WP-Safety

Subscription Manager for Stripe Security & Risk Analysis

wordpress.org/plugins/subscription-manager-for-stripe

The only WordPress subscription plugin with 0% transaction fees, usage-based billing, and full Stripe-native integration. Built for SaaS founders and …

0 active installs v2.2.3 PHP 8.0+ WP 6.0+ Updated Apr 7, 2026
membershiprecurring-paymentsstripesubscriptionswoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Subscription Manager for Stripe Safe to Use in 2026?

Generally Safe

Score 100/100

Subscription Manager for Stripe has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The 'subscription-manager-for-stripe' plugin v2.2.3 exhibits a generally strong security posture based on the provided static analysis. The plugin demonstrates excellent adherence to secure coding practices, with 100% of SQL queries using prepared statements and all detected output being properly escaped. The absence of dangerous functions, file operations, and critical or high severity taint analysis flows are significant strengths. The plugin also appears to have a robust approach to authentication and authorization, with a high number of nonce and capability checks relative to its entry points.

However, a notable concern lies within the REST API routes. While there are two routes in total, one of them lacks a proper permission callback, creating a potential access control vulnerability. This unprotected entry point is the primary risk identified in the static analysis. The plugin's vulnerability history is currently clean, with no recorded CVEs, which is a positive indicator. This suggests a history of secure development or effective patching if vulnerabilities have existed.

In conclusion, the plugin is well-developed with strong foundations in secure coding. The presence of a single unprotected REST API route is the most significant weakness and requires immediate attention. The lack of any historical vulnerabilities is reassuring, but the identified unprotected entry point warrants a cautious approach until it is addressed.

Key Concerns

  • REST API route without permission callback
Vulnerabilities
None known

Subscription Manager for Stripe Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Subscription Manager for Stripe Release Timeline

v2.2.3Current
v2.2.2
v2.2.0
Code Analysis
Analyzed Apr 16, 2026

Subscription Manager for Stripe Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
27 prepared
Unescaped Output
1
379 escaped
Nonce Checks
11
Capability Checks
10
File Operations
0
External Requests
2
Bundled Libraries
2

Bundled Libraries

Freemius1.0Stripe PHP

SQL Query Safety

100% prepared27 total queries

Output Escaping

100% escaped380 total outputs
Attack Surface
1 unprotected

Subscription Manager for Stripe Attack Surface

Entry Points7
Unprotected1

AJAX Handlers 4

authwp_ajax_strp_sub_create_checkout_sessionincludes/class-strp-sub-checkout-handler.php:34
noprivwp_ajax_strp_sub_create_checkout_sessionincludes/class-strp-sub-checkout-handler.php:36
authwp_ajax_strp_sub_cancel_subscriptionincludes/class-strp-sub-customer-portal.php:39
authwp_ajax_strp_sub_dismiss_upgrade_bannerincludes/class-strp-sub-settings.php:46

REST API Routes 2

GET/wp-json/stripe-sub/v1/oauth/callbackincludes/class-stripe-sub-oauth.php:182
POST/wp-json/stripe-sub/v1/webhookincludes/class-strp-sub-webhook-handler.php:209

