Does Payment Gateway of Stripe for WooCommerce have any unpatched vulnerabilities?

No. All known vulnerabilities in Payment Gateway of Stripe for WooCommerce have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Payment Gateway of Stripe for WooCommerce compatible with WordPress 6.9.4?

According to WordPress.org data, Payment Gateway of Stripe for WooCommerce 5.0.7 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Payment Gateway of Stripe for WooCommerce compatible with PHP 5.6+?

Payment Gateway of Stripe for WooCommerce requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Payment Gateway of Stripe for WooCommerce updated?

Payment Gateway of Stripe for WooCommerce was last updated on Jan 6, 2026. Frequent updates are generally a positive security signal.

What is Payment Gateway of Stripe for WooCommerce's security score?

Payment Gateway of Stripe for WooCommerce has a WP-Safety security score of 96/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Payment Gateway of Stripe for WooCommerce Security & Risk Analysis

wordpress.org/plugins/payment-gateway-stripe-and-woocommerce-integration

Integrate Stripe Payment Gateway in WooCommerce and accept cards, Google Pay, Apple Pay, Klarna, Alipay, and more with seamless, secure checkout.

9K active installs v5.0.7 PHP 5.6+ WP 5.6+ Updated Jan 6, 2026

apple-paycredit-cardgoogle-paystripe-checkoutstripe-payments

A · Safe

CVEs total4

Unpatched0

Last CVEJan 18, 2024

Plugin page Download

Safety Verdict

Is Payment Gateway of Stripe for WooCommerce Safe to Use in 2026?

Generally Safe

Score 96/100

Payment Gateway of Stripe for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

4 known CVEsLast CVE: Jan 18, 2024Updated 2mo ago

Risk Assessment

The "payment-gateway-stripe-and-woocommerce-integration" plugin v5.0.7 exhibits a concerning security posture despite some positive indicators. While the plugin demonstrates good practices in SQL query sanitization and output escaping, the significant number of AJAX handlers (15 total, 14 without authentication checks) presents a substantial attack surface. The taint analysis revealed one high-severity flow, indicating a potential vulnerability that requires immediate attention. The plugin's vulnerability history is particularly alarming, with a total of 4 known CVEs, including 2 critical and 2 medium severity issues. The types of past vulnerabilities, such as SQL Injection, Missing Authorization, Authentication Bypass, and Cross-site Scripting, suggest recurring weaknesses in input validation and access control. The fact that there are no currently unpatched vulnerabilities is a positive sign, but the historical pattern of critical and diverse vulnerability types points to a history of significant security flaws.

In conclusion, while the plugin benefits from robust SQL and output handling, the vast majority of its AJAX endpoints lack proper authentication, creating a prime target for attackers. The high-severity taint flow and the historical pattern of critical vulnerabilities strongly suggest that this plugin has been and may continue to be a source of significant security risks if not meticulously managed and updated. Users should exercise extreme caution and prioritize updates and monitoring for this plugin.

Key Concerns

14 AJAX handlers without auth checks
1 High severity taint flow
2 Critical severity CVEs historically
2 Medium severity CVEs historically
History of SQL Injection vulnerabilities
History of Missing Authorization vulnerabilities
History of Authentication Bypass vulnerabilities
History of Cross-site Scripting vulnerabilities
Only 2 capability checks for 15 entry points
7 Flows with unsanitized paths

Vulnerabilities

Payment Gateway of Stripe for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2021

2021

2 CVEs in 2023

2023

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

Critical

Medium

4 total CVEs

CVE-2024-0705critical · 9.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Stripe Payment Plugin for WooCommerce <= 3.7.9 - Unauthenticated SQL Injection

Jan 18, 2024 Patched in 3.8.0 (194d)

CVE-2023-4040medium · 5.3Missing Authorization

Stripe Payment Plugin for WooCommerce <= 3.7.9 - Missing Authorization to Arbitrary Order Status Modification

Aug 17, 2023 Patched in 3.8.0 (159d)

CVE-2023-3162critical · 9.8Authentication Bypass Using an Alternate Path or Channel

