Does Payment Forms for Paystack have any unpatched vulnerabilities?

No. All known vulnerabilities in Payment Forms for Paystack have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Payment Forms for Paystack compatible with WordPress 6.8.5?

According to WordPress.org data, Payment Forms for Paystack 4.0.5 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Payment Forms for Paystack compatible with PHP 7.4+?

Payment Forms for Paystack requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Payment Forms for Paystack updated?

Payment Forms for Paystack was last updated on Aug 6, 2025. Frequent updates are generally a positive security signal.

What is Payment Forms for Paystack's security score?

Payment Forms for Paystack has a WP-Safety security score of 97/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Payment Forms for Paystack Security & Risk Analysis

wordpress.org/plugins/payment-forms-for-paystack

Create forms with multiple input fields and have your users pay before submission. Form submission results are available on your dashboard.

3K active installs v4.0.5 PHP 7.4+ WP 5.0+ Updated Aug 6, 2025

donationformspaymentspaystackrecurrent-payments

A · Safe

CVEs total3

Unpatched0

Last CVEApr 9, 2025

Plugin page Download

Safety Verdict

Is Payment Forms for Paystack Safe to Use in 2026?

Generally Safe

Score 97/100

Payment Forms for Paystack has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Apr 9, 2025Updated 8mo ago

Risk Assessment

The "payment-forms-for-paystack" v4.0.5 plugin exhibits a mixed security posture. While it demonstrates good practices in several areas, such as using prepared statements for all SQL queries and a high percentage of properly escaped output, there are notable concerns. The presence of two AJAX handlers without authentication checks represents a significant attack vector, as does the taint analysis revealing two flows with unsanitized paths, specifically flagged as high severity.

The vulnerability history shows a pattern of past medium-severity issues, including Cross-site Scripting and SQL Injection. Although there are currently no unpatched CVEs, this history suggests a potential for recurring vulnerabilities if not diligently addressed. The existence of past vulnerabilities in these common areas, combined with the current taint analysis findings and unprotected AJAX endpoints, elevates the risk profile.

In conclusion, the plugin has strengths in its database interaction and output sanitization. However, the unprotected entry points and high-severity taint flows are critical weaknesses that require immediate attention. The past vulnerability trends also indicate a need for ongoing vigilance and robust security testing. Overall, while not critically flawed, the plugin has exploitable weaknesses that temper its security.

Key Concerns

Unprotected AJAX handlers
High severity taint flows with unsanitized paths
Past medium severity vulnerabilities (XSS, SQLi)

Vulnerabilities

Payment Forms for Paystack Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

2 CVEs in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

3 total CVEs

CVE-2024-10894medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Payment Forms for Paystack <= 4.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Apr 9, 2025 Patched in 4.0.3 (21d)

CVE-2025-22652medium · 4.9Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Payment Forms for Paystack <= 4.0.1 - Authenticated (Administrator+) SQL Injection

Feb 3, 2025 Patched in 4.0.2 (80d)

CVE-2023-5665medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Payment Forms for Paystack <= 3.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Feb 7, 2024 Patched in 4.0.0 (255d)

Code Analysis

Analyzed Mar 16, 2026

Payment Forms for Paystack Code Analysis

Dangerous Functions

Raw SQL Queries

36 prepared

Unescaped Output

274 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

TinyMCE

SQL Query Safety

100% prepared36 total queries

Output Escaping

94% escaped290 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

5 flows2 with unsanitized paths

confirm_payment (includes\classes\class-confirm-payment.php:119)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Payment Forms for Paystack Attack Surface

Entry Points15

Unprotected2

AJAX Handlers 6

authwp_ajax_pff_paystack_confirm_paymentincludes\classes\class-confirm-payment.php:95

noprivwp_ajax_pff_paystack_confirm_paymentincludes\classes\class-confirm-payment.php:96

authwp_ajax_pff_paystack_submit_actionincludes\classes\class-form-submit.php:87

noprivwp_ajax_pff_paystack_submit_actionincludes\classes\class-form-submit.php:88

authwp_ajax_pff_paystack_retry_actionincludes\classes\class-retry-submit.php:65

noprivwp_ajax_pff_paystack_retry_actionincludes\classes\class-retry-submit.php:66

