WP-Safety

WPayme – Payment Forms & Gateways for WordPress Security & Risk Analysis

wordpress.org/plugins/wpayme

Effortlessly create payment forms and accept payments anywhere on your WordPress site using simple shortcodes. WPayme lets you embed flexible forms on …

0 active installs v1.0.0 PHP 8.1+ WP 5.9+ Updated Unknown
accept-paymentspayment-formspayment-shortcodestripewpayme
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is WPayme – Payment Forms & Gateways for WordPress Safe to Use in 2026?

Generally Safe

Score 100/100

WPayme – Payment Forms & Gateways for WordPress has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs
Risk Assessment

The "wpayme" v1.0.0 plugin exhibits a generally good security posture, with strong adherence to best practices in several key areas. The plugin has a relatively small attack surface, with all identified entry points (AJAX handlers, REST API routes, shortcodes, and cron events) appearing to have authentication and permission checks. Furthermore, the code analysis shows a high percentage of properly escaped output and the consistent use of prepared statements for SQL queries. The absence of any recorded vulnerabilities or CVEs in its history is a positive indicator, suggesting a well-maintained and secure codebase thus far.

However, a significant concern arises from the presence of the `unserialize` function, which is known to be a critical security risk if user-supplied data is passed directly to it. While the taint analysis did not identify any unsanitized flows, the mere presence of `unserialize` without explicit, robust sanitization mechanisms represents a potential backdoor for deserialization vulnerabilities. The plugin also bundles the Select2 library, and while its version is not specified, bundled libraries can become a risk if they are outdated and contain known vulnerabilities.

In conclusion, "wpayme" v1.0.0 has a strong foundation with its emphasis on input sanitization and output escaping for most operations, and a clean vulnerability history. Nevertheless, the `unserialize` function presents a notable blind spot that requires careful review and mitigation to ensure complete security.

Key Concerns

  • Dangerous function: unserialize used
  • Bundled library (Select2) - potential version risk
Vulnerabilities
None known

WPayme – Payment Forms & Gateways for WordPress Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

WPayme – Payment Forms & Gateways for WordPress Code Analysis

Dangerous Functions
1
Raw SQL Queries
7
8 prepared
Unescaped Output
101
967 escaped
Nonce Checks
8
Capability Checks
15
File Operations
0
External Requests
0
Bundled Libraries
1

Dangerous Functions Found

unserialize$meta_value = unserialize( $meta_value );packages\wp-pay-extensions\gravityforms\src\PaymentAddOn.php:635

Bundled Libraries

Select2

SQL Query Safety

53% prepared15 total queries

Output Escaping

91% escaped1068 total outputs
Data Flows
All sanitized

Data Flow Analysis

3 flows
<Extension> (packages\wp-pay-extensions\gravityforms\src\Extension.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

WPayme – Payment Forms & Gateways for WordPress Attack Surface

Entry Points6
Unprotected0

AJAX Handlers 2

authwp_ajax_wpayme_pay_gf_get_form_datapackages\wp-pay-extensions\gravityforms\src\Admin.php:42
authwp_ajax_wpayme_get_gateway_payment_methodspackages\wpayme\wp-wpayme-pay-forms\src\FormPostType.php:95

REST API Routes 1

GET/wp-json/wpayme-pay/v1/gateways/(?P<config_id>\d+)/adminpackages\wp-pay\core\src\GatewayPostType.php:181

