WP-Safety

Stripe Payment Forms by WP Simple Pay – Accept Credit Card Payments + Subscriptions with Stripe Security & Risk Analysis

wordpress.org/plugins/stripe

🤩 Accept Stripe payments and recurring subscriptions on your WordPress using WP Simple Pay, the best Stripe payments plugin! 🚀

9K active installs v4.16.1 PHP 7.2+ WP 5.9+ Updated Dec 1, 2025
credit-card-paymentsstripestripe-checkoutstripe-gatewaystripe-payments
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Stripe Payment Forms by WP Simple Pay – Accept Credit Card Payments + Subscriptions with Stripe Safe to Use in 2026?

Generally Safe

Score 100/100

Stripe Payment Forms by WP Simple Pay – Accept Credit Card Payments + Subscriptions with Stripe has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago
Risk Assessment

The "stripe" v4.16.1 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices in avoiding dangerous functions and a high percentage of SQL queries utilizing prepared statements, along with robust output escaping. The lack of any recorded vulnerabilities in its history is a significant strength, suggesting a history of careful development and maintenance.

However, the plugin presents several areas of concern. A substantial portion of its attack surface, specifically 10 out of 16 entry points, lacks proper authentication or permission checks. This includes 1 unprotected AJAX handler and all 9 REST API routes lacking permission callbacks. While the taint analysis did not reveal critical or high severity unsanitized paths, the presence of 9 flows with unsanitized paths is a potential risk that warrants attention. The plugin also performs a significant number of file operations and external HTTP requests, which can introduce risks if not handled securely.

Overall, the plugin's clean vulnerability history is encouraging, but the identified lack of authentication on multiple entry points is a notable weakness that could be exploited. Developers should prioritize addressing these unprotected endpoints to strengthen the plugin's security.

Key Concerns

  • Unprotected AJAX handlers
  • Unprotected REST API routes
  • Flows with unsanitized paths (9)
  • File operations (10)
  • External HTTP requests (21)
Vulnerabilities
None known

Stripe Payment Forms by WP Simple Pay – Accept Credit Card Payments + Subscriptions with Stripe Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Stripe Payment Forms by WP Simple Pay – Accept Credit Card Payments + Subscriptions with Stripe Code Analysis

Dangerous Functions
0
Raw SQL Queries
18
53 prepared
Unescaped Output
112
1518 escaped
Nonce Checks
22
Capability Checks
52
File Operations
10
External Requests
21
Bundled Libraries
0

SQL Query Safety

75% prepared71 total queries

Output Escaping

93% escaped1630 total outputs
Data Flows
9 unsanitized

Data Flow Analysis

18 flows9 with unsanitized paths
maybe_redirect_back (src\PaymentPage\PaymentPageOutput.php:223)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
10 unprotected

Stripe Payment Forms by WP Simple Pay – Accept Credit Card Payments + Subscriptions with Stripe Attack Surface

Entry Points16
Unprotected10

AJAX Handlers 3

authwp_ajax_simpay_dismiss_admin_noticeincludes\core\admin\class-notice-manager.php:70
authwp_ajax_simpay_smtp_page_check_plugin_statusincludes\core\class-smtp.php:116
authwp_ajax_simpay_validate_recaptcha_sourceincludes\core\recaptcha\index.php:286

REST API Routes 9

GET/wp-json/wpsp/__internal__report/dashboard-widgetsrc\RestApi\Internal\Report\DashboardWidgetReport.php:67
GET/wp-json/wpsp/__internal__report/gross-volume-period-over-periodsrc\RestApi\Internal\Report\GrossVolumePeriodOverPeriodReport.php:50
GET/wp-json/wpsp/__internal__report/latest-paymentssrc\RestApi\Internal\Report\LatestPaymentsReport.php:47
GET/wp-json/wpsp/__internal__report/payment-infosrc\RestApi\Internal\Report\PaymentInfoReport.php:47
GET/wp-json/wpsp/__internal__report/successful-payments-period-over-periodsrc\RestApi\Internal\Report\SuccessfulPaymentsPeriodOverPeriodReport.php:50
GET/wp-json/wpsp/__internal__report/todaysrc\RestApi\Internal\Report\TodayReport.php:75
GET/wp-json/wpsp/__internal__send/subscriptionssrc\RestApi\Internal\SubscriptionsManagement\SendSubscriptions.php:75
GET/wp-json/wpsp/__internal__notificationssrc\RestApi\__UnstableNotifications.php:64
GET/wp-json/wpsp/__internal__notifications/(?P<id>\d+)src\RestApi\__UnstableNotifications.php:97

