WP-Safety

Subscription & Recurring Payment for WooCommerce Security & Risk Analysis

wordpress.org/plugins/subscription

WPSubscription maximizes recurring revenue on WooCommerce. Set flexible subscriptions and automated billing with support for Stripe, PayPal, and more, …

700 active installs v1.9.3 PHP 7.4+ WP 6.0+ Updated Apr 12, 2026
billingrecurringstripesubscriptionswoocommerce-subscriptions
99
A · Safe
CVEs total1
Unpatched0
Last CVEMar 5, 2026
Plugin page Download
Safety Verdict

Is Subscription & Recurring Payment for WooCommerce Safe to Use in 2026?

Generally Safe

Score 99/100

Subscription & Recurring Payment for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Mar 5, 2026Updated 1mo ago
Risk Assessment

The "subscription" v1.9.3 plugin exhibits a mixed security posture. It demonstrates strong adherence to several good security practices, including the extensive use of prepared statements for SQL queries and proper output escaping for the vast majority of outputs. Furthermore, it has no currently unpatched known vulnerabilities, which is a positive sign. However, significant concerns arise from the static analysis of its attack surface. The presence of three AJAX handlers, with two lacking authentication checks, presents a direct pathway for unauthorized actions. The use of the `unserialize` function is also a notable risk, as it can lead to Remote Code Execution if an attacker can control the serialized data. While no critical or high-severity taint flows were identified, the potential for issues with `unserialize` and the unprotected AJAX endpoints remains.

The vulnerability history shows one medium-severity CVE related to "Authorization Bypass Through User-Controlled Key." Although this vulnerability is patched (indicated by "Currently unpatched: 0"), its past occurrence suggests a potential area of weakness in how the plugin handles user-provided keys or authorization mechanisms. The absence of recent vulnerabilities is encouraging, but the identified historical pattern and the static analysis findings necessitate caution. Overall, the plugin has good foundations in secure coding for database and output handling, but the unprotected entry points and the presence of `unserialize` introduce exploitable risks.

Key Concerns

  • 2 AJAX handlers without auth checks
  • Use of dangerous function unserialize
  • 1 medium severity vulnerability historically
Vulnerabilities
1 published

Subscription & Recurring Payment for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-69347medium · 4.3Authorization Bypass Through User-Controlled Key

Subscription for WooCommerce – WordPress Recurring Payments Plugin <= 1.8.10 - Authenticated (Customer+) Insecure Direct Object Reference

Mar 5, 2026 Patched in 1.8.11 (8d)
Version History

Subscription & Recurring Payment for WooCommerce Release Timeline

v1.9.3Current
v1.9.2
v1.9.1
v1.9.0
v1.8.20
v1.8.19
v1.8.18
v1.8.17
v1.8.16
v1.8.15
v1.8.14
v1.8.13
v1.8.12
v1.8.11
v1.8.101 CVE
CVE-2025-69347
v1.8.91 CVE
CVE-2025-69347
v1.8.81 CVE
CVE-2025-69347
v1.8.71 CVE
CVE-2025-69347
v1.8.61 CVE
CVE-2025-69347
v1.8.51 CVE
CVE-2025-69347
Code Analysis
Analyzed Apr 16, 2026

Subscription & Recurring Payment for WooCommerce Code Analysis

Dangerous Functions
3
Raw SQL Queries
0
30 prepared
Unescaped Output
13
900 escaped
Nonce Checks
8
Capability Checks
4
File Operations
1
External Requests
9
Bundled Libraries
0

Dangerous Functions Found

unserializeupdate_post_meta( $product_meta->post_id, '_subscrpt_meta', unserialize( $product_meta->meta_value )includes/Upgrade.php:35
unserialize$subscription_meta_value = unserialize( $subscription_meta->meta_value );includes/Upgrade.php:58
unserialize$histories_meta = unserialize( $history->meta_value );includes/Upgrade.php:86