Stripe Payment Plugin for WooCommerce <= 3.7.7 - Authentication Bypass

Aug 1, 2023 Patched in 3.7.8 (175d)

WF-bb545a42-6c66-412b-a686-e486b0a58dc5-payment-gateway-stripe-and-woocommerce-integrationmedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Stripe Payment Plugin for WooCommerce <= 3.5.9 - Reflected Cross-Site Scripting

Jun 7, 2021 Patched in 3.6.0 (960d)

Code Analysis

Analyzed Mar 16, 2026

Payment Gateway of Stripe for WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

24 prepared

Unescaped Output

712 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Stripe PHP

SQL Query Safety

100% prepared24 total queries

Output Escaping

99% escaped722 total outputs

Data Flows

7 unsanitized

Data Flow Analysis

14 flows7 with unsanitized paths

eh_stripe_menu_page (includes\admin\class-stripe-admin-handler.php:197)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

14 unprotected

Payment Gateway of Stripe for WooCommerce Attack Surface

Entry Points15

Unprotected14

AJAX Handlers 15

authwp_ajax_wtst_oauth_connect_laterincludes\admin\class-stripe-admin-handler.php:25

authwp_ajax_wtst_oauth_disconnectincludes\admin\class-stripe-admin-handler.php:26

authwp_ajax_wtst_dismiss_oauth_noticeincludes\admin\class-stripe-admin-handler.php:27

authwp_ajax_wtst_dismiss_sofort_noticeincludes\admin\class-stripe-admin-handler.php:28

authwp_ajax_eh_spg_order_ajax_table_dataincludes\stripe-overview\class-overview-table-data.php:584

authwp_ajax_eh_spg_stripe_ajax_table_dataincludes\stripe-overview\class-overview-table-data.php:597

authwp_ajax_eh_spg_stripe_refund_paymentincludes\stripe-overview\class-stripe-overview.php:10

authwp_ajax_eh_spg_capture_paymentincludes\stripe-overview\class-stripe-overview.php:11

authwp_ajax_eh_spg_refund_paymentincludes\stripe-overview\class-stripe-overview.php:12

authwp_ajax_eh_spg_analyticsincludes\stripe-overview\include-ajax-functions.php:274

authwp_ajax_eh_order_display_countincludes\stripe-overview\include-ajax-functions.php:275

authwp_ajax_eh_stripe_display_countincludes\stripe-overview\include-ajax-functions.php:276

authwp_ajax_eh_order_status_updateincludes\stripe-overview\include-ajax-functions.php:277

authwp_ajax_eh_spg_get_all_orderincludes\stripe-overview\include-ajax-functions.php:278

authwp_ajax_eh_spg_get_all_stripeincludes\stripe-overview\include-ajax-functions.php:279

WordPress Hooks 108

actionadmin_enqueue_scriptsincludes\admin\banner\class-wtst-bfcm-twenty-twenty-four.php:31

actionadmin_noticesincludes\admin\banner\class-wtst-bfcm-twenty-twenty-four.php:34

actioninitincludes\admin\class-stripe-admin-handler.php:18

actionadmin_menuincludes\admin\class-stripe-admin-handler.php:19

filterwoocommerce_screen_idsincludes\admin\class-stripe-admin-handler.php:20

actionadmin_enqueue_scriptsincludes\admin\class-stripe-admin-handler.php:21

actionadmin_noticesincludes\admin\class-stripe-admin-handler.php:22

actionafter_plugin_row_payment-gateway-stripe-and-woocommerce-integration/payment-gateway-stripe-and-woocommerce-integration.phpincludes\admin\class-stripe-admin-handler.php:29

actionin_plugin_update_message-payment-gateway-stripe-and-woocommerce-integration/payment-gateway-stripe-and-woocommerce-integration.phpincludes\admin\class-stripe-admin-handler.php:31

actioninitincludes\admin\class-stripe-admin-handler.php:34

actionadmin_print_footer_scriptsincludes\admin\class-stripe-admin-handler.php:1549

