Opayo Direct Gateway for Gravity Forms Security & Risk Analysis
wordpress.org/plugins/sagepay-direct-gateway-for-gravity-formsAccept card payments on Gravity Forms with Opayo (Elavon) Direct—customers stay on your site while cards are processed through your Opayo account.
Is Opayo Direct Gateway for Gravity Forms Safe to Use in 2026?
Generally Safe
Score 100/100Opayo Direct Gateway for Gravity Forms has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The plugin "sagepay-direct-gateway-for-gravity-forms" v1.0.2 exhibits a generally positive security posture with no known vulnerabilities in its history. The static analysis reveals a commendable absence of dangerous functions, raw SQL queries, file operations, and a relatively low number of external HTTP requests. However, a significant concern arises from the output escaping, where only 54% of outputs are properly escaped, indicating a potential for cross-site scripting (XSS) vulnerabilities. Additionally, the taint analysis shows two flows with unsanitized paths, which, while not classified as critical or high severity, warrants attention as it suggests potential injection risks that were not fully mitigated.
Key Concerns
- Low output escaping percentage
- Unsanitized paths in taint flows
Opayo Direct Gateway for Gravity Forms Security Vulnerabilities
Opayo Direct Gateway for Gravity Forms Release Timeline
Opayo Direct Gateway for Gravity Forms Code Analysis
Output Escaping
Data Flow Analysis
Opayo Direct Gateway for Gravity Forms Attack Surface
WordPress Hooks 2
Maintenance & Trust
Opayo Direct Gateway for Gravity Forms Maintenance & Trust
Maintenance Signals
Community Trust
Opayo Direct Gateway for Gravity Forms Alternatives
PatSaTECH's Opayo Direct Gateway for WooCommerce
sagepay-direct-gateway-for-woocommerce
Accept Opayo Direct card payments in WooCommerce with on-site checkout, Checkout Block support, and HPOS compatibility.
Opayo Form Payment Gateway for Gravity Forms
sagepay-form-payment-gateway-for-gravity-forms
Accept card payments in Gravity Forms using Opayo Form (hosted checkout by Elavon)—customers pay on Opayo’s pages, not on your server.
PatSaTECH's Opayo Server Gateway for WooCommerce
patsatech-wc-opayo-server
PatSaTECH's Opayo Server Gateway for accepting payments on your WooCommerce Store.
SumUp Payment Gateway For WooCommerce
sumup-payment-gateway-for-woocommerce
The SumUp plugin for WooCommerce allows businesses to securely process payments online. Accept payments from customers using a range of payment method …
Pay for Payment for WooCommerce
woocommerce-pay-for-payment
Setup individual charges for each payment method in WooCommerce.
Opayo Direct Gateway for Gravity Forms Developer Profile
10 plugins · 390 total installs
How We Detect Opayo Direct Gateway for Gravity Forms
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/gravityformssagepaydirect/sagepay-direct.php/wp-content/plugins/gravityformssagepaydirect/assets/js/sagepay-direct-scripts.js/wp-content/plugins/gravityformssagepaydirect/assets/css/sagepay-direct-styles.css/wp-content/plugins/gravityformssagepaydirect/assets/js/sagepay-direct-scripts.jsgravityformssagepaydirect/sagepay-direct.php?ver=sagepay-direct-scripts.js?ver=HTML / DOM Fingerprints
gf_sagepay_direct_settings<!-- Opayo Direct Gateway for Gravity Forms --><!-- Opayo Direct Gateway for Gravity Forms Settings -->data-sagepay-vendordata-sagepay-transaction-typedata-sagepay-modewindow.gf_sagepay_direct_params