Shortcodes 4

[simpay] includes\core\class-shortcodes.php:42
[simpay_payment_receipt] includes\core\class-shortcodes.php:43
[simpay_error] includes\core\class-shortcodes.php:46
[simpay_preview] includes\core\class-shortcodes.php:47
WordPress Hooks 160
actionadmin_enqueue_scriptsincludes\core\admin\class-assets.php:46
actionadmin_enqueue_scriptsincludes\core\admin\class-assets.php:47
actionadmin_enqueue_scriptsincludes\core\admin\class-assets.php:50
actionin_admin_footerincludes\core\admin\class-menus.php:50
filteradmin_footer_textincludes\core\admin\class-menus.php:53
actionadmin_noticesincludes\core\admin\class-notice-manager.php:69
actionadmin_initincludes\core\admin\class-notice-manager.php:72
actionadmin_noticesincludes\core\bootstrap\compatibility.php:98
actionwp_enqueue_scriptsincludes\core\class-assets.php:64
actionwp_enqueue_scriptsincludes\core\class-assets.php:65
actionwp_footerincludes\core\class-assets.php:67
actioninitincludes\core\class-cache-helper.php:26
actionrest_api_initincludes\core\class-rest-api.php:31
actioninitincludes\core\class-shortcodes.php:34
filtersimpay_payment_confirmation_contentincludes\core\class-shortcodes.php:305
actionsimpay_register_settings_subsectionsincludes\core\class-smtp.php:99
actionsimpay_register_settingsincludes\core\class-smtp.php:104
actionsimpay_admin_page_settings_emails_endincludes\core\class-smtp.php:110
actionadmin_initincludes\core\class-smtp.php:127
actionadmin_enqueue_scriptsincludes\core\class-smtp.php:132
filtersimpay_admin_page_settings_emails_submitincludes\core\class-smtp.php:390
actionwp_footerincludes\core\forms\class-default-form.php:74
actionmedia_buttonsincludes\core\functions\admin.php:60
actionadmin_footerincludes\core\functions\admin.php:124
actionwp_headincludes\core\functions\template.php:28
filtersimpay_payment_confirmation_template_tag_receiptincludes\core\payments\payment-confirmation-template-tags.php:457
filtersimpay_payment_confirmation_template_tag_customer-nameincludes\core\payments\payment-confirmation-template-tags.php:483
filtersimpay_payment_confirmation_template_tag_customer-emailincludes\core\payments\payment-confirmation-template-tags.php:508
filtersimpay_payment_confirmation_template_tag_customer-urlincludes\core\payments\payment-confirmation-template-tags.php:544
filtersimpay_payment_confirmation_template_tag_payment-urlincludes\core\payments\payment-confirmation-template-tags.php:582
filtersimpay_payment_confirmation_template_tag_card-brandincludes\core\payments\payment-confirmation-template-tags.php:631
filtersimpay_payment_confirmation_template_tag_card-last4includes\core\payments\payment-confirmation-template-tags.php:695
filtersimpay_payment_confirmation_template_tag_charge-idincludes\core\payments\payment-confirmation-template-tags.php:722
filtersimpay_payment_confirmation_template_tag_charge-dateincludes\core\payments\payment-confirmation-template-tags.php:774
filtersimpay_payment_confirmation_template_tag_total-amountincludes\core\payments\payment-confirmation-template-tags.php:813
filtersimpay_payment_confirmation_template_tag_company-nameincludes\core\payments\payment-confirmation-template-tags.php:834
filtersimpay_payment_confirmation_template_tag_form-titleincludes\core\payments\payment-confirmation-template-tags.php:835
filtersimpay_payment_confirmation_template_tag_item-descriptionincludes\core\payments\payment-confirmation-template-tags.php:862
