WP-Safety

Paytium: Mollie payment forms & donations Security & Risk Analysis

wordpress.org/plugins/paytium

Mollie forms for payments and donations. With iDEAL | WERO , PayPal, Credit/Debet cards, subscriptions and recurring payments!

3K active installs v5.0.2 PHP 7.4+ WP 6.2+ Updated Feb 24, 2026
credit-carddonationidealmolliewordpress-payment-forms
94
A · Safe
CVEs total13
Unpatched0
Last CVEJan 24, 2025
Plugin page Download
Safety Verdict

Is Paytium: Mollie payment forms & donations Safe to Use in 2026?

Generally Safe

Score 94/100

Paytium: Mollie payment forms & donations has a strong security track record. Known vulnerabilities have been patched promptly.

13 known CVEsLast CVE: Jan 24, 2025Updated 1mo ago
Risk Assessment

The "paytium" plugin v5.0.2 exhibits a mixed security posture. On the positive side, it demonstrates good practices in SQL query handling, utilizing prepared statements for all queries, and a high percentage of output escaping. It also includes a significant number of capability checks, suggesting an awareness of authorization mechanisms.

However, several areas raise significant concerns. The presence of 3 unprotected AJAX handlers within its substantial attack surface of 29 entry points is a critical weakness. Furthermore, the taint analysis revealed 6 flows with unsanitized paths, all classified as high severity. This, combined with 13 historical CVEs, particularly those related to exposure of sensitive information, missing authorization, and cross-site scripting, indicates a recurring pattern of security vulnerabilities. The plugin also uses the `unserialize` function 23 times, which is a known vector for deserialization vulnerabilities if not handled with extreme care.

In conclusion, while "paytium" v5.0.2 shows some strengths in its coding practices, the significant number of unprotected entry points, high-severity taint flows, and a history of common and severe vulnerability types collectively point to a substantial risk. The plugin requires immediate attention to address the identified weaknesses and mitigate potential exploitation.

Key Concerns

  • Unprotected AJAX handlers
  • High severity unsanitized taint flows
  • High number of historical CVEs
  • Use of unserialize function
  • Bundled Select2 library
  • Bundled TinyMCE library
Vulnerabilities
13

Paytium: Mollie payment forms & donations Security Vulnerabilities

CVEs by Year

1 CVE in 2020
2020
1 CVE in 2022
2022
8 CVEs in 2023
2023
2 CVEs in 2024
2024
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

High
2
Medium
11

13 total CVEs

CVE-2025-24552medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

Paytium <= 4.4.11 - Unauthenticated Full Path Disclosure

Jan 24, 2025 Patched in 4.4.12 (5d)
CVE-2024-51667medium · 4.3Missing Authorization

Paytium <= 4.4.10 - Missing Authorization

Nov 1, 2024 Patched in 4.4.11 (6d)
CVE-2024-25099medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Paytium: Mollie payment forms & donations <= 4.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

Feb 12, 2024 Patched in 4.4.3 (3d)
CVE-2023-7287medium · 5.4Missing Authorization

Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'pt_cancel_subscription'

Mar 6, 2023 Patched in 4.4 (590d)
CVE-2023-7288medium · 5.4Missing Authorization

Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'update_profile_preference'

Mar 6, 2023 Patched in 4.4 (590d)
CVE-2023-7289medium · 5.4Missing Authorization

Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'paytium_sw_save_api_keys'

Mar 6, 2023 Patched in 4.4 (590d)
CVE-2023-7290medium · 4.3Missing Authorization

Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'check_for_verified_profiles'

Mar 6, 2023 Patched in 4.4 (590d)
CVE-2023-7291high · 7.1Missing Authorization

Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'create_mollie_account'

Mar 6, 2023 Patched in 4.4 (590d)
CVE-2023-7292medium · 4.3Missing Authorization

Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'paytium_notice_dismiss'

Mar 6, 2023 Patched in 4.4 (590d)
CVE-2023-7293medium · 4.3Missing Authorization

Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'check_mollie_account_details'

Mar 6, 2023 Patched in 4.4 (590d)
CVE-2023-7294high · 7.1Missing Authorization

Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'create_mollie_profile'

Mar 6, 2023 Patched in 4.4 (590d)
CVE-2022-4042medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Paytium <= 4.3.6 - Authenticated (Admin+) Stored Cross-Site Scripting

