WP-Safety

Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions Security & Risk Analysis

wordpress.org/plugins/wp-full-stripe-free

🚀 Create Stripe payment forms for WordPress. Accept credit cards, Apple Pay, donations, subscriptions & more. Easy setup, no coding needed!

10K active installs v8.4.1 PHP 7.4+ WP 5.3+ Updated Mar 12, 2026
credit-card-paymentsdonation-formstripe-checkoutstripe-gatewaystripe-payments
92
A · Safe
CVEs total5
Unpatched0
Last CVEOct 24, 2025
Plugin page Download
Safety Verdict

Is Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions Safe to Use in 2026?

Generally Safe

Score 92/100

Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions has a strong security track record. Known vulnerabilities have been patched promptly.

5 known CVEsLast CVE: Oct 24, 2025Updated 22d ago
Risk Assessment

The 'wp-full-stripe-free' plugin version 8.4.1 presents a mixed security posture. While it demonstrates good practices in some areas, such as a high percentage of SQL queries using prepared statements and a significant number of nonce and capability checks, there are considerable concerns regarding its attack surface and output sanitization.

The plugin exposes a large attack surface with 96 AJAX handlers, a concerning 60 of which lack authentication checks. This significantly increases the potential for unauthorized actions if these handlers are not properly secured elsewhere. Furthermore, the taint analysis reveals a high number of flows with unsanitized paths (17 out of 19 analyzed), with 12 classified as high severity. This indicates a strong likelihood of vulnerabilities related to improper input handling that could lead to various security issues.

The vulnerability history shows 5 known CVEs, with past issues including SQL Injection, CSRF, and XSS. Although there are no currently unpatched vulnerabilities, the pattern of past vulnerabilities, particularly concerning input neutralization and authorization, aligns with the findings from the static analysis, suggesting persistent weaknesses in how user input is handled and validated. Despite the strengths in SQL query preparation, the significant number of unprotected AJAX handlers and the high severity taint flows are critical areas of concern.

Key Concerns

  • Large attack surface without auth checks
  • High severity unsanitized taint flows
  • Low percentage of properly escaped output
  • History of SQL Injection, CSRF, XSS vulnerabilities
Vulnerabilities
5

Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions Security Vulnerabilities

CVEs by Year

3 CVEs in 2023
2023
2 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

High
1
Medium
4

5 total CVEs

CVE-2025-9322high · 7.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Stripe Payment Forms <= 8.3.1 - Unauthenticated SQL Injection

Oct 24, 2025 Patched in 8.3.2 (1d)
CVE-2025-58789medium · 4.9Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

WP Full Stripe Free <= 8.2.5 - Authenticated (Administrator+) SQL Injection

Sep 5, 2025 Patched in 8.2.6 (15d)
CVE-2023-47667medium · 4.3Cross-Site Request Forgery (CSRF)

WP Full Stripe Free <= 7.0.17 - Cross-Site Request Forgery

Nov 8, 2023 Patched in 7.0.18 (198d)
CVE-2023-46088medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Full Stripe Free <= 7.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting

Oct 17, 2023 Patched in 7.0.6 (150d)
CVE-2023-28934medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Full Stripe Free <= 7.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting

Jul 5, 2023 Patched in 7.0.6 (254d)
Code Analysis
Analyzed Mar 16, 2026

Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions Code Analysis

Dangerous Functions
0
Raw SQL Queries
52
224 prepared
Unescaped Output
396
321 escaped
Nonce Checks
41
Capability Checks
27
File Operations
5
External Requests
5
Bundled Libraries
1

Bundled Libraries

Stripe PHP

SQL Query Safety

81% prepared276 total queries

Output Escaping

45% escaped717 total outputs
Data Flows
17 unsanitized

Data Flow Analysis

19 flows17 with unsanitized paths
search_box (includes\wp\class-wp-list-table.php:315)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
60 unprotected

Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions Attack Surface

Entry Points96
Unprotected60

AJAX Handlers 96

authwp_ajax_wpfs-dismiss-stripe-connect-noticeincludes\wpfs-admin.php:55
authwp_ajax_wpfs-dismiss-transaction-volume-noticeincludes\wpfs-admin.php:56
authwp_ajax_wpfs-create-formincludes\wpfs-admin.php:59
authwp_ajax_wpfs-delete-formincludes\wpfs-admin.php:60
authwp_ajax_wpfs-clone-formincludes\wpfs-admin.php:61
authwp_ajax_wpfs-save-inline-subscription-formincludes\wpfs-admin.php:64
authwp_ajax_wpfs-save-checkout-subscription-formincludes\wpfs-admin.php:65
authwp_ajax_wpfs-save-inline-payment-formincludes\wpfs-admin.php:68
authwp_ajax_wpfs-save-checkout-payment-formincludes\wpfs-admin.php:69
authwp_ajax_wpfs-save-inline-save-card-formincludes\wpfs-admin.php:72
authwp_ajax_wpfs-save-checkout-save-card-formincludes\wpfs-admin.php:73
authwp_ajax_wpfs-save-inline-donation-formincludes\wpfs-admin.php:76
authwp_ajax_wpfs-save-checkout-donation-formincludes\wpfs-admin.php:77
authwp_ajax_wpfs-delete-paymentincludes\wpfs-admin.php:80
authwp_ajax_wpfs-capture-paymentincludes\wpfs-admin.php:81
authwp_ajax_wpfs-refund-paymentincludes\wpfs-admin.php:82
authwp_ajax_wpfs-get-payment-detailsincludes\wpfs-admin.php:83
authwp_ajax_wpfs-cancel-subscriptionincludes\wpfs-admin.php:86
authwp_ajax_wpfs-delete-subscriptionincludes\wpfs-admin.php:87
authwp_ajax_wpfs-get-subscription-detailsincludes\wpfs-admin.php:88
authwp_ajax_wpfs-refund-donationincludes\wpfs-admin.php:91
authwp_ajax_wpfs-cancel-donationincludes\wpfs-admin.php:92
authwp_ajax_wpfs-delete-donationincludes\wpfs-admin.php:93
authwp_ajax_wpfs-get-donation-detailsincludes\wpfs-admin.php:94
authwp_ajax_wpfs-delete-saved-cardincludes\wpfs-admin.php:97
authwp_ajax_wpfs-get-saved-card-detailsincludes\wpfs-admin.php:98
authwp_ajax_wpfs-save-stripe-accountincludes\wpfs-admin.php:101
authwp_ajax_wpfs-create-stripe-connect-accountincludes\wpfs-admin.php:102
authwp_ajax_wpfs-add-stripe-accountincludes\wpfs-admin.php:103
authwp_ajax_wpfs-clear-stripe-settingsincludes\wpfs-admin.php:104
authwp_ajax_wpfs-save-my-accountincludes\wpfs-admin.php:105
authwp_ajax_wpfs-save-securityincludes\wpfs-admin.php:106
authwp_ajax_wpfs-save-email-optionsincludes\wpfs-admin.php:107
authwp_ajax_wpfs-save-email-templatesincludes\wpfs-admin.php:108
authwp_ajax_wpfs-save-forms-optionsincludes\wpfs-admin.php:109
authwp_ajax_wpfs-save-forms-appearanceincludes\wpfs-admin.php:110
authwp_ajax_wpfs-save-wp-dashboardincludes\wpfs-admin.php:111
authwp_ajax_wpfs-save-logsincludes\wpfs-admin.php:112
authwp_ajax_wpfs-empty-logsincludes\wpfs-admin.php:113
authwp_ajax_wpfs-toggle-licenseincludes\wpfs-admin.php:114
authwp_ajax_wpfs-get-onetime-productsincludes\wpfs-admin.php:117
authwp_ajax_wpfs-get-recurring-productsincludes\wpfs-admin.php:118
authwp_ajax_wpfs-create-new-productincludes\wpfs-admin.php:119
authwp_ajax_wpfs-get-tax-ratesincludes\wpfs-admin.php:120
authwp_ajax_wpfs-send-test-emailincludes\wpfs-admin.php:121
authwp_ajax_wpfs-preview-formincludes\wpfs-admin.php:124
