WP-Safety

Payment Page | Payment Form for Stripe Security & Risk Analysis

wordpress.org/plugins/payment-page

Payment Page is an extremely easy way to accept online payments. Connect your payment gateway, choose a template, and you're ready to go!

200 active installs v1.4.8 PHP 7.1+ WP 5.1+ Updated Feb 19, 2026
formpaymentrecurringstripesubscriptions
99
A · Safe
CVEs total1
Unpatched0
Last CVEFeb 13, 2026
Plugin page Download
Safety Verdict

Is Payment Page | Payment Form for Stripe Safe to Use in 2026?

Generally Safe

Score 99/100

Payment Page | Payment Form for Stripe has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Feb 13, 2026Updated 1mo ago
Risk Assessment

The plugin "payment-page" v1.4.8 demonstrates a generally strong security posture, characterized by diligent use of prepared statements for all SQL queries and a high percentage of properly escaped output. The limited attack surface, with all identified entry points (AJAX handlers, shortcodes) appearing to be protected by authentication checks or permission callbacks, is a significant strength. The absence of critical or high-severity taint analysis findings further reinforces this positive outlook, indicating that the plugin likely handles user input securely in its core functionality.

However, a past medium-severity Cross-Site Scripting (XSS) vulnerability, though currently unpatched, is a notable concern. While the latest version is not explicitly stated as vulnerable to this historical issue, the pattern suggests a potential area for code review. The presence of bundled libraries, specifically Freemius v1.0 and Select2, also warrants attention. While their specific versions are provided, their security status in relation to "payment-page" v1.4.8 would ideally be confirmed, as outdated bundled libraries can introduce vulnerabilities. The plugin's relatively small number of nonce checks (2) compared to its total entry points (3) is a minor point to note, though in this specific case, the entry points seem to be otherwise secured.

In conclusion, "payment-page" v1.4.8 presents a good foundation for security, with excellent data handling practices. The primary area of caution stems from its vulnerability history, specifically the past XSS issue, and the potential for issues within its bundled libraries. Continued vigilance in patching and keeping dependencies updated will be crucial for maintaining its security.

Key Concerns

  • Past medium severity XSS vulnerability (currently unpatched)
  • Bundled library (Freemius v1.0) may be outdated
  • Bundled library (Select2) may be outdated
Vulnerabilities
1

Payment Page | Payment Form for Stripe Security Vulnerabilities

CVEs by Year

1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2026-0751medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Payment Page | Payment Form for Stripe <= 1.4.6 - Authenticated (Author+) Stored Cross-Site Scripting via 'pricing_plan_select_text_font_family' Parameter

Feb 13, 2026 Patched in 1.4.7 (11d)
Code Analysis
Analyzed Mar 16, 2026

Payment Page | Payment Form for Stripe Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
16 prepared
Unescaped Output
47
395 escaped
Nonce Checks
2
Capability Checks
35
File Operations
4
External Requests
11
Bundled Libraries
2

Bundled Libraries

Freemius1.0Select2

SQL Query Safety

100% prepared16 total queries

Output Escaping

89% escaped442 total outputs
Data Flows
All sanitized

Data Flow Analysis

3 flows
migrate_single (app\Migration\Admin.php:178)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Payment Page | Payment Form for Stripe Attack Surface