actionadmin_noticesincludes\admin\class-wt-promotion-banner.php:24

actionadmin_print_footer_scriptsincludes\admin\class-wt-promotion-banner.php:27

actionwp_enqueue_scriptsincludes\class-gateway-stripe-alipay.php:45

actionwoocommerce_api_eh_alipay_stripe_gatewayincludes\class-gateway-stripe-alipay.php:47

actionwp_enqueue_scriptsincludes\class-stripe-affirm.php:50

actionwoocommerce_api_eh_affirmincludes\class-stripe-affirm.php:51

actionwp_enqueue_scriptsincludes\class-stripe-afterpay.php:50

actionwoocommerce_api_eh_afterpayincludes\class-stripe-afterpay.php:51

actionwp_enqueue_scriptsincludes\class-stripe-api.php:86

filterwoocommerce_payment_successful_resultincludes\class-stripe-api.php:89

actionbefore_woocommerce_payincludes\class-stripe-api.php:91

actionset_logged_in_cookieincludes\class-stripe-api.php:92

actionadmin_enqueue_scriptsincludes\class-stripe-api.php:94

filterwoocommerce_checkout_show_termsincludes\class-stripe-api.php:1434

filterwoocommerce_pay_order_button_htmlincludes\class-stripe-api.php:1435

filterwoocommerce_available_payment_gatewaysincludes\class-stripe-api.php:1436

filterwoocommerce_no_available_payment_methods_messageincludes\class-stripe-api.php:1437

actionwoocommerce_pay_order_after_submitincludes\class-stripe-api.php:1438

actionwp_enqueue_scriptsincludes\class-stripe-bacs.php:46

actionwoocommerce_api_eh_bacsincludes\class-stripe-bacs.php:48

actionset_logged_in_cookieincludes\class-stripe-bacs.php:51

actionwp_enqueue_scriptsincludes\class-stripe-bancontact.php:51

actionwoocommerce_api_eh_bancontactincludes\class-stripe-bancontact.php:54

actionwp_enqueue_scriptsincludes\class-stripe-becs.php:59

actionwoocommerce_api_eh_becsincludes\class-stripe-becs.php:61

filterwoocommerce_payment_successful_resultincludes\class-stripe-becs.php:63

actionwoocommerce_available_payment_gatewaysincludes\class-stripe-becs.php:64

actionwp_enqueue_scriptsincludes\class-stripe-boleto.php:50

actionwoocommerce_api_eh_boletoincludes\class-stripe-boleto.php:51

filterwoocommerce_payment_successful_resultincludes\class-stripe-boleto.php:52

actionwoocommerce_available_payment_gatewaysincludes\class-stripe-boleto.php:53

actionwp_enqueue_scriptsincludes\class-stripe-checkout.php:50

actionset_logged_in_cookieincludes\class-stripe-checkout.php:54

actionwoocommerce_api_eh_stripe_checkoutincludes\class-stripe-checkout.php:56

actionwp_enqueue_scriptsincludes\class-stripe-eps.php:51

actionwoocommerce_api_eh_epsincludes\class-stripe-eps.php:54

actionwp_enqueue_scriptsincludes\class-stripe-fpx.php:52

actionwoocommerce_api_eh_fpxincludes\class-stripe-fpx.php:54

filterwoocommerce_payment_successful_resultincludes\class-stripe-fpx.php:56

actionwoocommerce_available_payment_gatewaysincludes\class-stripe-fpx.php:57

actionwp_enqueue_scriptsincludes\class-stripe-giropay.php:50

actionwoocommerce_api_eh_giropayincludes\class-stripe-giropay.php:51

actionwp_enqueue_scriptsincludes\class-stripe-grabpay.php:52

actionwoocommerce_api_eh_grabpayincludes\class-stripe-grabpay.php:54

actionwp_enqueue_scriptsincludes\class-stripe-ideal.php:52

actionwoocommerce_api_eh_idealincludes\class-stripe-ideal.php:54

actionwoocommerce_available_payment_gatewaysincludes\class-stripe-ideal.php:55

filterwoocommerce_payment_successful_resultincludes\class-stripe-ideal.php:56

actionwc_ajax_eh_stripe_verify_payment_intentincludes\class-stripe-intent-manager.php:11

