Does WP SecureSubmit have any unpatched vulnerabilities?

Yes — WP SecureSubmit currently has 2 unpatched vulnerabilities. We recommend switching to an alternative or applying any available workarounds.

Is WP SecureSubmit compatible with WordPress 6.7.5?

According to WordPress.org data, WP SecureSubmit 1.5.20 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

How often is WP SecureSubmit updated?

WP SecureSubmit was last updated on Jan 20, 2026. Frequent updates are generally a positive security signal.

What is WP SecureSubmit's security score?

WP SecureSubmit has a WP-Safety security score of 58/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP SecureSubmit Security & Risk Analysis

wordpress.org/plugins/securesubmit

SecureSubmit allows merchants using Global Payments to take PCI-Friendly donations on their WordPress site.

40 active installs v1.5.20 PHP + WP 3.0.1+ Updated Jan 20, 2026

buy-nowdonationglobalpaymentspaymentsecuresubmit

C · Use Caution

CVEs total2

Unpatched2

Last CVEJan 3, 2025

Plugin page Download

Safety Verdict

Is WP SecureSubmit Safe to Use in 2026?

Use With Caution

Score 58/100

WP SecureSubmit has 2 unpatched vulnerabilities. Evaluate alternatives or apply available mitigations.

2 known CVEs 2 unpatched Last CVE: Jan 3, 2025Updated 2mo ago

Risk Assessment

The "securesubmit" plugin version 1.5.20 exhibits a concerning security posture, despite some positive code practices. While the plugin correctly utilizes prepared statements for all SQL queries and escapes all output, indicating good practices in these critical areas, the presence of three unprotected AJAX handlers significantly expands the attack surface. This lack of authorization checks on entry points is a direct concern.

The vulnerability history is a major red flag. With two known medium-severity CVEs, both of which are currently unpatched, and a recent vulnerability disclosed in January 2025, the plugin demonstrates a pattern of security weaknesses. The common vulnerability types being "Exposure of Sensitive Information to an Unauthorized Actor" and "Missing Authorization" directly align with the findings from the static analysis, particularly the unprotected AJAX handlers. This indicates a recurring problem with access control within the plugin.

In conclusion, while the plugin does employ some secure coding techniques, the unpatched vulnerabilities and the significant number of unprotected entry points create a high-risk environment for users. The historical trend of missing authorization and potential information exposure suggests a need for immediate attention and patching.

Key Concerns

Unpatched CVE (Medium Severity)
Unpatched CVE (Medium Severity)
AJAX handlers without auth checks (3)
Missing Nonce checks on AJAX
Vulnerability: Missing Authorization
Vulnerability: Exposure of Sensitive Info

Vulnerabilities

WP SecureSubmit Security Vulnerabilities

CVEs by Year

2 CVEs in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2024-56270medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

WP SecureSubmit <= 1.5.18 - Unauthenticated Sensitive Information Exposure

Jan 3, 2025Unpatched

CVE-2024-56271medium · 4.3Missing Authorization

WP SecureSubmit <= 1.5.18 - Missing Authorization

Jan 3, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

WP SecureSubmit Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

603 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared4 total queries

Output Escaping

100% escaped606 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths

save_options (SecureSubmit.php:351)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

3 unprotected

WP SecureSubmit Attack Surface

Entry Points4

Unprotected3

AJAX Handlers 3

authwp_ajax_ssd_save_optionsSecureSubmit.php:73

authwp_ajax_ssd_submit_paymentSecureSubmit.php:74

noprivwp_ajax_ssd_submit_paymentSecureSubmit.php:75

Shortcodes 1

[securesubmit] SecureSubmit.php:79

WordPress Hooks 8

actioninitSecureSubmit.php:71

actioninitSecureSubmit.php:76

actionplugins_loadedSecureSubmit.php:77

actionadmin_menuSecureSubmit.php:78

filtertiny_mce_versionSecureSubmit.php:94

filtermce_external_pluginsSecureSubmit.php:95

filtermce_buttons_2SecureSubmit.php:96

filterwp_mail_content_typeSecureSubmit.php:2165

Maintenance & Trust

WP SecureSubmit Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedJan 20, 2026

PHP min version

Downloads6K

Community Trust

Rating100/100

Number of ratings1

Active installs40

Alternatives

WP SecureSubmit Alternatives

Global Payments SecureSubmit Addon for Gravity Forms

heartland-secure-submit-addon-for-gravity-forms

100

SecureSubmit allows merchants to take PCI-Friendly Credit Card payments with Gravity Forms using Global Payments Payment Gateway.

100 No CVEs

Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions

wp-full-stripe-free

🚀 Create Stripe payment forms for WordPress. Accept credit cards, Apple Pay, donations, subscriptions & more. Easy setup, no coding needed!

10K 5 CVEs

Easy Accept Payments via PayPal

wordpress-easy-paypal-payment-or-donation-accept-plugin

Easy to use Wordpress plugin to accept PayPal payments for a service or product or donation in one click

7K 2 CVEs

Better Payment – Instant Payments, Donations, Fundraising with Subscriptions & More

better-payment

100

Better Payment allows you to automate payment transactions to manage payments, donations, subscriptions, sell products, etc on your Elementor website.

6K No CVEs

WooCommerce Gateway Affirm

woocommerce-gateway-affirm

100

Affirm Payments for WooCommerce: Buy now, pay later for your business—but smarter. Increase conversions and AOV by offering shoppers flexible payment …

6K No CVEs

Developer Profile

WP SecureSubmit Developer Profile

SecureSubmit

3 plugins · 740 total installs

trust score

Avg Security Score

86/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP SecureSubmit

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/securesubmit/assets/admin-style.css/wp-content/plugins/securesubmit/js/securesubmit_plugin.js

Script Paths

https://www.google.com/recaptcha/api.js?onload=ssdRenderCaptcha&render=explicit

Version Parameters

securesubmit/assets/admin-style.css?ver=securesubmit/js/securesubmit_plugin.js?ver=

HTML / DOM Fingerprints

Data Attributes

data-recaptcha-site-key

JS Globals

ssdRenderCaptchassd_submit_paymentssd_save_options

REST Endpoints

/wp-json/securesubmit/v1/submit-payment

Shortcode Output

[securesubmit]

FAQ