Shortcodes 3

[wpayme_payment_form] packages\wpayme\wp-wpayme-pay-forms\src\FormShortcode.php:36
[wpayme_pay_form] packages\wpayme\wp-wpayme-pay-forms\src\FormShortcode.php:37
[wpayme_simple_form] packages\wpayme\wp-wpayme-pay-forms\src\FormShortcode.php:38
WordPress Hooks 146
actionadmin_menupackages\wp-pay\core\src\Admin\AdminAboutPage.php:52
actionadmin_headpackages\wp-pay\core\src\Admin\AdminAboutPage.php:53
actionwpayme_pay_installpackages\wp-pay\core\src\Admin\AdminAboutPage.php:55
actionwp_dashboard_setuppackages\wp-pay\core\src\Admin\AdminDashboard.php:32
actionpost_edit_form_tagpackages\wp-pay\core\src\Admin\AdminGatewayPostType.php:53
actionadd_meta_boxespackages\wp-pay\core\src\Admin\AdminGatewayPostType.php:55
actionafter_delete_postpackages\wp-pay\core\src\Admin\AdminGatewayPostType.php:59
filterdisplay_post_statespackages\wp-pay\core\src\Admin\AdminGatewayPostType.php:61
filterpost_updated_messagespackages\wp-pay\core\src\Admin\AdminGatewayPostType.php:63
filterwpayme_gateway_variant_shownpackages\wp-pay\core\src\Admin\AdminGatewayPostType.php:116
filterwpayme_gateway_id_shownpackages\wp-pay\core\src\Admin\AdminGatewayPostType.php:170
filterwpayme_gateway_secret_shownpackages\wp-pay\core\src\Admin\AdminGatewayPostType.php:196
filterwpayme_gateway_dashboard_shownpackages\wp-pay\core\src\Admin\AdminGatewayPostType.php:223
filterdebug_informationpackages\wp-pay\core\src\Admin\AdminHealth.php:41
filtersite_status_testspackages\wp-pay\core\src\Admin\AdminHealth.php:42
actionadmin_initpackages\wp-pay\core\src\Admin\AdminModule.php:99
actionadmin_menupackages\wp-pay\core\src\Admin\AdminModule.php:100
actionload-post.phppackages\wp-pay\core\src\Admin\AdminModule.php:102
actionadmin_enqueue_scriptspackages\wp-pay\core\src\Admin\AdminModule.php:104
filterparent_filepackages\wp-pay\core\src\Admin\AdminModule.php:106
actionload-edit.phppackages\wp-pay\core\src\Admin\AdminPaymentBulkActions.php:29
actionadmin_noticespackages\wp-pay\core\src\Admin\AdminPaymentBulkActions.php:60
filterrequestpackages\wp-pay\core\src\Admin\AdminPaymentPostType.php:56
filterlist_table_primary_columnpackages\wp-pay\core\src\Admin\AdminPaymentPostType.php:60
actionload-post.phppackages\wp-pay\core\src\Admin\AdminPaymentPostType.php:64
actionload-post.phppackages\wp-pay\core\src\Admin\AdminPaymentPostType.php:65
actionadmin_noticespackages\wp-pay\core\src\Admin\AdminPaymentPostType.php:67
actionadd_meta_boxespackages\wp-pay\core\src\Admin\AdminPaymentPostType.php:69
filterpost_row_actionspackages\wp-pay\core\src\Admin\AdminPaymentPostType.php:71
filterdefault_hidden_columnspackages\wp-pay\core\src\Admin\AdminPaymentPostType.php:73
filterpost_updated_messagespackages\wp-pay\core\src\Admin\AdminPaymentPostType.php:75
filterwpayme_status_shownpackages\wp-pay\core\src\Admin\AdminPaymentPostType.php:336
filterwpayme_subscription_shownpackages\wp-pay\core\src\Admin\AdminPaymentPostType.php:375
filterwpayme_method_shownpackages\wp-pay\core\src\Admin\AdminPaymentPostType.php:402
filterwpayme_title_shownpackages\wp-pay\core\src\Admin\AdminPaymentPostType.php:471
filterwpayme_gateway_shownpackages\wp-pay\core\src\Admin\AdminPaymentPostType.php:504
filterwpayme_transaction_shownpackages\wp-pay\core\src\Admin\AdminPaymentPostType.php:534
filterwpayme_description_shownpackages\wp-pay\core\src\Admin\AdminPaymentPostType.php:551
filterwpayme_amount_shownpackages\wp-pay\core\src\Admin\AdminPaymentPostType.php:607
filterwpayme_date_shownpackages\wp-pay\core\src\Admin\AdminPaymentPostType.php:624
filterwpayme_customer_shownpackages\wp-pay\core\src\Admin\AdminPaymentPostType.php:651
actionadmin_initpackages\wp-pay\core\src\Admin\AdminSettings.php:41
filterrequestpackages\wp-pay\core\src\Admin\AdminSubscriptionPostType.php:53
filterlist_table_primary_columnpackages\wp-pay\core\src\Admin\AdminSubscriptionPostType.php:58
actionload-post.phppackages\wp-pay\core\src\Admin\AdminSubscriptionPostType.php:62
actionadmin_noticespackages\wp-pay\core\src\Admin\AdminSubscriptionPostType.php:64
