Does WE Subscription have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is WE Subscription compatible with WordPress 6.9.4?

According to WordPress.org data, WE Subscription 1.0.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is WE Subscription compatible with PHP 7.4+?

WE Subscription requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WE Subscription updated?

WE Subscription was last updated on Feb 27, 2026. Frequent updates are generally a positive security signal.

What is WE Subscription's security score?

WE Subscription has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WE Subscription Security & Risk Analysis

wordpress.org/plugins/we-subscription

Sell your simple and variable products with recurring payments without bloat.

0 active installs v1.0.0 PHP 7.4+ WP 5.5+ Updated Feb 27, 2026

recurring-paymentsstripesubscriptionsubscriptionswoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WE Subscription Safe to Use in 2026?

Generally Safe

Score 100/100

WE Subscription has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago

Risk Assessment

The "we-subscription" v1.0.0 plugin exhibits a generally positive security posture due to its limited attack surface and strong adherence to output escaping best practices. The static analysis indicates a minimal number of entry points, with no identified unprotected AJAX handlers or REST API routes. The high percentage of properly escaped outputs (96%) is a significant strength, reducing the risk of common cross-site scripting vulnerabilities. Furthermore, the absence of any recorded CVEs, common vulnerability types, or recent vulnerabilities suggests a history of stable and secure development.

However, there are areas that warrant attention. The primary concern lies in the handling of SQL queries. All three identified SQL queries are not using prepared statements, posing a potential risk for SQL injection vulnerabilities, especially if any of these queries incorporate user-supplied input. While no critical or high severity taint flows were detected, the lack of prepared statements is a foundational security flaw that could be exploited in combination with other factors. The presence of nonce checks and capability checks on most entry points is good, but the exact implementation and context of these checks would require deeper review to confirm their effectiveness.

In conclusion, the plugin's strengths lie in its minimal attack surface and excellent output escaping. The vulnerability history is a significant positive. The main weakness is the unmitigated risk of SQL injection due to the absence of prepared statements for all SQL queries. Addressing this specific issue would greatly enhance the plugin's security.

Key Concerns

SQL queries not using prepared statements

Vulnerabilities

None known

WE Subscription Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

WE Subscription Release Timeline

v1.0.0Current

Code Analysis

Analyzed Mar 17, 2026

WE Subscription Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

200 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared3 total queries

Output Escaping

96% escaped209 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

2 flows

<class-wesub-product-settings> (includes\admin\class-wesub-product-settings.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

WE Subscription Attack Surface

Entry Points1

Unprotected0

AJAX Handlers 1

authwp_ajax_wesub_handle_setting_form_submissionincludes\admin\class-wesub-settings.php:41

WordPress Hooks 56

filterwc_stripe_force_save_sourcegateways\woocommerce-gateway-stripe\class-wesub-woocommerce-gateway-stripe.php:39

filterwc_stripe_display_save_payment_method_checkboxgateways\woocommerce-gateway-stripe\class-wesub-woocommerce-gateway-stripe.php:40

filterwc_stripe_generate_create_intent_requestgateways\woocommerce-gateway-stripe\class-wesub-woocommerce-gateway-stripe.php:41

actionwesub_do_renewal_payment_stripegateways\woocommerce-gateway-stripe\class-wesub-woocommerce-gateway-stripe.php:43

actionwesub_do_renewal_payment_stripe_sepa_debitgateways\woocommerce-gateway-stripe\class-wesub-woocommerce-gateway-stripe.php:44

actionwc_stripe_save_sourcegateways\woocommerce-gateway-stripe\class-wesub-woocommerce-gateway-stripe.php:47

actionwoocommerce_payment_completegateways\woocommerce-gateway-stripe\class-wesub-woocommerce-gateway-stripe.php:48

actionwoocommerce_stripe_add_payment_methodgateways\woocommerce-gateway-stripe\class-wesub-woocommerce-gateway-stripe.php:51

actionproduct_type_optionsincludes\admin\class-wesub-product-settings.php:39

actionwoocommerce_product_options_general_product_dataincludes\admin\class-wesub-product-settings.php:40

actionsave_postincludes\admin\class-wesub-product-settings.php:41

actionwoocommerce_variation_optionsincludes\admin\class-wesub-product-settings.php:44

actionwoocommerce_variation_options_pricingincludes\admin\class-wesub-product-settings.php:45

actionwoocommerce_save_product_variationincludes\admin\class-wesub-product-settings.php:46

