WP-Safety

Payforme for WooCommerce Security & Risk Analysis

wordpress.org/plugins/payforme

Accept payments from your customers’ friends and family to sell more

0 active installs v2.1.2 PHP + WP 5.0+ Updated Jan 31, 2024
checkoutpay-for-mepayformepaymentstripe
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Payforme for WooCommerce Safe to Use in 2026?

Generally Safe

Score 85/100

Payforme for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago
Risk Assessment

The "payforme" plugin v2.1.2 presents a generally good security posture based on the static analysis. The plugin has a limited attack surface with only two AJAX entry points, and importantly, none of these are identified as unprotected. The absence of critical or high-severity taint flows, raw SQL queries, or common vulnerability types in its history suggests a diligent approach to secure coding.

However, there are areas for improvement. The low percentage of properly escaped output (20%) is a significant concern, as it indicates potential for cross-site scripting (XSS) vulnerabilities if user-supplied data is not consistently handled with care. While there's one nonce check, the complete lack of capability checks on AJAX handlers is a weakness. This means that any authenticated user, regardless of their role, could potentially trigger these AJAX actions. The plugin also performs file operations and makes external HTTP requests, which, while not inherently insecure, require careful handling to prevent vulnerabilities.

In conclusion, the "payforme" plugin has a solid foundation with no known vulnerabilities and a controlled attack surface. The main risk lies in the insufficient output escaping and the absence of capability checks, which could be exploited. Addressing these specific points would significantly enhance the plugin's security.

Key Concerns

  • Low output escaping percentage
  • No capability checks on AJAX handlers
  • File operations present
  • External HTTP requests present
Vulnerabilities
None known

Payforme for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Payforme for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
4
1 escaped
Nonce Checks
1
Capability Checks
0
File Operations
1
External Requests
2
Bundled Libraries
0

Output Escaping

20% escaped5 total outputs
Attack Surface

Payforme for WooCommerce Attack Surface

Entry Points2
Unprotected0

AJAX Handlers 2

authwp_ajax_payforme_ajax_actionpayforme-woocommerce.php:498
noprivwp_ajax_payforme_ajax_actionpayforme-woocommerce.php:499
WordPress Hooks 9
actionbefore_woocommerce_initpayforme-woocommerce.php:39
actiondeactivated_pluginpayforme-woocommerce.php:53
actionplugins_loadedpayforme-woocommerce.php:92
filterwoocommerce_payment_gatewayspayforme-woocommerce.php:384
filterwoocommerce_available_payment_gatewayspayforme-woocommerce.php:391
actionwp_footerpayforme-woocommerce.php:411
actionwp_enqueue_scriptspayforme-woocommerce.php:416
actionwoocommerce_review_order_after_submitpayforme-woocommerce.php:535
actionwoocommerce_proceed_to_checkoutpayforme-woocommerce.php:548
Maintenance & Trust

Payforme for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.4.8
Last updatedJan 31, 2024
PHP min version
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Payforme for WooCommerce Alternatives

Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions

Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions

wp-full-stripe-free

A
92

🚀 Create Stripe payment forms for WordPress. Accept credit cards, Apple Pay, donations, subscriptions & more. Easy setup, no coding needed!

10K 5 CVEs
Payment Gateway of Stripe for WooCommerce

Payment Gateway of Stripe for WooCommerce

payment-gateway-stripe-and-woocommerce-integration

A
96

Integrate Stripe Payment Gateway in WooCommerce and accept cards, Google Pay, Apple Pay, Klarna, Alipay, and more with seamless, secure checkout.

9K 4 CVEs
Stripe Payment Forms by WP Simple Pay – Accept Credit Card Payments + Subscriptions with Stripe

Stripe Payment Forms by WP Simple Pay – Accept Credit Card Payments + Subscriptions with Stripe

stripe

A
100

🤩 Accept Stripe payments and recurring subscriptions on your WordPress using WP Simple Pay, the best Stripe payments plugin! 🚀

9K No CVEs
RealHomes Stripe Payments

RealHomes Stripe Payments

inspiry-stripe-payments

A
100

This plugin allows the RealHomes theme website admin to add Stripe payments functionality for individual properties submitted by website users.

500 No CVEs
PeachPay — Payments & Express Checkout for WooCommerce (supports Stripe, PayPal, Square, Authorize.net)

PeachPay — Payments & Express Checkout for WooCommerce (supports Stripe, PayPal, Square, Authorize.net)

peachpay-for-woocommerce

A
95

Connect and manage all your payment methods, offer shoppers a beautiful Express Checkout, and reduce cart abandonment.

400 4 CVEs
Developer Profile

Payforme for WooCommerce Developer Profile

payformeuser

1 plugin · 0 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Payforme for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes
payforme-checkout-buttonpayforme-cart-button
Data Attributes
data-payforme-gateway-id
JS Globals
payforme_gateway_params
Shortcode Output
[payforme_checkout_button][payforme_cart_button]
FAQ

Frequently Asked Questions about Payforme for WooCommerce