WP-Safety

Opayo Form Payment Gateway for Gravity Forms Security & Risk Analysis

wordpress.org/plugins/sagepay-form-payment-gateway-for-gravity-forms

Accept card payments in Gravity Forms using Opayo Form (hosted checkout by Elavon)—customers pay on Opayo’s pages, not on your server.

80 active installs v1.2.2 PHP + WP 4.5+ Updated Apr 7, 2026
ecommercegravity-formsopayo-goopayo-serverpayment-gateway
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Opayo Form Payment Gateway for Gravity Forms Safe to Use in 2026?

Generally Safe

Score 100/100

Opayo Form Payment Gateway for Gravity Forms has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The plugin "sagepay-form-payment-gateway-for-gravity-forms" version 1.1.9 exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and has no recorded vulnerabilities or CVEs. This suggests a generally mature development process with a focus on preventing common database attacks and a good track record. However, the static analysis reveals a significant concern: one AJAX handler lacks authentication checks. This unprotected entry point creates a direct avenue for potential exploitation if it handles user-supplied data without proper authorization. The absence of taint analysis flows is a limitation, but the identified unprotected AJAX handler is a concrete risk that warrants attention.

Key Concerns

  • AJAX handler without authentication
  • Low output escaping coverage
Vulnerabilities
None known

Opayo Form Payment Gateway for Gravity Forms Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Opayo Form Payment Gateway for Gravity Forms Release Timeline

v1.2.2Current
v1.2.1
v1.2.0
v1.1.9
v1.1.8
v1.1.7
v1.1.6
v1.1.5
v1.1.4
v1.1.3
v1.1.2
v1.1.1
v1.1.0
v1.0.0
Code Analysis
Analyzed Mar 16, 2026

Opayo Form Payment Gateway for Gravity Forms Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
8 prepared
Unescaped Output
10
6 escaped
Nonce Checks
1
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared8 total queries

Output Escaping

38% escaped16 total outputs
Attack Surface
1 unprotected

Opayo Form Payment Gateway for Gravity Forms Attack Surface

Entry Points1
Unprotected1

AJAX Handlers 1

authwp_ajax_gf_dismiss_sagepay_form_menuclass-gf-sagepay-form.php:1819
WordPress Hooks 10
actionwpclass-gf-sagepay-form.php:3
filtergform_disable_post_creationclass-gf-sagepay-form.php:46
filtergform_disable_notificationclass-gf-sagepay-form.php:47
actiongform_payment_statusclass-gf-sagepay-form.php:1832
actiongform_entry_infoclass-gf-sagepay-form.php:1836
actiongform_payment_dateclass-gf-sagepay-form.php:1838
actiongform_payment_transaction_idclass-gf-sagepay-form.php:1839
actiongform_payment_amountclass-gf-sagepay-form.php:1840
actiongform_after_update_entryclass-gf-sagepay-form.php:1843
actiongform_loadedsagepay-form.php:22
Maintenance & Trust

Opayo Form Payment Gateway for Gravity Forms Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 7, 2026
PHP min version
Downloads6K

Community Trust

Rating0/100
Number of ratings0
Active installs80
Alternatives

Opayo Form Payment Gateway for Gravity Forms Alternatives

PatSaTECH's Opayo Server Gateway for WooCommerce

PatSaTECH's Opayo Server Gateway for WooCommerce

patsatech-wc-opayo-server

A
100

PatSaTECH's Opayo Server Gateway for accepting payments on your WooCommerce Store.

30 No CVEs
Gravity Forms Eway

Gravity Forms Eway

gravityforms-eway

A
100

Easily create online payment forms with Gravity Forms and Eway.

500 No CVEs
PatSaTECH's Opayo Direct Gateway for WooCommerce

PatSaTECH's Opayo Direct Gateway for WooCommerce

sagepay-direct-gateway-for-woocommerce

A
100

Accept Opayo Direct card payments in WooCommerce with on-site checkout, Checkout Block support, and HPOS compatibility.

60 No CVEs
Click & Pledge for Gravity Forms

Click & Pledge for Gravity Forms

gravity-forms-click-pledge

A
100

Add a credit card payment gateway for Click & Pledge to the Gravity Forms plugin

30 No CVEs
Paystation (3 Party Hosted) for Gravity forms

Paystation (3 Party Hosted) for Gravity forms

gravity-forms-paystation-3-party-hosted

A
92

Integrates Gravity Forms with the Paystation 3 party hosted payment gateway allowing end-users to purchase goods and services via Gravity Forms.

30 No CVEs
Developer Profile

Opayo Form Payment Gateway for Gravity Forms Developer Profile

PatSaTECH

10 plugins · 390 total installs

74
trust score
Avg Security Score
93/100
Avg Patch Time
2228 days
View full developer profile
Detection Fingerprints

How We Detect Opayo Form Payment Gateway for Gravity Forms

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/sagepay-form-payment-gateway-for-gravity-forms/sagepay.php

HTML / DOM Fingerprints

CSS Classes
gf_sagepay_form_mode_livegf_sagepay_form_mode_testgf_sagepay_form_send_emails_nogf_sagepay_form_send_emails_customergf_sagepay_form_send_emails_vendorgf_sagepay_form_apply3d_truegf_sagepay_form_apply3d_falsegf_sagepay_form_trans_type_payment+2 more
Data Attributes
data-gf_sagepay_form_modedata-gf_sagepay_form_vendor_namedata-gf_sagepay_form_vendor_passworddata-gf_sagepay_form_vendor_emaildata-gf_sagepay_form_send_emailsdata-gf_sagepay_form_email_message+2 more
JS Globals
window.gf_sagepay_form_modewindow.gf_sagepay_form_vendor_namewindow.gf_sagepay_form_vendor_passwordwindow.gf_sagepay_form_vendor_emailwindow.gf_sagepay_form_send_emailswindow.gf_sagepay_form_email_message+2 more
FAQ

Frequently Asked Questions about Opayo Form Payment Gateway for Gravity Forms