Does Subscriptions for Woo have any unpatched vulnerabilities?

No. All known vulnerabilities in Subscriptions for Woo have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Subscriptions for Woo compatible with WordPress 6.9.4?

According to WordPress.org data, Subscriptions for Woo 2.6 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Subscriptions for Woo compatible with PHP 7.4+?

Subscriptions for Woo requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Subscriptions for Woo updated?

Subscriptions for Woo was last updated on Dec 14, 2025. Frequent updates are generally a positive security signal.

What is Subscriptions for Woo's security score?

Subscriptions for Woo has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Subscriptions for Woo Security & Risk Analysis

wordpress.org/plugins/subscriptions-for-woo

Enjoy recurring PayPal subscription payments leveraging WooCommerce and WooCommerce PayPal Payments

0 active installs v2.6 PHP 7.4+ WP 6.4.3+ Updated Dec 14, 2025

ecommercepaymentspaypalsubscriptionswoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Subscriptions for Woo Safe to Use in 2026?

Generally Safe

Score 100/100

Subscriptions for Woo has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago

Risk Assessment

The plugin "subscriptions-for-woo" v2.6 demonstrates several positive security practices, including the consistent use of prepared statements for SQL queries and a very high percentage of properly escaped output. The plugin also exhibits a strong adherence to nonce and capability checks, which are crucial for preventing common WordPress vulnerabilities. Furthermore, the absence of any known historical CVEs or recorded vulnerability types suggests a generally stable and well-maintained codebase.

However, the static analysis reveals a significant concern regarding its attack surface. Two AJAX handlers are present, and concerningly, both lack authentication checks. This creates direct entry points for unauthenticated attackers. The taint analysis also identified one flow with an unsanitized path, which, while not reaching critical or high severity, still represents a potential risk for code injection or other vulnerabilities if further analysis were to reveal specific exploitable conditions.

In conclusion, while the plugin has robust internal security mechanisms like prepared statements and output escaping, the presence of unprotected AJAX handlers is a notable weakness that could be exploited. The single unsanitized path flow, though not yet high severity, warrants attention. The excellent vulnerability history is a strong positive, but it does not negate the immediate risks identified in the current code analysis.

Key Concerns

AJAX handlers without auth checks
Taint flow with unsanitized path

Vulnerabilities

None known

Subscriptions for Woo Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Subscriptions for Woo Code Analysis

Dangerous Functions

Raw SQL Queries

6 prepared

Unescaped Output

198 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared6 total queries

Output Escaping

99% escaped201 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths

options_page_tab_menu (classes\PPSFWOO\class-ppsfwoo-plugin-main.php:513)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Subscriptions for Woo Attack Surface

Entry Points2

Unprotected2

AJAX Handlers 2

noprivwp_ajax_ppsfwoo_admin_ajax_callbackclasses\PPSFWOO\class-ppsfwoo-plugin-main.php:398

authwp_ajax_ppsfwoo_admin_ajax_callbackclasses\PPSFWOO\class-ppsfwoo-plugin-main.php:400

WordPress Hooks 35

filterwoocommerce_order_get_subtotalclasses\PPSFWOO\class-ppsfwoo-order.php:55

actionwp_enqueue_scriptsclasses\PPSFWOO\class-ppsfwoo-plugin-main.php:402

actionadmin_initclasses\PPSFWOO\class-ppsfwoo-plugin-main.php:404

actionadmin_initclasses\PPSFWOO\class-ppsfwoo-plugin-main.php:406

actionadmin_initclasses\PPSFWOO\class-ppsfwoo-plugin-main.php:408

actionppsfwoo_cron_resubscribe_webhooksclasses\PPSFWOO\class-ppsfwoo-plugin-main.php:410

actionadmin_menuclasses\PPSFWOO\class-ppsfwoo-plugin-main.php:412

actionadmin_enqueue_scriptsclasses\PPSFWOO\class-ppsfwoo-plugin-main.php:414

actionedit_user_profileclasses\PPSFWOO\class-ppsfwoo-plugin-main.php:416

actionrest_api_initclasses\PPSFWOO\class-ppsfwoo-plugin-main.php:418

actionbefore_woocommerce_initclasses\PPSFWOO\class-ppsfwoo-plugin-main.php:420

actionppsfwoo_options_page_tab_menuclasses\PPSFWOO\class-ppsfwoo-plugin-main.php:422