filtersimpay_payment_confirmation_template_tag_form-descriptionincludes\core\payments\payment-confirmation-template-tags.php:863
filtersimpay_payment_confirmation_template_tag_payment-typeincludes\core\payments\payment-confirmation-template-tags.php:896
filtersimpay_payment_confirmation_template_tag_subtotal-amountincludes\core\payments\payment-confirmation-template-tags.php:945
filtersimpay_payment_confirmation_template_tag_recurring-amountincludes\core\payments\payment-confirmation-template-tags.php:1144
filtersimpay_payment_confirmation_template_tag_next-invoice-dateincludes\core\payments\payment-confirmation-template-tags.php:1184
actionsave_post_simple-payincludes\core\post-types\simple-pay\actions.php:252
actionsimpay_save_form_settingsincludes\core\post-types\simple-pay\actions.php:836
filterredirect_post_locationincludes\core\post-types\simple-pay\actions.php:867
filterwp_insert_post_empty_contentincludes\core\post-types\simple-pay\actions.php:896
actionadmin_initincludes\core\post-types\simple-pay\actions.php:948
actionsimpay_save_form_settingsincludes\core\post-types\simple-pay\actions.php:1031
actionadmin_page_access_deniedincludes\core\post-types\simple-pay\compat.php:96
actionsimpay_form_settings_automations_panelincludes\core\post-types\simple-pay\edit-form-automations.php:162
actionsimpay_form_settings_confirmation_panelincludes\core\post-types\simple-pay\edit-form-confirmation.php:195
actionsimpay_form_settings_confirmation_panelincludes\core\post-types\simple-pay\edit-form-confirmation.php:340
actionsimpay_form_settings_confirmation_panelincludes\core\post-types\simple-pay\edit-form-confirmation.php:558
filtersimpay_custom_field_group_labelsincludes\core\post-types\simple-pay\edit-form-custom-fields.php:345
filtersimpay_custom_field_optionsincludes\core\post-types\simple-pay\edit-form-custom-fields.php:354
actionsimpay_form_settings_meta_form_display_panelincludes\core\post-types\simple-pay\edit-form-custom-fields.php:518
actionsimpay_form_settings_meta_payment_options_panelincludes\core\post-types\simple-pay\edit-form-payment-options\class-price-fields.php:42
actionsimpay_form_settings_meta_payment_options_panelincludes\core\post-types\simple-pay\edit-form-payment-options.php:58
actionsimpay_form_settings_meta_payment_options_panelincludes\core\post-types\simple-pay\edit-form-payment-options.php:179
actionsimpay_form_settings_meta_payment_options_panelincludes\core\post-types\simple-pay\edit-form-payment-options.php:684
actionsimpay_form_settings_meta_payment_options_panelincludes\core\post-types\simple-pay\edit-form-payment-options.php:784
actionsimpay_form_settings_meta_payment_options_panelincludes\core\post-types\simple-pay\edit-form-payment-options.php:866
actionsimpay_form_settings_payment_page_panelincludes\core\post-types\simple-pay\edit-form-payment-page.php:146
actionsimpay_form_settings_purchase_restrictions_panelincludes\core\post-types\simple-pay\edit-form-purchase-restrictions.php:549
actionsimpay_form_settings_meta_stripe_checkout_panelincludes\core\post-types\simple-pay\edit-form-stripe-checkout.php:387
actionpost_submitbox_minor_actionsincludes\core\post-types\simple-pay\edit-form.php:60
actionpost_submitbox_misc_actionsincludes\core\post-types\simple-pay\edit-form.php:116
filterredirect_post_locationincludes\core\post-types\simple-pay\edit-form.php:142
actionadd_meta_boxesincludes\core\post-types\simple-pay\edit-form.php:175
actionsimpay_form_settings_display_options_panelincludes\core\post-types\simple-pay\edit-form.php:901
