Does Donations Widget have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Donations Widget compatible with WordPress 3.0.0?

According to WordPress.org data, Donations Widget 1.0.2 has been tested up to WordPress 3.0.0. Check the plugin's changelog for the latest compatibility information.

How often is Donations Widget updated?

Donations Widget was last updated on Dec 4, 2010. Frequent updates are generally a positive security signal.

What is Donations Widget's security score?

Donations Widget has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Donations Widget Security & Risk Analysis

wordpress.org/plugins/donations

Accept donations from your readers via AlertPay, Moneybookers and/or PayPal.

10 active installs v1.0.2 PHP + WP 2.8+ Updated Dec 4, 2010

alertpaydonationsmoneybookerspaypalwidget

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Donations Widget Safe to Use in 2026?

Generally Safe

Score 85/100

Donations Widget has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 15yr ago

Risk Assessment

The "donations" plugin v1.0.2 exhibits a concerning security posture despite a clean vulnerability history and zero known CVEs. The static analysis reveals a complete lack of output escaping, meaning all 37 identified output points are potentially vulnerable to cross-site scripting (XSS) attacks. This is a critical weakness that can allow attackers to inject malicious code into the plugin's output, which could then be executed in the browsers of other users.

Furthermore, the taint analysis indicates that both analyzed flows have unsanitized paths. While these are not classified as critical or high severity, they still point to potential vulnerabilities where user-supplied data could be mishandled. The absence of nonce checks, capability checks, and unprotected AJAX/REST API endpoints is notable, but the lack of any such entry points significantly mitigates immediate risks in these areas. The plugin's strengths lie in its use of prepared statements for SQL queries and the absence of file operations and external HTTP requests, demonstrating good practices in those specific domains.

In conclusion, while the plugin has a clean past and avoids common pitfalls like raw SQL or unprotected entry points, the pervasive lack of output escaping is a severe flaw that significantly elevates its risk profile. This weakness, combined with the identified unsanitized taint flows, means the plugin requires immediate attention to address potential XSS vulnerabilities.

Key Concerns

All outputs are unescaped
Unsanitized taint flows detected

Vulnerabilities

None known

Donations Widget Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Donations Widget Release Timeline

No version history available.

Code Analysis

Analyzed Mar 16, 2026

Donations Widget Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped37 total outputs

Data Flows · Security

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

widget_donations_control (donations.php:155)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Donations Widget Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 1

actioninitdonations.php:40

Maintenance & Trust

Donations Widget Maintenance & Trust

Maintenance Signals

WordPress version tested3.0.0

Last updatedDec 4, 2010

PHP min version

Downloads9K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Donations Widget Alternatives

Donations via PayPal

paypal-donations

100

Easy, simple setup to add a PayPal Donation button as a Widget or with a shortcode.

20K 1 CVE

Paypal Target Meter

paypal-target-meter

display a progress meter of donations towards a monthly or yearly goal

10 No CVEs

GiveWP Donation Widgets for Elementor

givewp-donation-widgets-for-elementor

100

A GiveWP add-on which allows you to embed any GiveWP shortcode into your Elementor-powered pages.

7K No CVEs

Better Payment – Instant Payments, Donations, Fundraising with Subscriptions & More

better-payment

100

Better Payment allows you to automate payment transactions to manage payments, donations, subscriptions, sell products, etc on your Elementor website.

6K No CVEs

Cryptocurrency Widgets For Elementor

cryptocurrency-widgets-for-elementor

Easily display cryptocurrency prices and generate customizable widgets for 250+ coins, including Bitcoin, Ethereum, and more in Elementor.

2K 1 CVE

Developer Profile

Donations Widget Developer Profile

mohanjith

4 plugins · 80 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Donations Widget

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/donations/images/alertpay_logo.png/wp-content/plugins/donations/images/mb_orange_donate_with.gif/wp-content/plugins/donations/images/pp_donate_LG.gif/wp-content/plugins/donations/images/pixel.gif

HTML / DOM Fingerprints

CSS Classes

payment_formalertpaymoneybookerspaypal

Data Attributes

name="ap_purchasetype"name="ap_merchant"name="ap_itemname"name="ap_itemcode"name="ap_quantity"name="ap_returnurl"+16 more

FAQ