WP-Safety

CharityGlow — Donations & Fundraising Security & Risk Analysis

wordpress.org/plugins/charityglow

Accept donations via Stripe, PayPal, SSLCommerz (bKash, Nagad, Rocket) & Bank Transfer with high-converting forms, recurring donations, and built- …

10 active installs v1.1.0 PHP 7.4+ WP 5.8+ Updated Mar 30, 2026
charitydonationfundraisingpaypalstripe
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is CharityGlow — Donations & Fundraising Safe to Use in 2026?

Generally Safe

Score 100/100

CharityGlow — Donations & Fundraising has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The "charityglow" v1.1.0 plugin demonstrates a generally strong security posture with excellent output escaping and a high percentage of prepared SQL statements. The plugin also shows a good number of nonce and capability checks, indicating developers are aware of common WordPress security practices. However, there are significant concerns stemming from the static analysis. The presence of unprotected AJAX handlers is a major red flag, as these can be entry points for attackers. Additionally, the high number of flows with unsanitized paths, specifically 11 classified as high severity in the taint analysis, points to potential vulnerabilities related to how user input is handled, even if no critical severities were found. The lack of any recorded vulnerability history is positive but doesn't negate the immediate risks identified in the code analysis. While the plugin's adherence to many best practices is commendable, the identified unprotected entry points and high-severity taint flows warrant careful attention and remediation.

Key Concerns

  • Unprotected AJAX handlers
  • High severity taint flows (unsanitized paths)
  • Use of dangerous function preg_replace(/e)
Vulnerabilities
None known

CharityGlow — Donations & Fundraising Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

CharityGlow — Donations & Fundraising Release Timeline

v1.1.0Current
v1.0.0
Code Analysis
Analyzed Mar 17, 2026

CharityGlow — Donations & Fundraising Code Analysis

Dangerous Functions
1
Raw SQL Queries
38
230 prepared
Unescaped Output
21
1430 escaped
Nonce Checks
26
Capability Checks
20
File Operations
7
External Requests
10
Bundled Libraries
2

Dangerous Functions Found

preg_replace(/e)preg_replace('/eincludes\class-inline-assets.php:217

Bundled Libraries

FreemiusStripe PHP

SQL Query Safety

86% prepared268 total queries

Output Escaping

99% escaped1451 total outputs
Data Flows · Security
13 unsanitized

Data Flow Analysis

25 flows13 with unsanitized paths
download_receipt (includes\features\class-receipts.php:285)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

CharityGlow — Donations & Fundraising Attack Surface

Entry Points36
Unprotected4

AJAX Handlers 22

noprivwp_ajax_charityglow_process_donationincludes\class-ajax.php:18
authwp_ajax_charityglow_process_donationincludes\class-ajax.php:19
noprivwp_ajax_charityglow_create_payment_intentincludes\class-ajax.php:21
authwp_ajax_charityglow_create_payment_intentincludes\class-ajax.php:22
authwp_ajax_charityglow_get_donation_statsincludes\class-ajax.php:25
authwp_ajax_charityglow_export_donationsincludes\class-ajax.php:26
authwp_ajax_charityglow_send_test_emailincludes\class-ajax.php:29
authwp_ajax_charityglow_reset_settingsincludes\class-ajax.php:30
authwp_ajax_charityglow_test_gateway_connectionincludes\class-ajax.php:31
authwp_ajax_charityglow_send_receiptincludes\class-ajax.php:34
authwp_ajax_charityglow_bulk_delete_donationsincludes\class-ajax.php:37
authwp_ajax_charityglow_bulk_delete_donorsincludes\class-ajax.php:40
authwp_ajax_charityglow_generate_receiptincludes\class-ajax.php:45
authwp_ajax_charityglow_download_receiptincludes\class-ajax.php:46
authwp_ajax_charityglow_email_receiptincludes\class-ajax.php:47
authwp_ajax_charityglow_bulk_generate_receiptsincludes\class-ajax.php:48
authwp_ajax_charityglow_bulk_email_receiptsincludes\class-ajax.php:49
noprivwp_ajax_charityglow_public_download_receiptincludes\class-ajax.php:52
authwp_ajax_charityglow_public_download_receiptincludes\class-ajax.php:53
authwp_ajax_charityglow_dismiss_upgrade_noticeincludes\class-freemius.php:77
authwp_ajax_charityglow_download_receiptincludes\features\class-receipts.php:33
noprivwp_ajax_charityglow_download_receiptincludes\features\class-receipts.php:34

