Does Donate Me have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Donate Me compatible with WordPress 6.2.9?

According to WordPress.org data, Donate Me 1.2.5 has been tested up to WordPress 6.2.9. Check the plugin's changelog for the latest compatibility information.

How often is Donate Me updated?

Donate Me was last updated on May 9, 2023. Frequent updates are generally a positive security signal.

What is Donate Me's security score?

Donate Me has a WP-Safety security score of 84/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Donate Me Security & Risk Analysis

wordpress.org/plugins/donate-me

Adds PayPal Donation with Donate Me. Simple. Easy. Multiple button and colors.

20 active installs v1.2.5 PHP + WP 2.7.0+ Updated May 9, 2023

donate-medonationdonation-paypalpaypalpaypal-donation

B · Generally Safe

CVEs total2

Unpatched0

Last CVEApr 1, 2025

Plugin page Download

Safety Verdict

Is Donate Me Safe to Use in 2026?

Mostly Safe

Score 84/100

Donate Me is generally safe to use though it hasn't been updated recently. 2 past CVEs were resolved.

2 known CVEsLast CVE: Apr 1, 2025Updated 3yr ago

Risk Assessment

The "donate-me" plugin version 1.2.5 exhibits a mixed security posture. While it demonstrates strengths in areas like avoiding dangerous functions, employing prepared statements for SQL queries, and not making external HTTP requests, significant concerns emerge from other analysis points. The complete lack of output escaping is a major red flag, directly exposing users to Cross-Site Scripting (XSS) vulnerabilities as indicated by the vulnerability history. Furthermore, the absence of nonce and capability checks on its single shortcode entry point is a critical oversight, potentially allowing unauthorized actions or data manipulation.

The vulnerability history for "donate-me" is particularly worrying, with two medium severity CVEs, both of which are currently unpatched. The historical prevalence of XSS and CSRF vulnerabilities suggests a consistent pattern of input sanitization and authorization weaknesses within the plugin. While the static analysis did not reveal active taint flows in this specific version, the historical context and the identified code signals strongly imply that such issues are recurring and have not been adequately addressed. The plugin's strengths are overshadowed by these critical weaknesses in output sanitization and access control, presenting a significant risk to WordPress sites using this version.

Key Concerns

Unpatched CVEs (2)
Output escaping missing
Nonce checks missing
Capability checks missing

Vulnerabilities

2 published

Donate Me Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2025-31778medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Donate Me <= 1.2.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting

Apr 1, 2025 Patched in 1.3.0 (406d)

CVE-2024-53776medium · 6.1Cross-Site Request Forgery (CSRF)

Donate Me <= 1.2.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Nov 28, 2024 Patched in 1.3.0 (530d)

Version History

Donate Me Release Timeline

No version history available.

Code Analysis

Analyzed Mar 16, 2026

Donate Me Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped2 total outputs

Attack Surface

Donate Me Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[donateme] donate-me.php:34

WordPress Hooks 1

filterplugin_action_linksdonate-me.php:43

Maintenance & Trust

Donate Me Maintenance & Trust

Maintenance Signals

WordPress version tested6.2.9

Last updatedMay 9, 2023

PHP min version

Downloads1K

Community Trust

Rating100/100

Number of ratings2

Active installs20

Alternatives

Donate Me Alternatives

Easy Accept Payments via PayPal

wordpress-easy-paypal-payment-or-donation-accept-plugin

Easy to use Wordpress plugin to accept PayPal payments for a service or product or donation in one click

7K 2 CVEs

CP Contact Form with PayPal

cp-contact-form-with-paypal

Easily create contact forms with integrated PayPal payments. Accept service payments, orders, and more with a drag-and-drop form builder.

900 8 CVEs

Accept PayPal Payments using Contact Form 7

contact-form-7-paypal-extension

Integrate PayPal Submit button in Contact Form 7 to Enjoy Quick Online Payments.

600 1 unpatched

Donation Block For PayPal

donations-block

Create PayPal Donation Buttons as per your need in very simple way.

600 3 CVEs

Paypal Donation

paypal-donation

This PayPal Donation WordPress Plugin gives high level of flexible to admin to share some of the real information for donation.

40 No CVEs

Developer Profile

Donate Me Developer Profile

raphaelheide

3 plugins · 30 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

468 days

View full developer profile

Detection Fingerprints

How We Detect Donate Me

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

Shortcode Output

FAQ