Does PostFinance Checkout Subscription have any unpatched vulnerabilities?

No. All known vulnerabilities in PostFinance Checkout Subscription have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is PostFinance Checkout Subscription compatible with WordPress 6.7.5?

According to WordPress.org data, PostFinance Checkout Subscription 1.1.8 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

How often is PostFinance Checkout Subscription updated?

PostFinance Checkout Subscription was last updated on Oct 2, 2025. Frequent updates are generally a positive security signal.

What is PostFinance Checkout Subscription's security score?

PostFinance Checkout Subscription has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

PostFinance Checkout Subscription Security & Risk Analysis

wordpress.org/plugins/wc-postfinance-checkout-subscription

Plugin to process Woocommerce Subscriptions with PostFinance Checkout.

10 active installs v1.1.8 PHP + WP 4.7+ Updated Oct 2, 2025

e-commercepaymentpostfinance-checkoutwoocommercewoocommerce-postfinance-checkout

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is PostFinance Checkout Subscription Safe to Use in 2026?

Generally Safe

Score 100/100

PostFinance Checkout Subscription has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6mo ago

Risk Assessment

The static analysis of "wc-postfinance-checkout-subscription" v1.1.8 reveals a generally strong security posture with no identified vulnerabilities in code signals like dangerous functions, file operations, or external HTTP requests. The plugin also demonstrates good practices by having all identified outputs properly escaped and no detected taint flows. Furthermore, the vulnerability history is clean, with no past CVEs recorded, suggesting a history of secure development or effective patch management by the developers. The absence of any detected critical or high-severity issues in static analysis or vulnerability history contributes to a positive overall assessment.

However, several areas warrant attention and indicate potential weaknesses. The complete absence of nonces, capability checks, and authentication checks on all entry points (AJAX, REST API, shortcodes, cron events) is a significant concern. While the current data shows zero unprotected entry points, this is likely due to the *absence* of these entry points in this specific version. If any such entry points were to be introduced in future versions without proper security measures, it could expose the plugin to significant risks. Additionally, the presence of a single SQL query that does not utilize prepared statements, even if not exploitable in this version, represents a potential SQL injection vulnerability if the input it relies on is not sufficiently sanitized. This suggests a need for developers to be vigilant about secure coding practices regarding database interactions.

In conclusion, the plugin "wc-postfinance-checkout-subscription" v1.1.8 presents a low immediate risk due to its clean vulnerability history and lack of critical static analysis findings. Its strengths lie in its proper output escaping and absence of dangerous functions. However, the lack of built-in security checks like nonces and capability checks on its (currently nonexistent) entry points, along with the use of raw SQL, represent latent risks that require developer awareness and diligent implementation of security best practices in future development.

Key Concerns

SQL queries without prepared statements
Missing nonce checks on all entry points
Missing capability checks on all entry points

Vulnerabilities

None known

PostFinance Checkout Subscription Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

PostFinance Checkout Subscription Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

2 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared1 total queries

Output Escaping

100% escaped2 total outputs

Attack Surface

PostFinance Checkout Subscription Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 40

actionadmin_initincludes\admin\class-wc-postfinancecheckout-subscription-admin.php:66

actionadmin_noticesincludes\admin\class-wc-postfinancecheckout-subscription-admin.php:88

filterwoocommerce_subscription_payment_metaincludes\class-wc-postfinancecheckout-subscription-gateway.php:50

actionwoocommerce_subscription_validate_payment_metaincludes\class-wc-postfinancecheckout-subscription-gateway.php:59

filterwoocommerce_subscriptions_update_payment_via_pay_shortcodeincludes\class-wc-postfinancecheckout-subscription-gateway.php:70

filterwc_postfinancecheckout_gateway_result_send_jsonincludes\class-wc-postfinancecheckout-subscription-gateway.php:195

filterwoocommerce_subscriptions_process_payment_for_change_method_via_pay_shortcodeincludes\class-wc-postfinancecheckout-subscription-gateway.php:217

filterwp_redirectincludes\class-wc-postfinancecheckout-subscription-gateway.php:226

actioninitincludes\class-wc-postfinancecheckout-subscription-migration.php:37

actionwpmu_new_blogincludes\class-wc-postfinancecheckout-subscription-migration.php:45

filterwpmu_drop_tablesincludes\class-wc-postfinancecheckout-subscription-migration.php:52

actionadmin_noticesincludes\class-wc-postfinancecheckout-subscription-migration.php:209

actionplugins_loadedwoocommerce-postfinancecheckout-subscription.php:184

filterwc_postfinancecheckout_enhance_gatewaywoocommerce-postfinancecheckout-subscription.php:217

filterwc_postfinancecheckout_modify_sesion_create_transactionwoocommerce-postfinancecheckout-subscription.php:224

filterwc_postfinancecheckout_modify_session_pending_transactionwoocommerce-postfinancecheckout-subscription.php:231

filterwc_postfinancecheckout_modify_order_create_transactionwoocommerce-postfinancecheckout-subscription.php:238

filterwc_postfinancecheckout_modify_order_pending_transactionwoocommerce-postfinancecheckout-subscription.php:247

