WP-Safety

Accept Stripe Payments Security & Risk Analysis

wordpress.org/plugins/stripe-payments

Easily accept payments on your WordPress site via Stripe payment gateway.

20K active installs v2.0.96 PHP 7.4+ WP 6.0+ Updated Dec 1, 2025
paymentpaymentsstripestripe-gatewaystripe-payments
97
A · Safe
CVEs total5
Unpatched0
Last CVEAug 6, 2024
Plugin page Download
Safety Verdict

Is Accept Stripe Payments Safe to Use in 2026?

Generally Safe

Score 97/100

Accept Stripe Payments has a strong security track record. Known vulnerabilities have been patched promptly.

5 known CVEsLast CVE: Aug 6, 2024Updated 4mo ago
Risk Assessment

The "stripe-payments" plugin v2.0.96 exhibits a mixed security posture. While it has a relatively low number of total entry points and no currently unpatched CVEs, significant concerns arise from its static analysis. A substantial portion of its AJAX handlers (19 out of 27) lack proper authentication checks, creating a large attack surface for unauthorized actions. Furthermore, the presence of raw SQL queries without prepared statements is a notable risk for potential SQL injection vulnerabilities. Although taint analysis did not reveal critical or high-severity flows, and output escaping appears to be largely adequate, the combination of unprotected AJAX endpoints and raw SQL is concerning.

The plugin's vulnerability history shows a pattern of medium-severity issues, including injection and authorization bypass. The fact that there are no currently unpatched CVEs is positive, suggesting that the developers address reported vulnerabilities promptly. However, the recurring nature of these vulnerability types, especially injection and authorization bypass, combined with the static analysis findings, indicates potential for new vulnerabilities if security practices are not rigorously maintained. The overall assessment suggests a plugin that is actively maintained but requires careful attention to its authorization mechanisms and data sanitization, particularly for its AJAX endpoints.

Key Concerns

  • Unprotected AJAX handlers
  • Raw SQL queries without prepared statements
  • Medium severity vulnerability history
  • Flows with unsanitized paths
Vulnerabilities
5

Accept Stripe Payments Security Vulnerabilities

CVEs by Year

1 CVE in 2021
2021
1 CVE in 2022
2022
2 CVEs in 2023
2023
1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
5

5 total CVEs

CVE-2024-7353medium · 5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Accept Stripe Payments <= 2.0.86 - Authenticated (Contributor+) Stored Cross-Site Scripting via accept_stripe_payment_ng Shortcode

Aug 6, 2024 Patched in 2.0.87 (1d)
CVE-2023-48285medium · 5.3Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Accept Stripe Payments <= 2.0.79 - Unauthenticated Content Injection

Nov 23, 2023 Patched in 2.0.80 (61d)
CVE-2023-48286medium · 5.3Authorization Bypass Through User-Controlled Key

Accept Stripe Payments <= 2.0.79 - Insecure Direct Object Reference

Nov 23, 2023 Patched in 2.0.80 (61d)
CVE-2022-2194medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Accept Stripe Payments <= 2.0.63 - Authenticated Stored Cross-Site Scripting

Jun 27, 2022 Patched in 2.0.64 (575d)
WF-edecb27b-ff11-4186-b8a8-41a85e3e2023-stripe-paymentsmedium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Accept Stripe Payments < 2.0.40 - Authenticated Stored Cross-Site Scripting

Jan 5, 2021 Patched in 2.0.40 (1113d)
Code Analysis
Analyzed Mar 16, 2026

Accept Stripe Payments Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
0 prepared
Unescaped Output
121
686 escaped
Nonce Checks
11
Capability Checks
7
File Operations
6
External Requests
5
Bundled Libraries
1

Bundled Libraries

TinyMCE

SQL Query Safety

0% prepared1 total queries

Output Escaping

85% escaped807 total outputs
Data Flows
5 unsanitized

Data Flow Analysis

6 flows5 with unsanitized paths
handle_confirm_pi (includes\class-asp-pp-ajax.php:69)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
19 unprotected