Shortcodes 1

[strp_sub_subscribe_button] includes/class-strp-sub-product-handler.php:41
WordPress Hooks 41
actionadmin_noticesincludes/class-stripe-sub-freemius.php:93
actionadmin_noticesincludes/class-stripe-sub-freemius.php:97
actionafter_uninstallincludes/class-stripe-sub-freemius.php:123
actionrest_api_initincludes/class-stripe-sub-oauth.php:84
actionadmin_post_strp_sub_oauth_connectincludes/class-stripe-sub-oauth.php:85
actionadmin_post_strp_sub_oauth_disconnectincludes/class-stripe-sub-oauth.php:86
actiontemplate_redirectincludes/class-strp-sub-checkout-handler.php:39
actionwp_enqueue_scriptsincludes/class-strp-sub-checkout-handler.php:42
filterwoocommerce_account_menu_itemsincludes/class-strp-sub-customer-portal.php:34
actioninitincludes/class-strp-sub-customer-portal.php:35
actionwoocommerce_account_subscriptions_endpointincludes/class-strp-sub-customer-portal.php:36
actionadmin_post_strp_sub_open_billing_portalincludes/class-strp-sub-customer-portal.php:42
actionadd_meta_boxesincludes/class-strp-sub-product-handler.php:34
actionsave_postincludes/class-strp-sub-product-handler.php:35
actionwoocommerce_after_add_to_cart_buttonincludes/class-strp-sub-product-handler.php:38
actionadmin_initincludes/class-strp-sub-settings.php:44
actionadmin_enqueue_scriptsincludes/class-strp-sub-settings.php:45
actionadmin_noticesincludes/class-strp-sub-stripe-api.php:226
actionwoocommerce_order_status_completedincludes/class-strp-sub-subscription-manager.php:34
actionwoocommerce_order_status_processingincludes/class-strp-sub-subscription-manager.php:35
actionstrp_sub_send_subscription_welcome_emailincludes/class-strp-sub-wc-email-classes.php:127
actionstrp_sub_send_renewal_emailincludes/class-strp-sub-wc-email-classes.php:249
actionstrp_sub_send_trial_converted_emailincludes/class-strp-sub-wc-email-classes.php:354
actionstrp_sub_send_payment_failed_emailincludes/class-strp-sub-wc-email-classes.php:476
actionstrp_sub_send_fraud_block_emailincludes/class-strp-sub-wc-email-classes.php:604
actionstrp_sub_send_lifetime_upgrade_emailincludes/class-strp-sub-wc-email-lifetime.php:56
filterwoocommerce_email_classesincludes/class-strp-sub-wc-emails.php:36
actionrest_api_initincludes/class-strp-sub-webhook-handler.php:33
actionstrp_sub_send_async_emailincludes/class-strp-sub-webhook-handler.php:36
actionstrp_sub_cleanup_processed_sessionsincludes/class-strp-sub-webhook-handler.php:39
actionbefore_woocommerce_initstripe-sub-manager.php:44
actionadmin_noticesstripe-sub-manager.php:123
actionplugins_loadedstripe-sub-manager.php:269
actionadmin_initstripe-sub-manager.php:270
actionadmin_initstripe-sub-manager.php:271
actionwp_enqueue_scriptsstripe-sub-manager.php:272
actionadmin_enqueue_scriptsstripe-sub-manager.php:273
actionadmin_noticesstripe-sub-manager.php:368
actionadmin_noticesstripe-sub-manager.php:402
filterstrp_sub_plugin_namestripe-sub-manager.php:414
actionstrp_sub_cleanup_unverified_accountsstripe-sub-manager.php:453

Scheduled Events 2

strp_sub_cleanup_processed_sessions
strp_sub_cleanup_unverified_accounts
Maintenance & Trust

Subscription Manager for Stripe Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 7, 2026
PHP min version8.0
Downloads143

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Subscription Manager for Stripe Alternatives

Memberful – Membership Plugin

Memberful – Membership Plugin

memberful-wp

A
97

Sell memberships and restrict access to content with WordPress and Memberful.

1K 3 CVEs
CashFlow Subscriptions

CashFlow Subscriptions

cashflow-subscriptions

A
100

Simple, modern Stripe subscriptions for WordPress. Create paywalls, manage members, and restrict content without WooCommerce or heavy plugins.

10 No CVEs
WE Subscription

WE Subscription

we-subscription

A
100

Sell your simple and variable products with recurring payments without bloat.

0 No CVEs
Pay with Vipps and MobilePay for WooCommerce

Pay with Vipps and MobilePay for WooCommerce

woo-vipps

A
100

Official Vipps MobilePay payment plugin for WooCommerce.

5K 1 CVE
Recurio – Ultimate Subscription for WooCommerce

Recurio – Ultimate Subscription for WooCommerce

recurio

A
100

A powerful and comprehensive WooCommerce subscription management plugin with advanced analytics, automated billing, and customer portal.

900 No CVEs
Developer Profile

Subscription Manager for Stripe Developer Profile

Profinto

1 plugin · 0 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Subscription Manager for Stripe

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/subscription-manager-for-stripe/assets/css/admin-style.css/wp-content/plugins/subscription-manager-for-stripe/assets/css/frontend-style.css/wp-content/plugins/subscription-manager-for-stripe/assets/js/checkout.js/wp-content/plugins/subscription-manager-for-stripe/assets/js/stripe-checkout.js/wp-content/plugins/subscription-manager-for-stripe/assets/js/admin.js
Script Paths
/wp-content/plugins/subscription-manager-for-stripe/assets/js/checkout.js/wp-content/plugins/subscription-manager-for-stripe/assets/js/stripe-checkout.js/wp-content/plugins/subscription-manager-for-stripe/assets/js/admin.js
Version Parameters
subscription-manager-for-stripe/assets/css/admin-style.css?ver=subscription-manager-for-stripe/assets/css/frontend-style.css?ver=subscription-manager-for-stripe/assets/js/checkout.js?ver=subscription-manager-for-stripe/assets/js/stripe-checkout.js?ver=subscription-manager-for-stripe/assets/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
strp-sub-form
Data Attributes
data-plugin-version
JS Globals
strp_sub_fs
FAQ

Frequently Asked Questions about Subscription Manager for Stripe