Does GoCardless WordPress plugin have any unpatched vulnerabilities?

No. All known vulnerabilities in GoCardless WordPress plugin have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is GoCardless WordPress plugin compatible with WordPress 3.2.2?

According to WordPress.org data, GoCardless WordPress plugin 0.1.1 has been tested up to WordPress 3.2.2. Check the plugin's changelog for the latest compatibility information.

How often is GoCardless WordPress plugin updated?

GoCardless WordPress plugin was last updated on Apr 27, 2012. Frequent updates are generally a positive security signal.

What is GoCardless WordPress plugin's security score?

GoCardless WordPress plugin has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

GoCardless WordPress plugin Security & Risk Analysis

wordpress.org/plugins/gocardless-wordpress-plugin

Create GoCardless subscriptions within WordPress.

40 active installs v0.1.1 PHP + WP 2.0.0+ Updated Apr 27, 2012

direct-debitgocardlesspaymentssubscriptionsubscriptions

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is GoCardless WordPress plugin Safe to Use in 2026?

Generally Safe

Score 85/100

GoCardless WordPress plugin has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 13yr ago

Risk Assessment

The GoCardless WordPress plugin v0.1.1 exhibits a mixed security posture. On the positive side, the plugin has a very small attack surface, with only one shortcode identified, and no AJAX handlers, REST API routes, or cron events. Crucially, all SQL queries are correctly parameterized, and there are no file operations or external HTTP requests, which significantly reduces common attack vectors. Furthermore, the plugin has no recorded vulnerability history, indicating a potentially stable codebase or a lack of public discovery of issues.

However, the static analysis reveals significant concerns. A substantial portion of the plugin's output is not properly escaped, creating a high risk of Cross-Site Scripting (XSS) vulnerabilities. The taint analysis, while limited in scope, indicates two flows with unsanitized paths, suggesting potential vulnerabilities that could be exploited if data originates from user input and is not handled carefully. The absence of nonce checks and capability checks on the identified entry points is a major weakness, allowing unauthenticated or unauthorized users to potentially interact with or exploit the shortcode functionality.

Key Concerns

All outputs are unescaped
Two flows with unsanitized paths
No nonce checks on entry points
No capability checks on entry points

Vulnerabilities

None known

GoCardless WordPress plugin Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

GoCardless WordPress plugin Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped12 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

gocardless_admin (admin.php:4)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

GoCardless WordPress plugin Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[GoCardless] gocardless.php:134

WordPress Hooks 2

actionadmin_menugocardless.php:71

actionwp_footergocardless.php:166

Maintenance & Trust

GoCardless WordPress plugin Maintenance & Trust

Maintenance Signals

WordPress version tested3.2.2

Last updatedApr 27, 2012

PHP min version

Downloads4K

Community Trust

Rating0/100

Number of ratings0

Active installs40

Alternatives

GoCardless WordPress plugin Alternatives

SureCart – Ecommerce Made Easy For Selling Physical Products, Digital Downloads, Subscriptions, Donations, & Payments

surecart

Make ecommerce easy with a simple to use, all-in-one platform, that anyone can set up in just a few minutes!

90K 2 CVEs

Pay with Vipps and MobilePay for WooCommerce

woo-vipps

100

Official Vipps MobilePay payment plugin for WooCommerce.

5K 1 CVE

FluentCart A New Era of eCommerce – Faster, Lighter, and Simpler

fluent-cart

Sell Subscriptions, Physical Products, Digital Downloads easier than ever. Built for performance, scalability, and flexibility.

4K 2 CVEs

Mollie Forms

mollie-forms

Create registration forms with payment methods of Mollie. One-time and recurring payments are possible.

3K 4 CVEs

Memberful – Membership Plugin

memberful-wp

Sell memberships and restrict access to content with WordPress and Memberful.

1K 3 CVEs

Developer Profile

GoCardless WordPress plugin Developer Profile

DHaywoodSmith

1 plugin · 40 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect GoCardless WordPress plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/gocardless-wordpress-plugin/lib/GoCardless.php

HTML / DOM Fingerprints

JS Globals

GoCardless

Shortcode Output

<a href="

FAQ