WP-Safety

WX Subscribe 微信支付付费订阅 Security & Risk Analysis

wordpress.org/plugins/wx-subscribe

为你的 WordPress 添加付费订阅功能,支付网关对接的 Payjs,支持个人用户注册。

10 active installs v1.2 PHP 7.0.0+ WP 4.6+ Updated May 5, 2018
paymentsubscribe
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is WX Subscribe 微信支付付费订阅 Safe to Use in 2026?

Generally Safe

Score 85/100

WX Subscribe 微信支付付费订阅 has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago
Risk Assessment

The "wx-subscribe" v1.2 plugin exhibits a mixed security posture. On the positive side, it has a very small attack surface with only one shortcode and no known historical vulnerabilities (CVEs), suggesting a generally stable codebase. The presence of nonce and capability checks on some entry points is also a good practice. However, significant concerns arise from the static analysis. The fact that 100% of outputs are not properly escaped is a critical weakness, potentially leading to Cross-Site Scripting (XSS) vulnerabilities. Furthermore, the taint analysis reveals three high-severity flows with unsanitized paths, indicating potential for malicious data to be processed without proper validation, which could lead to various injection attacks. While the SQL queries are partially using prepared statements, the presence of unescaped output and unsanitized taint flows are major red flags that outweigh the lack of historical vulnerabilities.

Key Concerns

  • High severity unsanitized taint flows
  • 0% output escaping
  • 50% SQL queries not using prepared statements
Vulnerabilities
None known

WX Subscribe 微信支付付费订阅 Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

WX Subscribe 微信支付付费订阅 Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
2 prepared
Unescaped Output
11
0 escaped
Nonce Checks
1
Capability Checks
5
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

50% prepared4 total queries

Output Escaping

0% escaped11 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths
wxs_cancel_order (admin\payjs.php:4)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

WX Subscribe 微信支付付费订阅 Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[subscribe] admin\shortcode.php:36
WordPress Hooks 11
actionwp_dashboard_setupadmin\dashboard.php:32
actionadmin_noticesadmin\notices.php:5
actioninitadmin\payjs.php:3
actioninitadmin\payjs.php:29
actionadmin_initadmin\plugin-option.php:2
actionpost_submitbox_misc_actionsadmin\post.php:3
actionsave_postadmin\post.php:4
actionadmin_print_footer_scriptsadmin\shortcode.php:54
actionprofile_personal_optionsadmin\userprofile.php:3
filterthe_contentuser\content.php:17
actionadmin_menuwx-subscribe.php:105
Maintenance & Trust

WX Subscribe 微信支付付费订阅 Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29
Last updatedMay 5, 2018
PHP min version7.0.0
Downloads3K

Community Trust

Rating100/100
Number of ratings1
Active installs10
Alternatives

WX Subscribe 微信支付付费订阅 Alternatives

MC4WP: Mailchimp for WordPress

MC4WP: Mailchimp for WordPress

mailchimp-for-wp

A
92

The #1 Mailchimp plugin for WordPress. Allows you to add a multitude of newsletter sign-up methods to your site.

1.0M 11 CVEs
WooPayments: Integrated WooCommerce Payments

WooPayments: Integrated WooCommerce Payments

woocommerce-payments

A
89

Securely accept credit and debit cards on your WooCommerce store. Manage payments without leaving your WordPress dashboard. Only with WooPayments.

900K 7 CVEs
WooCommerce PayPal Payments

WooCommerce PayPal Payments

woocommerce-paypal-payments

A
100

PayPal's latest payment processing solution. Accept PayPal, Pay Later, credit/debit cards, alternative digital wallets and bank accounts.

800K 1 CVE
WooCommerce Stripe Payment Gateway

WooCommerce Stripe Payment Gateway

woocommerce-gateway-stripe

A
98

Accept debit and credit cards in 135+ currencies, many local methods like Alipay, ACH, and SEPA, and express checkout with Apple Pay and Google Pay.

700K 4 CVEs
Forminator Forms – Contact Form, Payment Form & Custom Form Builder

Forminator Forms – Contact Form, Payment Form & Custom Form Builder

forminator

B
76

Best WordPress form builder plugin. Create contact forms, payment forms & order forms with 1000+ integrations.

600K 36 CVEs
Developer Profile

WX Subscribe 微信支付付费订阅 Developer Profile

Bestony

10 plugins · 180 total installs

85
trust score
Avg Security Score
87/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect WX Subscribe 微信支付付费订阅

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wx-subscribe/libs/css/wx-subscribe.css
Script Paths
/wp-content/plugins/wx-subscribe/libs/js/wx-subscribe.js
Version Parameters
wx-subscribe/libs/css/wx-subscribe.css?ver=wx-subscribe/libs/js/wx-subscribe.js?ver=

HTML / DOM Fingerprints

CSS Classes
wrap
HTML Comments
<!-- from shortcode.php --><!-- 引入变量的定义 --><!-- 引入自定义函数 --><!-- 引入 PayJS -->+41 more
Data Attributes
data-action="wxs_load_post"
JS Globals
QTags
Shortcode Output
[subscribe][/subscribe]
FAQ

Frequently Asked Questions about WX Subscribe 微信支付付费订阅