Nov 30, 2022 Patched in 4.3.7 (419d)
WF-498c0080-ae5e-492b-b75f-6ce3227f3ca0-paytiummedium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Paytium <= 3.1.1 - Stored Cross-Site Scripting

May 12, 2020 Patched in 3.1.2 (1351d)
Code Analysis
Analyzed Mar 16, 2026

Paytium: Mollie payment forms & donations Code Analysis

Dangerous Functions
23
Raw SQL Queries
0
30 prepared
Unescaped Output
109
417 escaped
Nonce Checks
12
Capability Checks
46
File Operations
6
External Requests
1
Bundled Libraries
2

Dangerous Functions Found

unserialize$payments = unserialize(get_post_meta($payment->subscription_id, '_payments', true));admin\views\meta-boxes\subscription-details.php:14
unserialize$files = unserialize(get_post_meta($payment->id, '_pt-uploaded-files', true));admin\views\meta-boxes\uploaded-files.php:10
unserialize$payments = unserialize(get_post_meta($this->subscription_id, '_payments', true));includes\class-pt-payment.php:230
unserialize$payments = unserialize( get_post_meta( $pt_subscription_id, '_payments', true ) );includes\class-pt-payment.php:1170
unserialize$payments = unserialize( get_post_meta( $pt_subscription_id, '_payments', true ) );includes\class-pt-payment.php:1195
unserialize$payments = unserialize(get_post_meta($payment->subscription_id, '_payments', true));includes\class-pt-post-types.php:344
unserialize$paytium_item_limits = unserialize(get_option('paytium_item_limits'));includes\item-limit-functions.php:78
unserialize$paytium_item_limits = unserialize(get_option('paytium_item_limits'));includes\item-limit-functions.php:114
unserialize$paytium_notifications = unserialize(get_option('paytium_notifications'));includes\notification-functions.php:21
unserialize$paytium_notifications = unserialize( get_option( 'paytium_notifications' ) );includes\notification-functions.php:44
unserialize$paytium_notifications = unserialize(get_option('paytium_notifications'));includes\notification-functions.php:70
unserialize$paytium_notifications = get_option('paytium_notifications') ? unserialize(get_option('paytium_notifincludes\notification-functions.php:94
unserialize$paytium_payment_sources = unserialize($paytium_payment_sources);includes\payment-functions.php:414
unserialize$payments = unserialize(get_post_meta($subscription_id, '_payments',true));includes\payment-functions.php:634
unserialize$paytium_payment_sources = unserialize($paytium_payment_sources);includes\process-payment-functions.php:142
unserialize$paytium_item_limits = unserialize(get_option('paytium_item_limits'));includes\shortcodes.php:253
unserialize$paytium_item_limits = unserialize(get_option('paytium_item_limits'));includes\shortcodes.php:625
unserialize$paytium_item_limits = unserialize(get_option('paytium_item_limits'));includes\shortcodes.php:1574
unserialize$paytium_item_limits = unserialize(get_option('paytium_item_limits'));includes\shortcodes.php:1622
unserialize$paytium_item_limits = unserialize(get_option('paytium_item_limits'));includes\shortcodes.php:1875
unserialize$paytium_item_limits = unserialize(get_option('paytium_item_limits'));includes\shortcodes.php:2365
unserialize$paytium_item_limits = unserialize(get_option('paytium_item_limits'));includes\shortcodes.php:2578
unserialize$subscription_payments = unserialize(get_post_meta((int)$pt_subscription_id, '_payments', true));includes\webhook-url-functions.php:162

Bundled Libraries

Select2TinyMCE

SQL Query Safety

100% prepared30 total queries

Output Escaping

79% escaped526 total outputs
Data Flows
6 unsanitized

Data Flow Analysis

11 flows6 with unsanitized paths
update_profile_preference (admin\class-pt-ajax.php:204)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