Entry Points3
Unprotected0

AJAX Handlers 1

authwp_ajax_payment_page_migration_handlerapp\Migration\Admin.php:13

Shortcodes 2

[payment-page-success-details] app\ShortCodes.php:15
[payment-page-payment-form] app\ShortCodes.php:16
WordPress Hooks 39
actionadmin_noticesapp\AdminController.php:33
actionadmin_menuapp\AdminController.php:36
filterdisplay_post_statesapp\AdminController.php:37
actionadmin_enqueue_scriptsapp\AdminController.php:40
actioninitapp\AdminController.php:44
actioninitapp\AdminController.php:50
actioninitapp\AdminController.php:152
actionwp_enqueue_scriptsapp\Controller.php:51
actionadmin_bar_menuapp\Controller.php:52
filtertemplate_includeapp\Controller.php:53
actioninitapp\Controller.php:59
actionadmin_initapp\Migration\Admin.php:16
actionadmin_menuapp\Migration\Admin.php:17
actioninitapp\Migration\Admin.php:19
actionadmin_noticesapp\Migration\Admin.php:39
actionload-edit.phpapp\PostTypes\Form.php:14
filterreplace_editorapp\PostTypes\Form.php:15
actionsave_postapp\PostTypes\Form.php:18
actionadmin_enqueue_scriptsapp\PostTypes\Form.php:89
actioninitapp\PostTypes.php:33
actionelementor/controls/controls_registeredapp\ThirdPartyIntegration\Elementor.php:34
actionelementor/widgets/widgets_registeredapp\ThirdPartyIntegration\Elementor.php:35
actionelementor/elements/categories_registeredapp\ThirdPartyIntegration\Elementor.php:36
filterplugin_iconapp\ThirdPartyIntegration\Freemius.php:37
actionplugins_loadedpayment-page.php:34
actionplugins_loadedpayment-page.php:37
actionrest_api_initpayment-page.php:41
filtersite_status_testspayment-page.php:44
filterscreen_options_show_screentemplates\admin\payment-form-add.php:14
actionadmin_footertemplates\admin\payment-form-add.php:28
actionadmin_footertemplates\admin\payment-form-add.php:38
actionedit_form_after_titletemplates\admin\payment-form-add.php:84
actionadmin_footertemplates\admin\payment-form-add.php:103
filterscreen_options_show_screentemplates\admin\payment-form-edit.php:9
actionadmin_footertemplates\admin\payment-form-edit.php:28
actionadmin_footertemplates\admin\payment-form-edit.php:38
actionedit_form_after_titletemplates\admin\payment-form-edit.php:84
actionadmin_footertemplates\admin\payment-form-edit.php:103
filterwp_untrash_post_statustemplates\admin\payment-form-list.php:152
Maintenance & Trust

Payment Page | Payment Form for Stripe Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 19, 2026
PHP min version7.1
Downloads18K

Community Trust

Rating100/100
Number of ratings23
Active installs200
Alternatives

Payment Page | Payment Form for Stripe Alternatives

Mollie Forms

Mollie Forms

mollie-forms

A
96

Create registration forms with payment methods of Mollie. One-time and recurring payments are possible.

3K 4 CVEs
Memberful – Membership Plugin

Memberful – Membership Plugin

memberful-wp

A
97

Sell memberships and restrict access to content with WordPress and Memberful.

1K 3 CVEs
CashFlow Subscriptions

CashFlow Subscriptions

cashflow-subscriptions

A
100

Simple, modern Stripe subscriptions for WordPress. Create paywalls, manage members, and restrict content without WooCommerce or heavy plugins.

10 No CVEs
Chargely Free Subscriptions For Woocommernce

Chargely Free Subscriptions For Woocommernce

chargely-free-subscriptions-for-woocommerce

A
85

Start your Subscription Business in minutes with Chargely. Chargely provides PCI Certified Payment page for your card processing. So that you don't need a PCI Certification.

0 No CVEs
WE Subscription

WE Subscription

we-subscription

A
100

Sell your simple and variable products with recurring payments without bloat.

0 No CVEs
Developer Profile

Payment Page | Payment Form for Stripe Developer Profile

Brandon Ernst

7 plugins · 11K total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
11 days
View full developer profile
Detection Fingerprints

How We Detect Payment Page | Payment Form for Stripe

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/payment-page/interface/css/style.css/wp-content/plugins/payment-page/interface/js/script.js/wp-content/plugins/payment-page/interface/js/payment-form.js/wp-content/plugins/payment-page/interface/js/script.js/wp-content/plugins/payment-page/interface/css/payment-form.css/wp-content/plugins/payment-page/app/ThirdPartyIntegration/Elementor/assets/css/payment-form-editor.css/wp-content/plugins/payment-page/app/ThirdPartyIntegration/Elementor/assets/js/payment-form-editor.js
Script Paths
/wp-content/plugins/payment-page/interface/js/script.js/wp-content/plugins/payment-page/interface/js/payment-form.js/wp-content/plugins/payment-page/app/ThirdPartyIntegration/Elementor/assets/js/payment-form-editor.js
Version Parameters
payment-page/interface/css/style.css?ver=payment-page/interface/js/script.js?ver=payment-page/interface/js/payment-form.js?ver=payment-page/app/ThirdPartyIntegration/Elementor/assets/css/payment-form-editor.css?ver=payment-page/app/ThirdPartyIntegration/Elementor/assets/js/payment-form-editor.js?ver=

HTML / DOM Fingerprints

CSS Classes
payment-formpayment-page-notification-container
Data Attributes
data-payment-form
JS Globals
payment_page_dataPAYMENT_PAGE_ALIASPAYMENT_PAGE_PREFIXpayment_page_content_allowed_html_tags
REST Endpoints
/wp-json/payment-page-admin/v1/get-templates/wp-json/payment-page-admin/v1/get-form-templates
Shortcode Output
[payment_form
FAQ

Frequently Asked Questions about Payment Page | Payment Form for Stripe