WP-Safety

SecurePay For GravityForms Security & Risk Analysis

wordpress.org/plugins/securepay-for-gravityforms

SecurePay payment platform plugin for Gravity Forms.

10 active installs v1.0.12 PHP 7.2+ WP 5.4+ Updated Sep 6, 2023
fpxmalaysiaonline-bankingpayment-gatewaypayment-platform
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is SecurePay For GravityForms Safe to Use in 2026?

Generally Safe

Score 85/100

SecurePay For GravityForms has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago
Risk Assessment

The "securepay-for-gravityforms" v1.0.12 plugin demonstrates a generally strong security posture based on the provided static analysis and vulnerability history. The absence of any identified CVEs, critical taint flows, raw SQL queries, or significant attack vectors like AJAX handlers, REST API routes, shortcodes, or cron events without proper checks is highly positive. The code also incorporates nonce and capability checks, which are essential for securing WordPress functionalities.

However, a notable concern arises from the output escaping. With only 42% of outputs properly escaped, there is a significant risk of Cross-Site Scripting (XSS) vulnerabilities. This means that user-supplied or dynamic data displayed on the frontend or within the WordPress admin area could be maliciously injected and executed by other users, potentially leading to session hijacking, defacement, or other security breaches. The single external HTTP request, while not inherently a vulnerability, warrants attention to ensure it is made to a trusted and secure endpoint, and that any data sent or received is handled with appropriate security measures.

Given the clean vulnerability history and the presence of good security practices like prepared statements and checks, the plugin appears well-maintained. Nevertheless, the unescaped output is a critical weakness that significantly lowers its overall security score and requires immediate attention.

Key Concerns

  • Significant percentage of unescaped output
  • External HTTP request present
Vulnerabilities
None known

SecurePay For GravityForms Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

SecurePay For GravityForms Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
7
5 escaped
Nonce Checks
1
Capability Checks
1
File Operations
0
External Requests
1
Bundled Libraries
1

Bundled Libraries

Select2

Output Escaping

42% escaped12 total outputs
Attack Surface

SecurePay For GravityForms Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 15
filtergform_disable_post_creationincludes\src\GFSecurePay.php:247
filtergform_disable_notificationincludes\src\GFSecurePay.php:248
filtergform_submit_buttonincludes\src\GFSecurePay.php:249
actionwp_enqueue_scriptsincludes\src\GFSecurePay.php:251
filtergform_form_argsincludes\src\GFSecurePay.php:253
actiongform_payment_statusincludes\src\GFSecurePay.php:370
actiongform_payment_dateincludes\src\GFSecurePay.php:371
actiongform_payment_transaction_idincludes\src\GFSecurePay.php:372
actiongform_payment_amountincludes\src\GFSecurePay.php:373
actiongform_after_update_entryincludes\src\GFSecurePay.php:374
actionplugins_loadedincludes\src\SecurePayGFM.php:16
actionplugins_loadedincludes\src\SecurePayGFM.php:31
actionall_admin_noticesincludes\src\SecurePayGFM.php:35
actiongform_loadedincludes\src\SecurePayGFM.php:40
filterauto_update_pluginincludes\src\SecurePayGFM.php:55
Maintenance & Trust

SecurePay For GravityForms Maintenance & Trust

Maintenance Signals

WordPress version tested6.3.8
Last updatedSep 6, 2023
PHP min version7.2
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

SecurePay For GravityForms Alternatives

SecurePay For WooCommerce

SecurePay For WooCommerce

securepay

A
85

SecurePay payment platform plugin for WooCommerce.

200 No CVEs
SecurePay For Fluent Forms

SecurePay For Fluent Forms

securepay-for-fluentforms

A
85

SecurePay payment platform plugin for Fluent Forms.

20 No CVEs
SecurePay For GiveWP

SecurePay For GiveWP

securepay-for-givewp

A
85

SecurePay payment platform plugin for GiveWP.

10 No CVEs
SecurePay For Paid Memberships Pro

SecurePay For Paid Memberships Pro

securepay-for-paidmembershipspro

A
85

SecurePay payment platform plugin for Paid Memberships Pro.

10 No CVEs
SecurePay For WPForms

SecurePay For WPForms

securepay-for-wpforms

A
85

SecurePay payment platform plugin for WPForms.

10 No CVEs
Developer Profile

SecurePay For GravityForms Developer Profile

SecurePay

8 plugins · 260 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect SecurePay For GravityForms

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/securepay-for-gravityforms/includes/js/securepay-gf-admin.js/wp-content/plugins/securepay-for-gravityforms/includes/css/securepay-gf-admin.css
Script Paths
/wp-content/plugins/securepay-for-gravityforms/includes/js/securepay-gf-admin.js
Version Parameters
securepay-for-gravityforms/includes/js/securepay-gf-admin.js?ver=securepay-for-gravityforms/includes/css/securepay-gf-admin.css?ver=

HTML / DOM Fingerprints

CSS Classes
gf_securepay_settings_container
HTML Comments
SecurePay for Gravityforms.Accept payment by using SecurePay. A Secure Marketplace Platform for Malaysian.
Data Attributes
data-gf-securepay-public-keydata-gf-securepay-key
JS Globals
SecurePayGFM
FAQ

Frequently Asked Questions about SecurePay For GravityForms