actionsimpay_admin_after_form_display_options_rowsincludes\core\post-types\simple-pay\edit-form.php:1005
filterbulk_actions-edit-simple-payincludes\core\post-types\simple-pay\list-table.php:33
filterthe_titleincludes\core\post-types\simple-pay\list-table.php:70
filterpost_row_actionsincludes\core\post-types\simple-pay\list-table.php:145
filtermanage_edit-simple-pay_columnsincludes\core\post-types\simple-pay\list-table.php:165
filtermanage_edit-simple-pay_columnsincludes\core\post-types\simple-pay\list-table.php:185
actionmanage_simple-pay_posts_custom_columnincludes\core\post-types\simple-pay\list-table.php:212
actionmanage_simple-pay_posts_custom_columnincludes\core\post-types\simple-pay\list-table.php:243
filterposts_joinincludes\core\post-types\simple-pay\list-table.php:279
filterposts_whereincludes\core\post-types\simple-pay\list-table.php:322
filterpre_get_postsincludes\core\post-types\simple-pay\list-table.php:356
actionadmin_menuincludes\core\post-types\simple-pay\menu.php:56
actionadmin_menuincludes\core\post-types\simple-pay\menu.php:76
actioninitincludes\core\post-types\simple-pay\meta.php:155
actioninitincludes\core\post-types\simple-pay\register.php:114
actionrest_api_initincludes\core\post-types\simple-pay\register.php:150
filterpost_type_linkincludes\core\post-types\simple-pay\register.php:179
filterpreview_post_linkincludes\core\post-types\simple-pay\register.php:204
filterpost_updated_messagesincludes\core\post-types\simple-pay\register.php:277
filterbulk_post_updated_messagesincludes\core\post-types\simple-pay\register.php:319
actionadd_meta_boxesincludes\core\post-types\simple-pay\register.php:355
actionsimpay_form_before_form_bottomincludes\core\recaptcha\index.php:113
actionadmin_initincludes\core\recaptcha\index.php:373
filtersimpay_update_settingsincludes\core\recaptcha\index.php:403
actionsimpay_register_settings_subsectionsincludes\core\recaptcha\settings.php:47
actionsimpay_register_settingsincludes\core\recaptcha\settings.php:325
filternonce_lifeincludes\core\rest-api\class-controller.php:317
actionadmin_initincludes\core\settings\compat.php:60
actionsimpay_register_settings_subsectionsincludes\core\settings\compat.php:103
actionsimpay_register_settingsincludes\core\settings\compat.php:200
filteroption_simpay_settings_keysincludes\core\settings\compat.php:287
actionadmin_enqueue_scriptsincludes\core\settings\display.php:290
actionsimpay_register_settings_subsectionsincludes\core\settings\emails\register-summary-report.php:42
actionsimpay_register_settingsincludes\core\settings\emails\register-summary-report.php:144
filterwpforms_display_media_buttonincludes\core\settings\register-emails.php:33
actionmedia_buttonsincludes\core\settings\register-emails.php:34
filtermce_cssincludes\core\settings\register-emails.php:39
filtertiny_mce_before_initincludes\core\settings\register-emails.php:53
actionsimpay_admin_page_settings_emails_startincludes\core\settings\register-emails.php:69
actionsimpay_admin_page_settings_display_startincludes\core\settings\register-emails.php:70
actionsimpay_form_settings_confirmation_panelincludes\core\settings\register-emails.php:71
actionsimpay_register_settings_sectionsincludes\core\settings\register-emails.php:95
actionsimpay_register_settings_subsectionsincludes\core\settings\register-emails.php:121
actionsimpay_register_settingsincludes\core\settings\register-emails.php:285