actionwp_enqueue_scriptsincludes\class-stripe-klarna.php:51

actionwoocommerce_api_eh_klarna_gatewayincludes\class-stripe-klarna.php:53

actionwp_enqueue_scriptsincludes\class-stripe-multibanco.php:51

actionwoocommerce_api_eh_multibancoincludes\class-stripe-multibanco.php:54

actionwoocommerce_api_wt_stripe_oauth_updateincludes\class-stripe-oauth.php:18

actioneh_stripe_refresh_oauth_tokenincludes\class-stripe-oauth.php:19

actioninitincludes\class-stripe-oauth.php:20

actionwp_enqueue_scriptsincludes\class-stripe-oxxo.php:50

actionwoocommerce_api_eh_oxxoincludes\class-stripe-oxxo.php:51

filterwoocommerce_payment_successful_resultincludes\class-stripe-oxxo.php:52

actionwoocommerce_available_payment_gatewaysincludes\class-stripe-oxxo.php:53

actionwp_enqueue_scriptsincludes\class-stripe-p24.php:51

actionwoocommerce_api_eh_p24includes\class-stripe-p24.php:54

actionwoocommerce_proceed_to_checkoutincludes\class-stripe-payment-request-button.php:35

actionwoocommerce_before_checkout_formincludes\class-stripe-payment-request-button.php:38

actionwoocommerce_before_add_to_cart_buttonincludes\class-stripe-payment-request-button.php:39

actionwoocommerce_review_order_after_submitincludes\class-stripe-payment-request-button.php:41

actionwoocommerce_after_add_to_cart_buttonincludes\class-stripe-payment-request-button.php:42

actionwp_enqueue_scriptsincludes\class-stripe-payment-request-button.php:49

actionwc_ajax_eh_spg_payment_request_get_shippingsincludes\class-stripe-payment-request-button.php:51

actionwc_ajax_eh_spg_payment_request_update_shippingsincludes\class-stripe-payment-request-button.php:52

actionwc_ajax_eh_spg_gen_payment_request_create_orderincludes\class-stripe-payment-request-button.php:53

actionwc_ajax_eh_spg_add_to_cartincludes\class-stripe-payment-request-button.php:54

actiontemplate_redirectincludes\class-stripe-payment-request-button.php:55

filterwt_stripe_gateway_availableincludes\class-stripe-payment-request-button.php:412

actionwp_enqueue_scriptsincludes\class-stripe-sepa-pay.php:61

actionwoocommerce_api_wt_stripeincludes\class-stripe-sepa-pay.php:63

actionwp_enqueue_scriptsincludes\class-stripe-wechat.php:51

actionwoocommerce_api_eh_wechatincludes\class-stripe-wechat.php:52

actionwoocommerce_review_order_after_paymentincludes\class-stripe-wechat.php:53

filterwoocommerce_available_payment_gatewaysincludes\class-stripe-wechat.php:55

actionadmin_headincludes\stripe-overview\class-overview-table-data.php:757

actionadmin_footerincludes\stripe-overview\class-overview-table-data.php:758

actionadmin_menuincludes\stripe-overview\class-stripe-overview.php:9

actionadmin_initincludes\stripe-overview\class-stripe-overview.php:304

actionwp_default_scriptsincludes\stripe-overview\class-stripe-overview.php:308

actionplugins_loadedpayment-gateway-stripe-and-woocommerce-integration.php:67

actionadmin_noticespayment-gateway-stripe-and-woocommerce-integration.php:90

filtergettextpayment-gateway-stripe-and-woocommerce-integration.php:96

actioninitpayment-gateway-stripe-and-woocommerce-integration.php:136

actionwc_ajax_eh_spg_gen_payment_request_button_cartpayment-gateway-stripe-and-woocommerce-integration.php:142

filterwoocommerce_payment_gatewayspayment-gateway-stripe-and-woocommerce-integration.php:220

actionwp_enqueue_scriptspayment-gateway-stripe-and-woocommerce-integration.php:251

actionwoocommerce_order_actionspayment-gateway-stripe-and-woocommerce-integration.php:304

actionwoocommerce_order_action_eh_stripe_capturepayment-gateway-stripe-and-woocommerce-integration.php:323

actionadmin_print_footer_scriptspayment-gateway-stripe-and-woocommerce-integration.php:394

actionin_plugin_update_message-payment-gateway-stripe-and-woocommerce-integration/payment-gateway-stripe-and-woocommerce-integration.phppayment-gateway-stripe-and-woocommerce-integration.php:405

actionbefore_woocommerce_initpayment-gateway-stripe-and-woocommerce-integration.php:426

