Does Global Payments SecureSubmit Gateway have any unpatched vulnerabilities?

No. All known vulnerabilities in Global Payments SecureSubmit Gateway have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Global Payments SecureSubmit Gateway compatible with WordPress 6.8.5?

According to WordPress.org data, Global Payments SecureSubmit Gateway 4.0.0 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is Global Payments SecureSubmit Gateway updated?

Global Payments SecureSubmit Gateway was last updated on Jan 29, 2026. Frequent updates are generally a positive security signal.

What is Global Payments SecureSubmit Gateway's security score?

Global Payments SecureSubmit Gateway has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Global Payments SecureSubmit Gateway Security & Risk Analysis

wordpress.org/plugins/woocommerce-securesubmit-gateway

SecureSubmit allows merchants to take PCI-Friendly Credit Card payments using Global Payments Payment Gateway.

600 active installs v4.0.0 PHP + WP + Updated Jan 29, 2026

ecommerceglobalpaymentspaymenttokenize

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Global Payments SecureSubmit Gateway Safe to Use in 2026?

Generally Safe

Score 100/100

Global Payments SecureSubmit Gateway has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago

Risk Assessment

The plugin "woocommerce-securesubmit-gateway" v4.0.0 presents a mixed security posture. On the positive side, it boasts a clean vulnerability history with no known CVEs, indicating a generally well-maintained codebase. The high percentage of properly escaped outputs (97%) and the presence of nonce checks are also good security practices.

However, significant concerns arise from the static analysis. The plugin exposes a considerable attack surface through its AJAX handlers, with all four handlers lacking proper authentication checks. This could allow unauthenticated users to trigger sensitive actions. Additionally, the presence of the `unserialize` function is a red flag, as it can lead to Remote Code Execution vulnerabilities if not handled with extreme care and input validation. The single SQL query found is not using prepared statements, which is a significant risk for SQL injection. The lack of taint analysis data makes it difficult to fully assess the impact of these issues, but the identified vulnerabilities are serious enough to warrant caution.

In conclusion, while the plugin has a history of security, the current version exhibits critical weaknesses in its handling of AJAX requests and the use of dangerous functions and un-prepared SQL queries. These issues introduce a substantial risk of unauthorized access and data manipulation, outweighing the positive aspects like a clean vulnerability history and good output escaping.

Key Concerns

Unprotected AJAX handlers
Dangerous function unserialize used
SQL queries without prepared statements
Limited capability checks

Vulnerabilities

None known

Global Payments SecureSubmit Gateway Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Global Payments SecureSubmit Gateway Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

212 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$applied_gift_cards = unserialize( $order->get_meta('_securesubmit_used_card_data') );classes\class-giftcard-order-placement.php:25

unserialize$applied_gift_cards = unserialize( get_post_meta( $order_id, '_securesubmit_used_card_data', TRUE ) classes\class-giftcard-order-placement.php:28

SQL Query Safety

0% prepared1 total queries

Output Escaping

97% escaped218 total outputs

Attack Surface

4 unprotected

Global Payments SecureSubmit Gateway Attack Surface

Entry Points4

Unprotected4

AJAX Handlers 4

noprivwp_ajax_use_gift_cardgateway-securesubmit.php:58

authwp_ajax_use_gift_cardgateway-securesubmit.php:59

noprivwp_ajax_remove_gift_cardgateway-securesubmit.php:60

authwp_ajax_remove_gift_cardgateway-securesubmit.php:61

WordPress Hooks 36

actionadmin_noticesclasses\class-masterpass-removal-notice.php:14

actionadmin_initclasses\class-masterpass-removal-notice.php:15

actionwp_enqueue_scriptsclasses\class-wc-gateway-securesubmit-masterpass.php:58

actionadmin_noticesclasses\class-wc-gateway-securesubmit-masterpass.php:59

actionwoocommerce_update_options_payment_gatewaysclasses\class-wc-gateway-securesubmit-masterpass.php:60

filterscript_loader_tagclasses\class-wc-gateway-securesubmit-masterpass.php:62

filterwoocommerce_subscriptions_renewal_order_meta_queryclasses\class-wc-gateway-securesubmit-subscriptions-deprecated.php:12

filterwoocommerce_my_subscriptions_recurring_payment_methodclasses\class-wc-gateway-securesubmit-subscriptions-deprecated.php:13

actionwcs_resubscribe_order_createdclasses\class-wc-gateway-securesubmit-subscriptions.php:29