actionsimpay_admin_page_settings_emails_beforeincludes\core\settings\register-emails.php:548
filtersimpay_update_settingsincludes\core\settings\register-emails.php:573
actionsimpay_register_settings_sectionsincludes\core\settings\register-general.php:38
actionsimpay_register_settings_subsectionsincludes\core\settings\register-general.php:72
actionsimpay_register_settingsincludes\core\settings\register-general.php:85
actionsimpay_register_settings_sectionsincludes\core\settings\register-payment-confirmations.php:46
actionsimpay_register_settings_subsectionsincludes\core\settings\register-payment-confirmations.php:103
actionsimpay_register_settingsincludes\core\settings\register-payment-confirmations.php:117
actionsimpay_register_settings_sectionsincludes\core\settings\register-stripe.php:41
actionsimpay_register_settings_subsectionsincludes\core\settings\register-stripe.php:79
actionsimpay_register_settingsincludes\core\settings\register-stripe.php:92
actionsimpay_register_collectionsincludes\core\settings\register.php:47
actionsimpay_register_collectionsincludes\core\settings\register.php:74
actionsimpay_register_collectionsincludes\core\settings\register.php:98
actionadmin_initincludes\core\settings\register.php:172
filterrest_pre_get_settingincludes\core\settings\register.php:251
actionadmin_initincludes\core\settings\register.php:281
actionrest_api_initincludes\core\settings\register.php:282
filterpre_update_option_simpay_settingsincludes\core\settings\register.php:306
actionplugins_loadedincludes\core\utils\class-rate-limiting.php:63
actioninitincludes\core\utils\class-rate-limiting.php:66
actionsimpay_cleanup_rate_limiting_logincludes\core\utils\class-rate-limiting.php:69
filtersimpay_has_exceeded_rate_limitincludes\core\utils\class-rate-limiting.php:79
actioninitincludes\core\utils\collections.php:37
actionadmin_initincludes\core\utils\migrations\admin.php:45
actionsimpay_register_collectionsincludes\core\utils\migrations\register.php:59
filteroption_simpay_settings_keysincludes\core\utils\migrations\routines\class-options-flattening.php:44
filtersimpay_admin_page_settings_keys_submitsrc\Admin\Education\InstantPayouts.php:95
filtersimpay_admin_page_settings_customers_submitsrc\Admin\Education\PluginCustomersSettings.php:101
filtersimpay_admin_page_settings_general_submitsrc\Admin\Education\PluginTaxesSettings.php:79
filterregister_post_type_argssrc\Admin\FormBuilder\TemplateExplorer.php:271
filterplugin_auto_update_debug_stringsrc\Admin\SiteHealth\SiteHealthDebugInformation.php:71
filternonce_lifesrc\AntiSpam\EmailVerification.php:498
filternonce_lifesrc\AntiSpam\EmailVerification.php:617
filtersimpay_payment_confirmation_template_tag_refund-amountsrc\Emails\Email\PaymentRefundedConfirmationEmail.php:114
filtersimpay_payment_confirmation_template_tag_refund-datesrc\Emails\Email\PaymentRefundedConfirmationEmail.php:121
filtersimpay_emails_autopsrc\Emails\EmailSubscriber.php:561
filtersimpay_emails_autopsrc\Emails\EmailSubscriber.php:578
filterwp_mail_fromsrc\Emails\Mailer.php:340
filterwp_mail_from_namesrc\Emails\Mailer.php:341
filterwp_mail_content_typesrc\Emails\Mailer.php:342
filtersimpay_admin_page_settings_general_submitsrc\License\LicenseSettingSubscriber.php:82
filtersimpay_admin_page_settings_general_submitsrc\License\LicenseSettingSubscriber.php:118
actioninitsrc\Plugin.php:70
filtersimpay_admin_page_settings_display_submitviews\admin-education-plugin-cancelled-payment-confirmation.php:21