filterwc_postfinancecheckout_modify_confirm_transactionwoocommerce-postfinancecheckout-subscription.php:256

filterwc_postfinancecheckout_modify_line_item_orderwoocommerce-postfinancecheckout-subscription.php:266

filterwc_postfinancecheckout_modify_total_to_check_orderwoocommerce-postfinancecheckout-subscription.php:276

actionwc_postfinancecheckout_authorizedwoocommerce-postfinancecheckout-subscription.php:286

actionwc_postfinancecheckout_fulfillwoocommerce-postfinancecheckout-subscription.php:295

filterwoocommerce_valid_order_statuses_for_paymentwoocommerce-postfinancecheckout-subscription.php:304

filterwc_postfinancecheckout_update_transaction_infowoocommerce-postfinancecheckout-subscription.php:313

filterwc_postfinancecheckout_confirmed_statuswoocommerce-postfinancecheckout-subscription.php:322

filterwc_postfinancecheckout_authorized_statuswoocommerce-postfinancecheckout-subscription.php:331

filterwc_postfinancecheckout_completed_statuswoocommerce-postfinancecheckout-subscription.php:340

filterwc_postfinancecheckout_decline_statuswoocommerce-postfinancecheckout-subscription.php:349

filterwc_postfinancecheckout_failed_statuswoocommerce-postfinancecheckout-subscription.php:358

filterwc_postfinancecheckout_voided_statuswoocommerce-postfinancecheckout-subscription.php:367

actionwcs_after_renewal_setup_cart_subscriptionswoocommerce-postfinancecheckout-subscription.php:376

filterwoocommerce_subscriptions_is_failed_renewal_orderwoocommerce-postfinancecheckout-subscription.php:385

filterwcs_before_renewal_setup_cart_subscriptionswoocommerce-postfinancecheckout-subscription.php:396

filterwcs_before_parent_order_setup_cartwoocommerce-postfinancecheckout-subscription.php:405

filterwcs_after_renewal_setup_cart_subscriptionswoocommerce-postfinancecheckout-subscription.php:414

filterwcs_after_parent_order_setup_cartwoocommerce-postfinancecheckout-subscription.php:423

filterwc_postfinancecheckout_is_method_availablewoocommerce-postfinancecheckout-subscription.php:432

filterwc_postfinancecheckout_success_urlwoocommerce-postfinancecheckout-subscription.php:442

filterwc_postfinancecheckout_checkout_failure_urlwoocommerce-postfinancecheckout-subscription.php:451

Maintenance & Trust

PostFinance Checkout Subscription Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedOct 2, 2025

PHP min version

Downloads1K

Community Trust

Rating100/100

Number of ratings1

Active installs10

Alternatives

PostFinance Checkout Subscription Alternatives

Amazon Pay for WooCommerce

woocommerce-gateway-amazon-payments-advanced

100

Install the Amazon Pay plugin for your WooCommerce store and take advantage of a seamless checkout experience

20K 1 CVE

Pix por Piggly (para Woocommerce)

pix-por-piggly

Pix por Piggly v2.1.2

5K No CVEs

Up2pay e-Transactions WooCommerce Payment Gateway

e-transactions-wc

100

This plugin is a Up2pay e-Transactions payment gateway for WooCommerce 4.x

4K No CVEs

Invoice Payment Gateway for WooCommerce

wc-invoice-gateway

The Invoice Payment Gateway for WooCommerce plugin adds an Invoice Payment Gateway feature to the WooCommerce plugin for B2B transactions when instant …

3K No CVEs

Alma – Pay in installments or later for WooCommerce

alma-gateway-for-woocommerce

100

This plugin adds a new payment method to WooCommerce, which allows you to offer monthly payments to your customer using Alma.

1K 1 CVE

Developer Profile

PostFinance Checkout Subscription Developer Profile

wallee

3 plugins · 420 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect PostFinance Checkout Subscription

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wc-postfinance-checkout-subscription/includes/admin/css/wc-postfinancecheckout-subscription-admin.css

/wp-content/plugins/wc-postfinance-checkout-subscription/includes/admin/js/wc-postfinancecheckout-subscription-admin.js/wp-content/plugins/wc-postfinance-checkout-subscription/assets/css/wc-postfinancecheckout-subscription-public.css/wp-content/plugins/wc-postfinance-checkout-subscription/assets/js/wc-postfinancecheckout-subscription-public.js

Script Paths

Version Parameters

wc-postfinancecheckout-subscription/includes/admin/css/wc-postfinancecheckout-subscription-admin.css?ver=wc-postfinancecheckout-subscription/includes/admin/js/wc-postfinancecheckout-subscription-admin.js?ver=wc-postfinancecheckout-subscription/assets/css/wc-postfinancecheckout-subscription-public.css?ver=wc-postfinancecheckout-subscription/assets/js/wc-postfinancecheckout-subscription-public.js?ver=

HTML / DOM Fingerprints

CSS Classes

wc-postfinancecheckout-subscription-admin-wrapper

JS Globals

wc_postfinancecheckout_subscription_params

FAQ