Shortcodes 14

[charityglow_campaign] includes\class-campaigns.php:39
[charityglow_campaigns] includes\class-campaigns.php:40
[charityglow_donation_form] includes\frontend\class-shortcodes.php:25
[charityglow_form] includes\frontend\class-shortcodes.php:26
[charityglow_campaign] includes\frontend\class-shortcodes.php:27
[charityglow_campaigns] includes\frontend\class-shortcodes.php:28
[charityglow_donor_wall] includes\frontend\class-shortcodes.php:29
[charityglow_progress_bar] includes\frontend\class-shortcodes.php:30
[charityglow_donation_success] includes\frontend\class-shortcodes.php:31
[charityglow_donation_failed] includes\frontend\class-shortcodes.php:32
[charityglow_stats] includes\frontend\class-shortcodes.php:33
[charityglow_recent_donations] includes\frontend\class-shortcodes.php:34
[charityglow_how_it_works] includes\frontend\class-shortcodes.php:35
[charityglow_payment_methods] includes\frontend\class-shortcodes.php:36
WordPress Hooks 23
actionplugins_loadedcharityglow.php:149
actionwp_enqueue_scriptscharityglow.php:152
actionadmin_enqueue_scriptscharityglow.php:153
actionadmin_menuincludes\admin\class-admin.php:25
actionadmin_initincludes\admin\class-admin.php:26
actionadmin_initincludes\admin\class-admin.php:27
actionadmin_noticesincludes\admin\class-admin.php:28
actioninitincludes\class-ajax.php:56
actioninitincludes\class-ajax.php:57
actionwp_mail_failedincludes\class-ajax.php:809
actionadmin_post_charityglow_save_campaignincludes\class-campaigns.php:34
actionadmin_post_charityglow_delete_campaignincludes\class-campaigns.php:35
actionadmin_post_charityglow_duplicate_campaignincludes\class-campaigns.php:36
filterthe_contentincludes\class-campaigns.php:43
actionadmin_menuincludes\class-freemius.php:74
actionadmin_noticesincludes\class-freemius.php:75
actionadmin_enqueue_scriptsincludes\class-freemius.php:76
actioninitincludes\class-freemius.php:463
filterconnect_message_on_updateincludes\class-freemius.php:692
filterplugin_iconincludes\class-freemius.php:693
actionwp_footerincludes\class-inline-assets.php:54
actionadmin_footerincludes\class-inline-assets.php:55
actioncharityglow_donation_completedincludes\features\class-receipts.php:32
Maintenance & Trust

CharityGlow — Donations & Fundraising Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 30, 2026
PHP min version7.4
Downloads323

Community Trust

Rating100/100
Number of ratings2
Active installs10
Alternatives

CharityGlow — Donations & Fundraising Alternatives

Better Payment – Instant Payments, Donations, Fundraising with Subscriptions & More

Better Payment – Instant Payments, Donations, Fundraising with Subscriptions & More

better-payment

A
100

Better Payment allows you to automate payment transactions to manage payments, donations, subscriptions, sell products, etc on your Elementor website.

6K No CVEs
FundCollector – Donations Plugin and Fundraising Platform for WordPress

FundCollector – Donations Plugin and Fundraising Platform for WordPress

fundcollector

A
100

Easily receive donations on your website. Accept payments made with PayPal. For bank transfers, it automatically sends payment instructions via email.

0 No CVEs
Accept Donations with PayPal & Stripe

Accept Donations with PayPal & Stripe

easy-paypal-donation

A
92

Add a PayPal or Stripe Donation Button to your website and start collecting donations today. No Coding Required. Official PayPal & Stripe Partner.

10K 8 CVEs
Donation Platform for WooCommerce: Fundraising & Donation Management

Donation Platform for WooCommerce: Fundraising & Donation Management

wc-donation-platform

A
100

Open source donation system for your fundraising that supports recurring donations and more

7K 1 CVE
Paymattic – Secure, Simple Payment & Donation with Subscription Payments, Recurring Donations, Customer Management

Paymattic – Secure, Simple Payment & Donation with Subscription Payments, Recurring Donations, Customer Management

wp-payment-form

A
95

Create payment form, donate button to accept payments and donations. Manage subscription payment, recurring donation with customer/donor management.

4K 3 CVEs
Developer Profile

CharityGlow — Donations & Fundraising Developer Profile

Amdadul Haq

4 plugins · 50 total installs

88
trust score
Avg Security Score
92/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect CharityGlow — Donations & Fundraising

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/charityglow/assets/css/frontend.css/wp-content/plugins/charityglow/assets/js/frontend.js
Script Paths
/wp-content/plugins/charityglow/assets/js/frontend.js
Version Parameters
charityglow/assets/css/frontend.css?ver=charityglow/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

JS Globals
charityglowData
FAQ

Frequently Asked Questions about CharityGlow — Donations & Fundraising