Accept Stripe Payments Attack Surface

Entry Points37
Unprotected19

AJAX Handlers 27

authwp_ajax_asp_tinymce_get_settingsadmin\class-asp-admin.php:58
authwp_ajax_asp_clear_logadmin\class-asp-admin.php:228
authwp_ajax_asp_feedback_notice_dismissadmin\includes\class-asp-admin-user-feedback.php:23
authwp_ajax_asp_check_couponadmin\includes\class-coupons.php:12
noprivwp_ajax_asp_check_couponadmin\includes\class-coupons.php:13
authwp_ajax_asp_order_capture_confirmadmin\includes\class-order.php:80
authwp_ajax_asp_order_capture_canceladmin\includes\class-order.php:81
authwp_ajax_asp_pp_create_piincludes\class-asp-pp-ajax.php:25
noprivwp_ajax_asp_pp_create_piincludes\class-asp-pp-ajax.php:26
authwp_ajax_asp_pp_confirm_piincludes\class-asp-pp-ajax.php:28
noprivwp_ajax_asp_pp_confirm_piincludes\class-asp-pp-ajax.php:29
authwp_ajax_asp_3ds_resultincludes\class-asp-pp-ajax.php:31
noprivwp_ajax_asp_3ds_resultincludes\class-asp-pp-ajax.php:32
authwp_ajax_asp_pp_save_form_dataincludes\class-asp-pp-ajax.php:34
noprivwp_ajax_asp_pp_save_form_dataincludes\class-asp-pp-ajax.php:35
authwp_ajax_asp_pp_payment_errorincludes\class-asp-pp-ajax.php:37
noprivwp_ajax_asp_pp_payment_errorincludes\class-asp-pp-ajax.php:38
authwp_ajax_asp_pp_check_couponincludes\class-asp-pp-ajax.php:40
noprivwp_ajax_asp_pp_check_couponincludes\class-asp-pp-ajax.php:41
authwp_ajax_asp_next_action_resultsincludes\class-asp-process-ipn-ng.php:30
noprivwp_ajax_asp_next_action_resultsincludes\class-asp-process-ipn-ng.php:31
authwp_ajax_asp_eprecaptcha_checkincludes\eprecaptcha\asp-eprecaptcha-main.php:25
noprivwp_ajax_asp_eprecaptcha_checkincludes\eprecaptcha\asp-eprecaptcha-main.php:26
authwp_ajax_asp_hcaptcha_checkincludes\hcaptcha\asp-hcaptcha-main.php:23
noprivwp_ajax_asp_hcaptcha_checkincludes\hcaptcha\asp-hcaptcha-main.php:24
authwp_ajax_asp_recaptcha_checkincludes\recaptcha\asp-recaptcha-main.php:23
noprivwp_ajax_asp_recaptcha_checkincludes\recaptcha\asp-recaptcha-main.php:24