actionadd_meta_boxespackages\wp-pay\core\src\Admin\AdminSubscriptionPostType.php:66
filterpost_row_actionspackages\wp-pay\core\src\Admin\AdminSubscriptionPostType.php:68
actionpre_get_postspackages\wp-pay\core\src\Admin\AdminSubscriptionPostType.php:70
filterremovable_query_argspackages\wp-pay\core\src\Admin\AdminSubscriptionPostType.php:72
filterpost_updated_messagespackages\wp-pay\core\src\Admin\AdminSubscriptionPostType.php:74
actionadmin_initpackages\wp-pay\core\src\Admin\AdminTour.php:46
actionadmin_initpackages\wp-pay\core\src\Admin\AdminTour.php:47
actionadmin_initpackages\wp-pay\core\src\Admin\AdminTour.php:48
actioninitpackages\wp-pay\core\src\Admin\Install.php:43
filterblock_categories_allpackages\wp-pay\core\src\Blocks\BlocksModule.php:37
filterblock_categoriespackages\wp-pay\core\src\Blocks\BlocksModule.php:40
actioninitpackages\wp-pay\core\src\GatewayPostType.php:40
actionrest_api_initpackages\wp-pay\core\src\GatewayPostType.php:45
actioninitpackages\wp-pay\core\src\Payments\PaymentPostType.php:36
actioninitpackages\wp-pay\core\src\Payments\PaymentPostType.php:37
filtercomments_clausespackages\wp-pay\core\src\Payments\PaymentsModule.php:60
filterwpayme_payment_redirect_urlpackages\wp-pay\core\src\Payments\PaymentsModule.php:63
actionwpayme_payment_status_updatepackages\wp-pay\core\src\Payments\PaymentsModule.php:66
actionrest_api_initpackages\wp-pay\core\src\Payments\PaymentsModule.php:69
actionwpayme_pay_privacy_register_exporterspackages\wp-pay\core\src\Payments\PaymentsPrivacy.php:29
actionwpayme_pay_privacy_register_eraserspackages\wp-pay\core\src\Payments\PaymentsPrivacy.php:32
actionwpayme_pay_payment_status_checkpackages\wp-pay\core\src\Payments\StatusChecker.php:29
actionwpayme_payment_status_updatepackages\wp-pay\core\src\Payments\StatusChecker.php:32
actiontrashed_postpackages\wp-pay\core\src\Payments\StatusChecker.php:33
actiondelete_postpackages\wp-pay\core\src\Payments\StatusChecker.php:34
actionplugins_loadedpackages\wp-pay\core\src\Plugin.php:269
actioninitpackages\wp-pay\core\src\Plugin.php:270
actioninitpackages\wp-pay\core\src\Plugin.php:273
actionwp_loadedpackages\wp-pay\core\src\Plugin.php:276
actionwp_loadedpackages\wp-pay\core\src\Plugin.php:277
filterwpayme_datetime_default_formatpackages\wp-pay\core\src\Plugin.php:280
filterwp_privacy_personal_data_exporterspackages\wp-pay\core\src\PrivacyManager.php:40
filterwp_privacy_personal_data_eraserspackages\wp-pay\core\src\PrivacyManager.php:41
filterwp_privacy_anonymize_datapackages\wp-pay\core\src\PrivacyManager.php:42
actioninitpackages\wp-pay\core\src\Settings.php:36
actioninitpackages\wp-pay\core\src\Subscriptions\SubscriptionPostType.php:35
actioninitpackages\wp-pay\core\src\Subscriptions\SubscriptionPostType.php:36
actionwpayme_pay_privacy_register_exporterspackages\wp-pay\core\src\Subscriptions\SubscriptionsPrivacy.php:28
actionwpayme_pay_privacy_register_eraserspackages\wp-pay\core\src\Subscriptions\SubscriptionsPrivacy.php:31
actionwpayme_pay_webhook_log_paymentpackages\wp-pay\core\src\Webhooks\WebhookLogger.php:31
filterwpayme_pay_modulespackages\wp-pay\core\wpayme-pay-core.php:39
actioninitpackages\wp-pay\fundraising\src\Blocks.php:44
actioninitpackages\wp-pay\fundraising\src\Blocks.php:45
actioninitpackages\wp-pay\fundraising\src\Blocks.php:46
actionenqueue_block_editor_assetspackages\wp-pay\fundraising\src\Blocks.php:48
actionenqueue_block_editor_assetspackages\wp-pay\fundraising\src\Blocks.php:49
actionadmin_initpackages\wp-pay-extensions\gravityforms\src\Admin.php:33
actionadmin_initpackages\wp-pay-extensions\gravityforms\src\Admin.php:34
actiongform_entry_infopackages\wp-pay-extensions\gravityforms\src\Admin.php:36
filtergform_custom_merge_tagspackages\wp-pay-extensions\gravityforms\src\Admin.php:39
filtermanage_edit-wpayme_pay_gf_columnspackages\wp-pay-extensions\gravityforms\src\AdminPaymentFormPostType.php:39
actionmanage_wpayme_pay_gf_posts_custom_columnpackages\wp-pay-extensions\gravityforms\src\AdminPaymentFormPostType.php:41