actionppsfwoo_options_page_tab_contentclasses\PPSFWOO\class-ppsfwoo-plugin-main.php:424

actionppsfwoo_after_options_pageclasses\PPSFWOO\class-ppsfwoo-plugin-main.php:426

actionwoocommerce_order_item_meta_endclasses\PPSFWOO\class-ppsfwoo-plugin-main.php:428

filterplugin_row_metaclasses\PPSFWOO\class-ppsfwoo-plugin-main.php:438

filterwp_new_user_notification_emailclasses\PPSFWOO\class-ppsfwoo-plugin-main.php:440

filterwoocommerce_get_order_item_totalsclasses\PPSFWOO\class-ppsfwoo-plugin-main.php:442

filterwoocommerce_email_recipient_customer_processing_orderclasses\PPSFWOO\class-ppsfwoo-plugin-main.php:444

actionwc_ajax_ppc-webhooks-resubscribeclasses\PPSFWOO\class-ppsfwoo-plugin-main.php:665

actionupdate_option_woocommerce-ppcp-settingsclasses\PPSFWOO\class-ppsfwoo-plugin-main.php:667

actionadd_option_ppcp-webhookclasses\PPSFWOO\class-ppsfwoo-plugin-main.php:670

actionadmin_noticesclasses\PPSFWOO\class-ppsfwoo-plugin-main.php:718

actionwoocommerce_product_meta_startclasses\PPSFWOO\class-ppsfwoo-product.php:427

actionadmin_headclasses\PPSFWOO\class-ppsfwoo-product.php:429

actionwoocommerce_admin_order_data_after_order_detailsclasses\PPSFWOO\class-ppsfwoo-product.php:431

actionwoocommerce_product_data_panelsclasses\PPSFWOO\class-ppsfwoo-product.php:433

actionadmin_footerclasses\PPSFWOO\class-ppsfwoo-product.php:437

actionwoocommerce_product_data_store_cpt_get_products_queryclasses\PPSFWOO\class-ppsfwoo-product.php:439

filterwoocommerce_get_price_htmlclasses\PPSFWOO\class-ppsfwoo-product.php:447

filterproduct_type_selectorclasses\PPSFWOO\class-ppsfwoo-product.php:449

filterwoocommerce_product_data_tabsclasses\PPSFWOO\class-ppsfwoo-product.php:451

actionupgrader_process_completesubscriptions-for-woo.php:39

actionppsfwoo_refresh_planssubscriptions-for-woo.php:41

actionplugins_loadedsubscriptions-for-woo.php:43

Scheduled Events 1

ppsfwoo_cron_resubscribe_webhooks

Maintenance & Trust

Subscriptions for Woo Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 14, 2025

PHP min version7.4

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Subscriptions for Woo Alternatives

WooCommerce PayPal Payments

woocommerce-paypal-payments

100

PayPal's latest payment processing solution. Accept PayPal, Pay Later, credit/debit cards, alternative digital wallets and bank accounts.

800K 1 CVE

Advanced PayPal Payments for WooCommerce

wc-advanced-paypal-payments

This plugin is developed by an official PayPal partner and verified by PayPal, providing a secure and reliable payment solution.

70 No CVEs

ReordeRe Lite – Subscriptions For WooCommerce

reordere-lite-subcriptions-for-woocommerce

100

WooCommerce Subscriptions made simple! ReordeRe Lite enables product subscriptions & recurring payments via PayPal & Stripe. Easy setup!

0 No CVEs

Mollie Payments for WooCommerce

mollie-payments-for-woocommerce

Accept all major payment methods in WooCommerce today. Credit cards, iDEAL and more! Fast, safe and intuitive.

100K 4 CVEs

SureCart – Ecommerce Made Easy For Selling Physical Products, Digital Downloads, Subscriptions, Donations, & Payments

surecart

Make ecommerce easy with a simple to use, all-in-one platform, that anyone can set up in just a few minutes!

90K 2 CVEs

Developer Profile

Subscriptions for Woo Developer Profile

Mark Nokes

2 plugins · 300 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Subscriptions for Woo

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/subscriptions-for-woo/js/paypal-button.min.js

Script Paths

https://www.paypal.com/sdk/js?client-id=https://www.sandbox.paypal.com/sdk/js?client-id=

Version Parameters

subscriptions-for-woo/js/paypal-button.min.js?ver=

HTML / DOM Fingerprints

JS Globals

ppsfwoo_paypal_ajax_var

FAQ