Paytium: Mollie payment forms & donations Attack Surface

Entry Points29
Unprotected3

AJAX Handlers 12

authwp_ajax_paytium_mollie_create_accountadmin\class-pt-ajax.php:26
authwp_ajax_paytium_mollie_create_profileadmin\class-pt-ajax.php:29
authwp_ajax_paytium_mollie_check_account_detailsadmin\class-pt-ajax.php:32
authwp_ajax_paytium_mollie_check_for_verified_profilesadmin\class-pt-ajax.php:35
authwp_ajax_paytium_mollie_update_profile_preferenceadmin\class-pt-ajax.php:38
authwp_ajax_paytium_check_payment_existsadmin\class-pt-ajax.php:41
authwp_ajax_paytium_emails_attachmentsadmin\class-pt-ajax.php:44
authwp_ajax_paytium_sw_save_api_keysadmin\class-pt-ajax.php:47
authwp_ajax_pt_ajax_check_item_limitsincludes\item-limit-functions.php:143
noprivwp_ajax_pt_ajax_check_item_limitsincludes\item-limit-functions.php:144
authwp_ajax_paytium_notice_dismissincludes\notification-functions.php:110
authwp_ajax_pt_cancel_subscriptionincludes\payment-functions.php:622

Shortcodes 17

[paytium_show] includes\shortcodes-show.php:159
[paytium] includes\shortcodes.php:346
[paytium_total] includes\shortcodes.php:394
[paytium_checkbox] includes\shortcodes.php:446
[paytium_number] includes\shortcodes.php:841
[paytium_field] includes\shortcodes.php:1445
[paytium_button] includes\shortcodes.php:1492
[paytium_amount] includes\shortcodes.php:1679
[paytium_dropdown] includes\shortcodes.php:1998
[paytium_subscription] includes\shortcodes.php:2189
[paytium_radio] includes\shortcodes.php:2508
[paytium_links] includes\shortcodes.php:2730
[paytium_no_payment] includes\shortcodes.php:2763
[paytium_user_data] includes\shortcodes.php:2899
[paytium_progress] includes\shortcodes.php:3057
[paytium_content] includes\shortcodes.php:3224
[paytium_login_button] includes\shortcodes.php:3548
WordPress Hooks 58
actionadmin_initadmin\class-pt-admin.php:27
actioninitclass-paytium.php:88
actionadmin_menuclass-paytium.php:91
actionadmin_bar_menuclass-paytium.php:94
actionadmin_enqueue_scriptsclass-paytium.php:97
actionadmin_enqueue_scriptsclass-paytium.php:100
actionadmin_noticesclass-paytium.php:103
actionadmin_noticesclass-paytium.php:106
actionadmin_noticesclass-paytium.php:109
actionadmin_noticesclass-paytium.php:112
actionadmin_noticesclass-paytium.php:115
actionadmin_initclass-paytium.php:129
actionwp_loadedclass-paytium.php:132
actionwp_loadedclass-paytium.php:135
filterthe_postsclass-paytium.php:138
actioninitclass-paytium.php:141
actionadmin_enqueue_scriptsclass-paytium.php:144
actionwp_enqueue_scriptsclass-paytium.php:145
actionwp_enqueue_scriptsclass-paytium.php:148
actionpre_get_postsclass-paytium.php:151
filterposts_request_idsclass-paytium.php:152
actionadmin_footerclass-paytium.php:155
actioninitclass-paytium.php:158
actionedit_user_profileclass-paytium.php:163
actionedit_user_profile_updateclass-paytium.php:166
actionshow_user_profileclass-paytium.php:169
actionpersonal_options_updateclass-paytium.php:170
filtermce_external_pluginsclass-paytium.php:1070
filtermce_buttonsclass-paytium.php:1071
actioninitincludes\class-pt-post-types.php:28
filterpost_updated_messagesincludes\class-pt-post-types.php:31
actionmanage_edit-pt_payment_columnsincludes\class-pt-post-types.php:34
actionmanage_pt_payment_posts_custom_columnincludes\class-pt-post-types.php:37
actionadd_meta_boxesincludes\class-pt-post-types.php:40
actionsave_postincludes\class-pt-post-types.php:43
actionrestrict_manage_postsincludes\class-pt-post-types.php:46
actionrequestincludes\class-pt-post-types.php:49
actionbulk_actions-edit-pt_paymentincludes\class-pt-post-types.php:52
actionadmin_headincludes\class-pt-post-types.php:55
actionpost_submitbox_misc_actionsincludes\class-pt-post-types.php:58
actionpaytium_after_update_payment_from_adminincludes\item-limit-functions.php:105
actionpaytium_after_pt_payment_update_webhookincludes\item-limit-functions.php:106
actionadd_option_paytium_enable_live_keyincludes\log-functions.php:27
actionupdate_option_paytium_enable_live_keyincludes\log-functions.php:44
filterthe_contentincludes\misc-functions.php:227
actionadmin_noticesincludes\notification-functions.php:83
actionwp_loadedincludes\process-payment-functions.php:552
filterpt_meta_valuesincludes\process-payment-functions.php:791
filterpt_meta_valuesincludes\process-payment-functions.php:1108
actioninitincludes\redirect-url-functions.php:98
actionadmin_initincludes\register-settings.php:167
actionwp_footerincludes\shortcodes.php:64
filterthe_contentincludes\shortcodes.php:76
actionwp_footerincludes\shortcodes.php:3521
actionpaytium_after_full_payment_savedincludes\user-data-functions.php:297
actionpaytium_after_pt_payment_update_webhookincludes\user-data-functions.php:298
actionpaytium_after_update_payment_from_adminincludes\user-data-functions.php:299
filterrequestincludes\webhook-url-functions.php:437
Maintenance & Trust