Maintenance & Trust

Payment Gateway of Stripe for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 6, 2026

PHP min version5.6

Downloads558K

Community Trust

Rating88/100

Number of ratings65

Active installs9K

Alternatives

Payment Gateway of Stripe for WooCommerce Alternatives

WooPayments: Integrated WooCommerce Payments

woocommerce-payments

Securely accept credit and debit cards on your WooCommerce store. Manage payments without leaving your WordPress dashboard. Only with WooPayments.

900K 6 CVEs

Payment Plugins for Stripe WooCommerce

woo-stripe-payment

100

Accept Credit Cards, Google Pay, ApplePay, Afterpay, Affirm, ACH, Klarna, iDEAL and more all in one plugin for free!

100K No CVEs

Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions

wp-full-stripe-free

🚀 Create Stripe payment forms for WordPress. Accept credit cards, Apple Pay, donations, subscriptions & more. Easy setup, no coding needed!

10K 5 CVEs

Stripe Payment Forms by WP Simple Pay – Accept Credit Card Payments + Subscriptions with Stripe

stripe

100

🤩 Accept Stripe payments and recurring subscriptions on your WordPress using WP Simple Pay, the best Stripe payments plugin! 🚀

9K No CVEs

Sola Payment Gateway for WooCommerce

woo-cardknox-gateway

100

Accept payments with the Sola gateway.

700 No CVEs

Developer Profile

Payment Gateway of Stripe for WooCommerce Developer Profile

ThemeHigh

16 plugins · 579K total installs

trust score

Avg Security Score

97/100

Avg Patch Time

245 days

View full developer profile

Detection Fingerprints

How We Detect Payment Gateway of Stripe for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/payment-gateway-stripe-and-woocommerce-integration/assets/js/admin/admin.js/wp-content/plugins/payment-gateway-stripe-and-woocommerce-integration/assets/css/frontend.css/wp-content/plugins/payment-gateway-stripe-and-woocommerce-integration/assets/js/frontend/frontend.js/wp-content/plugins/payment-gateway-stripe-and-woocommerce-integration/assets/js/admin/settings.js/wp-content/plugins/payment-gateway-stripe-and-woocommerce-integration/assets/css/admin.css/wp-content/plugins/payment-gateway-stripe-and-woocommerce-integration/assets/js/admin/payment-request-button.js

Script Paths

Version Parameters

/wp-content/plugins/payment-gateway-stripe-and-woocommerce-integration/assets/js/admin/admin.js?ver=/wp-content/plugins/payment-gateway-stripe-and-woocommerce-integration/assets/css/frontend.css?ver=/wp-content/plugins/payment-gateway-stripe-and-woocommerce-integration/assets/js/frontend/frontend.js?ver=/wp-content/plugins/payment-gateway-stripe-and-woocommerce-integration/assets/js/admin/settings.js?ver=/wp-content/plugins/payment-gateway-stripe-and-woocommerce-integration/assets/css/admin.css?ver=/wp-content/plugins/payment-gateway-stripe-and-woocommerce-integration/assets/js/admin/payment-request-button.js?ver=

HTML / DOM Fingerprints

CSS Classes

eh-stripe-deactivate-linkeh-stripe-wc-notice

HTML Comments

JS Globals

EH_STRIPE_MAIN_URL_PATHEH_STRIPE_MAIN_PATHEH_STRIPE_VERSIONEH_STRIPE_MAIN_FILEEH_STRIPE_INSTALLED_VERSIONEH_STRIPE_PLUGIN_NAME+2 more

REST Endpoints

/wp-json/wt-stripe/v1/

FAQ