Does Zoho Billing – Embed Payment Form have any unpatched vulnerabilities?

Yes — Zoho Billing – Embed Payment Form currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Zoho Billing – Embed Payment Form compatible with WordPress 6.9.4?

According to WordPress.org data, Zoho Billing – Embed Payment Form 4.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Zoho Billing – Embed Payment Form updated?

Zoho Billing – Embed Payment Form was last updated on Nov 30, 2025. Frequent updates are generally a positive security signal.

What is Zoho Billing – Embed Payment Form's security score?

Zoho Billing – Embed Payment Form has a WP-Safety security score of 77/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Zoho Billing – Embed Payment Form Security & Risk Analysis

wordpress.org/plugins/zoho-subscriptions

Embed payment forms on your WordPress pages/posts without any coding.

500 active installs v4.1 PHP + WP + Updated Nov 30, 2025

checkout-formsone-time-paymentsonline-paymentspci-complaintrecurring-payments

B · Generally Safe

CVEs total2

Unpatched1

Last CVESep 22, 2025

Plugin page Download

Safety Verdict

Is Zoho Billing – Embed Payment Form Safe to Use in 2026?

Mostly Safe

Score 77/100

Zoho Billing – Embed Payment Form is generally safe to use. 2 past CVEs were resolved. Keep it updated.

2 known CVEs 1 unpatched Last CVE: Sep 22, 2025Updated 4mo ago

Risk Assessment

The zoho-subscriptions plugin version 4.1 exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices regarding SQL queries, exclusively using prepared statements, and has a low number of entry points with zero identified as unprotected. The static analysis also shows a good rate of output escaping and the presence of a nonce check. However, the complete absence of capability checks is a significant concern, suggesting that access control might be improperly implemented, potentially leaving features vulnerable to unauthorized use. Additionally, the plugin has a history of two known CVEs, one of which remains unpatched. Both historical vulnerabilities were classified as medium severity and related to Cross-site Scripting, indicating a recurring pattern of input sanitization issues.

Key Concerns

Unpatched CVE
No capability checks
Medium severity vulnerabilities in history
Low percentage of properly escaped output

Vulnerabilities

Zoho Billing – Embed Payment Form Security Vulnerabilities

CVEs by Year

2 CVEs in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2025-57963medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Zoho Billing <= 4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Sep 22, 2025Unpatched

CVE-2025-30900medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Zoho Billing – Embed Payment Form <= 4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Mar 27, 2025 Patched in 4.1 (8d)

Code Analysis

Analyzed Mar 16, 2026

Zoho Billing – Embed Payment Form Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

28 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

88% escaped32 total outputs

Attack Surface

Zoho Billing – Embed Payment Form Attack Surface

Entry Points2

Unprotected0

Shortcodes 2

[zoho_checkout] zoho-subscriptions.php:257

[zs] zoho-subscriptions.php:258

WordPress Hooks 4

actionadmin_initzoho-subscriptions.php:253

actionadmin_menuzoho-subscriptions.php:254

actionadmin_enqueue_scriptszoho-subscriptions.php:255

actionadmin_post_zs_form_submissionzoho-subscriptions.php:259

Maintenance & Trust

Zoho Billing – Embed Payment Form Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedNov 30, 2025

PHP min version

Downloads15K

Community Trust

Rating40/100

Number of ratings4

Active installs500

Alternatives

Zoho Billing – Embed Payment Form Alternatives

Pay with Vipps and MobilePay for WooCommerce

woo-vipps

100

Official Vipps MobilePay payment plugin for WooCommerce.

5K 1 CVE

Memberful – Membership Plugin

memberful-wp

Sell memberships and restrict access to content with WordPress and Memberful.

1K 3 CVEs

Fygaro WC Plugin

fygaro

100

The WooCommerce Fygaro Plugin gets online payments with your Local Bank, PayPal, Yappy and Credix up and running within minutes and at the best rates!

500 No CVEs

Recurio – Ultimate Subscription Plugin for WooCommerce

recurio

100

A powerful and comprehensive WooCommerce subscription management plugin with advanced analytics, automated billing, and customer portal.

400 No CVEs

Bykea.Cash – Online Payments

bykea-cash-online-payments

The Bykea Cash plugin allows you to collect payments on your WordPress WooCommerce website instantly using Credit/Debit Cards (VISA, MasterCard, PayPa …

200 No CVEs

Developer Profile

Zoho Billing – Embed Payment Form Developer Profile

Zoho Subscriptions

1 plugin · 500 total installs

trust score

Avg Security Score

77/100

Avg Patch Time

8 days

View full developer profile

Detection Fingerprints

How We Detect Zoho Billing – Embed Payment Form

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/zoho-subscriptions/assets/css/zoho-subscriptions.css

HTML / DOM Fingerprints

CSS Classes

zswelcomepanouterzswelcomepanzswelheadingzslinkzssmallink

Data Attributes

data-plugin-name="zoho-subscriptions"data-plugin-version="4.1"

JS Globals

showErrorMessagezs_api_key

FAQ