Does Paystation (3 Party Hosted) for Gravity forms have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Paystation (3 Party Hosted) for Gravity forms compatible with WordPress 6.4.8?

According to WordPress.org data, Paystation (3 Party Hosted) for Gravity forms 1.5.6 has been tested up to WordPress 6.4.8. Check the plugin's changelog for the latest compatibility information.

Is Paystation (3 Party Hosted) for Gravity forms compatible with PHP 6.4.5+?

Paystation (3 Party Hosted) for Gravity forms requires PHP 6.4.5 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Paystation (3 Party Hosted) for Gravity forms updated?

Paystation (3 Party Hosted) for Gravity forms was last updated on Jul 17, 2024. Frequent updates are generally a positive security signal.

What is Paystation (3 Party Hosted) for Gravity forms's security score?

Paystation (3 Party Hosted) for Gravity forms has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Paystation (3 Party Hosted) for Gravity forms Security & Risk Analysis

wordpress.org/plugins/gravity-forms-paystation-3-party-hosted

Integrates Gravity Forms with the Paystation 3 party hosted payment gateway allowing end-users to purchase goods and services via Gravity Forms.

30 active installs v1.5.6 PHP 6.4.5+ WP 3.3+ Updated Jul 17, 2024

credit-card-paymentsecommercegravity-formsonline-paymentspayment-gateway

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Paystation (3 Party Hosted) for Gravity forms Safe to Use in 2026?

Generally Safe

Score 92/100

Paystation (3 Party Hosted) for Gravity forms has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The "gravity-forms-paystation-3-party-hosted" plugin v1.5.6 presents a mixed security posture. On the positive side, it demonstrates good practices by not using dangerous functions, executing all SQL queries using prepared statements, and implementing nonce and capability checks for its identified entry points. There are no recorded vulnerabilities or CVEs, suggesting a history of relative security.

However, significant concerns arise from the static analysis. The plugin exposes two AJAX handlers, both of which lack authentication checks, creating a substantial attack surface for unauthorized actions. While the taint analysis did not identify critical or high severity issues, it did reveal two flows with unsanitized paths, which could potentially be exploited if the AJAX handlers are not properly secured. The low percentage of properly escaped output (10%) is also a concern, indicating a risk of Cross-Site Scripting (XSS) vulnerabilities.

In conclusion, the plugin has a strong foundation in terms of SQL security and the absence of known vulnerabilities. Nevertheless, the unprotected AJAX endpoints and the prevalence of unescaped output represent notable security weaknesses that could be leveraged by attackers. Addressing these specific issues should be a priority to improve the plugin's overall security.

Key Concerns

Unprotected AJAX handlers
Unsanitized paths in taint flows
Low percentage of properly escaped output

Vulnerabilities

None known

Paystation (3 Party Hosted) for Gravity forms Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Paystation (3 Party Hosted) for Gravity forms Release Timeline

v1.5.7

v1.5.6Current

v1.5.5

v1.5.4

v1.5.3

v1.5.2

v1.5.1

v1.4.3

v1.4.2

v1.4.0

v1.3.1

v1.3.0

v1.2.1

v1.2.0

v1.1.0

v1.0.0

Code Analysis

Analyzed Apr 16, 2026

Paystation (3 Party Hosted) for Gravity forms Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

2 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

10% escaped21 total outputs

Data Flows · Security

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

ajaxGfFormFields (class.GFPaystationAdmin.php:186)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Paystation (3 Party Hosted) for Gravity forms Attack Surface

Entry Points2

Unprotected2

AJAX Handlers 2

authwp_ajax_gfpaystation_form_fieldsclass.GFPaystationAdmin.php:49

authwp_ajax_gfpaystation_form_has_feedclass.GFPaystationAdmin.php:50

WordPress Hooks 23

actionadmin_initclass.GFPaystationAdmin.php:26

filtergform_addon_navigationclass.GFPaystationAdmin.php:34

actionadmin_noticesclass.GFPaystationAdmin.php:37

filtergform_enable_entry_info_payment_detailsclass.GFPaystationAdmin.php:43

filteradmin_enqueue_scriptsclass.GFPaystationAdmin.php:46

filterwp_print_scriptsclass.GFPaystationFeedAdmin.php:24

filterparent_fileclass.GFPaystationFeedAdmin.php:25

actionsave_postclass.GFPaystationFeedAdmin.php:27

filterpost_row_actionsclass.GFPaystationFeedAdmin.php:29

filterwp_insert_post_dataclass.GFPaystationFeedAdmin.php:30

filterpost_updated_messagesclass.GFPaystationFeedAdmin.php:31

actioninitclass.GFPaystationPlugin.php:56

actionparse_requestclass.GFPaystationPlugin.php:57

actionwpclass.GFPaystationPlugin.php:58

filtergform_validationclass.GFPaystationPlugin.php:91

filtergform_validation_messageclass.GFPaystationPlugin.php:92

filtergform_confirmationclass.GFPaystationPlugin.php:93

filtergform_disable_post_creationclass.GFPaystationPlugin.php:94

filtergform_disable_user_notificationclass.GFPaystationPlugin.php:97

filtergform_disable_admin_notificationclass.GFPaystationPlugin.php:98

filtergform_disable_notificationclass.GFPaystationPlugin.php:99

filtergform_custom_merge_tagsclass.GFPaystationPlugin.php:101

filtergform_replace_merge_tagsclass.GFPaystationPlugin.php:102

Maintenance & Trust

Paystation (3 Party Hosted) for Gravity forms Maintenance & Trust

Maintenance Signals

WordPress version tested6.4.8

Last updatedJul 17, 2024

PHP min version6.4.5

Downloads6K

Community Trust

Rating100/100

Number of ratings3

Active installs30

Alternatives

Paystation (3 Party Hosted) for Gravity forms Alternatives

Click & Pledge for Gravity Forms

gravity-forms-click-pledge

100

Add a credit card payment gateway for Click & Pledge to the Gravity Forms plugin

30 No CVEs

Gravity Forms Eway

gravityforms-eway

100

Easily create online payment forms with Gravity Forms and Eway.

500 No CVEs

Paystation Payment Gateway for woocommerce

paystation-woocommerce-payment-gateway

100

Take credit card payments on your store via Paystation.

100 No CVEs

Opayo Form Payment Gateway for Gravity Forms

sagepay-form-payment-gateway-for-gravity-forms

100

Accept card payments in Gravity Forms using Opayo Form (hosted checkout by Elavon)—customers pay on Opayo’s pages, not on your server.

80 No CVEs

ZaakPay

zaakpay

100

Seamlessly integrate Zaakpay payment gateway with WooCommerce for secure and reliable online payments.

20 No CVEs

Developer Profile

Paystation (3 Party Hosted) for Gravity forms Developer Profile

paystationNZ

2 plugins · 130 total installs

trust score

Avg Security Score

96/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Paystation (3 Party Hosted) for Gravity forms

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/gravity-forms-paystation-3-party-hosted/style-admin.css

Version Parameters

gravity-forms-paystation-3-party-hosted/style-admin.css?ver=gravityforms-paystation.php?ver=

HTML / DOM Fingerprints

Data Attributes

data-gfpaystation-form-id

JS Globals

gfpaystation_form_idgfpaystation_form_fields

REST Endpoints

/wp-json/gfpaystation/v1/form/

FAQ