[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fNKu9mz2H-ysvrtTJLxNAM1lWQ0oZniT_WUnv2TxDyng":3,"$flp7AhZvBdzEK-RetES6TwLUG0S302ueS6SfwFmscdlg":185,"$fuoFI-XYE9l2uysobDCMQ-0_jWFjTG55nOLB6hK4vI0U":190},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":21,"download_link":22,"security_score":23,"vuln_count":24,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26,"discovery_status":27,"vulnerabilities":28,"developer":72,"crawl_stats":34,"alternatives":77,"analysis":99,"fingerprints":155},"double-the-donation","Double the Donation – A workplace giving tool","3.1.0","kanwei_doublethedonation","https:\u002F\u002Fprofiles.wordpress.org\u002Fkanwei_doublethedonation\u002F","\u003Cp>Double the Donation is the leading provider of matching gift software solutions to nonprofit and educational institutions. Double the Donation increases revenue from corporate matching gifts while saving staff time. This plugin provides a shortcode that allows you to easily embed Double the Donation’s plugin into your website on a dedicated matching gift page.\u003C\u002Fp>\n\u003Ch3>About Our Plugin:\u003C\u002Fh3>\n\u003Cp>After getting set-up with your Double the Donation account and donation form integration, create a dedicated matching gift page on your website to provide your donors with the forms, guidelines, and instructions they need to submit matching gift and volunteer grant requests.\u003C\u002Fp>\n\u003Cp>Our plugin seamlessly integrates with your WordPress website to instantly connect donors to matching gift and volunteer grant information. \u003Ca href=\"https:\u002F\u002Fsupport.doublethedonation.com\u002Fknowledge\u002Fcreating-a-dedicated-matching-gift-page\" rel=\"nofollow ugc\">On a dedicated matching gift page\u003C\u002Fa>, you can explain what matching gift programs are and provide donors with a chance to look up their employer’s program forms, guidelines, and instructions. Provide answers to frequently asked questions and your dedicated matching gift page will become a useful resource to include in emails, newsletters, and direct messages.\u003C\u002Fp>\n\u003Cp>Our WordPress plugin is serviceware, meaning a paid subscription to Double the Donation will be necessary to use our plugin. To find out more about our service, sign up, or get a demo, \u003Ca href=\"https:\u002F\u002Fdoublethedonation.com\u002F\" rel=\"nofollow ugc\">visit our website here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Benefits:\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Increase fundraising revenue by presenting matching gift next steps in the donation process:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>When you work with one of our \u003Ca href=\"https:\u002F\u002Fdoublethedonation.com\u002Fintegrations\u002F\" rel=\"nofollow ugc\">70+ integration partners\u003C\u002Fa> you can add Double the Donation’s search tool directly into your donation flow. This provides donors with the forms, guidelines, and next steps that they need to submit their matching gifts.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Increase fundraising revenue by presenting matching gift forms, guidelines, and next steps on a Dedicated Matching Gift Page:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Use our WordPress Plugin to embed Double the Donation’s full search tool directly on a \u003Ca href=\"https:\u002F\u002Fsupport.doublethedonation.com\u002Fknowledge\u002Fcreating-a-dedicated-matching-gift-page\" rel=\"nofollow ugc\">dedicated matching gift page\u003C\u002Fa>. This allows donors who are browsing your website or who receive an email asking them to see if their company will match their gift to easily access the matching gift forms, guidelines, and next steps that they need to submit a matching gift request for your nonprofit.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Raise Awareness:\u003C\u002Fstrong>\u003Cbr \u002F>\nTeach donors about employee matching gifts and reap the financial rewards. Double the Donation will help you raise awareness to ensure your eligible donors are thinking about matching gifts.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Make It Easy:\u003C\u002Fstrong>\u003Cbr \u002F>\nMake sure the process is as simple as possible. Give donors all they need to successfully submit a matching gift. Double the Donation makes it easy for donors to submit matching gifts.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Save Staff Time:\u003C\u002Fstrong>\u003Cbr \u002F>\nDon’t miss out on low-hassle donations! Double the Donation’s service helps you maximize matching gift revenue by making it easy for your donors to submit their match requests. No need for your staff to follow-up as Double the Donation’s platform takes care of the key next steps.