WP-Safety

Duitku for GiveWP Security & Risk Analysis

wordpress.org/plugins/duitku-for-givewp

Duitku Add-on for Give

10 active installs v1.3.6 PHP 7.4+ WP 6.0.1+ Updated Mar 4, 2026
bcadonationduitkuindonesiapaymentgateways
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Duitku for GiveWP Safe to Use in 2026?

Generally Safe

Score 100/100

Duitku for GiveWP has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The "duitku-for-givewp" v1.3.6 plugin demonstrates some strong security practices, notably the complete absence of dangerous functions, the exclusive use of prepared statements for all SQL queries, and proper escaping of all output. This indicates a good level of diligence in handling sensitive operations. The plugin also has no recorded vulnerability history, suggesting a stable and well-maintained codebase.

However, a significant concern arises from the presence of one REST API route that lacks permission callbacks. This creates a direct, unprotected entry point into the plugin's functionality, which could be exploited if that route performs sensitive actions or exposes information. While taint analysis shows no unsanitized flows, the lack of authentication on the REST API route is a critical security oversight that needs immediate attention.

Overall, while the plugin exhibits good coding hygiene in many areas, the unprotected REST API route represents a notable weakness. The lack of historical vulnerabilities is positive, but it does not negate the current risk posed by the exposed API endpoint. Addressing this single, critical entry point should be the highest priority to improve the plugin's security posture.

Key Concerns

  • Unprotected REST API route
Vulnerabilities
None known

Duitku for GiveWP Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Duitku for GiveWP Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
243 escaped
Nonce Checks
0
Capability Checks
1
File Operations
0
External Requests
34
Bundled Libraries
0

Output Escaping

100% escaped243 total outputs
Attack Surface
1 unprotected

Duitku for GiveWP Attack Surface

Entry Points1
Unprotected1

REST API Routes 1

POST/wp-json/duitku/callback/includes\give-duitku-listener.php:38
WordPress Hooks 9
actionadmin_initgive-duitku.php:84
actionplugins_loadedgive-duitku.php:85
actionbefore_give_initgive-duitku.php:86
actioninitgive-duitku.php:100
filtergive_enabled_payment_gatewaysgive-duitku.php:101
filtergive_get_settings_gatewaysincludes\admin\give-duitku-settings.php:65
filtergive_get_sections_gatewaysincludes\admin\give-duitku-settings.php:68
actiongivewp_register_payment_gatewayincludes\give-duitku-block.php:20
actionrest_api_initincludes\give-duitku-listener.php:34
Maintenance & Trust

Duitku for GiveWP Maintenance & Trust

Maintenance Signals

WordPress version tested
Last updatedMar 4, 2026
PHP min version7.4
Downloads5K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Duitku for GiveWP Alternatives

Duitku for VikBooking WordPress

Duitku for VikBooking WordPress

duitku-for-vik

A
85

Duitku Add-on for VikBooking. Ready to get online booking payment for your rent business?

10 No CVEs
Duitku Payment Gateway

Duitku Payment Gateway

duitku-social-payment-gateway

A
100

Do you want the best solution to accept Credit Cards, e-wallet, and Various Bank Transfers on your website? Our Payment Gateway for WooCommerce plugin …

800 1 CVE
Billingotomatis – Tren Otomatisasi Indonesia

Billingotomatis – Tren Otomatisasi Indonesia

billingotomatis-payment-gateway-indonesia

A
85

Billingotomatis merupakan layanan yang bisa membuat bisnis Anda menjadi otomatis, menghemat waktu, dan menambah prestise bisnis Anda.

20 No CVEs
GiveWP – Donation Plugin and Fundraising Platform

GiveWP – Donation Plugin and Fundraising Platform

give

B
76

Accept donations and begin fundraising with GiveWP, the highest rated WordPress donation plugin for online giving.

100K 69 CVEs
Donations via PayPal

Donations via PayPal

paypal-donations

A
100

Easy, simple setup to add a PayPal Donation button as a Widget or with a shortcode.

20K 1 CVE
Developer Profile

Duitku for GiveWP Developer Profile

rayhanduitku

4 plugins · 900 total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
155 days
View full developer profile
Detection Fingerprints

How We Detect Duitku for GiveWP

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/duitku-for-givewp/assets/css/duitku-for-givewp-backend.css/wp-content/plugins/duitku-for-givewp/assets/css/duitku-for-givewp-frontend.css/wp-content/plugins/duitku-for-givewp/assets/js/duitku-for-givewp-backend.js/wp-content/plugins/duitku-for-givewp/assets/js/duitku-for-givewp-frontend.js
Script Paths
/wp-content/plugins/duitku-for-givewp/assets/js/duitku-for-givewp-backend.js/wp-content/plugins/duitku-for-givewp/assets/js/duitku-for-givewp-frontend.js
Version Parameters
duitku-for-givewp/assets/css/duitku-for-givewp-backend.css?ver=duitku-for-givewp/assets/css/duitku-for-givewp-frontend.css?ver=duitku-for-givewp/assets/js/duitku-for-givewp-backend.js?ver=duitku-for-givewp/assets/js/duitku-for-givewp-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
duitku-for-givewp-admin-notice
Data Attributes
data-duitku-envdata-duitku-titledata-duitku-api-keydata-duitku-payment-method
JS Globals
duitku_gateway_paramsduitku_frontend_params
REST Endpoints
/wp-json/duitku/v1/payment-request
FAQ

Frequently Asked Questions about Duitku for GiveWP