SQL Query Safety

100% prepared30 total queries

Output Escaping

99% escaped913 total outputs
Attack Surface
2 unprotected

Subscription & Recurring Payment for WooCommerce Attack Surface

Entry Points3
Unprotected2

AJAX Handlers 3

authwp_ajax_subscrpt_bulk_actionincludes/Admin/Menu.php:18
authwp_ajax_subscrpt_install_woocommerce_pluginincludes/Ajax.php:17
authwp_ajax_subscrpt_activate_woocommerce_pluginincludes/Ajax.php:18
WordPress Hooks 136
actionrest_api_initincludes/API.php:15
actioninitincludes/Admin/Integrations.php:28
actionadmin_menuincludes/Admin/Integrations.php:31
filtersubscrpt_admin_header_menu_itemsincludes/Admin/Integrations.php:34
actionadmin_menuincludes/Admin/Menu.php:16
actionadmin_enqueue_scriptsincludes/Admin/Menu.php:17
actionadd_meta_boxesincludes/Admin/Order.php:23
actionwoocommerce_admin_order_data_after_payment_infoincludes/Admin/Order.php:24
actionadmin_enqueue_scriptsincludes/Admin/Product.php:22
filterwoocommerce_product_data_tabsincludes/Admin/Product.php:23
actionwoocommerce_product_data_panelsincludes/Admin/Product.php:24
filterproduct_type_optionsincludes/Admin/Product.php:25
actionsave_post_productincludes/Admin/Product.php:26
filterwoocommerce_get_price_htmlincludes/Admin/Product.php:27
actionsave_post_productincludes/Admin/Product.php:190
actionadmin_enqueue_scriptsincludes/Admin/Required.php:15
actioninitincludes/Admin/Required.php:16
actionadmin_noticesincludes/Admin/Required.php:31
actionadmin_menuincludes/Admin/Settings.php:25
actionadmin_initincludes/Admin/Settings.php:26
actionadmin_enqueue_scriptsincludes/Admin/Settings.php:27
filterprocess_subscrpt_settings_fieldsincludes/Admin/SettingsHelper.php:39
actionadmin_enqueue_scriptsincludes/Admin/Subscriptions.php:25
filterpost_row_actionsincludes/Admin/Subscriptions.php:26
filtermanage_subscrpt_order_posts_columnsincludes/Admin/Subscriptions.php:27
actionmanage_subscrpt_order_posts_custom_columnincludes/Admin/Subscriptions.php:28
actionadd_meta_boxesincludes/Admin/Subscriptions.php:29
actionadmin_head-post.phpincludes/Admin/Subscriptions.php:30
actionadmin_head-post-new.phpincludes/Admin/Subscriptions.php:31
actionadmin_footer-post.phpincludes/Admin/Subscriptions.php:32
actionadmin_footer-post-new.phpincludes/Admin/Subscriptions.php:33
actionsave_postincludes/Admin/Subscriptions.php:34
filterwoocommerce_order_item_get_formatted_meta_dataincludes/Admin/Subscriptions.php:35
filterbulk_actions-edit-subscrpt_orderincludes/Admin/Subscriptions.php:36
actionrestrict_manage_postsincludes/Admin/Subscriptions.php:37
actionadmin_menuincludes/Admin/Subscriptions.php:38
actionedit_form_after_titleincludes/Admin/Subscriptions.php:39
actionadmin_head-post.phpincludes/Admin/Subscriptions.php:41
actionadmin_enqueue_scriptsincludes/Assets.php:15
actionwp_enqueue_scriptsincludes/Assets.php:17
actionbefore_single_subscrpt_contentincludes/Frontend/ActionController.php:21
filterwoocommerce_add_cart_item_dataincludes/Frontend/Cart.php:21
actionwoocommerce_blocks_loadedincludes/Frontend/Cart.php:22
filterwoocommerce_cart_item_priceincludes/Frontend/Cart.php:23
filterwoocommerce_cart_item_subtotalincludes/Frontend/Cart.php:24
actionwoocommerce_cart_totals_after_order_totalincludes/Frontend/Cart.php:25
