Does Crowdfundly have any unpatched vulnerabilities?

No. All known vulnerabilities in Crowdfundly have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Crowdfundly compatible with WordPress 6.1.10?

According to WordPress.org data, Crowdfundly 2.2.2 has been tested up to WordPress 6.1.10. Check the plugin's changelog for the latest compatibility information.

Is Crowdfundly compatible with PHP 5.6+?

Crowdfundly requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Crowdfundly updated?

Crowdfundly was last updated on Jan 9, 2023. Frequent updates are generally a positive security signal.

What is Crowdfundly's security score?

Crowdfundly has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Crowdfundly Security & Risk Analysis

wordpress.org/plugins/crowdfundly

All-in-one digital crowdfunding solution. Build your own crowdfunding platform to raise money for any purpose.

700 active installs v2.2.2 PHP 5.6+ WP 4.9+ Updated Jan 9, 2023

crowdfundingcrowdfundlydonationfundfundraising

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Crowdfundly Safe to Use in 2026?

Generally Safe

Score 85/100

Crowdfundly has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago

Risk Assessment

The Crowdfundly plugin version 2.2.2 exhibits a generally strong security posture, particularly in its handling of SQL queries and the absence of publicly known vulnerabilities. The static analysis indicates a robust implementation of prepared statements for all SQL queries, which significantly mitigates the risk of SQL injection attacks. Furthermore, the plugin demonstrates a high rate of output escaping, suggesting good practices to prevent cross-site scripting (XSS) vulnerabilities. The presence of a substantial number of nonce checks further bolsters its defenses against various forms of token hijacking and CSRF attacks.

However, a notable concern arises from the 0 capability checks identified in the static analysis. While there are no unprotected entry points detected in terms of AJAX handlers or REST API routes, the complete absence of capability checks means that once a user gains access to an entry point, there are no further WordPress role-based restrictions on what actions they can perform. This could lead to privilege escalation if an attacker can find a way to interact with the shortcodes or other less obvious entry points without proper authorization checks. The bundled Select2 library also warrants attention, as outdated versions of bundled libraries can sometimes harbor unpatched vulnerabilities.

Overall, the plugin benefits from a clean vulnerability history with no recorded CVEs, indicating a potentially well-maintained codebase. The static analysis also shows no critical or high-severity taint flows, which is a positive sign. The strengths lie in its core security implementations like prepared statements and nonce checks. The main area for improvement is ensuring proper capability checks are associated with all functionalities exposed through its entry points, especially the shortcodes, to prevent unauthorized actions by authenticated users.

Key Concerns

Absence of capability checks on entry points
Bundled library (Select2) may be outdated
Significant portion of output not properly escaped

Vulnerabilities

None known

Crowdfundly Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Crowdfundly Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

315

645 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2

Output Escaping

67% escaped960 total outputs

Data Flows

All sanitized

Data Flow Analysis

3 flows

cf_activities_loadmore (src\Controllers\SingleCampaignController.php:372)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Crowdfundly Attack Surface

Entry Points3

Unprotected0

Shortcodes 3

[crowdfundly-organization] src\Providers\PublicServiceProvider.php:36

[crowdfundly-all-campaigns] src\Providers\PublicServiceProvider.php:37

[crowdfundly-campaign] src\Providers\PublicServiceProvider.php:38

WordPress Hooks 37

actionadmin_initsrc\Controllers\ActivationController.php:37

actionadmin_noticessrc\Controllers\AdminNoticeController.php:33

actionin_admin_headersrc\Controllers\AdminNoticeController.php:72

actionadmin_menusrc\Controllers\CacheController.php:22

actioncustomize_registersrc\Controllers\CustomizerController.php:17

actioncustomize_preview_initsrc\Controllers\CustomizerController.php:18

actionplugins_loadedsrc\Controllers\ElementorController.php:24

actionadmin_noticessrc\Controllers\ElementorController.php:32

actionelementor/initsrc\Controllers\ElementorController.php:36

actionelementor/preview/enqueue_stylessrc\Controllers\ElementorController.php:37

actionelementor/editor/after_enqueue_scriptssrc\Controllers\ElementorController.php:38

actionelementor/elements/categories_registeredsrc\Controllers\ElementorController.php:46

actionelementor/widgets/widgets_registeredsrc\Controllers\ElementorController.php:47

filterthe_titlesrc\Controllers\OrganizationController.php:69

filterpage_attributes_dropdown_pages_argssrc\Controllers\PageTemplateController.php:22

filtertheme_page_templatessrc\Controllers\PageTemplateController.php:24

filterwp_insert_post_datasrc\Controllers\PageTemplateController.php:27

filtertemplate_includesrc\Controllers\PageTemplateController.php:28

actionplugins_loadedsrc\Controllers\TeamController.php:24

filtercrowdfundly_all_campssrc\Helpers\Elementor\AllCampaignWidget.php:1150

filtercrowdfundly_org_campsrc\Helpers\Elementor\OrganizationWidget.php:1220

filtercrowdfundly_single_campsrc\Helpers\Elementor\SingleCampaignWidget.php:2364

actionadmin_headsrc\Helpers\Menu.php:139

actionadmin_enqueue_scriptssrc\Providers\AssetServiceProvider.php:28

actionwp_enqueue_scriptssrc\Providers\AssetServiceProvider.php:29

actioninitsrc\Providers\EventListenerServiceProvider.php:42

actionplugins_loadedsrc\Providers\EventListenerServiceProvider.php:45

actionupgrader_process_completesrc\Providers\EventListenerServiceProvider.php:50

filterupdate_footersrc\Providers\EventListenerServiceProvider.php:129

actionadmin_menusrc\Providers\MenuServiceProvider.php:39

actionadmin_menusrc\Providers\MenuServiceProvider.php:45

actionadmin_menusrc\Providers\MenuServiceProvider.php:48

actionadmin_menusrc\Providers\MenuServiceProvider.php:51

actionadmin_menusrc\Providers\MenuServiceProvider.php:55

actionrest_api_initsrc\Providers\RestApiServiceProvider.php:26

actioncustomize_controls_print_stylessrc\resources\views\customizer\styles.php:39

actionwp_headsrc\resources\views\customizer\styles.php:479

Maintenance & Trust

Crowdfundly Maintenance & Trust

Maintenance Signals

WordPress version tested6.1.10

Last updatedJan 9, 2023

PHP min version5.6

Downloads55K

Community Trust

Rating80/100

Number of ratings4

Active installs700

Alternatives

Crowdfundly Alternatives

GiveWP – Donation Plugin and Fundraising Platform

give

Accept donations and begin fundraising with GiveWP, the highest rated WordPress donation plugin for online giving.

100K 69 CVEs

Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More

charitable

The best WordPress donation plugin. Create fundraising donation forms, accept recurring donations, easy donor management, add crowdfunding, and more.

10K 14 CVEs

Leyka

leyka

Leyka is a plugin for crowdfunding and donations collection via WordPress website.

2K 2 unpatched

FundEngine – Donation and Crowdfunding Platform

wp-fundraising-donation

FundEngine - Fundraising Donation plugin and Crowdfunding Platform comes with Single donation and crowdfunding solution. You can use our plugin Either …

1K 5 CVEs

WhyDonate – FREE Donate button – Crowdfunding – Fundraising

wp-whydonate

FREE Donation button for your website. Collect donations via Credit card, PayPal, VISA, iDeal, Sofort and Bancontact. Set up in minutes and safe!

800 3 CVEs

Developer Profile

Crowdfundly Developer Profile

Crowdfundly

1 plugin · 700 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Crowdfundly

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/crowdfundly/customizer/js/customizer.js/wp-content/plugins/crowdfundly/public/pagebuilders/elementor/icons/style.css/wp-content/plugins/crowdfundly/public/vendors/slick-dist/slick/slick.css/wp-content/plugins/crowdfundly/public/vendors/slick-dist/slick/slick-theme.css/wp-content/plugins/crowdfundly/public/vendors/slick-dist/slick/slick.min.js/wp-content/plugins/crowdfundly/public/pagebuilders/elementor/main.js

Script Paths

customizer/js/customizer.jspublic/pagebuilders/elementor/icons/style.csspublic/vendors/slick-dist/slick/slick.csspublic/vendors/slick-dist/slick/slick-theme.csspublic/vendors/slick-dist/slick/slick.min.jspublic/pagebuilders/elementor/main.js

Version Parameters

crowdfundly/customizer/js/customizer.js?ver=crowdfundly/public/pagebuilders/elementor/icons/style.css?ver=crowdfundly/public/vendors/slick-dist/slick/slick.css?ver=crowdfundly/public/vendors/slick-dist/slick/slick-theme.css?ver=crowdfundly/public/vendors/slick-dist/slick/slick.min.js?ver=crowdfundly/public/pagebuilders/elementor/main.js?ver=

HTML / DOM Fingerprints

CSS Classes

cf_organizaton_pagecf_all_campaign_pagecf_single_campaign_page

Data Attributes

data-cf-slug

JS Globals

cf_prefixcf_assetorganization_pageall_campaignsingle_campaign

FAQ