WP-Safety

Click & Pledge for Gravity Forms Security & Risk Analysis

wordpress.org/plugins/gravity-forms-click-pledge

Add a credit card payment gateway for Click & Pledge to the Gravity Forms plugin

30 active installs v26.02000000-WP6.9.1-GF2.9.27 PHP 5.6+ WP + Updated Feb 18, 2026
click-and-pledgeecommercegravity-formsonline-paymentspayment-gateway
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Click & Pledge for Gravity Forms Safe to Use in 2026?

Generally Safe

Score 100/100

Click & Pledge for Gravity Forms has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The "gravity-forms-click-pledge" plugin exhibits a concerning security posture primarily due to its large, unprotected attack surface. With 31 AJAX handlers, 30 of which lack authentication checks, there's a significant risk of unauthorized access and execution of plugin functionalities. While the plugin demonstrates some good practices like using prepared statements for a majority of its SQL queries and having no known historical vulnerabilities, these are overshadowed by the identified code signals. The presence of the `unserialize` function, a known vulnerability vector, coupled with taint analysis revealing flows with unsanitized paths, raises alarms. Specifically, one high-severity flow indicates a potential for malicious data to be processed without adequate sanitization. The limited use of capability checks and nonces on entry points further exacerbates these risks. Despite a clean vulnerability history, the static analysis reveals latent issues that could be exploited if an attacker bypasses the limited security checks.

Key Concerns

  • High number of unprotected AJAX handlers
  • Use of unserialize function
  • Taint flow: High severity unsanitized path
  • Low percentage of proper output escaping
  • Limited nonce checks
  • Limited capability checks
Vulnerabilities
None known

Click & Pledge for Gravity Forms Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Click & Pledge for Gravity Forms Code Analysis

Dangerous Functions
5
Raw SQL Queries
15
34 prepared
Unescaped Output
87
79 escaped
Nonce Checks
5
Capability Checks
2
File Operations
0
External Requests
11
Bundled Libraries
0

Dangerous Functions Found

unserialize$avcrds = unserialize($optionsarry['available_cards']);class.GFCnpData.php:640
unserialize$this->frm->available_cards = unserialize($this->plugin->options['available_cards']);class.GFCnpOptionsAdmin.php:276
unserialize$this->frm->Periods = isset($this->plugin->options['Periods']) ? unserialize($this->plugin->options[class.GFCnpOptionsAdmin.php:301
unserialize$this->frm->RecurringMethods = isset($this->plugin->options['RecurringMethods']) ? unserialize($thisclass.GFCnpOptionsAdmin.php:307
unserializeforeach(unserialize($this->options['available_cards']) as $card => $value) {class.GFCnpPlugin.php:60

SQL Query Safety

69% prepared49 total queries

Output Escaping

48% escaped166 total outputs
Data Flows
4 unsanitized

Data Flow Analysis

5 flows4 with unsanitized paths
cnp_getonchangeAccounts (class.GFCnpAdmin.php:420)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
30 unprotected

