WP-Safety

Accept Donations with PayPal & Stripe Security & Risk Analysis

wordpress.org/plugins/easy-paypal-donation

Add a PayPal or Stripe Donation Button to your website and start collecting donations today. No Coding Required. Official PayPal & Stripe Partner.

10K active installs v1.5.4 PHP 5.4+ WP 3.0+ Updated Jan 29, 2026
charitydonatedonationecommercepaypal
92
A · Safe
CVEs total8
Unpatched0
Last CVEDec 25, 2025
Plugin page Download
Safety Verdict

Is Accept Donations with PayPal & Stripe Safe to Use in 2026?

Generally Safe

Score 92/100

Accept Donations with PayPal & Stripe has a strong security track record. Known vulnerabilities have been patched promptly.

8 known CVEsLast CVE: Dec 25, 2025Updated 2mo ago
Risk Assessment

The "easy-paypal-donation" plugin exhibits a mixed security posture. On the positive side, the static analysis indicates a strong adherence to secure coding practices concerning SQL queries, which are all prepared, and a significant number of nonce and capability checks are present. The absence of unprotected entry points further suggests a foundational level of security awareness. However, the taint analysis reveals a concerning weakness with a high-severity flow involving unsanitized paths, indicating a potential for path traversal or other file-related vulnerabilities. The plugin also makes numerous external HTTP requests, which can be a vector for various attacks if not properly validated and sanitized. The vulnerability history is a significant red flag, with a substantial number of past CVEs, including a high-severity one, and recurring patterns of Open Redirect, CSRF, and Cross-Site Scripting. While there are currently no unpatched vulnerabilities, the historical prevalence of these types of issues suggests a persistent lack of robust input validation and output escaping in certain areas, despite some positive indicators in the static analysis.

Key Concerns

  • High severity taint flow with unsanitized paths
  • Vulnerability history indicates recurring security weaknesses
  • High percentage of outputs not properly escaped
  • Significant number of external HTTP requests
Vulnerabilities
8

Accept Donations with PayPal & Stripe Security Vulnerabilities

CVEs by Year

4 CVEs in 2021
2021
1 CVE in 2022
2022
3 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

High
1
Medium
7

8 total CVEs

CVE-2025-68602medium · 4.7URL Redirection to Untrusted Site ('Open Redirect')

Accept Donations with PayPal <= 1.5.2 - Unauthenticated Open Redirect

Dec 25, 2025 Patched in 1.5.3 (20d)
CVE-2025-47517medium · 6.1Cross-Site Request Forgery (CSRF)

Accept Donations with PayPal <= 1.4.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting

May 7, 2025 Patched in 1.5 (6d)
CVE-2024-13728medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Accept Donations with PayPal & Stripe <= 1.4.4 - Reflected Cross-Site Scripting

Feb 22, 2025 Patched in 1.4.5 (1d)
WF-38f536ae-70b7-4882-8a61-609d774a68db-easy-paypal-donationmedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Accept Donations with PayPal <= 1.3 - Reflected Cross-Site Scripting via Page

May 25, 2022 Patched in 1.3.1 (608d)
CVE-2021-24989medium · 6.5Cross-Site Request Forgery (CSRF)

Accept Donations with PayPal <= 1.3.3 - Arbitrary Post Deletion via Cross-Site Request Forgery

Dec 9, 2021 Patched in 1.3.4 (775d)
CVE-2021-24815medium · 4.8Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Paypal Donation <= 1.3.1 - Admin+ Stored Cross-Site Scripting

Oct 18, 2021 Patched in 1.3.2 (827d)
CVE-2021-24570medium · 6.1Cross-Site Request Forgery (CSRF)

Paypal Donation <= 1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Oct 4, 2021 Patched in 1.3.1 (841d)
CVE-2021-24572high · 8.8Cross-Site Request Forgery (CSRF)

Accept Donations with PayPal <= 1.3.0 Cross-Site Request Forgery to Post Deletion

Oct 4, 2021 Patched in 1.3.1 (841d)
Code Analysis
Analyzed Mar 16, 2026

Accept Donations with PayPal & Stripe Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
6 prepared
Unescaped Output
182
434 escaped
Nonce Checks
19
Capability Checks
6
File Operations
1
External Requests
12
Bundled Libraries
0

SQL Query Safety

100% prepared6 total queries

Output Escaping

70% escaped616 total outputs
Data Flows
10 unsanitized

Data Flow Analysis

18 flows10 with unsanitized paths
connection_status (core\Base\Stripe.php:29)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Accept Donations with PayPal & Stripe Attack Surface

Entry Points11
Unprotected0

AJAX Handlers 10

authwp_ajax_wpedon-ppcp-onboarding-startcore\Base\PpcpController.php:16
authwp_ajax_wpedon-ppcp-disconnectcore\Base\PpcpController.php:17
authwp_ajax_wpedon-ppcp-payment-capturecore\Base\PpcpController.php:18
authwp_ajax_wpedon-ppcp-order-createcore\Base\PpcpController.php:20
noprivwp_ajax_wpedon-ppcp-order-createcore\Base\PpcpController.php:21
authwp_ajax_wpedon-ppcp-order-finalizecore\Base\PpcpController.php:23
noprivwp_ajax_wpedon-ppcp-order-finalizecore\Base\PpcpController.php:24
authwp_ajax_wpedon-free-ppcp-order-refundcore\Base\PpcpController.php:27
authwp_ajax_wpedon_stripe_checkout_sessioncore\Base\Stripe.php:19
noprivwp_ajax_wpedon_stripe_checkout_sessioncore\Base\Stripe.php:20

