WP-Safety

Global Payments SecureSubmit Addon for Gravity Forms Security & Risk Analysis

wordpress.org/plugins/heartland-secure-submit-addon-for-gravity-forms

SecureSubmit allows merchants to take PCI-Friendly Credit Card payments with Gravity Forms using Global Payments Payment Gateway.

100 active installs v2.2.0 PHP + WP + Updated Jan 8, 2026
globalpaymentsgravityformssecuresubmittokentokenize
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Global Payments SecureSubmit Addon for Gravity Forms Safe to Use in 2026?

Generally Safe

Score 100/100

Global Payments SecureSubmit Addon for Gravity Forms has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago
Risk Assessment

The plugin 'heartland-secure-submit-addon-for-gravity-forms' version 2.2.0 demonstrates several strong security practices. Notably, all SQL queries are executed using prepared statements, and all identified output is properly escaped, indicating a good defense against common injection and XSS vulnerabilities. The absence of any recorded CVEs or known vulnerabilities in its history further suggests a generally secure development and maintenance approach.

However, a significant concern arises from the static analysis. The plugin exposes a single AJAX handler that lacks any authentication checks. This unprotected entry point represents a direct attack vector that could be exploited by unauthenticated users to trigger unintended actions or potentially access sensitive information, depending on the functionality of that handler. The lack of nonce checks on this handler exacerbates this risk, as it offers no protection against Cross-Site Request Forgery (CSRF) attacks.

While the overall code quality appears high due to the absence of dangerous functions and well-handled SQL and output, the unprotected AJAX endpoint is a critical weakness. The plugin's vulnerability history is clean, which is a positive indicator, but it doesn't mitigate the immediate risk posed by the identified unprotected entry point. A balanced assessment highlights strong adherence to fundamental security principles in most areas, contrasted by a singular but significant flaw in authentication for its AJAX functionality.

Key Concerns

  • AJAX handler without auth checks
  • AJAX handler without nonce checks
Vulnerabilities
None known

Global Payments SecureSubmit Addon for Gravity Forms Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Global Payments SecureSubmit Addon for Gravity Forms Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
238 escaped
Nonce Checks
0
Capability Checks
1
File Operations
0
External Requests
1
Bundled Libraries
0

Output Escaping

100% escaped238 total outputs
Attack Surface
1 unprotected

Global Payments SecureSubmit Addon for Gravity Forms Attack Surface

Entry Points1
Unprotected1

AJAX Handlers 1

authwp_ajax_gf_validate_secret_api_keyclasses\class-gf-securesubmit.php:225
WordPress Hooks 9
actiongform_post_payment_completedclasses\class-gf-securesubmit.php:194
filtergform_replace_merge_tagsclasses\class-gf-securesubmit.php:195
actiongform_admin_pre_renderclasses\class-gf-securesubmit.php:196
filtergform_add_field_buttonsclasses\class-gf-securesubmit.php:203
filtergform_add_field_buttonsclasses\class-gf-securesubmit.php:204
actiongform_editor_js_set_default_valuesclasses\class-gf-securesubmit.php:205
filtergform_register_init_scriptsclasses\class-gf-securesubmit.php:972
filtergform_field_contentclasses\class-gf-securesubmit.php:973
actiongform_loadedgravityforms-securesubmit.php:13
Maintenance & Trust

Global Payments SecureSubmit Addon for Gravity Forms Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedJan 8, 2026
PHP min version
Downloads7K

Community Trust

Rating0/100
Number of ratings0
Active installs100
Alternatives

Global Payments SecureSubmit Addon for Gravity Forms Alternatives

Global Payments SecureSubmit Gateway

Global Payments SecureSubmit Gateway

woocommerce-securesubmit-gateway

A
100

SecureSubmit allows merchants to take PCI-Friendly Credit Card payments using Global Payments Payment Gateway.

600 No CVEs
WP SecureSubmit

WP SecureSubmit

securesubmit

C
58

SecureSubmit allows merchants using Global Payments to take PCI-Friendly donations on their WordPress site.

40 2 unpatched
گرویتی فرم فارسی

گرویتی فرم فارسی

persian-gravity-forms

A
100

بسته کامل فارسی ساز گرویتی فرم

30K No CVEs
GravityExport Lite for Gravity Forms

GravityExport Lite for Gravity Forms

gf-entries-in-excel

A
100

Export all Gravity Forms entries to Excel (.xlsx) or CSV via a download button or a secret shareable URL.

10K No CVEs
Multiple Columns for Gravity Forms

Multiple Columns for Gravity Forms

gf-form-multicolumn

A
85

Introduces new form elements into Gravity Forms which allow for simple column creation.

10K No CVEs
Developer Profile

Global Payments SecureSubmit Addon for Gravity Forms Developer Profile

SecureSubmit

3 plugins · 740 total installs

84
trust score
Avg Security Score
86/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Global Payments SecureSubmit Addon for Gravity Forms

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/heartland-secure-submit-addon-for-gravity-forms/assets/css/style.css/wp-content/plugins/heartland-secure-submit-addon-for-gravity-forms/assets/js/common.js/wp-content/plugins/heartland-secure-submit-addon-for-gravity-forms/assets/js/hps-credit-card.js/wp-content/plugins/heartland-secure-submit-addon-for-gravity-forms/assets/js/hps-ach.js
Script Paths
/wp-content/plugins/heartland-secure-submit-addon-for-gravity-forms/assets/js/common.js/wp-content/plugins/heartland-secure-submit-addon-for-gravity-forms/assets/js/hps-credit-card.js/wp-content/plugins/heartland-secure-submit-addon-for-gravity-forms/assets/js/hps-ach.js
Version Parameters
/wp-content/plugins/heartland-secure-submit-addon-for-gravity-forms/assets/css/style.css?ver=/wp-content/plugins/heartland-secure-submit-addon-for-gravity-forms/assets/js/common.js?ver=/wp-content/plugins/heartland-secure-submit-addon-for-gravity-forms/assets/js/hps-credit-card.js?ver=/wp-content/plugins/heartland-secure-submit-addon-for-gravity-forms/assets/js/hps-ach.js?ver=

HTML / DOM Fingerprints

CSS Classes
hpsACHhpscreditcard
Data Attributes
data-type='hpsACH'data-type='hpscreditcard'
JS Globals
window.HpsCreditCardwindow.HpsAch
REST Endpoints
/wp-json/gfsecuresubmit/v1/validate-secret-api-key
FAQ

Frequently Asked Questions about Global Payments SecureSubmit Addon for Gravity Forms