actionwoocommerce_review_order_after_order_totalincludes/Frontend/Cart.php:26
filterwoocommerce_add_cart_item_dataincludes/Frontend/Cart.php:27
actionwoocommerce_check_cart_itemsincludes/Frontend/Cart.php:28
filterwoocommerce_get_item_dataincludes/Frontend/Cart.php:29
actionwoocommerce_before_calculate_totalsincludes/Frontend/Cart.php:30
actionwoocommerce_calculate_totalsincludes/Frontend/Cart.php:31
actionwoocommerce_after_calculate_totalsincludes/Frontend/Cart.php:32
filterwoocommerce_add_to_cart_validationincludes/Frontend/Cart.php:33
filterwoocommerce_product_get_priceincludes/Frontend/Cart.php:79
actionwoocommerce_checkout_order_processedincludes/Frontend/Checkout.php:23
actionwoocommerce_store_api_checkout_order_processedincludes/Frontend/Checkout.php:24
actionwoocommerce_checkout_order_processedincludes/Frontend/Checkout.php:26
actionwoocommerce_store_api_checkout_order_processedincludes/Frontend/Checkout.php:27
actionwoocommerce_resume_orderincludes/Frontend/Checkout.php:28
actionwoocommerce_checkout_create_order_line_itemincludes/Frontend/Checkout.php:29
filterwoocommerce_customer_get_downloadable_productsincludes/Frontend/Downloadable.php:14
filterwoocommerce_order_get_downloadable_itemsincludes/Frontend/Downloadable.php:15
actioninitincludes/Frontend/MyAccount.php:43
filterwoocommerce_account_menu_itemsincludes/Frontend/MyAccount.php:46
filterwoocommerce_get_query_varsincludes/Frontend/MyAccount.php:49
actionwp_enqueue_scriptsincludes/Frontend/MyAccount.php:59
actionwoocommerce_order_details_after_order_tableincludes/Frontend/Order.php:15
filterwoocommerce_product_single_add_to_cart_textincludes/Frontend/Product.php:23
filterwoocommerce_product_add_to_cart_textincludes/Frontend/Product.php:32
filterwoocommerce_get_price_htmlincludes/Frontend/Product.php:33
filterwoocommerce_quantity_input_argsincludes/Frontend/Product.php:34
filterwoocommerce_add_to_cartincludes/Frontend/Product.php:35
filterwoocommerce_store_api_product_quantity_minimumincludes/Frontend/Product.php:36
filterwoocommerce_store_api_product_quantity_maximumincludes/Frontend/Product.php:45
actionwoocommerce_after_cart_item_quantity_updateincludes/Frontend/Product.php:54
filterwoocommerce_is_purchasableincludes/Frontend/Product.php:63
actionwoocommerce_single_product_summaryincludes/Frontend/Product.php:64
filterwoocommerce_loop_add_to_cart_linkincludes/Frontend/Product.php:65
actionsubscrpt_subscription_expiredincludes/Illuminate/AutoRenewal.php:16
filtersubscrpt_renewal_item_metaincludes/Illuminate/AutoRenewal.php:17
filtersubscrpt_renewal_product_argsincludes/Illuminate/AutoRenewal.php:18
actionsubscrpt_subscription_expiredincludes/Illuminate/AutoRenewal.php:21
actionsubscrpt_scheduled_grace_endincludes/Illuminate/AutoRenewal.php:22
actionsubscrpt_subscription_activatedincludes/Illuminate/AutoRenewal.php:25
actionwoocommerce_blocks_loadedincludes/Illuminate/Block.php:14
actionwoocommerce_blocks_cart_block_registrationincludes/Illuminate/Block.php:24
actionwoocommerce_blocks_checkout_block_registrationincludes/Illuminate/Block.php:25
actionadmin_initincludes/Illuminate/Comments.php:16
actionsubscrpt_daily_cronincludes/Illuminate/Cron.php:16
actionwoocommerce_email_after_order_tableincludes/Illuminate/Email.php:20