actionadd_meta_boxespackages\wp-pay-extensions\gravityforms\src\AdminPaymentFormPostType.php:43
actiongform_after_delete_formpackages\wp-pay-extensions\gravityforms\src\AdminPaymentFormPostType.php:45
filterwp_insert_post_datapackages\wp-pay-extensions\gravityforms\src\AdminPaymentFormPostType.php:47
actioninitpackages\wp-pay-extensions\gravityforms\src\Extension.php:101
actionadmin_enqueue_scriptspackages\wp-pay-extensions\gravityforms\src\Extension.php:103
actiongform_pre_submissionpackages\wp-pay-extensions\gravityforms\src\Extension.php:128
actionwpayme_pay_update_paymentpackages\wp-pay-extensions\gravityforms\src\Extension.php:135
filtergform_replace_merge_tagspackages\wp-pay-extensions\gravityforms\src\Extension.php:140
filtergform_gf_field_createpackages\wp-pay-extensions\gravityforms\src\Extension.php:142
filtergform_noconflict_scriptspackages\wp-pay-extensions\gravityforms\src\Extension.php:148
filtergform_noconflict_stylespackages\wp-pay-extensions\gravityforms\src\Extension.php:149
filtergform_enable_credit_card_fieldpackages\wp-pay-extensions\gravityforms\src\Fields.php:42
actiongform_field_standard_settingspackages\wp-pay-extensions\gravityforms\src\Fields.php:55
actiongform_editor_js_set_default_valuespackages\wp-pay-extensions\gravityforms\src\IssuersField.php:60
actionadmin_initpackages\wp-pay-extensions\gravityforms\src\PaymentAddOn.php:117
filtergform_admin_pre_renderpackages\wp-pay-extensions\gravityforms\src\PaymentAddOn.php:122
actioninitpackages\wp-pay-extensions\gravityforms\src\PaymentFormPostType.php:36
actiongform_editor_js_set_default_valuespackages\wp-pay-extensions\gravityforms\src\PaymentMethodsField.php:69
filtergform_gf_field_createpackages\wp-pay-extensions\gravityforms\src\PaymentMethodsField.php:74
filtergform_get_field_valuepackages\wp-pay-extensions\gravityforms\src\PaymentMethodsField.php:78
filtergform_form_update_metapackages\wp-pay-extensions\gravityforms\src\PaymentMethodsField.php:82
filtergform_pre_renderpackages\wp-pay-extensions\gravityforms\src\PaymentMethodsField.php:86
filtergform_entry_post_savepackages\wp-pay-extensions\gravityforms\src\Processor.php:138
filtergravityflow_is_delayed_pre_process_workflowpackages\wp-pay-extensions\gravityforms\src\Processor.php:156
filterwpayme_pay_plugin_integrationspackages\wp-pay-extensions\gravityforms\wpayme-pay-gravity-forms.php:48
filterwpayme_pay_gatewayspackages\wp-pay-gateways\paypal\wpayme-pay-paypal.php:39
actionplugins_loadedpackages\wpayme\wp-gravityforms-nl\gravityforms-nl.php:36
actioninitpackages\wpayme\wp-wpayme-pay-forms\src\BlocksModule.php:46
actioninitpackages\wpayme\wp-wpayme-pay-forms\src\BlocksModule.php:47
actioninitpackages\wpayme\wp-wpayme-pay-forms\src\BlocksModule.php:59
actioninitpackages\wpayme\wp-wpayme-pay-forms\src\BlocksModule.php:60
actionenqueue_block_editor_assetspackages\wpayme\wp-wpayme-pay-forms\src\BlocksModule.php:62
actioninitpackages\wpayme\wp-wpayme-pay-forms\src\FormPostType.php:73
actionadd_meta_boxespackages\wpayme\wp-wpayme-pay-forms\src\FormPostType.php:83
actionpost_submitbox_misc_actionspackages\wpayme\wp-wpayme-pay-forms\src\FormPostType.php:87
actionadmin_enqueue_scriptspackages\wpayme\wp-wpayme-pay-forms\src\FormPostType.php:89
actionwp_enqueue_scriptspackages\wpayme\wp-wpayme-pay-forms\src\FormPostType.php:92
actioninitpackages\wpayme\wp-wpayme-pay-forms\src\FormProcessor.php:38
actioninitpackages\wpayme\wp-wpayme-pay-forms\src\FormScripts.php:36
actionwp_enqueue_scriptspackages\wpayme\wp-wpayme-pay-forms\src\FormScripts.php:38
actionwp_enqueue_scriptspackages\wpayme\wp-wpayme-pay-forms\src\Integration.php:45
actionwp_enqueue_scriptspackages\wpayme\wp-wpayme-pay-forms\src\Integration.php:46
filterthe_contentpackages\wpayme\wp-wpayme-pay-forms\src\Integration.php:65
filteraction_scheduler_pre_initwpayme.php:95
filterwpayme_pay_moduleswpayme.php:102
filterwpayme_pay_plugin_integrationswpayme.php:112
filterget_post_metadatawpayme.php:139
filterwpayme_pay_gatewayswpayme.php:185