Click & Pledge for Gravity Forms Attack Surface

Entry Points31
Unprotected30

AJAX Handlers 31

authwp_ajax_gf_select_cnp_formclass.GFCnpAdmin.php:341
authwp_ajax_cnp_getcodeclass.GFCnpAdmin.php:342
noprivwp_ajax_cnp_getcodeclass.GFCnpAdmin.php:343
authwp_ajax_cnp_gfgetAccountsclass.GFCnpAdmin.php:344
noprivwp_ajax_cnp_gfgetAccountsclass.GFCnpAdmin.php:345
authwp_ajax_cnp_refreshAccountsclass.GFCnpAdmin.php:346
noprivwp_ajax_cnp_refreshAccountsclass.GFCnpAdmin.php:347
authwp_ajax_cnp_getonchangeAccountsclass.GFCnpAdmin.php:348
noprivwp_ajax_cncnp_getonchangeAccountsclass.GFCnpAdmin.php:349
authwp_ajax_cnp_gfcnpgetCaptchaclass.GFCnpAdmin.php:350
noprivwp_ajax_cnp_gfcnpgetCaptchaclass.GFCnpAdmin.php:351
authwp_ajax_cnp_gfcnpgetinvCaptchaclass.GFCnpAdmin.php:352
noprivwp_ajax_cnp_gfcnpgetinvCaptchaclass.GFCnpAdmin.php:353
authwp_ajax_cnp_gfcnpgetrerCaptchaclass.GFCnpAdmin.php:354
noprivwp_ajax_cnp_gfcnpgetrerCaptchaclass.GFCnpAdmin.php:355
authwp_ajax_cnp_gfcnpgetreCaptchaclass.GFCnpAdmin.php:356
noprivwp_ajax_cnp_gfcnpgetreCaptchaclass.GFCnpAdmin.php:357
authwp_ajax_cnp_gfcnpgetRecurringclass.GFCnpAdmin.php:358
noprivwp_ajax_cnp_gfcnpgetRecurringclass.GFCnpAdmin.php:359
authwp_ajax_cnp_gfcnpcreateorderclass.GFCnpAdmin.php:360
noprivwp_ajax_cnp_gfcnpcreateorderclass.GFCnpAdmin.php:361
authwp_ajax_cnp_gfCreateBillingAgreementclass.GFCnpAdmin.php:362
noprivwp_ajax_cnp_gfCreateBillingAgreementclass.GFCnpAdmin.php:363
authwp_ajax_cnp_gfcnppaymentintentclass.GFCnpAdmin.php:364
noprivwp_ajax_cnp_gfcnppaymentintentclass.GFCnpAdmin.php:365
authwp_ajax_cnp_gfcnpbapaymentintentclass.GFCnpAdmin.php:366
noprivwp_ajax_cnp_gfcnpbapaymentintentclass.GFCnpAdmin.php:367
authwp_ajax_cnp_gfcnpgettotalclass.GFCnpAdmin.php:368
noprivwp_ajax_cnp_gfcnpgettotalclass.GFCnpAdmin.php:369
authwp_ajax_cnp_CreateAmazonPayPaymentIntentclass.GFCnpAdmin.php:370
noprivwp_ajax_cnp_CreateAmazonPayPaymentIntentclass.GFCnpAdmin.php:371
WordPress Hooks 221
actionadmin_initclass.GFCnpAdmin.php:306
filtergform_currency_setting_messageclass.GFCnpAdmin.php:309
actiongform_payment_statusclass.GFCnpAdmin.php:310
actiongform_after_update_entryclass.GFCnpAdmin.php:311
actiongform_entry_infoclass.GFCnpAdmin.php:312
actionadmin_noticesclass.GFCnpAdmin.php:314
filterplugin_row_metaclass.GFCnpAdmin.php:320
filtergform_addon_navigationclass.GFCnpAdmin.php:323
filtergform_tooltipsclass.GFCnpAdmin.php:335
actiongform_pre_submissionclass.GFCnpAdmin.php:340
actionwp_enqueue_scriptsclass.GFCnpAmazonpayField.php:18
actionadmin_enqueue_scriptsclass.GFCnpAmazonpayField.php:19
actiongform_preview_footerclass.GFCnpAmazonpayField.php:20
actiongform_enqueue_scriptsclass.GFCnpAmazonpayField.php:24
actiongform_editor_jsclass.GFCnpAmazonpayField.php:25
actiongform_field_standard_settingsclass.GFCnpAmazonpayField.php:26
filtergform_add_field_buttonsclass.GFCnpAmazonpayField.php:27
filtergform_field_type_titleclass.GFCnpAmazonpayField.php:28
filtergform_field_inputclass.GFCnpAmazonpayField.php:29
filtergform_pre_validationclass.GFCnpAmazonpayField.php:30
filtergform_field_validationclass.GFCnpAmazonpayField.php:31
filtergform_tooltipsclass.GFCnpAmazonpayField.php:32
filtergform_pre_submissionclass.GFCnpAmazonpayField.php:34
filtergform_field_contentclass.GFCnpAmazonpayField.php:36
filtergform_admin_pre_renderclass.GFCnpAmazonpayField.php:47
filtergform_field_css_classclass.GFCnpAmazonpayField.php:79
filtergform_duplicate_field_linkclass.GFCnpAmazonpayField.php:292
filtergform_duplicate_field_linkclass.GFCnpAmazonpayField.php:305
actionwp_enqueue_scriptsclass.GFCnpBankAccountField.php:17
actionadmin_enqueue_scriptsclass.GFCnpBankAccountField.php:18
actiongform_enqueue_scriptsclass.GFCnpBankAccountField.php:22
actiongform_editor_jsclass.GFCnpBankAccountField.php:23
actiongform_field_standard_settingsclass.GFCnpBankAccountField.php:24
