Does RCP VAT have any unpatched vulnerabilities?

No. All known vulnerabilities in RCP VAT have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is RCP VAT compatible with WordPress 4.9.29?

According to WordPress.org data, RCP VAT 1.2.4 has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

How often is RCP VAT updated?

RCP VAT was last updated on Nov 26, 2018. Frequent updates are generally a positive security signal.

What is RCP VAT's security score?

RCP VAT has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

RCP VAT Security & Risk Analysis

wordpress.org/plugins/rcp-vat

VAT management in Stripe for Restrict Content Pro plugin. Sell inside EU respecting the rules.

10 active installs v1.2.4 PHP + WP 3.6+ Updated Nov 26, 2018

addedcontentprorestrictvalue

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is RCP VAT Safe to Use in 2026?

Generally Safe

Score 85/100

RCP VAT has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago

Risk Assessment

The "rcp-vat" plugin v1.2.4 exhibits a concerning security posture primarily due to a lack of authentication checks on its AJAX handlers. While the plugin demonstrates good practices in other areas, such as using prepared statements for all SQL queries and not performing file operations or external HTTP requests, the unprotected AJAX endpoints represent a significant attack surface. This means that any unauthenticated user could potentially interact with these handlers, leading to unintended consequences or data manipulation if proper input validation and authorization are not strictly enforced within the AJAX logic itself. The absence of any recorded vulnerabilities in its history is a positive sign, suggesting that past code may have been more secure or that the plugin's functionality is limited. However, this historical data alone cannot compensate for the immediate risks identified in the static analysis, especially the unprotected entry points.

Key Concerns

Unprotected AJAX handlers
Limited output escaping (68%)
No nonce checks
No capability checks

Vulnerabilities

None known

RCP VAT Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

RCP VAT Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

26 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

68% escaped38 total outputs

Attack Surface

2 unprotected

RCP VAT Attack Surface

Entry Points2

Unprotected2

AJAX Handlers 2

authwp_ajax_rcp_vat_get_vat_rateadmin\class-rcp-vat-admin.php:156

noprivwp_ajax_rcp_vat_get_vat_rateadmin\class-rcp-vat-admin.php:161

WordPress Hooks 21

actionrcp_payments_settingsadmin\class-rcp-vat-admin.php:78

actionrcp_view_member_afteradmin\class-rcp-vat-admin.php:82

actionrcp_after_password_registration_fieldadmin\class-rcp-vat-admin.php:88

actionrcp_profile_editor_afteradmin\class-rcp-vat-admin.php:92

actionrcp_edit_member_afteradmin\class-rcp-vat-admin.php:98

actionrcp_form_processingadmin\class-rcp-vat-admin.php:103

actionrcp_user_profile_updatedadmin\class-rcp-vat-admin.php:108

actionrcp_edit_memberadmin\class-rcp-vat-admin.php:112

actionrcp_form_errorsadmin\class-rcp-vat-admin.php:118

actionrcp_edit_profile_form_errorsadmin\class-rcp-vat-admin.php:122

filterrcp_subscription_dataadmin\class-rcp-vat-admin.php:127

filterrcp_stripe_create_subscription_argsadmin\class-rcp-vat-admin.php:132

filterrcp_stripe_customer_create_argsadmin\class-rcp-vat-admin.php:137

filterrcp_registration_totaladmin\class-rcp-vat-admin.php:142

filterrcp_registration_recurring_totaladmin\class-rcp-vat-admin.php:147

filterrcp_template_stackadmin\class-rcp-vat-admin.php:152

actionplugins_loadedincludes\class-rcp-vat.php:139

actionadmin_enqueue_scriptsincludes\class-rcp-vat.php:154

actionadmin_enqueue_scriptsincludes\class-rcp-vat.php:155

actionwp_enqueue_scriptsincludes\class-rcp-vat.php:170

actionwp_enqueue_scriptsincludes\class-rcp-vat.php:171

Maintenance & Trust

RCP VAT Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedNov 26, 2018

PHP min version

Downloads2K

Community Trust

Rating90/100

Number of ratings2

Active installs10

Alternatives

RCP VAT Alternatives

Password Protected — Lock Entire Site, Pages, Posts, Categories, and Partial Content

password-protected

Protect your WordPress site, pages, posts, WooCommerce products, and categories with single or multiple passwords.

300K 5 CVEs

User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder

user-registration

Build membership sites with tiered plans, content restriction, drag-&-drop custom registration & login form builder, and built-in payment system.

60K 30 CVEs

PPWP – Password Protect Pages

password-protect-page

Password protect WordPress pages and posts by user roles or with multiple passwords; protect your entire website with a single password.

30K 5 CVEs

Passster – Password Protect Pages and Content

content-protector

Password Protect Pages, Posts & Content in WordPress

10K 10 CVEs

ContentProtector – password protect your page, post or text

contentprotector

Protect your content with passwords using easy-to-use shortcodes. Supports both global protection and partial content protection.

6K No CVEs

Developer Profile

RCP VAT Developer Profile

termel

14 plugins · 800 total installs

trust score

Avg Security Score

84/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect RCP VAT

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/rcp-vat/admin/css/rcp-vat-admin.css/wp-content/plugins/rcp-vat/admin/js/rcp-vat-admin.js

Script Paths

/wp-content/plugins/rcp-vat/admin/js/rcp-vat-admin.js

Version Parameters

rcp-vat-admin.css?ver=rcp-vat-admin.js?ver=

HTML / DOM Fingerprints

JS Globals

rcp_vat_get_vat_rate

REST Endpoints

/wp-json/rcp-vat/v1/get-vat-rate

FAQ