Shortcodes 9

[text] includes\classes\class-field-shortcodes.php:22

[textarea] includes\classes\class-field-shortcodes.php:23

[input] includes\classes\class-field-shortcodes.php:24

[checkbox] includes\classes\class-field-shortcodes.php:25

[radio] includes\classes\class-field-shortcodes.php:26

[select] includes\classes\class-field-shortcodes.php:27

[datepicker] includes\classes\class-field-shortcodes.php:28

[paystack_form] includes\classes\class-form-shortcode.php:88

[pff-paystack] includes\classes\class-form-shortcode.php:89

WordPress Hooks 28

actionpff_paystack_send_invoiceincludes\classes\class-email-invoice.php:37

actionpff_paystack_send_receipt_ownerincludes\classes\class-email-receipt-owner.php:44

actionpff_paystack_send_receiptincludes\classes\class-email-receipt.php:51

filterpage_row_actionsincludes\classes\class-forms-list.php:23

filtermanage_edit-paystack_form_columnsincludes\classes\class-forms-list.php:24

actionmanage_paystack_form_posts_custom_columnincludes\classes\class-forms-list.php:25

actionadmin_headincludes\classes\class-forms-update.php:59

filteradmin_headincludes\classes\class-forms-update.php:60

filterdefault_contentincludes\classes\class-forms-update.php:63

actionedit_form_after_titleincludes\classes\class-forms-update.php:66

actionadd_meta_boxesincludes\classes\class-forms-update.php:67

actionsave_postincludes\classes\class-forms-update.php:70

filteruser_can_richeditincludes\classes\class-forms-update.php:113

filterquicktags_settingsincludes\classes\class-forms-update.php:114

actionadmin_print_footer_scriptsincludes\classes\class-forms-update.php:119

actionadmin_menuincludes\classes\class-settings.php:81

actionadmin_menuincludes\classes\class-settings.php:82

actioninitincludes\classes\class-setup.php:23

actionplugins_loadedincludes\classes\class-setup.php:24

actionadmin_enqueue_scriptsincludes\classes\class-setup.php:26

actionadmin_enqueue_scriptsincludes\classes\class-setup.php:27

actionwp_enqueue_scriptsincludes\classes\class-setup.php:29

actionwp_enqueue_scriptsincludes\classes\class-setup.php:30

actionadmin_menuincludes\classes\class-submissions.php:17

actionadmin_post_pff_paystack_export_excelincludes\classes\class-submissions.php:18

actioninitincludes\classes\class-tinymce-plugin.php:30

filtermce_external_pluginsincludes\classes\class-tinymce-plugin.php:51

filtermce_buttonsincludes\classes\class-tinymce-plugin.php:52

Maintenance & Trust

Payment Forms for Paystack Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedAug 6, 2025

PHP min version7.4

Downloads119K

Community Trust

Rating76/100

Number of ratings9

Active installs3K

Alternatives

Payment Forms for Paystack Alternatives

Better Payment – Instant Payments, Donations, Fundraising with Subscriptions & More

better-payment

100

Better Payment allows you to automate payment transactions to manage payments, donations, subscriptions, sell products, etc on your Elementor website.

6K No CVEs

Paystack Gateway for Sprout Invoices

paystack-sprout-invoices

100

Pay with Paystack on Sprout Invoices

30 No CVEs

Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions

wp-full-stripe-free

🚀 Create Stripe payment forms for WordPress. Accept credit cards, Apple Pay, donations, subscriptions & more. Easy setup, no coding needed!

10K 5 CVEs

Mollie Forms

mollie-forms

Create registration forms with payment methods of Mollie. One-time and recurring payments are possible.

3K 4 CVEs

Paytium: Mollie payment forms & donations

paytium

Mollie forms for payments and donations. With iDEAL | WERO , PayPal, Credit/Debet cards, subscriptions and recurring payments!

3K 13 CVEs

Developer Profile

Payment Forms for Paystack Developer Profile

kendysond

1 plugin · 3K total installs

trust score

Avg Security Score

97/100

Avg Patch Time

119 days

View full developer profile

Detection Fingerprints

How We Detect Payment Forms for Paystack

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/payment-forms-for-paystack/assets/css/frontend.css/wp-content/plugins/payment-forms-for-paystack/assets/js/frontend.js/wp-content/plugins/payment-forms-for-paystack/assets/css/paystack-forms-admin.css/wp-content/plugins/payment-forms-for-paystack/assets/js/paystack-forms-admin.js

Script Paths

/wp-content/plugins/payment-forms-for-paystack/assets/js/frontend.js/wp-content/plugins/payment-forms-for-paystack/assets/js/paystack-forms-admin.js

Version Parameters

payment-forms-for-paystack/assets/css/frontend.css?ver=payment-forms-for-paystack/assets/js/frontend.js?ver=payment-forms-for-paystack/assets/css/paystack-forms-admin.css?ver=payment-forms-for-paystack/assets/js/paystack-forms-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

pff-paystack-formpaystack-form-wrapperpff-form-field

HTML Comments

If this file is called directly, abort.The email template all of the email will extend from.The email templateThis is for an email and cant run with wp_enqueue_scripts()+6 more

Data Attributes

data-paystack-form-id

JS Globals

pff_paystack

FAQ