filterwoocommerce_email_classesincludes/Illuminate/Email.php:21
actionsubscrpt_subscription_expiredincludes/Illuminate/Email.php:22
actionsubscrpt_status_changed_admin_emailincludes/Illuminate/Email.php:24
actionsubscrpt_subscription_expired_emailincludes/Illuminate/Email.php:25
actionsubscrpt_status_changed_admin_email_notificationincludes/Illuminate/Emails/StatusChangedAdmin.php:29
actionsubscrpt_subscription_cancelled_email_notificationincludes/Illuminate/Emails/SubscriptionCancelled.php:29
actionsubscrpt_subscription_expired_email_notificationincludes/Illuminate/Emails/SubscriptionExpired.php:30
actionwoocommerce_thankyouincludes/Illuminate/Gateways/Paypal/Paypal.php:107
filterwoocommerce_available_payment_gatewaysincludes/Illuminate/Gateways/Paypal/Paypal.php:110
actionsubscrpt_subscription_expiredincludes/Illuminate/Gateways/Paypal/Paypal.php:116
actionsubscrpt_subscription_cancelled_email_notificationincludes/Illuminate/Gateways/Paypal/Paypal.php:117
actionsubscrpt_after_create_renew_orderincludes/Illuminate/Gateways/Stripe/Stripe.php:37
filtersubscrpt_before_saving_renewal_orderincludes/Illuminate/Gateways/Stripe/Stripe.php:38
filterwc_stripe_payment_metadataincludes/Illuminate/Gateways/Stripe/Stripe.php:40
filterwc_stripe_force_save_payment_methodincludes/Illuminate/Gateways/Stripe/Stripe.php:43
filterwc_stripe_generate_create_intent_requestincludes/Illuminate/Gateways/Stripe/Stripe.php:46
filtersubscrpt_settings_fieldsincludes/Illuminate/GuestCheckout.php:21
actionsubscrpt_register_settingsincludes/Illuminate/GuestCheckout.php:22
actionadmin_noticesincludes/Illuminate/GuestCheckout.php:25
actionwoocommerce_checkout_processincludes/Illuminate/GuestCheckout.php:28
actionwoocommerce_store_api_cart_errorsincludes/Illuminate/GuestCheckout.php:29
actionwoocommerce_checkout_processincludes/Illuminate/GuestCheckout.php:32
filterwoocommerce_store_api_checkout_update_order_from_requestincludes/Illuminate/GuestCheckout.php:33
actionwoocommerce_admin_order_item_headersincludes/Illuminate/Order.php:16
actionwoocommerce_admin_order_item_valuesincludes/Illuminate/Order.php:17
actionwoocommerce_before_order_itemmetaincludes/Illuminate/Order.php:18
actionwoocommerce_order_status_changedincludes/Illuminate/Order.php:19
actionwoocommerce_before_delete_orderincludes/Illuminate/Order.php:20
actionsubscrpt_subscription_activatedincludes/Illuminate/Order.php:21
actionsubscrpt_queue_trial_order_autocompleteincludes/Illuminate/Order.php:23
actioninitincludes/Illuminate/Post.php:14
filterpost_updated_messagesincludes/Illuminate/Post.php:15
actionsubscrpt_subscription_activatedincludes/Illuminate/RoleManagement.php:20
actionsubscrpt_subscription_expiredincludes/Illuminate/RoleManagement.php:22
actionsubscrpt_subscription_cancelledincludes/Illuminate/RoleManagement.php:23
filterwoocommerce_payment_gatewaysincludes/Illuminate.php:76
filterwoocommerce_template_directoryincludes/Traits/Email.php:158
actionplugins_loadedsubscription.php:75
actioninitsubscription.php:194
actioninitsubscription.php:195
actioninitsubscription.php:196
actionbefore_woocommerce_initsubscription.php:199
actioninitsubscription.php:209
actionwoocommerce_blocks_payment_method_type_registrationsubscription.php:305
actionwoocommerce_blocks_loadedsubscription.php:318

