CamPay Give Donation Payment Gateway Security & Risk Analysis
wordpress.org/plugins/campay-giveCamPay is a Fintech service of the company TAKWID
Is CamPay Give Donation Payment Gateway Safe to Use in 2026?
Generally Safe
Score 85/100CamPay Give Donation Payment Gateway has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "campay-give" v1.0 plugin exhibits a generally strong security posture based on the provided static analysis. The complete absence of shortcodes, cron events, and especially unprotected AJAX handlers or REST API routes, significantly limits its potential attack surface. Furthermore, the code demonstrates excellent practices regarding SQL queries (100% prepared statements) and output escaping (100% properly escaped), which are critical for preventing common web vulnerabilities. The lack of any recorded vulnerabilities in its history is a positive indicator of its stability. However, a single "dangerous function" (assert) is flagged, which, while often used for debugging and potentially harmless in production, still represents a coding practice that could introduce risks if not managed carefully.
The taint analysis reporting zero flows with unsanitized paths is encouraging. The presence of external HTTP requests, while not inherently a vulnerability, warrants attention as these could potentially be vectors for supply chain attacks or information disclosure if not handled securely on the server-side. The single nonce check is a minor point of concern, as a more comprehensive approach to nonce validation across all entry points would further strengthen security. Conversely, the absence of capability checks is not necessarily a weakness if the plugin's functionality is not sensitive or is intended to be universally accessible within WordPress.
In conclusion, "campay-give" v1.0 appears to be a relatively secure plugin with strong foundations in data handling and output sanitization. The absence of a history of vulnerabilities and a minimal attack surface are significant strengths. The primary areas for potential improvement are the careful review and potential removal of the "assert" function in production environments and ensuring all external HTTP requests are made with security best practices in mind. The single nonce check could also be a point for hardening.
Key Concerns
- Dangerous function detected (assert)
- External HTTP requests present
- Only one nonce check found
CamPay Give Donation Payment Gateway Security Vulnerabilities
CamPay Give Donation Payment Gateway Code Analysis
Dangerous Functions Found
Output Escaping
CamPay Give Donation Payment Gateway Attack Surface
WordPress Hooks 5
Maintenance & Trust
CamPay Give Donation Payment Gateway Maintenance & Trust
Maintenance Signals
Community Trust
CamPay Give Donation Payment Gateway Alternatives
Campay Woocommerce Payment Gateway
campay-api
CamPay is a Fintech service of the company TAKWID
CamPay Shortcode Payment Gateway
campay-shortcode-payment-gateway
CamPay is a Fintech service of the company TAKWID
Finachub Lipa na Mpesa Checkout for WooCommerce
finachub-checkout-for-m-pesa
Accept M-Pesa STK Push payments in WooCommerce. A simple and reliable way to integrate Kenya's most popular payment method.
UnitechPay – Wave & Orange Money Payments
unitechpay-paiements-mobile-money
Solution complète de paiement Wave et Orange Money avec redistribution automatique. Recevez directement l'argent sur vos numéros !
Direct Payments WP
direct-payments-wp
Direct Payments WP lets you easily accept payments via bank transfers, mobile money, and P2P platforms on your WordPress website.
CamPay Give Donation Payment Gateway Developer Profile
3 plugins · 220 total installs
How We Detect CamPay Give Donation Payment Gateway
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/campay-give/assets/css/campay.css/wp-content/plugins/campay-give/assets/js/campay.js/wp-content/plugins/campay-give/assets/js/campay.jscampay-give/assets/css/campay.css?ver=campay-give/assets/js/campay.js?ver=HTML / DOM Fingerprints
form-groupcampay-number-error Documentation on Campay REST API
Campay Give plugin uses CamPay REST API present on campay.net to process payments. Full documentation about the API is present here : https://documenter.getpostman.com/view/2391374/T1LV8PVA
the get_token function calls the /token/ endpoint of campay REST API to authenticate the user using the API.
the execute_payment function calls the /collect/ endpoint of campay REST API to prompt the website user to confirm his donation by inserting secret code on his phone.
the check_payment function calls the /transaction/ endpoint of campay REST API to check the status of the transaction initiated by execute_payment.
Please visit https://documenter.getpostman.com/view/2391374/T1LV8PVA for more information and contact info@campay.net for any question.
/** END DOCUMENTATIION **/Step 1: add any gateway fields to the form using html. In order to retrieve this data later the name of the input must be inside the key gatewayData (name='gatewayData[input_name]').Step 2: you can alternatively send this data to the $gatewayData param using the filter `givewp_create_payment_gateway_data_{gatewayId}`.Step 1: Validate any data passed from the gateway fields in $gatewayData. Throw the PaymentGatewayException if the data is invalid.+2 moregatewayData[campay_transaction_number]campay_transaction_numberphone_number_campaycampay-number-errorcampay_transaction_numbervalidate_number(this)