Does Simple Stripe have any unpatched vulnerabilities?

Yes — Simple Stripe currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Simple Stripe compatible with WordPress 6.8.5?

According to WordPress.org data, Simple Stripe 0.9.17 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Simple Stripe compatible with PHP 5.6.0+?

Simple Stripe requires PHP 5.6.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Simple Stripe updated?

Simple Stripe was last updated on Apr 8, 2025. Frequent updates are generally a positive security signal.

What is Simple Stripe's security score?

Simple Stripe has a WP-Safety security score of 78/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Simple Stripe Security & Risk Analysis

wordpress.org/plugins/simple-stripe

Just register your Stripe API key and use the shortcode.You can easily make a payment page anywhere.

70 active installs v0.9.17 PHP 5.6.0+ WP 4.8.9+ Updated Apr 8, 2025

credit-cardpaymentsstripestripe-checkoutstripe-payments

B · Generally Safe

CVEs total1

Unpatched1

Last CVEOct 13, 2025

Download

Safety Verdict

Is Simple Stripe Safe to Use in 2026?

Mostly Safe

Score 78/100

Simple Stripe is generally safe to use. 1 past CVE were resolved. Keep it updated.

1 known CVE 1 unpatched Last CVE: Oct 13, 2025Updated 11mo ago

Risk Assessment

The 'simple-stripe' plugin, version 0.9.17, exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices by utilizing prepared statements for all SQL queries and performing nonce checks on its entry points. The static analysis also shows a low number of total entry points, with none identified as unprotected. However, concerns arise from the output escaping, where a significant portion (32%) is not properly escaped, potentially leading to cross-site scripting (XSS) vulnerabilities. Furthermore, the plugin has a history of vulnerabilities, including one currently unpatched medium-severity CVE. This pattern of past and present vulnerabilities, particularly a CSRF vulnerability in its history, suggests a recurring need for careful patching and review. While the current code analysis doesn't immediately reveal critical flaws in the analyzed flows, the combination of unpatched vulnerabilities and imperfect output sanitization warrants a cautious approach to its deployment.

Key Concerns

Unpatched medium severity CVE
Significant unescaped output (32%)
Bundled library (Stripe PHP) - potential for outdated version

Vulnerabilities

Simple Stripe Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-48085medium · 4.3Cross-Site Request Forgery (CSRF)

Simple Stripe <= 0.9.17 - Cross-Site Request Forgery

Oct 13, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

Simple Stripe Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

39 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Stripe PHP

Output Escaping

68% escaped57 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths

simple_stripe_admin_page (inc\admin.php:17)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Simple Stripe Attack Surface

Entry Points4

Unprotected0

AJAX Handlers 2

authwp_ajax_simple_stripe_ajaxinc\ajax.php:5

noprivwp_ajax_simple_stripe_ajaxinc\ajax.php:6

Shortcodes 2

[simple_stripe] inc\admin.php:242

[simple_stripe] inc\shortcode.php:7

WordPress Hooks 5

actionadmin_menuinc\admin.php:14

filterplugin_action_linksinc\admin.php:238

actionadmin_initinc\admin.php:246

actionwp_footerinc\shortcode.php:17

actionplugins_loadedsimple-stripe.php:65

Maintenance & Trust

Simple Stripe Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedApr 8, 2025

PHP min version5.6.0

Downloads5K

Community Trust

Rating0/100

Number of ratings0

Active installs70

Alternatives

Simple Stripe Alternatives

Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions

wp-full-stripe-free

🚀 Create Stripe payment forms for WordPress. Accept credit cards, Apple Pay, donations, subscriptions & more. Easy setup, no coding needed!

10K 5 CVEs

Payment Gateway of Stripe for WooCommerce

payment-gateway-stripe-and-woocommerce-integration

Integrate Stripe Payment Gateway in WooCommerce and accept cards, Google Pay, Apple Pay, Klarna, Alipay, and more with seamless, secure checkout.

9K 4 CVEs

Stripe Payment Forms by WP Simple Pay – Accept Credit Card Payments + Subscriptions with Stripe

stripe

100

🤩 Accept Stripe payments and recurring subscriptions on your WordPress using WP Simple Pay, the best Stripe payments plugin! 🚀

9K No CVEs

WP Stripe Checkout

wp-stripe-checkout

Accept Stripe payments in WordPress without creating any product. Perfect for donations, services, or selling anything. No coding required.

1K 3 CVEs

Online Course Content Selling Tool

woo-installments

This is a great plugin to sell your products like courses and online classes with partial payments or deposits. Your audience will be really happy wit …

10 No CVEs

Developer Profile

Simple Stripe Developer Profile

ZIPANG

5 plugins · 330 total installs

trust score

Avg Security Score

91/100

Avg Patch Time

4 days

View full developer profile

Detection Fingerprints

How We Detect Simple Stripe

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/simple-stripe/assets/css/admin.css/wp-content/plugins/simple-stripe/assets/css/frontend.css/wp-content/plugins/simple-stripe/assets/js/admin.js/wp-content/plugins/simple-stripe/assets/js/frontend.js

Script Paths

/wp-content/plugins/simple-stripe/assets/js/admin.js/wp-content/plugins/simple-stripe/assets/js/frontend.js

Version Parameters

simple-stripe/assets/css/admin.css?ver=simple-stripe/assets/css/frontend.css?ver=simple-stripe/assets/js/admin.js?ver=simple-stripe/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

simple_stripe_headerss_flexss_ai_css_jc_css_o_s_ttab_itemsimple_stripe_wraptab_content+2 more

HTML Comments

+3 more

Data Attributes

id="ss_loading"id="ss_loading_bg"id="ss_pop_up_message"id="ss_settings"id="ss_shortcode"for="ss_settings"+17 more

JS Globals

window.simple_stripe_localewindow.simple_stripe_currencywindow.simple_stripe_amountwindow.simple_stripe_namewindow.simple_stripe_descriptionwindow.simple_stripe_pk+10 more

FAQ