\u003C\u002Fp>\n\u003Ch3>About Double the Donation:\u003C\u002Fh3>\n\u003Cp>Double the Donation is the leading provider of employee matching gift tools to nonprofits.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Double the Donation’s plugin provides donors with everything they need to submit matching gifts and volunteer grants\u003C\u002Fstrong>\u003Cbr \u002F>\n– Whether their employer will match their donation\u003Cbr \u002F>\n– Whether their employer will provide a grant if they volunteer regularly\u003Cbr \u002F>\n– Minimum and maximum amounts matched\u003Cbr \u002F>\n– Types of employees eligible (Ex. Full-time vs. Part-time vs. Retirees)\u003Cbr \u002F>\n– Types of nonprofits each company will match to\u003Cbr \u002F>\n– Submission instructions\u003Cbr \u002F>\n– Paper matching gift forms and guidelines\u003Cbr \u002F>\n– Links to electronic matching gift submission forms so donors can submit matches instantly\u003Cbr \u002F>\n– Contact information\u003Cbr \u002F>\n– And much more\u003C\u002Fp>\n\u003Ch3>Terms of Use\u003C\u002Fh3>\n\u003Cp>As our plugin is service-ware, usage of it requires a paid subscription, and usage means that you agree to our \u003Ca href=\"https:\u002F\u002Fdoublethedonation.com\u002Fterms-of-service\u002F\" rel=\"nofollow ugc\">Terms of Service\u003C\u002Fa>.\u003C\u002Fp>\n","Double the Donation – Easily add our matching gifts plugin and volunteering plugin on your site to help your fundraising efforts",1000,9337,0,"2025-11-10T21:04:00.000Z","6.8.5","3.0","5.6.20",[19,4,20],"donation-matching","matching-gifts","https:\u002F\u002Fdoublethedonation.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdouble-the-donation.zip",97,3,"2025-11-10 15:02:07","2026-04-16T10:56:18.058Z","no_bundle",[29,45,61],{"id":30,"url_slug":31,"title":32,"description":33,"plugin_slug":4,"theme_slug":34,"affected_versions":35,"patched_in_version":6,"severity":36,"cvss_score":37,"cvss_vector":38,"vuln_type":39,"published_date":25,"updated_date":40,"references":41,"days_to_patch":24,"patch_diff_files":43,"patch_trac_url":34,"research_status":34,"research_verified":44,"research_rounds_completed":13,"research_plan":34,"research_summary":34,"research_vulnerable_code":34,"research_fix_diff":34,"research_exploit_outline":34,"research_model_used":34,"research_started_at":34,"research_completed_at":34,"research_error":34,"poc_status":34,"poc_video_id":34,"poc_summary":34,"poc_steps":34,"poc_tested_at":34,"poc_wp_version":34,"poc_php_version":34,"poc_playwright_script":34,"poc_exploit_code":34,"poc_has_trace":44,"poc_model_used":34,"poc_verification_depth":34},"CVE-2025-12020","double-the-donation-authenticated-admin-stored-cross-site-scripting","Double the Donation \u003C= 3.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting","The Double the Donation – A workplace giving tool to help your fundraising efforts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.",null,"\u003C=3.0.0","medium",4.9,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-11-13 15:51:56",[42],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F63ba2d29-26dc-4c5f-9d9d-9a13e25c44b9?source=api-prod",[],false,{"id":46,"url_slug":47,"title":48,"description":49,"plugin_slug":4,"theme_slug":34,"affected_versions":50,"patched_in_version":51,"severity":36,"cvss_score":52,"cvss_vector":53,"vuln_type":54,"published_date":55,"updated_date":56,"references":57,"days_to_patch":59,"patch_diff_files":60,"patch_trac_url":34,"research_status":34,"research_verified":44,"research_rounds_completed":13,"research_plan":34,"research_summary":34,"research_vulnerable_code":34,"research_fix_diff":34,"research_exploit_outline":34,"research_model_used":34,"research_started_at":34,"research_completed_at":34,"research_error":34,"poc_status":34,"poc_video_id":34,"poc_summary":34,"poc_steps":34,"poc_tested_at":34,"poc_wp_version":34,"poc_php_version":34,"poc_playwright_script":34,"poc_exploit_code":34,"poc_has_trace":44,"poc_model_used":34,"poc_verification_depth":34},"CVE-2025-57930","double-the-donation-cross-site-request-forgery","Double the Donation \u003C= 2.0.0 - Cross-Site Request Forgery","The Double the Donation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","\u003C=2.0.0","3.0.0",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2025-09-22 00:00:00","2025-10-02 21:23:38",[58],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fa055e6ca-6ef0-4c40-80f4-14a5a19a6db6?source=api-prod",11,[],{"id":62,"url_slug":63,"title":64,"description":65,"plugin_slug":4,"theme_slug":34,"affected_versions":50,"patched_in_version":51,"severity":36,"cvss_score":66,"cvss_vector":67,"vuln_type":39,"published_date":55,"updated_date":68,"references":69,"days_to_patch":59,"patch_diff_files":71,"patch_trac_url":34,"research_status":34,"research_verified":44,"research_rounds_completed":13,"research_plan":34,"research_summary":34,"research_vulnerable_code":34,"research_fix_diff":34,"research_exploit_outline":34,"research_model_used":34,"research_started_at":34,"research_completed_at":34,"research_error":34,"poc_status":34,"poc_video_id":34,"poc_summary":34,"poc_steps":34,"poc_tested_at":34,"poc_wp_version":34,"poc_php_version":34,"poc_playwright_script":34,"poc_exploit_code":34,"poc_has_trace":44,"poc_model_used":34,"poc_verification_depth":34},"CVE-2025-57929","double-the-donation-authenticated-administrator-stored-cross-site-scripting","Double the Donation \u003C= 2.