WP-Safety

GravityStripe Subscription Manager Security & Risk Analysis

wordpress.org/plugins/manage-gravity-forms-stripe-subscriptions

Description: Manage Gravity Forms Stripe subscriptions with shortcodes and admin tools for subscribers and site admins.

60 active installs v4.6.3 PHP + WP + Updated Jan 14, 2026
addonfrontend-managementgravity-formsstripesubscription
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is GravityStripe Subscription Manager Safe to Use in 2026?

Generally Safe

Score 100/100

GravityStripe Subscription Manager has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago
Risk Assessment

The 'manage-gravity-forms-stripe-subscriptions' plugin v4.6.3 exhibits a mixed security posture. While it demonstrates good practices in handling SQL queries with prepared statements and has no recorded historical vulnerabilities, significant concerns arise from its static analysis. The plugin exposes a substantial attack surface with 8 AJAX handlers, all of which lack authentication checks. Furthermore, only 38% of output escaping is properly implemented, indicating a potential for cross-site scripting (XSS) vulnerabilities. The taint analysis revealed 2 flows with unsanitized paths, which, although not classified as critical or high severity in this instance, represent a risk of unexpected behavior or potential data manipulation if not addressed.

The absence of any historical vulnerabilities is a positive indicator, suggesting a developer who may be responsive to security issues or has historically avoided common pitfalls. However, the current static analysis findings, particularly the unprotected AJAX endpoints and insufficient output escaping, create a notable security gap. The plugin's strengths lie in its SQL sanitization and clean vulnerability history, but these are overshadowed by immediate risks in the attack surface and data sanitization. A balanced conclusion would note the foundational good practices while strongly highlighting the urgent need to address the unprotected entry points and output escaping to mitigate immediate threats.

Key Concerns

  • AJAX handlers without authentication checks
  • Insufficient output escaping
  • Taint flows with unsanitized paths
  • Missing nonce checks on AJAX
Vulnerabilities
None known

GravityStripe Subscription Manager Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

GravityStripe Subscription Manager Release Timeline

v4.6.3Current
v4.3.2
v4.2
v4.1.4
v4.1.2
v4.1.1
v4.1
v4.0
v3.4
v3.3.2
v3.2.5
v3.2.2
v3.2
v3.1.2
v3.1
v3.0
v2.7.5
v2.7
v2.6.1
v2.6
Code Analysis
Analyzed Mar 16, 2026

GravityStripe Subscription Manager Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
2 prepared
Unescaped Output
25
15 escaped
Nonce Checks
0
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
3

Bundled Libraries

DataTablesFreemius1.0Select2

SQL Query Safety

100% prepared2 total queries

Output Escaping

38% escaped40 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths
gss_ajax_fn_cancel_subscription (gravitystripe-subscriptions-manager.php:271)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
8 unprotected

GravityStripe Subscription Manager Attack Surface

Entry Points10
Unprotected8

AJAX Handlers 8

authwp_ajax_gss_get_pagesfunctions.php:3
authwp_ajax_gss_cancel_subscriptiongravitystripe-subscriptions-manager.php:270
authwp_ajax_gss-notice-dismissgravitystripe-subscriptions-manager.php:432
authwp_ajax_get_subscription_rowsgravitystripe-subscriptions-manager.php:1186
authwp_ajax_save_created_bygravitystripe-subscriptions-manager.php:1721
authwp_ajax_gss_view_ordergravitystripe-subscriptions-manager.php:1731
authwp_ajax_fetch_usersgravitystripe-subscriptions-manager.php:1801
noprivwp_ajax_fetch_usersgravitystripe-subscriptions-manager.php:1802

Shortcodes 2

[user-subscriptions] gravitystripe-subscriptions-manager.php:732
[subscription-list] gravitystripe-subscriptions-manager.php:800
WordPress Hooks 23
filterconnect_urlgravitystripe-subscriptions-manager.php:56
filterafter_skip_urlgravitystripe-subscriptions-manager.php:57
filterafter_connect_urlgravitystripe-subscriptions-manager.php:58
filterafter_pending_connect_urlgravitystripe-subscriptions-manager.php:59
filterpricing_urlgravitystripe-subscriptions-manager.php:60
actionplugins_loadedgravitystripe-subscriptions-manager.php:80
actionwp_enqueue_scriptsgravitystripe-subscriptions-manager.php:104
actionadmin_enqueue_scriptsgravitystripe-subscriptions-manager.php:105
actionwp_enqueue_scriptsgravitystripe-subscriptions-manager.php:217
actionwpgravitystripe-subscriptions-manager.php:234
actiongform_loadedgravitystripe-subscriptions-manager.php:253
actiongform_subscription_payment_failedgravitystripe-subscriptions-manager.php:297
actiongform_subscription_canceledgravitystripe-subscriptions-manager.php:324
actiongform_stripe_customer_after_creategravitystripe-subscriptions-manager.php:347
actionadmin_noticesgravitystripe-subscriptions-manager.php:364
actionadmin_menugravitystripe-subscriptions-manager.php:1015
actionadmin_headgravitystripe-subscriptions-manager.php:1054
actionadmin_enqueue_scriptsgravitystripe-subscriptions-manager.php:1085
filtergform_noconflict_stylesgravitystripe-subscriptions-manager.php:1113
filtergform_noconflict_scriptsgravitystripe-subscriptions-manager.php:1125
filtergss_result_valuegravitystripe-subscriptions-manager.php:1513
actiongss_action_after_shortcode_renderedgravitystripe-subscriptions-manager.php:1598
filtergform_entry_detail_meta_boxesgravitystripe-subscriptions-manager.php:1698
Maintenance & Trust