Scheduled Events 1

simpay_cleanup_rate_limiting_log
Maintenance & Trust

Stripe Payment Forms by WP Simple Pay – Accept Credit Card Payments + Subscriptions with Stripe Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedDec 1, 2025
PHP min version7.2
Downloads833K

Community Trust

Rating88/100
Number of ratings116
Active installs9K
Alternatives

Stripe Payment Forms by WP Simple Pay – Accept Credit Card Payments + Subscriptions with Stripe Alternatives

Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions

Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions

wp-full-stripe-free

A
92

🚀 Create Stripe payment forms for WordPress. Accept credit cards, Apple Pay, donations, subscriptions & more. Easy setup, no coding needed!

10K 5 CVEs
WPFormify – Stripe Payments with Form and Checkout

WPFormify – Stripe Payments with Form and Checkout

wpformify

A
100

In a few simple steps you can start accepting credit card payments with Stripe Checkout on your WordPress site.

10 No CVEs
Accept Stripe Payments

Accept Stripe Payments

stripe-payments

A
97

Easily accept payments on your WordPress site via Stripe payment gateway.

20K 5 CVEs
Payment Gateway of Stripe for WooCommerce

Payment Gateway of Stripe for WooCommerce

payment-gateway-stripe-and-woocommerce-integration

A
96

Integrate Stripe Payment Gateway in WooCommerce and accept cards, Google Pay, Apple Pay, Klarna, Alipay, and more with seamless, secure checkout.

9K 4 CVEs
GetPaid Stripe Payments

GetPaid Stripe Payments

getpaid-stripe-payments

A
100

Stripe Payments for WordPress made easy. Accept credit cards on your WordPress site using the Stripe payments add-on for GetPaid.

2K No CVEs
Developer Profile

Stripe Payment Forms by WP Simple Pay – Accept Credit Card Payments + Subscriptions with Stripe Developer Profile

Syed Balkhi

94 plugins · 23.5M total installs

73
trust score
Avg Security Score
91/100
Avg Patch Time
795 days
View full developer profile
Detection Fingerprints

How We Detect Stripe Payment Forms by WP Simple Pay – Accept Credit Card Payments + Subscriptions with Stripe

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/stripe/includes/core/assets/css/simpay-admin-all-pages.min.css/wp-content/plugins/stripe/includes/core/assets/js/dist/simpay-admin-notices.js/wp-content/plugins/stripe/includes/core/assets/js/vendor/chosen.jquery.min.js/wp-content/plugins/stripe/includes/core/assets/js/vendor/accounting.min.js/wp-content/plugins/stripe/includes/core/assets/js/dist/simpay-public-shared.js/wp-content/plugins/stripe/includes/core/assets/js/dist/simpay-admin.js/wp-content/plugins/stripe/includes/core/assets/css/vendor/chosen/chosen.min.css/wp-content/plugins/stripe/includes/core/assets/css/simpay-admin.min.css
Script Paths
/wp-content/plugins/stripe/includes/core/assets/js/dist/simpay-admin-notices.js/wp-content/plugins/stripe/includes/core/assets/js/vendor/chosen.jquery.min.js/wp-content/plugins/stripe/includes/core/assets/js/vendor/accounting.min.js/wp-content/plugins/stripe/includes/core/assets/js/dist/simpay-public-shared.js/wp-content/plugins/stripe/includes/core/assets/js/dist/simpay-admin.js
Version Parameters
/wp-content/plugins/stripe/includes/core/assets/css/simpay-admin-all-pages.min.css?ver=/wp-content/plugins/stripe/includes/core/assets/js/dist/simpay-admin-notices.js?ver=/wp-content/plugins/stripe/includes/core/assets/js/vendor/chosen.jquery.min.js?ver=/wp-content/plugins/stripe/includes/core/assets/js/vendor/accounting.min.js?ver=/wp-content/plugins/stripe/includes/core/assets/js/dist/simpay-public-shared.js?ver=/wp-content/plugins/stripe/includes/core/assets/js/dist/simpay-admin.js?ver=/wp-content/plugins/stripe/includes/core/assets/css/vendor/chosen/chosen.min.css?ver=/wp-content/plugins/stripe/includes/core/assets/css/simpay-admin.min.css?ver=

HTML / DOM Fingerprints

CSS Classes
simpay-admin-notices
Data Attributes
data-nonce
JS Globals
simpayAdminsimpayPublic
FAQ

Frequently Asked Questions about Stripe Payment Forms by WP Simple Pay – Accept Credit Card Payments + Subscriptions with Stripe