Paytium: Mollie payment forms & donations Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 24, 2026
PHP min version7.4
Downloads137K

Community Trust

Rating90/100
Number of ratings64
Active installs3K
Alternatives

Paytium: Mollie payment forms & donations Alternatives

Mollie Payments for WooCommerce

Mollie Payments for WooCommerce

mollie-payments-for-woocommerce

A
93

Accept all major payment methods in WooCommerce today. Credit cards, iDEAL and more! Fast, safe and intuitive.

100K 4 CVEs
Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions

Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions

wp-full-stripe-free

A
92

🚀 Create Stripe payment forms for WordPress. Accept credit cards, Apple Pay, donations, subscriptions & more. Easy setup, no coding needed!

10K 5 CVEs
Doneren met Mollie

Doneren met Mollie

doneren-met-mollie

A
98

This plugin is both suitable for one-time donations and for periodic payments. All payment methods of Mollie are integrated into the plugin.

4K 3 CVEs
MultiSafepay plugin for WooCommerce

MultiSafepay plugin for WooCommerce

multisafepay

A
99

MultiSafepay offers the most comprehensive payment solutions. Easily integrate the payment solutions of MultiSafepay into your webshop.

2K 1 CVE
GF Mollie by Indigo

GF Mollie by Indigo

gf-mollie-by-indigo

A
100

You can link Mollie to Gravity Forms with GF Mollie by Indigo.

1K No CVEs
Developer Profile

Paytium: Mollie payment forms & donations Developer Profile

paytiumsupport

1 plugin · 3K total installs

75
trust score
Avg Security Score
94/100
Avg Patch Time
500 days
View full developer profile
Detection Fingerprints

How We Detect Paytium: Mollie payment forms & donations

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/paytium/assets/css/paytium-admin.css/wp-content/plugins/paytium/assets/css/paytium-public.css/wp-content/plugins/paytium/assets/js/paytium-admin.js/wp-content/plugins/paytium/assets/js/paytium-public.js/wp-content/plugins/paytium/assets/js/paytium-scripts.js/wp-content/plugins/paytium/assets/js/tinymce/plugins/paytiumbutton/plugin.js
Script Paths
/wp-content/plugins/paytium/assets/js/paytium-admin.js/wp-content/plugins/paytium/assets/js/paytium-public.js/wp-content/plugins/paytium/assets/js/paytium-scripts.js/wp-content/plugins/paytium/assets/js/tinymce/plugins/paytiumbutton/plugin.js
Version Parameters
paytium-admin-css?ver=paytium-admin-js?ver=paytium-public-css?ver=paytium-public-js?ver=paytium-scripts?ver=

HTML / DOM Fingerprints

CSS Classes
paytium-admin-noticespaytium_sectionpaytium-admin-search-results
HTML Comments
<!-- Paytium Edit Payment Back Button --><!-- End Paytium Edit Payment Back Button -->
Data Attributes
data-pt-payment-iddata-pt-ajax-url
JS Globals
PaytiumAdmin
FAQ

Frequently Asked Questions about Paytium: Mollie payment forms & donations