Scheduled Events 1

subscrpt_daily_cron
Maintenance & Trust

Subscription & Recurring Payment for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 12, 2026
PHP min version7.4
Downloads18K

Community Trust

Rating98/100
Number of ratings24
Active installs700
Alternatives

Subscription & Recurring Payment for WooCommerce Alternatives

Recurio – Ultimate Subscription for WooCommerce

Recurio – Ultimate Subscription for WooCommerce

recurio

A
100

A powerful and comprehensive WooCommerce subscription management plugin with advanced analytics, automated billing, and customer portal.

900 No CVEs
Subscriptions & Recurring Payments for WooCommerce

Subscriptions & Recurring Payments for WooCommerce

subscriptions-recurring-payments-for-woocommerce

A
85

Let's start customers subscribe to your products or services and pay as weekly, monthly or annual basis.

10 No CVEs
Appalify Subscriptions for WooCommerce

Appalify Subscriptions for WooCommerce

appalify-subscriptions-for-woocommerce

A
100

Create and manage automatic recurring payments for all products. [youtube http://www.youtube.com/watch?v=8VqnLx0Nw-A]

0 No CVEs
Flexi Subscription for WooCommerce

Flexi Subscription for WooCommerce

flexi-wc-subscriptions

A
100

Flexible subscription management for WooCommerce products, enabling recurring billing, subscription plans, and customer subscription control.

0 No CVEs
Subscriptions for WooCommerce

Subscriptions for WooCommerce

subscriptions-for-woocommerce

A
98

With WooCommerce Subscription, turn your physical or online store into a WooCommerce product subscription store and avail recurring revenue.

10K 2 CVEs
Developer Profile

Subscription & Recurring Payment for WooCommerce Developer Profile

Convers Lab

3 plugins · 2K total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
104 days
View full developer profile
Detection Fingerprints

How We Detect Subscription & Recurring Payment for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/subscription/assets/css/admin.css/wp-content/plugins/subscription/assets/css/frontend.css/wp-content/plugins/subscription/assets/js/admin.js/wp-content/plugins/subscription/assets/js/frontend.js
Script Paths
/wp-content/plugins/subscription/assets/js/admin.js/wp-content/plugins/subscription/assets/js/frontend.js
Version Parameters
subscription/assets/css/admin.css?ver=subscription/assets/css/frontend.css?ver=subscription/assets/js/admin.js?ver=subscription/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
wp_subscriptionwpsubscription_adminwpsubscription_frontend
HTML Comments
<!-- Plugin Name: Subscription & Recurring Payment for WooCommerce --><!-- Description: WPSubscription allow WooCommerce to enables recurring payments, subscriptions, and auto-renewals for digital and physical products. Supports Stripe, PayPal, Paddle, and more. --><!-- Version: 1.9.3 --><!-- Author: ConversWP -->+6 more
Data Attributes
data-plugin-name="Subscription & Recurring Payment for WooCommerce"data-plugin-version="1.9.3"
JS Globals
wpSubscriptionAjax
REST Endpoints
/wp-json/subscription/v1/manage-cart/wp-json/subscription/v1/view-subscription/wp-json/subscription/v1/cancel-subscription/wp-json/subscription/v1/renewal-subscription/wp-json/subscription/v1/update-payment/wp-json/subscription/v1/pause-subscription/wp-json/subscription/v1/resume-subscription/wp-json/subscription/v1/update-address/wp-json/subscription/v1/update-shipping/wp-json/subscription/v1/delete-subscription/wp-json/subscription/v1/product-settings/wp-json/subscription/v1/update-cart-quantity/wp-json/subscription/v1/subscription-details/wp-json/subscription/v1/update-billing-details/wp-json/subscription/v1/update-shipping-address
Shortcode Output
[wpsubscription_account][wpsubscription_order_history][wpsubscription_product_details]
FAQ

Frequently Asked Questions about Subscription & Recurring Payment for WooCommerce