Shortcodes 10

[asp_swpm_purchase_history] includes\integrations\class-asp-swpm-integrations.php:18
[asp_product] includes\shortcodes\class-asp-shortcode-ng.php:31
[asp_product_ng] includes\shortcodes\class-asp-shortcode-ng.php:32
[accept_stripe_payment] includes\shortcodes\class-asp-shortcode-ng.php:35
[accept_stripe_payment_ng] includes\shortcodes\class-asp-shortcode-ng.php:36
[asp_show_all_products] includes\shortcodes\class-shortcode-asp.php:34
[accept_stripe_payment_checkout] includes\shortcodes\class-shortcode-asp.php:35
[accept_stripe_payment_checkout_error] includes\shortcodes\class-shortcode-asp.php:36
[asp_show_my_transactions] includes\shortcodes\class-shortcode-asp.php:37
[asp_available_quantity] includes\shortcodes\class-shortcode-asp.php:38
WordPress Hooks 120
actionplugins_loadedaccept-stripe-payments.php:68
actionplugins_loadedaccept-stripe-payments.php:71
actioninitaccept-stripe-payments.php:78
actioninitaccept-stripe-payments.php:82
actioninitaccept-stripe-payments.php:84
actioninitaccept-stripe-payments.php:86
actioninitaccept-stripe-payments.php:87
actionadmin_menuadmin\class-asp-admin.php:43
actionadmin_enqueue_scriptsadmin\class-asp-admin.php:46
actionadmin_print_scriptsadmin\class-asp-admin.php:49
actionadmin_initadmin\class-asp-admin.php:51
actionadmin_noticesadmin\class-asp-admin.php:53
actioninitadmin\class-asp-admin.php:56
actioncurrent_screenadmin\class-asp-admin.php:57
actionadmin_noticesadmin\class-asp-admin.php:243
actionadmin_enqueue_scriptsadmin\class-asp-admin.php:311
filtermce_external_pluginsadmin\class-asp-admin.php:356
filtermce_buttonsadmin\class-asp-admin.php:357
actionadmin_initadmin\class-asp-admin.php:463
filterwp_default_editoradmin\class-asp-admin.php:1633
actionadd_meta_boxes_stripe_orderadmin\includes\class-asp-admin-order-meta-boxes.php:5
actionadmin_footeradmin\includes\class-asp-admin-product-meta-boxes.php:15
filterpost_updated_messagesadmin\includes\class-asp-admin-products.php:87
actionadmin_noticesadmin\includes\class-asp-admin-user-feedback.php:22
actioninitadmin\includes\class-coupons.php:8
actionadmin_menuadmin\includes\class-coupons.php:10
filterpre_get_postsadmin\includes\class-order.php:29
filterviews_edit-stripe_orderadmin\includes\class-order.php:30
filtermanage_stripe_order_posts_columnsadmin\includes\class-order.php:74
actionmanage_stripe_order_posts_custom_columnadmin\includes\class-order.php:75
actioninitadmin\views\blocks.php:6
actioninitincludes\class-asp-addons-helper.php:35
actionadmin_noticesincludes\class-asp-addons-helper.php:91
filterplugin_action_linksincludes\class-asp-addons-helper.php:98
actioninitincludes\class-asp-pp-ajax.php:20
actioninitincludes\class-asp-pp-display.php:23
actionwpincludes\class-asp-pp-display.php:25
filterpre_handle_404includes\class-asp-pp-display.php:28
actionasp_ng_pp_output_before_closing_bodyincludes\class-asp-pp-display.php:643
actionasp_ng_process_ipn_payment_data_item_overrideincludes\class-asp-process-ipn-ng.php:25
actionwp_loadedincludes\class-asp-process-ipn-ng.php:26
actionasp_ng_product_mode_keysincludes\class-asp-self-hooks-handler.php:9
actionplugins_loadedincludes\class-asp-self-hooks-handler.php:11
filterasp_ng_before_pi_create_updateincludes\class-asp-self-hooks-handler.php:13
filterasp_ng_available_currenciesincludes\class-asp-self-hooks-handler.php:15
actionasp_ng_before_token_requestincludes\class-asp-self-hooks-handler.php:17
actionasp_ng_before_token_requestincludes\class-asp-self-hooks-handler.php:18
actionasp_ng_before_token_requestincludes\class-asp-self-hooks-handler.php:20
filterasp_ng_pp_data_readyincludes\class-asp-self-hooks-handler.php:22
actionasp_stripe_payment_completedincludes\class-asp-self-hooks-handler.php:24
actionasp_stripe_payment_completedincludes\class-asp-self-hooks-handler.php:31
actionasp_ng_payment_completedincludes\class-asp-self-hooks-handler.php:36
filterasp_ng_before_customer_create_updateincludes\class-asp-self-hooks-handler.php:340
filterasp_ng_sub_confirm_token_customer_optsincludes\class-asp-self-hooks-handler.php:342
actionasp_send_scheduled_emailincludes\class-asp.php:84
actioninitincludes\class-asp.php:121
actionplugins_loadedincludes\class-asp.php:123
filtersafe_style_cssincludes\class-asp.php:126
actionwpmu_new_blogincludes\class-asp.php:145
actionwp_enqueue_scriptsincludes\class-asp.php:149
actionafter_switch_themeincludes\class-asp.php:150
actionwp_print_footer_scriptsincludes\class-asp.php:165
actionadmin_initincludes\eprecaptcha\admin\asp-eprecaptcha-admin-menu.php:12