filtergform_add_field_buttonsclass.GFCnpBankAccountField.php:25
filtergform_field_type_titleclass.GFCnpBankAccountField.php:26
filtergform_field_inputclass.GFCnpBankAccountField.php:27
filtergform_pre_validationclass.GFCnpBankAccountField.php:28
filtergform_tooltipsclass.GFCnpBankAccountField.php:30
filtergform_field_validationclass.GFCnpBankAccountField.php:34
filtergform_validationclass.GFCnpBankAccountField.php:35
filtergform_validationclass.GFCnpBankAccountField.php:37
filtergform_field_contentclass.GFCnpBankAccountField.php:39
filtergform_admin_pre_renderclass.GFCnpBankAccountField.php:50
filtergform_field_css_classclass.GFCnpBankAccountField.php:89
filtergform_duplicate_field_linkclass.GFCnpBankAccountField.php:508
filtergform_duplicate_field_linkclass.GFCnpBankAccountField.php:521
actionwp_enqueue_scriptsclass.GFCnpConnectCampaignField.php:19
actionadmin_enqueue_scriptsclass.GFCnpConnectCampaignField.php:20
actiongform_enqueue_scriptsclass.GFCnpConnectCampaignField.php:23
actiongform_editor_jsclass.GFCnpConnectCampaignField.php:24
actiongform_field_standard_settingsclass.GFCnpConnectCampaignField.php:25
filtergform_add_field_buttonsclass.GFCnpConnectCampaignField.php:26
filtergform_field_type_titleclass.GFCnpConnectCampaignField.php:27
filtergform_field_inputclass.GFCnpConnectCampaignField.php:28
filtergform_pre_validationclass.GFCnpConnectCampaignField.php:29
filtergform_field_validationclass.GFCnpConnectCampaignField.php:30
filtergform_tooltipsclass.GFCnpConnectCampaignField.php:31
filtergform_pre_submissionclass.GFCnpConnectCampaignField.php:32
filtergform_field_contentclass.GFCnpConnectCampaignField.php:33
filtergform_admin_pre_renderclass.GFCnpConnectCampaignField.php:44
filtergform_field_css_classclass.GFCnpConnectCampaignField.php:76
filtergform_duplicate_field_linkclass.GFCnpConnectCampaignField.php:318
filtergform_duplicate_field_linkclass.GFCnpConnectCampaignField.php:331
actionwp_enqueue_scriptsclass.GFCnpCustompaymentField.php:20
actionadmin_enqueue_scriptsclass.GFCnpCustompaymentField.php:21
actiongform_enqueue_scriptsclass.GFCnpCustompaymentField.php:24
actiongform_editor_jsclass.GFCnpCustompaymentField.php:25
actiongform_field_standard_settingsclass.GFCnpCustompaymentField.php:26
filtergform_add_field_buttonsclass.GFCnpCustompaymentField.php:27
filtergform_field_type_titleclass.GFCnpCustompaymentField.php:28
filtergform_field_inputclass.GFCnpCustompaymentField.php:29
filtergform_pre_validationclass.GFCnpCustompaymentField.php:30
filtergform_field_validationclass.GFCnpCustompaymentField.php:31
filtergform_tooltipsclass.GFCnpCustompaymentField.php:32
filtergform_pre_submissionclass.GFCnpCustompaymentField.php:33
filtergform_field_contentclass.GFCnpCustompaymentField.php:34
filtergform_admin_pre_renderclass.GFCnpCustompaymentField.php:75
filtergform_field_css_classclass.GFCnpCustompaymentField.php:128
filtergform_duplicate_field_linkclass.GFCnpCustompaymentField.php:320
filtergform_duplicate_field_linkclass.GFCnpCustompaymentField.php:333
actionwp_enqueue_scriptsclass.GFCnpDoubletheDonationField.php:17
actionadmin_enqueue_scriptsclass.GFCnpDoubletheDonationField.php:18
actiongform_enqueue_scriptsclass.GFCnpDoubletheDonationField.php:22
actiongform_editor_jsclass.GFCnpDoubletheDonationField.php:23
actiongform_field_standard_settingsclass.GFCnpDoubletheDonationField.php:24
filtergform_add_field_buttonsclass.GFCnpDoubletheDonationField.php:25
filtergform_field_type_titleclass.GFCnpDoubletheDonationField.php:26
filtergform_field_inputclass.GFCnpDoubletheDonationField.php:27
filtergform_pre_validationclass.GFCnpDoubletheDonationField.php:28
filtergform_field_validationclass.GFCnpDoubletheDonationField.php:29
filtergform_tooltipsclass.GFCnpDoubletheDonationField.php:30
