf-stripe-payment-recovery.php:5
filterwp_mail_fromgf-stripe-payment-recovery.php:117
filterwp_mail_from_namegf-stripe-payment-recovery.php:118
actionwp_mail_failedgf-stripe-payment-recovery.php:119
Maintenance & Trust

GF Stripe Extensions Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.0
Last updatedMar 31, 2026
PHP min version
Downloads12K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

GF Stripe Extensions Alternatives

GF Limit Payments

GF Limit Payments

gf-limit-payments

A
85

End subscription payments after a certain number of payments

0 No CVEs
Unique List For Gravity Forms

Unique List For Gravity Forms

gf-unique-list

A
92

Add a unique piece of text or code to each gravity form from a predefined list. The plugin keeps track of which have been used and will only include u …

0 No CVEs
Shortcodes for Gravity Forms

Shortcodes for Gravity Forms

shortcodes-for-gravity-forms

A
85

Shortcodes for Gravity Forms adds a column in form list to display form shortcodes in backend.

50 No CVEs
SV Gravity Forms Enhancer

SV Gravity Forms Enhancer

sv-gravity-forms-enhancer

A
85

Improves Gravity Forms in various ways.

10 No CVEs
Survey Reporting & Data Analysis Report Add-On for Gravity Forms

Survey Reporting & Data Analysis Report Add-On for Gravity Forms

survey-reporting-data-analysis-report-add-on-for-gravity-forms

A
85

This plugin extends the Gravity Forms plugin and adds a reporting tool onto any existing forms.

0 No CVEs
Developer Profile

GF Stripe Extensions Developer Profile

jamesdlow

14 plugins · 400 total installs

87
trust score
Avg Security Score
90/100
Avg Patch Time
9 days
View full developer profile
Detection Fingerprints

How We Detect GF Stripe Extensions

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/gf-stripe-extensions/assets/css/stripe-extensions.css/wp-content/plugins/gf-stripe-extensions/assets/js/stripe-extensions.js/wp-content/plugins/gf-stripe-extensions/assets/js/stripe-extensions-settings.js
Script Paths
/wp-content/plugins/gf-stripe-extensions/assets/js/stripe-extensions.js/wp-content/plugins/gf-stripe-extensions/assets/js/stripe-extensions-settings.js
Version Parameters
gf-stripe-extensions/assets/css/stripe-extensions.css?ver=gf-stripe-extensions/assets/js/stripe-extensions.js?ver=gf-stripe-extensions/assets/js/stripe-extensions-settings.js?ver=

HTML / DOM Fingerprints

CSS Classes
gfse-admin-wrapgfse-sub-settings
Data Attributes
data-gfse-input-typedata-gfse-analytics-form-iddata-gfse-analytics-entry-id
JS Globals
gfse_settingsgfse_admin
REST Endpoints
/wp-json/gf-stripe-extensions/v1/settings
FAQ

Frequently Asked Questions about GF Stripe Extensions