filterasp-admin-settings-addon-field-displayincludes\eprecaptcha\admin\asp-eprecaptcha-admin-menu.php:13
filterapm-admin-settings-sanitize-fieldincludes\eprecaptcha\admin\asp-eprecaptcha-admin-menu.php:14
actionplugins_loadedincludes\eprecaptcha\asp-eprecaptcha-main.php:10
actionasp_ng_before_token_requestincludes\eprecaptcha\asp-eprecaptcha-main.php:34
actionasp_ng_before_payment_processingincludes\eprecaptcha\asp-eprecaptcha-main.php:35
actionasp_ng_do_additional_captcha_response_checkincludes\eprecaptcha\asp-eprecaptcha-main.php:36
filterasp-button-output-data-readyincludes\eprecaptcha\asp-eprecaptcha-main.php:39
filterasp-button-output-additional-stylesincludes\eprecaptcha\asp-eprecaptcha-main.php:40
actionasp-button-output-register-scriptincludes\eprecaptcha\asp-eprecaptcha-main.php:41
actionasp-button-output-enqueue-scriptincludes\eprecaptcha\asp-eprecaptcha-main.php:42
filterasp-button-output-after-buttonincludes\eprecaptcha\asp-eprecaptcha-main.php:43
filterasp_before_payment_processingincludes\eprecaptcha\asp-eprecaptcha-main.php:44
filterasp_ng_pp_data_readyincludes\eprecaptcha\asp-eprecaptcha-main.php:46
filterasp_ng_pp_output_before_buttonsincludes\eprecaptcha\asp-eprecaptcha-main.php:47
actionasp_ng_pp_output_add_scriptsincludes\eprecaptcha\asp-eprecaptcha-main.php:48
filterasp_ng_button_output_after_buttonincludes\eprecaptcha\asp-eprecaptcha-main.php:49
actionadmin_initincludes\hcaptcha\admin\asp-hcaptcha-admin-menu.php:12
filterasp-admin-settings-addon-field-displayincludes\hcaptcha\admin\asp-hcaptcha-admin-menu.php:13
filterasp_admin_settings_sanitize_field_endincludes\hcaptcha\admin\asp-hcaptcha-admin-menu.php:14
actionplugins_loadedincludes\hcaptcha\asp-hcaptcha-main.php:10
actionasp_ng_before_token_requestincludes\hcaptcha\asp-hcaptcha-main.php:32
actionasp_ng_before_payment_processingincludes\hcaptcha\asp-hcaptcha-main.php:33
actionasp_ng_do_additional_captcha_response_checkincludes\hcaptcha\asp-hcaptcha-main.php:34
filterasp_ng_pp_data_readyincludes\hcaptcha\asp-hcaptcha-main.php:37
filterasp_ng_pp_output_before_buttonsincludes\hcaptcha\asp-hcaptcha-main.php:38
actionasp_ng_pp_output_add_scriptsincludes\hcaptcha\asp-hcaptcha-main.php:39
filterasp_ng_button_output_after_buttonincludes\hcaptcha\asp-hcaptcha-main.php:40
actionplugins_loadedincludes\integrations\class-asp-swpm-integrations.php:6
actioninitincludes\integrations\class-asp-swpm-integrations.php:7
actionasp_stripe_payment_completedincludes\integrations\class-asp-swpm-integrations.php:12
actionasp_stripe_payment_completedincludes\integrations\class-asp-swpm-integrations.php:13
actioninitincludes\process_ipn.php:14
actionadmin_initincludes\recaptcha\admin\asp-recaptcha-admin-menu.php:22
filterasp-admin-settings-addon-field-displayincludes\recaptcha\admin\asp-recaptcha-admin-menu.php:23
filterapm-admin-settings-sanitize-fieldincludes\recaptcha\admin\asp-recaptcha-admin-menu.php:24
actionplugins_loadedincludes\recaptcha\asp-recaptcha-main.php:10
actionasp_ng_before_token_requestincludes\recaptcha\asp-recaptcha-main.php:32
actionasp_ng_before_payment_processingincludes\recaptcha\asp-recaptcha-main.php:33
actionasp_ng_do_additional_captcha_response_checkincludes\recaptcha\asp-recaptcha-main.php:34
filterasp-button-output-data-readyincludes\recaptcha\asp-recaptcha-main.php:37
filterasp-button-output-additional-stylesincludes\recaptcha\asp-recaptcha-main.php:38
actionasp-button-output-register-scriptincludes\recaptcha\asp-recaptcha-main.php:39
actionasp-button-output-enqueue-scriptincludes\recaptcha\asp-recaptcha-main.php:40
filterasp-button-output-after-buttonincludes\recaptcha\asp-recaptcha-main.php:41
filterasp_before_payment_processingincludes\recaptcha\asp-recaptcha-main.php:42
filterasp_ng_pp_data_readyincludes\recaptcha\asp-recaptcha-main.php:44
filterasp_ng_pp_output_before_buttonsincludes\recaptcha\asp-recaptcha-main.php:45
actionasp_ng_pp_output_add_scriptsincludes\recaptcha\asp-recaptcha-main.php:46
filterasp_ng_button_output_after_buttonincludes\recaptcha\asp-recaptcha-main.php:47
actionwp_enqueue_scriptsincludes\shortcodes\class-asp-shortcode-ng.php:25
filterthe_contentincludes\shortcodes\class-asp-shortcode-ng.php:38
filterthe_contentincludes\shortcodes\class-asp-shortcode-ng.php:335
actionwp_enqueue_scriptsincludes\shortcodes\class-shortcode-asp.php:28
filterwidget_textincludes\shortcodes\class-shortcode-asp.php:40
filterasp_button_output_after_buttonincludes\shortcodes\class-shortcode-asp.php:143
filterasp_button_output_after_buttonincludes\shortcodes\class-shortcode-asp.php:191
filterposts_orderbyincludes\shortcodes\class-shortcode-asp.php:664