filterwoocommerce_subscription_payment_metaclasses\class-wc-gateway-securesubmit-subscriptions.php:30

filterwoocommerce_subscription_validate_payment_metaclasses\class-wc-gateway-securesubmit-subscriptions.php:31

actionwp_enqueue_scriptsclasses\class-wc-gateway-securesubmit.php:80

actionadmin_noticesclasses\class-wc-gateway-securesubmit.php:81

actionwoocommerce_update_options_payment_gatewaysclasses\class-wc-gateway-securesubmit.php:82

filterscript_loader_tagclasses\class-wc-gateway-securesubmit.php:84

filtercomments_clausesclasses\class-wc-gateway-securesubmit.php:257

actioninitgateway-securesubmit.php:18

actionwoocommerce_loadgateway-securesubmit.php:19

actionwp_enqueue_scriptsgateway-securesubmit.php:20

actionadmin_initgateway-securesubmit.php:21

actionbefore_woocommerce_initgateway-securesubmit.php:26

filterwoocommerce_payment_gatewaysgateway-securesubmit.php:42

actionwoocommerce_after_my_accountgateway-securesubmit.php:43

actionwoocommerce_order_actionsgateway-securesubmit.php:44

filterwoocommerce_gateway_titlegateway-securesubmit.php:55

filterwoocommerce_gateway_descriptiongateway-securesubmit.php:56

actionwp_headgateway-securesubmit.php:57

actionwoocommerce_review_order_before_order_totalgateway-securesubmit.php:62

actionwoocommerce_cart_totals_before_order_totalgateway-securesubmit.php:63

filterwoocommerce_calculated_totalgateway-securesubmit.php:64

actionwp_enqueue_scriptsgateway-securesubmit.php:65

filterwoocommerce_get_order_item_totalsgateway-securesubmit.php:68

actionwoocommerce_checkout_order_processedgateway-securesubmit.php:69

filterwoocommerce_get_order_item_totalsgateway-securesubmit.php:72

filterwoocommerce_payment_gatewaysgateway-securesubmit.php:93

actionwoocommerce_after_my_accountgateway-securesubmit.php:94

Maintenance & Trust

Global Payments SecureSubmit Gateway Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJan 29, 2026

PHP min version

Downloads62K

Community Trust

Rating100/100

Number of ratings4

Active installs600

Alternatives

Global Payments SecureSubmit Gateway Alternatives

Global Payments SecureSubmit Addon for Gravity Forms

heartland-secure-submit-addon-for-gravity-forms

100

SecureSubmit allows merchants to take PCI-Friendly Credit Card payments with Gravity Forms using Global Payments Payment Gateway.

100 No CVEs

WooCommerce PayPal Payments

woocommerce-paypal-payments

100

PayPal's latest payment processing solution. Accept PayPal, Pay Later, credit/debit cards, alternative digital wallets and bank accounts.

800K 1 CVE

PrettyLinks – Affiliate Links, Link Branding, Link Tracking, Marketing and Stripe Payments Plugin

pretty-link

🌠 The best WordPress link management, branding, tracking, sharing and payments plugin. Easily make pretty & trackable shortlinks. 🔗

300K 8 CVEs

Mollie Payments for WooCommerce

mollie-payments-for-woocommerce

Accept all major payment methods in WooCommerce today. Credit cards, iDEAL and more! Fast, safe and intuitive.

100K 4 CVEs

SureCart – Ecommerce Made Easy For Selling Physical Products, Digital Downloads, Subscriptions, Donations, & Payments

surecart

Make ecommerce easy with a simple to use, all-in-one platform, that anyone can set up in just a few minutes!

90K 2 CVEs

Developer Profile

Global Payments SecureSubmit Gateway Developer Profile

SecureSubmit

3 plugins · 740 total installs

trust score

Avg Security Score

86/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Global Payments SecureSubmit Gateway

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/woocommerce-securesubmit-gateway/assets/css/securesubmit.css

Version Parameters

woocommerce-securesubmit-gateway/assets/css/securesubmit.css?ver=

HTML / DOM Fingerprints

CSS Classes

woocommerce-securesubmit-gateway

HTML Comments

MasterPass - REMOVED: MasterPass has been deprecated and removed to prevent PHP 8.1+ warnings.The program is migrating to Click to Pay in a future solution.Legacy MasterPass settings are automatically cleaned up on plugin load.MasterPass order review page creation removed - deprecated+4 more

Data Attributes

data-wc-securesubmit-delete-card-nonce

JS Globals

securesubmit_ajax_url

FAQ