filtergform_pre_submissionclass.GFCnpDoubletheDonationField.php:31
filtergform_field_contentclass.GFCnpDoubletheDonationField.php:32
filtergform_admin_pre_renderclass.GFCnpDoubletheDonationField.php:49
filtergform_field_css_classclass.GFCnpDoubletheDonationField.php:90
filtergform_duplicate_field_linkclass.GFCnpDoubletheDonationField.php:297
filtergform_duplicate_field_linkclass.GFCnpDoubletheDonationField.php:310
actionwp_enqueue_scriptsclass.GFCnpEcheckField.php:20
actionadmin_enqueue_scriptsclass.GFCnpEcheckField.php:21
actiongform_enqueue_scriptsclass.GFCnpEcheckField.php:24
actiongform_editor_jsclass.GFCnpEcheckField.php:25
actiongform_field_standard_settingsclass.GFCnpEcheckField.php:26
filtergform_add_field_buttonsclass.GFCnpEcheckField.php:27
filtergform_field_type_titleclass.GFCnpEcheckField.php:28
filtergform_field_inputclass.GFCnpEcheckField.php:29
filtergform_pre_validationclass.GFCnpEcheckField.php:30
filtergform_field_validationclass.GFCnpEcheckField.php:31
filtergform_tooltipsclass.GFCnpEcheckField.php:32
filtergform_pre_submissionclass.GFCnpEcheckField.php:33
filtergform_field_contentclass.GFCnpEcheckField.php:34
filtergform_field_css_classclass.GFCnpEcheckField.php:46
filtergform_duplicate_field_linkclass.GFCnpEcheckField.php:349
filtergform_duplicate_field_linkclass.GFCnpEcheckField.php:362
filtergform_admin_pre_renderclass.GFCnpEcheckField.php:454
actionwp_enqueue_scriptsclass.GFCnpFormModeField.php:20
actionadmin_enqueue_scriptsclass.GFCnpFormModeField.php:21
actiongform_enqueue_scriptsclass.GFCnpFormModeField.php:24
actiongform_editor_jsclass.GFCnpFormModeField.php:25
actiongform_field_standard_settingsclass.GFCnpFormModeField.php:26
filtergform_add_field_buttonsclass.GFCnpFormModeField.php:27
filtergform_field_type_titleclass.GFCnpFormModeField.php:28
filtergform_field_inputclass.GFCnpFormModeField.php:29
filtergform_pre_validationclass.GFCnpFormModeField.php:31
filtergform_field_validationclass.GFCnpFormModeField.php:32
filtergform_tooltipsclass.GFCnpFormModeField.php:33
filtergform_pre_submissionclass.GFCnpFormModeField.php:34
filtergform_field_contentclass.GFCnpFormModeField.php:36
filtergform_admin_pre_renderclass.GFCnpFormModeField.php:47
filtergform_field_css_classclass.GFCnpFormModeField.php:71
filtergform_duplicate_field_linkclass.GFCnpFormModeField.php:293
filtergform_duplicate_field_linkclass.GFCnpFormModeField.php:306
actionwp_enqueue_scriptsclass.GFCnpGpayField.php:18
actionadmin_enqueue_scriptsclass.GFCnpGpayField.php:19
actiongform_preview_footerclass.GFCnpGpayField.php:20
actiongform_enqueue_scriptsclass.GFCnpGpayField.php:24
actiongform_editor_jsclass.GFCnpGpayField.php:25
actiongform_field_standard_settingsclass.GFCnpGpayField.php:26
filtergform_add_field_buttonsclass.GFCnpGpayField.php:27
filtergform_field_type_titleclass.GFCnpGpayField.php:28
filtergform_field_inputclass.GFCnpGpayField.php:29
filtergform_pre_validationclass.GFCnpGpayField.php:30
filtergform_field_validationclass.GFCnpGpayField.php:31
filtergform_tooltipsclass.GFCnpGpayField.php:32
filtergform_pre_submissionclass.GFCnpGpayField.php:34
filtergform_field_contentclass.GFCnpGpayField.php:35
filtergform_admin_pre_renderclass.GFCnpGpayField.php:46
filtergform_field_css_classclass.GFCnpGpayField.php:78
filtergform_duplicate_field_linkclass.GFCnpGpayField.php:406
filtergform_duplicate_field_linkclass.GFCnpGpayField.php:419
actionwp_enqueue_scriptsclass.GFCnpPaymentMethodsField.php:227
actionadmin_enqueue_scriptsclass.GFCnpPaymentMethodsField.php:228
actiongform_enqueue_scriptsclass.GFCnpPaymentMethodsField.php:231
actiongform_editor_jsclass.GFCnpPaymentMethodsField.php:232
actiongform_field_standard_settingsclass.GFCnpPaymentMethodsField.php:233
filtergform_pre_validationclass.GFCnpPaymentMethodsField.php:236
filtergform_pre_renderclass.GFCnpPaymentMethodsField.php:237