Shortcodes 1

[wpedon] includes\public_shortcode.php:7
WordPress Hooks 26
actionwp_dashboard_setupcore\Base\DashboardWidget.php:14
actionadmin_enqueue_scriptscore\Base\Enqueue.php:11
actionwp_enqueue_scriptscore\Base\Enqueue.php:12
filtergettextcore\Base\Filter.php:12
filtersanitize_post_meta_currency_wpedoncore\Base\Filter.php:13
actionadmin_post_add_wpedon_button_ipncore\Base\Ipn.php:12
actionadmin_post_nopriv_add_wpedon_button_ipncore\Base\Ipn.php:13
actionmedia_buttonscore\Base\MediaButton.php:13
actionadmin_footercore\Base\MediaButton.php:23
actionadmin_noticescore\Base\NoticeController.php:13
actionadmin_noticescore\Base\NoticeController.php:14
actionadmin_noticescore\Base\NoticeController.php:15
actionadmin_noticescore\Base\NoticeController.php:16
actionadmin_initcore\Base\NoticeController.php:17
actionadmin_initcore\Base\NoticeController.php:18
actionadmin_noticescore\Base\NoticeController.php:19
actioninitcore\Base\PpcpController.php:26
actioninitcore\Base\Stripe.php:16
actionplugins_loadedcore\Base\Stripe.php:17
actionplugins_loadedcore\Base\Stripe.php:18
actionplugins_loadedcore\Base\Stripe.php:21
actionwidgets_initcore\Base\WidgetController.php:14
actionadmin_menucore\Pages\Dashboard.php:12
actionplugins_loadedeasy-paypal-donation.php:61
actionadmin_enqueue_scriptseasy-paypal-donation.php:93
actioniniteasy-paypal-donation.php:148
Maintenance & Trust

Accept Donations with PayPal & Stripe Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 29, 2026
PHP min version5.4
Downloads497K

Community Trust

Rating76/100
Number of ratings23
Active installs10K
Alternatives

Accept Donations with PayPal & Stripe Alternatives

Recurring PayPal Donations

Recurring PayPal Donations

recurring-donation

A
98

Accept PayPal subscription or recurring donation payment from your WordPress site easily.

900 2 CVEs
ActBlue Contributions

ActBlue Contributions

actblue-contributions

A
85

Easily embed your ActBlue contribution forms on any WordPress page. Designed and built by Upstatement.

400 No CVEs
Fundraising Thermometer by CouponBirds

Fundraising Thermometer by CouponBirds

fundraising-thermometer-by-couponbirds

A
85

Thousands of online campaigns are using this gauge. It is the No.1 rating giving thermometer WordPress plugin. And it is Totally FREE!

400 No CVEs
SKT Donation – Charity and Fundraising Plugin

SKT Donation – Charity and Fundraising Plugin

skt-donation

A
99

SKT Donation plugin has been created to facilitate donations for NGO, non profit, charity, charitable organizations, crowdfunding, fundraisers via pay &hellip;

200 1 CVE
Give as you Live

Give as you Live

give-as-you-live

A
92

Add a Give as you Live button or form to your website and start raising donations for your charity. The official plugin from Give as you Live.

100 No CVEs
Developer Profile

Accept Donations with PayPal & Stripe Developer Profile

Scott Paterson

12 plugins · 44K total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
267 days
View full developer profile
Detection Fingerprints

How We Detect Accept Donations with PayPal & Stripe

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/easy-paypal-donation/assets/css/wpedon-admin.css/wp-content/plugins/easy-paypal-donation/assets/js/wpedon-admin.js/wp-content/plugins/easy-paypal-donation/assets/css/wpedon.css/wp-content/plugins/easy-paypal-donation/assets/js/wpedon.js/wp-content/plugins/easy-paypal-donation/assets/js/deactivation-survey.js
Script Paths
https://js.stripe.com/v3/
Version Parameters
easy-paypal-donation/assets/css/wpedon-admin.css?ver=easy-paypal-donation/assets/js/wpedon-admin.js?ver=easy-paypal-donation/assets/css/wpedon.css?ver=easy-paypal-donation/assets/js/wpedon.js?ver=easy-paypal-donation/assets/js/deactivation-survey.js?ver=

HTML / DOM Fingerprints

CSS Classes
wpedon-donation-buttonwpedon-payment-form
HTML Comments
Easy PayPal Donation ButtonCopyright 2014-2026 Scott PatersonThis program is free software; you can redistribute it and/or modifyThis program is distributed in the hope that it will be useful+11 more
Data Attributes
data-wpedon-payment-typedata-wpedon-paypal-emaildata-wpedon-amountdata-wpedon-currencydata-wpedon-button-iddata-wpedon-stripe-checkout-session-id
JS Globals
wpedonDeactivationSurveywpedon
Shortcode Output
[wpedon]
FAQ

Frequently Asked Questions about Accept Donations with PayPal & Stripe