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting","The Double the Donation plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.",4.4,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","2025-10-02 21:23:57",[70],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fe23abd25-d41b-4ba8-a5b7-993f745d375a?source=api-prod",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":73,"total_installs":11,"avg_security_score":23,"avg_patch_time_days":74,"trust_score":75,"computed_at":76},1,8,92,"2026-05-20T08:05:09.849Z",[78],{"slug":79,"name":80,"version":81,"author":82,"author_profile":83,"description":84,"short_description":85,"active_installs":86,"downloaded":87,"rating":13,"num_ratings":13,"last_updated":88,"tested_up_to":89,"requires_at_least":90,"requires_php":91,"tags":92,"homepage":97,"download_link":98,"security_score":86,"vuln_count":13,"unpatched_count":13,"last_vuln_date":34,"fetched_at":26},"give-double-the-donation","Give – Double the Donation","2.1.2","Matt Cromwell","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebdevmattcrom\u002F","\u003Cp>Empower your GiveWP donors to have their company match their donations with the most powerful Company Matching platform: Double the Donation.\u003C\u002Fp>\n\u003Cp>With this GiveWP add-on, simply add your Double the Donation API keys into the settings, then each of your forms can be enabled to accept company matching.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>ABOUT DOUBLE THE DONATION:\u003C\u002Fstrong>\u003Cbr \u002F>\nAutomate your matching gift fundraising with the industry-leading solution from Double the Donation. Double the Donation provides nonprofits with tools to identify match-eligible donors, drive matches to completion, and gain actionable insights. Our unique integration with GiveWP integrates directly into your donation forms, to capture employment information and follow up appropriately with donors about matching gifts.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>ABOUT OUR FREE ADD-ONS\u003C\u002Fstrong>\u003Cbr \u002F>\nAdd-ons like “GiveWP — Double the Donation” are a way that we are giving back to the WordPress community.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgo.givewp.com\u002Fwpfreeaddons\" rel=\"nofollow ugc\">Learn more about this free add-on and all the free GiveWP add-ons.\u003C\u002Fa>\u003C\u002Fp>\n","Empower your GiveWP donors to have their company match their donations with the most powerful Company Matching platform: Double the Donation.",100,6200,"2026-01-07T19:17:00.000Z","6.9.4","6.6","7.2",[93,4,94,95,96],"company-matching-donation","employer-matching","employer-matching-donations","givewp","https:\u002F\u002Fgivewp.com\u002Faddons\u002Fgive-double-the-donation\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgive-double-the-donation.2.1.2.zip",{"attackSurface":100,"codeSignals":132,"taintFlows":143,"riskAssessment":144,"analyzedAt":154},{"hooks":101,"ajaxHandlers":119,"restRoutes":120,"shortcodes":121,"cronEvents":130,"entryPointCount":131,"unprotectedCount":13},[102,108,112,116],{"type":103,"name":104,"callback":105,"file":106,"line":107},"action","plugins_loaded","doublethedonation_plugin_setup","doublethedonation.php",29,{"type":103,"name":109,"callback":110,"file":106,"line":111},"admin_menu","doublethedonation_create_menu_page",103,{"type":103,"name":113,"callback":114,"file":106,"line":115},"admin_init","doublethedonation_register_settings",104,{"type":103,"name":113,"callback":117,"file":106,"line":118},"doublethedonation_handle_key_removal",118,[],[],[122,126],{"tag":123,"callback":124,"file":106,"line":125},"doublethedonation","doublethedonation_shortcode",95,{"tag":127,"callback":128,"file":106,"line":129},"doublethedonation_volunteer","doublethedonation_volunteer_hub_shortcode",96,[],2,{"dangerousFunctions":133,"sqlUsage":134,"outputEscaping":136,"fileOperations":13,"externalRequests":131,"nonceChecks":131,"capabilityChecks":131,"bundledLibraries":142},[],{"prepared":13,"raw":13,"locations":135},[],{"escaped":137,"rawEcho":73,"locations":138},20,[139],{"file":106,"line":140,"context":141},184,"raw output",[],[],{"summary":145,"deductions":146},"The \"double-the-donation\" plugin v3.1.0 exhibits a generally strong security posture based on the static analysis. It demonstrates good practices by utilizing prepared statements for all SQL queries, proper output escaping for the vast majority of outputs, and incorporating nonce and capability checks. The absence of dangerous functions, file operations, and critical\u002Fhigh severity taint flows is also positive. However, the plugin does make two external HTTP requests, which, while not inherently problematic, could represent a potential attack vector if the target endpoints are compromised or if the requests are made without proper validation of the returned data.