actionadmin_menuincludes\admin\class-wesub-settings.php:39

actionadmin_enqueue_scriptsincludes\admin\class-wesub-settings.php:44

actionadmin_enqueue_scriptsincludes\class-wesub-autoloader.php:31

actionwp_enqueue_scriptsincludes\class-wesub-autoloader.php:32

actionwoocommerce_initincludes\class-wesub-autoloader.php:34

filterwoocommerce_email_classesincludes\class-wesub-autoloader.php:42

actioninitincludes\class-wesub-autoloader.php:45

filterwoocommerce_get_price_htmlincludes\class-wesub-handle-pricing.php:31

filterwoocommerce_variable_price_htmlincludes\class-wesub-handle-pricing.php:32

filterwoocommerce_cart_item_priceincludes\class-wesub-handle-pricing.php:33

actionwoocommerce_before_calculate_totalsincludes\class-wesub-handle-pricing.php:34

actionwoocommerce_review_order_after_order_totalincludes\class-wesub-handle-pricing.php:35

filterwoocommerce_get_item_dataincludes\class-wesub-handle-pricing.php:37

actiontemplate_redirectincludes\class-wesub-handle-pricing.php:38

filterrender_block_woocommerce/checkout-order-summary-blockincludes\class-wesub-handle-pricing.php:182

actionwoocommerce_checkout_order_processedincludes\wesub-handle-subscription.php:17

actionwoocommerce_store_api_checkout_order_processedincludes\wesub-handle-subscription.php:18

actionwoocommerce_order_status_changedincludes\wesub-handle-subscription.php:19

actionwoocommerce_cart_calculate_feesincludes\wesub-handle-subscription.php:20

filterwoocommerce_account_menu_itemsincludes\wesub-handle-subscription.php:22

actioninitincludes\wesub-handle-subscription.php:23

actionafter_switch_themeincludes\wesub-handle-subscription.php:24

actionwoocommerce_account_my-subscriptions_endpointincludes\wesub-handle-subscription.php:25

actionwoocommerce_account_view-subscription_endpointincludes\wesub-handle-subscription.php:26

actioninitincludes\wesub-handle-subscription.php:28

filterwoocommerce_available_payment_gatewaysincludes\wesub-handle-subscription.php:30

filterwoocommerce_is_sold_individuallyincludes\wesub-handle-subscription.php:31

filterwoocommerce_add_to_cart_validationincludes\wesub-handle-subscription.php:32

filterwoocommerce_product_single_add_to_cart_textincludes\wesub-handle-subscription.php:34

filterwoocommerce_product_add_to_cart_textincludes\wesub-handle-subscription.php:35

filterwoocommerce_order_button_textincludes\wesub-handle-subscription.php:36

filtermanage_woocommerce_page_wc-orders_columnsincludes\wesub-handle-subscription.php:38

actionmanage_woocommerce_page_wc-orders_custom_columnincludes\wesub-handle-subscription.php:39

filtermanage_edit-shop_order_columnsincludes\wesub-handle-subscription.php:40

actionmanage_shop_order_posts_custom_columnincludes\wesub-handle-subscription.php:41

actioninitincludes\wesub-order-type.php:68

actioninitincludes\wesub-scheduled-actions.php:13

actionwesub_do_pending_renewalsincludes\wesub-scheduled-actions.php:14

actionwesub_do_pending_expirationincludes\wesub-scheduled-actions.php:15

actionwesub_do_retry_failed_renewalsincludes\wesub-scheduled-actions.php:16

actionadmin_noticeswe-subscription.php:32

actionbefore_woocommerce_initwe-subscription.php:72

Maintenance & Trust

WE Subscription Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 27, 2026

PHP min version7.4

Downloads198

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

WE Subscription Alternatives

Subscription Manager for Stripe

subscription-manager-for-stripe

100

The only WordPress subscription plugin with 0% transaction fees, usage-based billing, and full Stripe-native integration. Built for SaaS founders and …

0 No CVEs

Pay with Vipps and MobilePay for WooCommerce

woo-vipps

100

Official Vipps MobilePay payment plugin for WooCommerce.

5K 1 CVE

Memberful – Membership Plugin

memberful-wp

Sell memberships and restrict access to content with WordPress and Memberful.

1K 3 CVEs

Recurio – Ultimate Subscription for WooCommerce

recurio

100

A powerful and comprehensive WooCommerce subscription management plugin with advanced analytics, automated billing, and customer portal.

900 No CVEs

Subscription & Recurring Payment for WooCommerce

subscription

WPSubscription maximizes recurring revenue on WooCommerce. Set flexible subscriptions and automated billing with support for Stripe, PayPal, and more, …

700 1 CVE

Developer Profile

WE Subscription Developer Profile

WebEffortless

1 plugin · 0 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WE Subscription

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/we-subscription/assets/admin/css/we-welcome-page.css

Version Parameters

we-subscription/assets/admin/css/we-welcome-page.css?ver=

HTML / DOM Fingerprints

CSS Classes

wesub-settings-wrap

HTML Comments

+52 more

Data Attributes

data-nonce="we-backend-nonce"

FAQ