authwp_ajax_wp_full_stripe_create_card_update_sessionincludes\wpfs-customer-portal-service.php:132
noprivwp_ajax_wp_full_stripe_create_card_update_sessionincludes\wpfs-customer-portal-service.php:137
authwp_ajax_wp_full_stripe_reset_card_update_sessionincludes\wpfs-customer-portal-service.php:142
noprivwp_ajax_wp_full_stripe_reset_card_update_sessionincludes\wpfs-customer-portal-service.php:147
authwp_ajax_wp_full_stripe_validate_security_codeincludes\wpfs-customer-portal-service.php:152
noprivwp_ajax_wp_full_stripe_validate_security_codeincludes\wpfs-customer-portal-service.php:157
authwp_ajax_wp_full_stripe_select_customer_portal_accountincludes\wpfs-customer-portal-service.php:162
noprivwp_ajax_wp_full_stripe_select_customer_portal_accountincludes\wpfs-customer-portal-service.php:167
authwp_ajax_wp_full_stripe_show_customer_portal_account_selectorincludes\wpfs-customer-portal-service.php:172
noprivwp_ajax_wp_full_stripe_show_customer_portal_account_selectorincludes\wpfs-customer-portal-service.php:177
authwp_ajax_wp_full_stripe_update_cardincludes\wpfs-customer-portal-service.php:182
noprivwp_ajax_wp_full_stripe_update_cardincludes\wpfs-customer-portal-service.php:187
authwp_ajax_wp_full_stripe_cancel_my_subscriptionincludes\wpfs-customer-portal-service.php:192
noprivwp_ajax_wp_full_stripe_cancel_my_subscriptionincludes\wpfs-customer-portal-service.php:197
authwp_ajax_wp_full_stripe_toggle_invoice_viewincludes\wpfs-customer-portal-service.php:202
noprivwp_ajax_wp_full_stripe_toggle_invoice_viewincludes\wpfs-customer-portal-service.php:207
authwp_ajax_wp_full_stripe_subscription_chargeincludes\wpfs-customer.php:629
noprivwp_ajax_wp_full_stripe_subscription_chargeincludes\wpfs-customer.php:630
authwp_ajax_wp_full_stripe_confirm_redirectincludes\wpfs-customer.php:632
noprivwp_ajax_wp_full_stripe_confirm_redirectincludes\wpfs-customer.php:633
authwp_ajax_wpfs-save-draft-transactionincludes\wpfs-customer.php:635
noprivwp_ajax_wpfs-save-draft-transactionincludes\wpfs-customer.php:636
authwp_ajax_wpfs-check-couponincludes\wpfs-customer.php:638
noprivwp_ajax_wpfs-check-couponincludes\wpfs-customer.php:639
authwp_ajax_wp_get_Setup_Intent_Client_Secretincludes\wpfs-customer.php:641
noprivwp_ajax_wp_get_Setup_Intent_Client_Secretincludes\wpfs-customer.php:642
authwp_ajax_wp_full_stripe_inline_payment_chargeincludes\wpfs-customer.php:644
noprivwp_ajax_wp_full_stripe_inline_payment_chargeincludes\wpfs-customer.php:645
authwp_ajax_wp_full_stripe_inline_donation_chargeincludes\wpfs-customer.php:647
noprivwp_ajax_wp_full_stripe_inline_donation_chargeincludes\wpfs-customer.php:648
authwp_ajax_wp_full_stripe_inline_subscription_chargeincludes\wpfs-customer.php:650
noprivwp_ajax_wp_full_stripe_inline_subscription_chargeincludes\wpfs-customer.php:654
authwp_ajax_wp_full_stripe_popup_payment_chargeincludes\wpfs-customer.php:658
noprivwp_ajax_wp_full_stripe_popup_payment_chargeincludes\wpfs-customer.php:662
authwp_ajax_wp_full_stripe_popup_donation_chargeincludes\wpfs-customer.php:666
noprivwp_ajax_wp_full_stripe_popup_donation_chargeincludes\wpfs-customer.php:670