GravityStripe Subscription Manager Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 14, 2026
PHP min version
Downloads6K

Community Trust

Rating100/100
Number of ratings7
Active installs60
Alternatives

GravityStripe Subscription Manager Alternatives

STARTEND Subscription Add-On for GravityForms

STARTEND Subscription Add-On for GravityForms

startend-subscription-add-on-for-gravityforms

A
85

Description: STARTEND is a Gravity Forms Add-on that allows you to set one or many future start dates and customize an automated end date for your Gra …

20 No CVEs
SureCart – Ecommerce Made Easy For Selling Physical Products, Digital Downloads, Subscriptions, Donations, & Payments

SureCart – Ecommerce Made Easy For Selling Physical Products, Digital Downloads, Subscriptions, Donations, & Payments

surecart

A
96

Make ecommerce easy with a simple-to-use, all-in-one platform that anyone can set up in just a few minutes!

90K 3 CVEs
Multi Page Auto Advance for Gravity Forms

Multi Page Auto Advance for Gravity Forms

auto-advance-for-gravity-forms

A
92

Description: The Auto Advance plugin for Gravity Forms makes the form filling process quicker and more user friendly for visitors.

2K No CVEs
Real Time Validation for Gravity Forms

Real Time Validation for Gravity Forms

real-time-validation-for-gravity-forms

F
24

Real Time Validation for Gravity Forms increases conversion rates of your Gravity Form using inline validation messages as user types in field.

2K 3 unpatched
Memberful – Membership Plugin

Memberful – Membership Plugin

memberful-wp

A
97

Sell memberships and restrict access to content with WordPress and Memberful.

1K 3 CVEs
Developer Profile

GravityStripe Subscription Manager Developer Profile

Concurrent

2 plugins · 80 total installs

89
trust score
Avg Security Score
93/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect GravityStripe Subscription Manager

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/manage-gravity-forms-stripe-subscriptions/css/jquery.dataTables.min.css/wp-content/plugins/manage-gravity-forms-stripe-subscriptions/css/responsive.dataTables.min.css/wp-content/plugins/manage-gravity-forms-stripe-subscriptions/css/dataTables.bootstrap.css/wp-content/plugins/manage-gravity-forms-stripe-subscriptions/css/bootstrap.min.css/wp-content/plugins/manage-gravity-forms-stripe-subscriptions/css/custom.css/wp-content/plugins/manage-gravity-forms-stripe-subscriptions/js/jquery.dataTables.min.js/wp-content/plugins/manage-gravity-forms-stripe-subscriptions/js/dataTables.responsive.min.js/wp-content/plugins/manage-gravity-forms-stripe-subscriptions/js/bootstrap.min.js+3 more
Script Paths
https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.13/js/select2.min.js
Version Parameters
manage-gravity-forms-stripe-subscriptions/css/jquery.dataTables.min.css?ver=manage-gravity-forms-stripe-subscriptions/css/responsive.dataTables.min.css?ver=manage-gravity-forms-stripe-subscriptions/css/dataTables.bootstrap.css?ver=manage-gravity-forms-stripe-subscriptions/css/bootstrap.min.css?ver=manage-gravity-forms-stripe-subscriptions/css/custom.css?ver=manage-gravity-forms-stripe-subscriptions/js/jquery.dataTables.min.js?ver=manage-gravity-forms-stripe-subscriptions/js/dataTables.responsive.min.js?ver=manage-gravity-forms-stripe-subscriptions/js/bootstrap.min.js?ver=manage-gravity-forms-stripe-subscriptions/js/custom.js?ver=manage-gravity-forms-stripe-subscriptions/js/jquery.payform.min.js?ver=manage-gravity-forms-stripe-subscriptions/js/jquery-ui.js?ver=

HTML / DOM Fingerprints

CSS Classes
gss-dataTablesgss-dataTables-responsivegss-datatables-bootstrapgss-bootstrap-modalgss-custommgfss_fs_notice
Data Attributes
data-gss-iddata-gss-type
JS Globals
mgfss_fsgss_variablesscript_zzd_options
FAQ

Frequently Asked Questions about GravityStripe Subscription Manager