filtergform_admin_pre_renderclass.GFCnpPaymentMethodsField.php:238
filtergform_admin_pre_renderclass.GFCnpPaymentMethodsField.php:239
filtergform_field_validationclass.GFCnpPaymentMethodsField.php:243
filtergform_validationclass.GFCnpPaymentMethodsField.php:244
filtergform_pre_submissionclass.GFCnpPaymentMethodsField.php:245
filtergform_validation_messageclass.GFCnpPaymentMethodsField.php:248
filtergform_validationclass.GFCnpPaymentMethodsField.php:251
filtergform_validationclass.GFCnpPaymentMethodsField.php:254
filtergform_field_css_classclass.GFCnpPaymentMethodsField.php:257
filtergform_field_contentclass.GFCnpPaymentMethodsField.php:259
filtergform_duplicate_field_linkclass.GFCnpPaymentMethodsField.php:1315
actionwp_enqueue_scriptsclass.GFCnpPaypalField.php:20
actionadmin_enqueue_scriptsclass.GFCnpPaypalField.php:21
actiongform_preview_footerclass.GFCnpPaypalField.php:22
actionwp_headclass.GFCnpPaypalField.php:23
actiongform_enqueue_scriptsclass.GFCnpPaypalField.php:26
actiongform_editor_jsclass.GFCnpPaypalField.php:27
actiongform_field_standard_settingsclass.GFCnpPaypalField.php:28
filtergform_add_field_buttonsclass.GFCnpPaypalField.php:29
filtergform_field_type_titleclass.GFCnpPaypalField.php:30
filtergform_field_inputclass.GFCnpPaypalField.php:31
filtergform_pre_validationclass.GFCnpPaypalField.php:32
filtergform_field_validationclass.GFCnpPaypalField.php:33
filtergform_tooltipsclass.GFCnpPaypalField.php:34
filtergform_pre_submissionclass.GFCnpPaypalField.php:35
filtergform_field_contentclass.GFCnpPaypalField.php:36
filtergform_admin_pre_renderclass.GFCnpPaypalField.php:47
filtergform_field_css_classclass.GFCnpPaypalField.php:81
filtergform_duplicate_field_linkclass.GFCnpPaypalField.php:294
filtergform_duplicate_field_linkclass.GFCnpPaypalField.php:307
actioninitclass.GFCnpPlugin.php:69
filtergform_pre_renderclass.GFCnpPlugin.php:107
filtergform_admin_pre_renderclass.GFCnpPlugin.php:108
actiongform_enable_credit_card_fieldclass.GFCnpPlugin.php:109
filtergform_creditcard_typesclass.GFCnpPlugin.php:110
filtergform_currencyclass.GFCnpPlugin.php:111
filtergform_validationclass.GFCnpPlugin.php:112
actiongform_after_submissionclass.GFCnpPlugin.php:113
filtergform_custom_merge_tagsclass.GFCnpPlugin.php:114
filtergform_replace_merge_tagsclass.GFCnpPlugin.php:115
filtergform_enable_entry_info_payment_detailsclass.GFCnpPlugin.php:116
filtergform_confirmationclass.GFCnpPlugin.php:118
actionwp_enqueue_scriptsclass.GFCnpPlugin.php:121
filtergform_validation_messageclass.GFCnpPlugin.php:350
filtergform_validation_messageclass.GFCnpPlugin.php:369
filtergform_validation_messageclass.GFCnpPlugin.php:526
actionwp_enqueue_scriptsclass.GFCnpRecurringField.php:35
actionadmin_enqueue_scriptsclass.GFCnpRecurringField.php:36
actiongform_preview_footerclass.GFCnpRecurringField.php:37
actiongform_enqueue_scriptsclass.GFCnpRecurringField.php:40
actiongform_editor_jsclass.GFCnpRecurringField.php:41
actiongform_field_standard_settingsclass.GFCnpRecurringField.php:43
filtergform_add_field_buttonsclass.GFCnpRecurringField.php:44
filtergform_field_type_titleclass.GFCnpRecurringField.php:45
filtergform_field_inputclass.GFCnpRecurringField.php:46
filtergform_pre_validationclass.GFCnpRecurringField.php:47
filtergform_field_validationclass.GFCnpRecurringField.php:48
filtergform_tooltipsclass.GFCnpRecurringField.php:49
filtergform_pre_submissionclass.GFCnpRecurringField.php:50
filtergform_field_contentclass.GFCnpRecurringField.php:51
filtergform_field_css_classclass.GFCnpRecurringField.php:64
filtergform_duplicate_field_linkclass.GFCnpRecurringField.php:601
filtergform_duplicate_field_linkclass.GFCnpRecurringField.php:614
filtergform_admin_pre_renderclass.GFCnpRecurringField.php:1691
actionwp_footerclass.GFCnpRecurringField.php:1716
Maintenance & Trust

