Does Custom Donations have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Custom Donations compatible with WordPress 4.7.33?

According to WordPress.org data, Custom Donations 1.2.4 has been tested up to WordPress 4.7.33. Check the plugin's changelog for the latest compatibility information.

How often is Custom Donations updated?

Custom Donations was last updated on Feb 7, 2017. Frequent updates are generally a positive security signal.

What is Custom Donations's security score?

Custom Donations has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Custom Donations Security & Risk Analysis

wordpress.org/plugins/custom-donations

This plugin allows sites to accept user-entered custom donation amounts through Paypal, including recurring donations. This plugin was created in res …

30 active installs v1.2.4 PHP + WP 3.0+ Updated Feb 7, 2017

custom-donationsdonationspaypalrecurring-donations

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Custom Donations Safe to Use in 2026?

Generally Safe

Score 85/100

Custom Donations has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago

Risk Assessment

The custom-donations plugin v1.2.4 demonstrates several concerning security practices despite the absence of known historical vulnerabilities. The static analysis reveals a significant weakness: 0% of output is properly escaped. This indicates a high risk of Cross-Site Scripting (XSS) vulnerabilities, where user-supplied input could be injected into the frontend and executed in the browser of other users. Furthermore, the complete lack of nonce checks and capability checks on its single shortcode entry point is a major concern, suggesting that unauthorized users might be able to trigger the shortcode's functionality without proper authentication or authorization. While the plugin uses prepared statements for all SQL queries and has a clean vulnerability history, these strengths are overshadowed by the critical output escaping and authorization deficiencies.

Despite the plugin's clean slate regarding historical CVEs, the present code analysis points to clear and actionable security risks. The absence of taint analysis findings is likely due to the limited scope or effectiveness of the analysis on this particular codebase, rather than a guarantee of no taint-related issues. The plugin's overall security posture is weak due to the identified output escaping and authorization vulnerabilities. It is strongly recommended that these issues be addressed to prevent potential exploitation.

Key Concerns

All output is unescaped
Shortcode lacks capability checks
Shortcode lacks nonce checks

Vulnerabilities

None known

Custom Donations Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Custom Donations Release Timeline

v2.3

v1.2.3

v1.2.2

Code Analysis

Analyzed Mar 16, 2026

Custom Donations Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped26 total outputs

Attack Surface

Custom Donations Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[custom-donations] custom-donations.php:19

WordPress Hooks 5

actionadmin_headcstdnt-admin-styles.php:3

actionadmin_headcstdnt-admin-styles.php:4

actionadmin_menucstdnt-admin.php:3

actionadmin_initcstdnt-admin.php:4

actionwp_enqueue_scriptscustom-donations.php:34

Maintenance & Trust

Custom Donations Maintenance & Trust

Maintenance Signals

WordPress version tested4.7.33

Last updatedFeb 7, 2017

PHP min version

Downloads3K

Community Trust

Rating100/100

Number of ratings1

Active installs30

Alternatives

Custom Donations Alternatives

Better Payment – Instant Payments, Donations, Fundraising with Subscriptions & More

better-payment

100

Better Payment allows you to automate payment transactions to manage payments, donations, subscriptions, sell products, etc on your Elementor website.

6K No CVEs

Fundraising Bar – A Sticky Customizable Donation Bar for WordPress

fundraising-bar

100

A WordPress plugin that displays a donation bar for PayPal donations (one-time or recurring), with sandbox mode, custom amounts, fee coverage, and a l …

0 No CVEs

GiveWP – Donation Plugin and Fundraising Platform

give

Accept donations and begin fundraising with GiveWP, the highest rated WordPress donation plugin for online giving.

100K 72 CVEs

Donations via PayPal

paypal-donations

100

Easy, simple setup to add a PayPal Donation button as a Widget or with a shortcode.

20K 1 CVE

Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More

charitable

The best WordPress donation plugin. Create fundraising donation forms, accept recurring donations, easy donor management, add crowdfunding, and more.

10K 16 CVEs

Developer Profile

Custom Donations Developer Profile

peterbreen

1 plugin · 30 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Custom Donations

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/custom-donations/css/style.css

HTML / DOM Fingerprints

CSS Classes

enable

Data Attributes

name='cstdnt_settings[cstdnt_paypal_email]'name='cstdnt_settings[cstdnt_organization_name]'name='cstdnt_settings[cstdnt_single_enable]'name='cstdnt_settings[cstdnt_single_header]'name='cstdnt_settings[cstdnt_single_meta]'name='cstdnt_settings[cstdnt_recurring_enable]'+12 more

Shortcode Output

[custom-donations]

FAQ