authwp_ajax_wp_full_stripe_popup_subscription_chargeincludes\wpfs-customer.php:674
noprivwp_ajax_wp_full_stripe_popup_subscription_chargeincludes\wpfs-customer.php:678
authwp_ajax_wp_full_stripe_handle_checkout_sessionincludes\wpfs-customer.php:682
noprivwp_ajax_wp_full_stripe_handle_checkout_sessionincludes\wpfs-customer.php:686
authwp_ajax_wpfs-calculate-pricingincludes\wpfs-customer.php:692
noprivwp_ajax_wpfs-calculate-pricingincludes\wpfs-customer.php:693
authwp_ajax_wpfs-update-payment-intentincludes\wpfs-customer.php:696
noprivwp_ajax_wpfs-update-payment-intentincludes\wpfs-customer.php:697
authwp_ajax_wpfs-save-one-time-donationincludes\wpfs-customer.php:699
noprivwp_ajax_wpfs-save-one-time-donationincludes\wpfs-customer.php:700
authwp_ajax_wp_full_stripe_onetime_donation_chargeincludes\wpfs-customer.php:702
noprivwp_ajax_wp_full_stripe_onetime_donation_chargeincludes\wpfs-customer.php:703
authwp_ajax_wpfs_update_failed_payment_statusincludes\wpfs-customer.php:705
noprivwp_ajax_wpfs_update_failed_payment_statusincludes\wpfs-customer.php:706
WordPress Hooks 35
filterwpfs_get_session_args_from_payment_form_requestincludes\payment-methods\afterpay_clearpay\functions.php:23
filterwpfs_update_payment_method_messageincludes\payment-methods\card\payment-confirmation.php:41
filterwpfs_get_session_args_from_payment_form_requestincludes\payment-methods\klarna\functions.php:23
actionadmin_footerincludes\wp\class-wp-list-table.php:138
filterthemeisle_sdk_blackfriday_dataincludes\wpfs-admin-menu.php:103
filterwpfs_admin_nav_bar_dataincludes\wpfs-admin-menu.php:104
actionadmin_initincludes\wpfs-admin-menu.php:108
actionadmin_menuincludes\wpfs-admin-menu.php:109
actionadmin_enqueue_scriptsincludes\wpfs-admin-menu.php:110
filteradmin_body_classincludes\wpfs-admin-menu.php:215
actionadmin_noticesincludes\wpfs-admin.php:54
actionadmin_post_nopriv_handle_wpfs_eventincludes\wpfs-admin.php:127
actionadmin_initincludes\wpfs-admin.php:138
actionadmin_initincludes\wpfs-admin.php:141
actionadmin_bar_menuincludes\wpfs-admin.php:143
actionadmin_headincludes\wpfs-admin.php:144
actionwp_headincludes\wpfs-admin.php:145
actionadmin_footerincludes\wpfs-admin.php:200
actioninitincludes\wpfs-block.php:15
actionrest_api_initincludes\wpfs-block.php:16
actionrest_api_initincludes\wpfs-customer-portal-service.php:214
actionsend_headersincludes\wpfs-customer-portal-service.php:217
actionrest_api_initincludes\wpfs-logger-service.php:457
filterplugin_action_linksincludes\wpfs-main.php:530
actionfullstripe_update_email_template_defaultsincludes\wpfs-main.php:534
actionwp_headincludes\wpfs-main.php:535
actionwp_enqueue_scriptsincludes\wpfs-main.php:536
actioninitincludes\wpfs-main.php:537
filterscript_loader_tagincludes\wpfs-main.php:541
actionrest_api_initincludes\wpfs-web-hook-events.php:54
filterthemeisle_sdk_productswp-full-stripe.php:106
filtercron_scheduleswp-full-stripe.php:155
filterthemeisle_sdk_enable_telemetrywp-full-stripe.php:156
filterthemeisle_sdk_telemetry_productswp-full-stripe.php:157
actionadmin_noticeswp-full-stripe.php:168
Maintenance & Trust

Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 12, 2026
PHP min version7.4
Downloads157K

Community Trust

Rating84/100
Number of ratings24
Active installs10K
Alternatives

Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions Alternatives

Stripe Payment Forms by WP Simple Pay – Accept Credit Card Payments + Subscriptions with Stripe

Stripe Payment Forms by WP Simple Pay – Accept Credit Card Payments + Subscriptions with Stripe

stripe

A
100

🤩 Accept Stripe payments and recurring subscriptions on your WordPress using WP Simple Pay, the best Stripe payments plugin! 🚀

9K No CVEs
WPFormify – Stripe Payments with Form and Checkout

WPFormify – Stripe Payments with Form and Checkout

wpformify

A
100

In a few simple steps you can start accepting credit card payments with Stripe Checkout on your WordPress site.

10 No CVEs
Accept Stripe Payments

Accept Stripe Payments

stripe-payments

A
97

Easily accept payments on your WordPress site via Stripe payment gateway.

20K 5 CVEs
Payment Gateway of Stripe for WooCommerce

Payment Gateway of Stripe for WooCommerce

payment-gateway-stripe-and-woocommerce-integration

A
96

Integrate Stripe Payment Gateway in WooCommerce and accept cards, Google Pay, Apple Pay, Klarna, Alipay, and more with seamless, secure checkout.

9K 4 CVEs
GetPaid Stripe Payments

GetPaid Stripe Payments

getpaid-stripe-payments

A
100

Stripe Payments for WordPress made easy. Accept credit cards on your WordPress site using the Stripe payments add-on for GetPaid.

2K No CVEs
Developer Profile

Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions Developer Profile

Themeisle

37 plugins · 2.2M total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
420 days
View full developer profile
Detection Fingerprints

How We Detect Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-full-stripe-free/assets/css/admin-settings.css/wp-content/plugins/wp-full-stripe-free/assets/css/wpfs-admin.css/wp-content/plugins/wp-full-stripe-free/assets/js/admin-settings.js/wp-content/plugins/wp-full-stripe-free/assets/js/stripe.js/wp-content/plugins/wp-full-stripe-free/assets/js/wpfs-admin.js
Script Paths
/wp-content/plugins/wp-full-stripe-free/assets/js/admin-settings.js/wp-content/plugins/wp-full-stripe-free/assets/js/stripe.js/wp-content/plugins/wp-full-stripe-free/assets/js/wpfs-admin.js
Version Parameters
wp-full-stripe-free/assets/css/admin-settings.css?ver=wp-full-stripe-free/assets/css/wpfs-admin.css?ver=wp-full-stripe-free/assets/js/admin-settings.js?ver=wp-full-stripe-free/assets/js/stripe.js?ver=wp-full-stripe-free/assets/js/wpfs-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
wpfs-transactionswpfs-logo
HTML Comments
<!-- leave plugin name as is; otherwise it will break the pot files --><!-- Required PHP extension called "cURL" is missing. --><!-- Required PHP extension called "MBString" is missing. --><!-- We hide the license notice as it is not required for this plugin. -->+1 more
Data Attributes
data-stripe-public-keydata-stripe-payment-method-typesdata-stripe-client-secretdata-stripe-payment-requestdata-stripe-cancel-urldata-stripe-success-url+2 more
JS Globals
wpfs_admin_settings_paramsWPFS_LicenseMM_WPFSMM_WPFS_CustomerPortalServiceMM_WPFS_CheckoutSubmissionServiceStripeWPFS\Stripe\Stripe
REST Endpoints
/wp-json/wpfs/v1/stripe/webhook/wp-json/wpfs/v1/stripe/checkout
Shortcode Output
[wpfs-stripe-checkout[wpfs-stripe-payment-form
FAQ

Frequently Asked Questions about Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions