WP-Safety

Donate by BestWebSoft – Donations Acception Extention for WordPress Security & Risk Analysis

wordpress.org/plugins/donate-button

Add PayPal and 2CO donate buttons to receive charity payments.

100 active installs v2.1.8 PHP + WP 5.6+ Updated Jun 10, 2025
2checkout-formadd-donate-buttonscharitycheckoutdonate-plugin
100
A · Safe
CVEs total1
Unpatched0
Last CVEApr 12, 2017
Plugin page Download
Safety Verdict

Is Donate by BestWebSoft – Donations Acception Extention for WordPress Safe to Use in 2026?

Generally Safe

Score 100/100

Donate by BestWebSoft – Donations Acception Extention for WordPress has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Apr 12, 2017Updated 11mo ago
Risk Assessment

The "donate-button" v2.1.8 plugin exhibits a generally good security posture based on the static analysis. The absence of critical or high severity taint flows, along with a high percentage of properly escaped output and robust nonce and capability checks, are strong indicators of secure coding practices. The limited attack surface, with no apparent unprotected entry points, further enhances its security profile. The plugin also appears to be well-maintained, with no currently unpatched vulnerabilities, despite a past medium severity Cross-Site Scripting (XSS) issue from 2017. This suggests that developers address security concerns promptly.

However, there are minor areas for improvement. While 50% of SQL queries use prepared statements, the remaining 50% do not, which represents a potential risk for SQL injection vulnerabilities if the inputs are not meticulously sanitized elsewhere. The presence of file operations and external HTTP requests, although not flagged as problematic in the taint analysis, are always potential vectors for attack and warrant careful ongoing monitoring. The plugin's overall strengths lie in its proactive security measures and limited attack surface, but the un-prepared SQL queries are a specific, albeit potentially mitigated, concern.

Key Concerns

  • SQL queries not using prepared statements
Vulnerabilities
1 published

Donate by BestWebSoft – Donations Acception Extention for WordPress Security Vulnerabilities

CVEs by Year

1 CVE in 2017
2017
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

WF-e599393b-f009-4a3f-a89e-6219ecf33efc-donate-buttonmedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Donate by BestWebSoft – Donations Acception Extention for WordPress < 2.1.1 - Reflected Cross-Site Scripting

Apr 12, 2017 Patched in 2.1.1 (2477d)
Version History

Donate by BestWebSoft – Donations Acception Extention for WordPress Release Timeline

v2.1.8Current
v2.1.7
v2.1.6
v2.1.5
v2.1.4
v2.1.3
v2.1.2
v2.1.1
v2.1.01 CVE
WF-e599393b-f009-4a3f-a89e-6219ecf33efc-donate-button
v2.0.91 CVE
WF-e599393b-f009-4a3f-a89e-6219ecf33efc-donate-button
v2.0.81 CVE
WF-e599393b-f009-4a3f-a89e-6219ecf33efc-donate-button
v2.0.71 CVE
WF-e599393b-f009-4a3f-a89e-6219ecf33efc-donate-button
v2.0.61 CVE
WF-e599393b-f009-4a3f-a89e-6219ecf33efc-donate-button
v2.0.51 CVE
WF-e599393b-f009-4a3f-a89e-6219ecf33efc-donate-button
v2.0.41 CVE
WF-e599393b-f009-4a3f-a89e-6219ecf33efc-donate-button
v2.0.31 CVE
WF-e599393b-f009-4a3f-a89e-6219ecf33efc-donate-button
v2.0.21 CVE
WF-e599393b-f009-4a3f-a89e-6219ecf33efc-donate-button
v2.0.11 CVE
WF-e599393b-f009-4a3f-a89e-6219ecf33efc-donate-button
v2.01 CVE
WF-e599393b-f009-4a3f-a89e-6219ecf33efc-donate-button
v1.91 CVE
WF-e599393b-f009-4a3f-a89e-6219ecf33efc-donate-button
Code Analysis
Analyzed Mar 16, 2026

Donate by BestWebSoft – Donations Acception Extention for WordPress Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
2 prepared
Unescaped Output
70
407 escaped
Nonce Checks
19
Capability Checks
3
File Operations
4
External Requests
6
Bundled Libraries
0

SQL Query Safety

50% prepared4 total queries

Output Escaping

85% escaped477 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

6 flows
bws_add_menu_render (bws_menu\bws_menu.php:12)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Donate by BestWebSoft – Donations Acception Extention for WordPress Attack Surface

Entry Points3
Unprotected0

AJAX Handlers 2

authwp_ajax_bws_submit_request_feature_actionbws_menu\class-bws-settings.php:1452
authwp_ajax_bws_submit_uninstall_reason_actionbws_menu\deactivation-form.php:432

Shortcodes 1

[donate] donate.php:689
WordPress Hooks 21
filterload_textdomain_mofilebws_menu\bws_functions.php:37
filtermce_external_pluginsbws_menu\bws_functions.php:1081
filtermce_buttonsbws_menu\bws_functions.php:1082
actionadmin_initbws_menu\bws_functions.php:1357
actionadmin_enqueue_scriptsbws_menu\bws_functions.php:1358
actionadmin_headbws_menu\bws_functions.php:1359
actionadmin_footerbws_menu\bws_functions.php:1360
actionadmin_noticesbws_menu\bws_functions.php:1362
actionwp_enqueue_scriptsbws_menu\bws_functions.php:1364
actionadmin_menudonate.php:681
actioninitdonate.php:682
actionadmin_initdonate.php:683
actionplugins_loadeddonate.php:684
actionadmin_enqueue_scriptsdonate.php:685
actionwp_enqueue_scriptsdonate.php:686
filterpgntn_callbackdonate.php:687
actionwidgets_initdonate.php:688
filterbws_shortcode_button_contentdonate.php:691
actionadmin_noticesdonate.php:692
filterplugin_row_metadonate.php:694
filterplugin_action_linksdonate.php:695
Maintenance & Trust

Donate by BestWebSoft – Donations Acception Extention for WordPress Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedJun 10, 2025
PHP min version
Downloads26K

Community Trust

Rating74/100
Number of ratings7
Active installs100
Alternatives

Donate by BestWebSoft – Donations Acception Extention for WordPress Alternatives

Virtue – Charity Donations UK

Virtue – Charity Donations UK

virtue-for-woocommerce

A
85

Instant social and environmental impact on your store. Give to causes & empower shoppers to donate.

0 No CVEs
Checkout Field Editor (Checkout Manager) for WooCommerce

Checkout Field Editor (Checkout Manager) for WooCommerce

woo-checkout-field-editor-pro

A
93

Checkout Field Editor (Checkout Manager) for WooCommerce – The best WooCommerce checkout manager plugin to manage WooCommerce checkout fields.

500K 3 CVEs
Checkout Field Manager (Checkout Manager) for WooCommerce

Checkout Field Manager (Checkout Manager) for WooCommerce

woocommerce-checkout-manager

A
92

Checkout Field Manager (Checkout Manager) for WooCommerce is the most advanced plugin to customize checkout fields on your WooCommerce checkout page.

90K 5 CVEs
Flexible Checkout Fields for WooCommerce – WooCommerce Checkout Manager

Flexible Checkout Fields for WooCommerce – WooCommerce Checkout Manager

flexible-checkout-fields

A
99

The best WooCommerce checkout manager. Edit, remove or add checkout fields. Customize WooCommerce checkout with this checkout field customizer.

80K 2 CVEs
Direct Checkout for WooCommerce

Direct Checkout for WooCommerce

woocommerce-direct-checkout

A
100

Formerly "WooCommerce Direct Checkout". This plugin simplifies the entire WooCommerce checkout process to improve your sales rate.

80K No CVEs
Developer Profile

Donate by BestWebSoft – Donations Acception Extention for WordPress Developer Profile

bestweblayout

32 plugins · 17K total installs

77
trust score
Avg Security Score
97/100
Avg Patch Time
1944 days
View full developer profile
Detection Fingerprints

How We Detect Donate by BestWebSoft – Donations Acception Extention for WordPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/donate-button/css/style.css
Version Parameters
donate-button/css/style.css?ver=

HTML / DOM Fingerprints

CSS Classes
dnt-title
HTML Comments
© Copyright 2020 BestWebSoft ( https://support.bestwebsoft.com )This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
Data Attributes
name="business"name="item_name"name="amount"name="currency_code"name="cmd"name="charset"+3 more
Shortcode Output
<input type='hidden' name='business' value="<input type='hidden' name='item_name' value="<input type='hidden' name='amount' value="<input type="hidden" name='currency_code' value="
FAQ

Frequently Asked Questions about Donate by BestWebSoft – Donations Acception Extention for WordPress