Click & Pledge for Gravity Forms Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 18, 2026
PHP min version5.6
Downloads11K

Community Trust

Rating0/100
Number of ratings0
Active installs30
Alternatives

Click & Pledge for Gravity Forms Alternatives

Gravity Forms Eway

Gravity Forms Eway

gravityforms-eway

A
100

Easily create online payment forms with Gravity Forms and Eway.

500 No CVEs
Paystation Payment Gateway for woocommerce

Paystation Payment Gateway for woocommerce

paystation-woocommerce-payment-gateway

A
100

Take credit card payments on your store via Paystation.

100 No CVEs
Opayo Form Payment Gateway for Gravity Forms

Opayo Form Payment Gateway for Gravity Forms

sagepay-form-payment-gateway-for-gravity-forms

A
85

Opayo Server Gateway for accepting payments on your Gravity Forms Store.

90 No CVEs
Click & Pledge WPJobBoard

Click & Pledge WPJobBoard

click-pledge-wpjobboard

A
98

Click & Pledge payment gateway integration for WPJobBoard with Salesforce support.

40 1 CVE
Mijireh Checkout for Gravity Forms

Mijireh Checkout for Gravity Forms

mijireh-checkout-for-gravity-forms

A
85

Mijireh Checkout Plugin for accepting payments on with your Gravity Forms.

10 No CVEs
Developer Profile

Click & Pledge for Gravity Forms Developer Profile

ClickandPledge

5 plugins · 190 total installs

93
trust score
Avg Security Score
98/100
Avg Patch Time
27 days
View full developer profile
Detection Fingerprints

How We Detect Click & Pledge for Gravity Forms

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

FAQ

Frequently Asked Questions about Click & Pledge for Gravity Forms