Scheduled Events 1

asp_send_scheduled_email
Maintenance & Trust

Accept Stripe Payments Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 1, 2025
PHP min version7.4
Downloads2.0M

Community Trust

Rating82/100
Number of ratings113
Active installs20K
Alternatives

Accept Stripe Payments Alternatives

Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions

Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions

wp-full-stripe-free

A
92

🚀 Create Stripe payment forms for WordPress. Accept credit cards, Apple Pay, donations, subscriptions & more. Easy setup, no coding needed!

10K 5 CVEs
Stripe Payment Forms by WP Simple Pay – Accept Credit Card Payments + Subscriptions with Stripe

Stripe Payment Forms by WP Simple Pay – Accept Credit Card Payments + Subscriptions with Stripe

stripe

A
100

🤩 Accept Stripe payments and recurring subscriptions on your WordPress using WP Simple Pay, the best Stripe payments plugin! 🚀

9K No CVEs
GetPaid Stripe Payments

GetPaid Stripe Payments

getpaid-stripe-payments

A
100

Stripe Payments for WordPress made easy. Accept credit cards on your WordPress site using the Stripe payments add-on for GetPaid.

2K No CVEs
WPFormify – Stripe Payments with Form and Checkout

WPFormify – Stripe Payments with Form and Checkout

wpformify

A
100

In a few simple steps you can start accepting credit card payments with Stripe Checkout on your WordPress site.

10 No CVEs
Payment Gateway of Stripe for WooCommerce

Payment Gateway of Stripe for WooCommerce

payment-gateway-stripe-and-woocommerce-integration

A
96

Integrate Stripe Payment Gateway in WooCommerce and accept cards, Google Pay, Apple Pay, Klarna, Alipay, and more with seamless, secure checkout.

9K 4 CVEs
Developer Profile

Accept Stripe Payments Developer Profile

mra13

15 plugins · 210K total installs

76
trust score
Avg Security Score
95/100
Avg Patch Time
629 days
View full developer profile
Detection Fingerprints

How We Detect Accept Stripe Payments

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/stripe-payments/admin/assets/css/admin.css/wp-content/plugins/stripe-payments/admin/assets/js/admin.js/wp-content/plugins/stripe-payments/admin/assets/js/edit-product.js/wp-content/plugins/stripe-payments/admin/assets/js/orders.js/wp-content/plugins/stripe-payments/admin/assets/js/settings.js/wp-content/plugins/stripe-payments/includes/assets/css/frontend.css/wp-content/plugins/stripe-payments/includes/assets/js/frontend.js
Script Paths
/wp-content/plugins/stripe-payments/admin/assets/js/admin.js/wp-content/plugins/stripe-payments/admin/assets/js/edit-product.js/wp-content/plugins/stripe-payments/admin/assets/js/orders.js/wp-content/plugins/stripe-payments/admin/assets/js/settings.js/wp-content/plugins/stripe-payments/includes/assets/js/frontend.js
Version Parameters
stripe-payments/admin/assets/css/admin.css?ver=stripe-payments/admin/assets/js/admin.js?ver=stripe-payments/admin/assets/js/edit-product.js?ver=stripe-payments/admin/assets/js/orders.js?ver=stripe-payments/admin/assets/js/settings.js?ver=stripe-payments/includes/assets/css/frontend.css?ver=stripe-payments/includes/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
asp-buttonasp-stripe-payment-buttonasp-product-details
HTML Comments
<!-- Start of ASP payment button --><!-- End of ASP payment button -->
Data Attributes
data-asp-product-iddata-asp-amountdata-asp-currency
JS Globals
AcceptStripePaymentsASP_ConfigaspOrdersVars
REST Endpoints
/wp-json/stripe-payments/v1/payment-intent/wp-json/stripe-payments/v1/webhook
Shortcode Output
[asp_payment_button]
FAQ

Frequently Asked Questions about Accept Stripe Payments