WP-Safety

Stitch Express Security & Risk Analysis

wordpress.org/plugins/stitch-express

Stitch Express is the simplest way for your business to get paid securely online with superior customer support at every step.

300 active installs v1.4.1 PHP 8.0+ WP 6.5+ Updated Mar 4, 2026
apple-paycardpaymentssouth-africawoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Stitch Express Safe to Use in 2026?

Generally Safe

Score 100/100

Stitch Express has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The "stitch-express" v1.4.1 plugin demonstrates a generally good security posture, with no known vulnerabilities or critical code signals. The plugin effectively utilizes prepared statements for all SQL queries and boasts a high percentage of properly escaped output, significantly mitigating common web application risks. The absence of dangerous functions, file operations, and recorded vulnerability history further strengthens this positive assessment. However, there are areas that warrant attention. The plugin exposes two REST API routes without permission callbacks, creating a potential attack vector if sensitive functionality is exposed. While the static analysis did not identify specific taint flows, the presence of unprotected entry points suggests that a thorough dynamic analysis would be beneficial to confirm the absence of exploitable vulnerabilities.

Key Concerns

  • REST API routes without permission callbacks
  • AJAX handlers without auth checks
Vulnerabilities
None known

Stitch Express Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Stitch Express Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
2
37 escaped
Nonce Checks
3
Capability Checks
3
File Operations
0
External Requests
1
Bundled Libraries
0

Output Escaping

95% escaped39 total outputs
Attack Surface
2 unprotected

Stitch Express Attack Surface

Entry Points4
Unprotected2

AJAX Handlers 1

authwp_ajax_stitch_express_dismiss_webhook_noticeincludes\stitch-express-gateway.php:29

REST API Routes 2

GET/wp-json/stitch-express/v1/callbackstitch-express.php:183
POST/wp-json/stitch-express/v1/webhookstitch-express.php:193

Shortcodes 1

[stitch_bnpl_widget] includes\stitch-express-product-widget.php:124
WordPress Hooks 12
actionwp_enqueue_scriptsincludes\stitch-express-product-widget.php:132
actionplugins_loadedstitch-express.php:29
actionplugins_loadedstitch-express.php:45
filterwoocommerce_payment_gatewaysstitch-express.php:78
actionadmin_noticesstitch-express.php:86
actionadmin_post_stitch_express_enable_auto_updatesstitch-express.php:87
actionadmin_post_stitch_express_dismiss_auto_update_noticestitch-express.php:88
actionrest_api_initstitch-express.php:181
actionwp_enqueue_scriptsstitch-express.php:412
actionwoocommerce_blocks_loadedstitch-express.php:424
actionwoocommerce_blocks_payment_method_type_registrationstitch-express.php:431
actionbefore_woocommerce_initstitch-express.php:449
Maintenance & Trust

Stitch Express Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedMar 4, 2026
PHP min version8.0
Downloads3K

Community Trust

Rating100/100
Number of ratings1
Active installs300
Alternatives

Stitch Express Alternatives

WooPayments: Integrated WooCommerce Payments

WooPayments: Integrated WooCommerce Payments

woocommerce-payments

A
97

Securely accept credit and debit cards on your WooCommerce store. Manage payments without leaving your WordPress dashboard. Only with WooPayments.

900K 6 CVEs
Nomod for WooCommerce

Nomod for WooCommerce

nomod-for-woocommerce

A
100

Accept major cards, Apple Pay, Google Pay, Mada, Tabby & Tamara on your store. Get same-day payouts, no monthly fees & amazing support!

200 No CVEs
WooCommerce PayPal Payments

WooCommerce PayPal Payments

woocommerce-paypal-payments

A
100

PayPal's latest payment processing solution. Accept PayPal, Pay Later, credit/debit cards, alternative digital wallets and bank accounts.

800K 1 CVE
WooCommerce Stripe Payment Gateway

WooCommerce Stripe Payment Gateway

woocommerce-gateway-stripe

A
98

Accept debit and credit cards in 135+ currencies, many local methods like Alipay, ACH, and SEPA, and express checkout with Apple Pay and Google Pay.

700K 4 CVEs
Mollie Payments for WooCommerce

Mollie Payments for WooCommerce

mollie-payments-for-woocommerce

A
93

Accept all major payment methods in WooCommerce today. Credit cards, iDEAL and more! Fast, safe and intuitive.

100K 4 CVEs
Developer Profile

Stitch Express Developer Profile

stitchexpress

1 plugin · 300 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Stitch Express

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/stitch-express/build/index.css/wp-content/plugins/stitch-express/build/index.js/wp-content/plugins/stitch-express/build/checkout.js
Script Paths
/wp-content/plugins/stitch-express/build/index.js/wp-content/plugins/stitch-express/build/checkout.js
Version Parameters
stitch-express/build/index.css?ver=stitch-express/build/index.js?ver=stitch-express/build/checkout.js?ver=

HTML / DOM Fingerprints

CSS Classes
stitch-express-checkout-formstitch-express-payment-form
HTML Comments
Stitch Express: Failed to initialize product widget -
Data Attributes
data-stitch-express-checkoutdata-stitch-express-payment-form
JS Globals
StitchExpress
REST Endpoints
/wp-json/stitch-express/v1/callback/wp-json/stitch-express/v1/webhook
FAQ

Frequently Asked Questions about Stitch Express