Scheduled Events 1

wpayme_pay_async_email
Maintenance & Trust

WPayme – Payment Forms & Gateways for WordPress Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedUnknown
PHP min version8.1
Downloads122

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

WPayme – Payment Forms & Gateways for WordPress Alternatives

AidWP – Donation & Payment Forms (Stripe Powered)

AidWP – Donation & Payment Forms (Stripe Powered)

wp-stripe-donation

A
99

Create fast donation and payment forms. Accept payments on WordPress with Stripe — no WooCommerce required.

900 2 CVEs
WooCommerce Stripe Payment Gateway

WooCommerce Stripe Payment Gateway

woocommerce-gateway-stripe

A
98

Accept debit and credit cards in 135+ currencies, many local methods like Alipay, ACH, and SEPA, and express checkout with Apple Pay and Google Pay.

700K 4 CVEs
PrettyLinks – Affiliate Links, Link Branding, Link Tracking, Marketing and Stripe Payments Plugin

PrettyLinks – Affiliate Links, Link Branding, Link Tracking, Marketing and Stripe Payments Plugin

pretty-link

A
90

🌠 The best WordPress link management, branding, tracking, sharing and payments plugin. Easily make pretty & trackable shortlinks. 🔗

300K 8 CVEs
Payment Plugins for Stripe WooCommerce

Payment Plugins for Stripe WooCommerce

woo-stripe-payment

A
100

Accept Credit Cards, Google Pay, ApplePay, Afterpay, Affirm, ACH, Klarna, iDEAL and more all in one plugin for free!

100K No CVEs
SureCart – Ecommerce Made Easy For Selling Physical Products, Digital Downloads, Subscriptions, Donations, & Payments

SureCart – Ecommerce Made Easy For Selling Physical Products, Digital Downloads, Subscriptions, Donations, & Payments

surecart

A
99

Make ecommerce easy with a simple to use, all-in-one platform, that anyone can set up in just a few minutes!

90K 2 CVEs
Developer Profile

WPayme – Payment Forms & Gateways for WordPress Developer Profile

ozowpayments

2 plugins · 700 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect WPayme – Payment Forms & Gateways for WordPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wpayme/wpayme-pay-core.php/wp-content/plugins/wpayme/wpayme-pay-fundraising.php/wp-content/plugins/wpayme/wpayme-pay-gravity-forms.php/wp-content/plugins/wpayme/wpayme-pay-paypal.php/wp-content/plugins/wpayme/wpayme-datetime.php/wp-content/plugins/wpayme/gravityforms-nl.php/wp-content/plugins/wpayme/wpayme-money.php/wp-content/plugins/wpayme/wp-wpayme-pay-forms.php

HTML / DOM Fingerprints

FAQ

Frequently Asked Questions about WPayme – Payment Forms & Gateways for WordPress