\n\nThe vulnerability history presents a significant concern. While there are currently no unpatched vulnerabilities, the plugin has a history of 3 medium severity CVEs, specifically related to Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF). The commonality of these vulnerability types in the past suggests a recurring pattern in how user input is handled or how actions are protected. The fact that these vulnerabilities existed and were later patched indicates that the developers are responsive to security issues, but it also highlights areas where the plugin has previously been susceptible to exploitation.\n\nIn conclusion, \"double-the-donation\" v3.1.0 has commendable technical security practices in its current build. The code analysis reveals a well-hardened codebase with minimal exploitable entry points and secure data handling for SQL. The primary area of caution stems from its past vulnerability record, which indicates a need for continued vigilance and robust security testing to prevent the recurrence of XSS and CSRF issues. The presence of external HTTP requests warrants a review of their implementation for potential security implications.",[147,150,152],{"reason":148,"points":149},"Previous Medium severity XSS vulnerabilities",10,{"reason":151,"points":149},"Previous Medium severity CSRF vulnerabilities",{"reason":153,"points":24},"External HTTP requests present","2026-03-16T19:06:18.980Z",{"wat":156,"direct":164},{"assetPaths":157,"generatorPatterns":160,"scriptPaths":161,"versionParams":163},[158,159],"\u002Fwp-content\u002Fplugins\u002Fdouble-the-donation\u002Fincludes\u002Fcss\u002Fdtddonation.css","\u002Fwp-content\u002Fplugins\u002Fdouble-the-donation\u002Fincludes\u002Fjs\u002Fdtddonation.js",[],[162],"https:\u002F\u002Fdoublethedonation.com\u002Fapi\u002Fjs\u002Fddplugin.js",[],{"cssClasses":165,"htmlComments":167,"htmlAttributes":177,"restEndpoints":180,"jsGlobals":181,"shortcodeOutput":183},[166],"dd-container",[168,169,170,171,172,173,174,175,176],"\u003C!-- Double the Donation Admin -->","\u003C!-- Matching gifts plugin for nonprofits, powered by Double the Donation -->","\u003C!-- API Key is empty. Double the Donation will not load. -->","\u003C!-- If the api key is present, print the following. -->","\u003C!-- You'll need create some API validation callback. -->","\u003C!-- Code related to the Admin area of the plugin. -->","\u003C!-- IMPORTANT: This is just a placeholder. A secure implementation would require more robust validation -->","\u003C!-- Securely check for the key_removed notice. -->","\u003C!-- Display success message if key was removed -->",[178,179],"data-api-key","data-volunteer-grant-specific",[],[182],"DDCONF",[184],"\u003Cdiv id=\"dd-container\">\u003C\u002Fdiv>",{"error":186,"url":187,"statusCode":188,"statusMessage":189,"message":189},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fdouble-the-donation\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":131,"versions":191},[192,199],{"version":51,"download_url":193,"svn_tag_url":194,"released_at":34,"has_diff":44,"diff_files_changed":195,"diff_lines":34,"trac_diff_url":196,"vulnerabilities":197,"is_current":44},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdouble-the-donation.3.0.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fdouble-the-donation\u002Ftags\u002F3.0.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fdouble-the-donation%2Ftags%2F2.0.0&new_path=%2Fdouble-the-donation%2Ftags%2F3.0.0",[198],{"id":30,"url_slug":31,"title":32,"severity":36,"cvss_score":37,"vuln_type":39,"patched_in_version":6},{"version":200,"download_url":201,"svn_tag_url":202,"released_at":34,"has_diff":44,"diff_files_changed":203,"diff_lines":34,"trac_diff_url":34,"vulnerabilities":204,"is_current":44},"2.0.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdouble-the-donation.2.0.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fdouble-the-donation\u002Ftags\u002F2.0.0\u002F",[],[205,206,207],{"id":30,"url_slug":31,"title":32,"severity":36,"cvss_score":37,"vuln_type":39,"patched_in_version":6},{"id":46,"url_slug":47,"title":48,"severity":36,"cvss_score":52,"vuln_type":54,"patched_in_version":51},{"id":62,"url_slug":63,"title":64,"severity":36,"cvss_score":66,"vuln_type":39,"patched_in_version":51}]