FundCollector – Donations Plugin and Fundraising Platform for WordPress Security Review

Safety Verdict

Is FundCollector – Donations Plugin and Fundraising Platform for WordPress Safe to Use in 2026?

Generally Safe

Score 100/100

FundCollector – Donations Plugin and Fundraising Platform for WordPress has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago

Risk Assessment

The fundcollector plugin v1.1.4 presents a mixed security posture. On the positive side, there are no known CVEs, and the plugin demonstrates good practices by utilizing prepared statements for a high percentage of its SQL queries and performing a reasonable number of nonce and capability checks. However, the static analysis reveals significant areas for concern. The presence of 2 AJAX handlers without authentication checks creates a direct entry point for potential attacks. Furthermore, the taint analysis indicates 6 high-severity flows with unsanitized paths, suggesting a risk of data being processed or used in a dangerous manner without proper validation. The substantial number of SQL queries and output operations, even with a good percentage of prepared statements and proper escaping, still represent a large surface area where vulnerabilities could potentially be introduced. The lack of any historical vulnerabilities is a positive indicator, but it doesn't negate the risks identified in the current code analysis. Overall, while the plugin has some strengths in its adoption of security best practices, the identified unauthenticated AJAX endpoints and high-severity taint flows represent immediate and significant risks that require attention.

Key Concerns

AJAX handlers without auth checks
High severity taint flows

Vulnerabilities

None known

FundCollector – Donations Plugin and Fundraising Platform for WordPress Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

FundCollector – Donations Plugin and Fundraising Platform for WordPress Code Analysis

Dangerous Functions

0

Raw SQL Queries

49

220 prepared

Unescaped Output

354

900 escaped

Nonce Checks

21

Capability Checks

14

File Operations

2

External Requests

8

Bundled Libraries

0

SQL Query Safety

82% prepared269 total queries

Output Escaping

72% escaped1254 total outputs

Data Flows

7 unsanitized

Data Flow Analysis

15 flows7 with unsanitized paths

handle_capture_paypal_order (includes\frontend\class-fundcollector-frontend.php:1686)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

FundCollector – Donations Plugin and Fundraising Platform for WordPress Attack Surface

Entry Points21

Unprotected2

AJAX Handlers 19

authwp_ajax_fundcollector_send_test_emailincludes\admin\class-fundcollector-admin-ajax.php:28

authwp_ajax_fundcollector_create_default_pagesincludes\admin\class-fundcollector-admin-ajax.php:29

authwp_ajax_fundcollector_generate_honeypot_nameincludes\admin\class-fundcollector-admin-ajax.php:30

authwp_ajax_fundcollector_test_smtpincludes\admin\class-fundcollector-admin.php:27

authwp_ajax_fundcollector_delete_donationincludes\admin\class-fundcollector-donations-manager.php:38

authwp_ajax_fundcollector_update_donation_statusincludes\admin\class-fundcollector-donations-manager.php:39

authwp_ajax_fundcollector_get_donation_detailsincludes\admin\class-fundcollector-donations-manager.php:42

noprivwp_ajax_fundcollector_get_donation_detailsincludes\admin\class-fundcollector-donations-manager.php:43

authwp_ajax_fundcollector_dismiss_db_errorincludes\admin\class-fundcollector-donations-manager.php:51

authwp_ajax_fundcollector_create_paypal_orderincludes\frontend\class-fundcollector-frontend.php:121

noprivwp_ajax_fundcollector_create_paypal_orderincludes\frontend\class-fundcollector-frontend.php:122

authwp_ajax_fundcollector_capture_paypal_orderincludes\frontend\class-fundcollector-frontend.php:123

noprivwp_ajax_fundcollector_capture_paypal_orderincludes\frontend\class-fundcollector-frontend.php:124

authwp_ajax_fundcollector_cancel_paypal_orderincludes\frontend\class-fundcollector-frontend.php:127

noprivwp_ajax_fundcollector_cancel_paypal_orderincludes\frontend\class-fundcollector-frontend.php:128

authwp_ajax_fundcollector_regenerate_tokenincludes\frontend\class-fundcollector-frontend.php:131

noprivwp_ajax_fundcollector_regenerate_tokenincludes\frontend\class-fundcollector-frontend.php:132

authwp_ajax_fundcollector_client_logincludes\frontend\class-fundcollector-frontend.php:135

noprivwp_ajax_fundcollector_client_logincludes\frontend\class-fundcollector-frontend.php:136

Shortcodes 2

[fundcollector_donation_form] includes\frontend\class-fundcollector-frontend.php:46

[fundcollector_redirect_message] includes\frontend\class-fundcollector-frontend.php:49

WordPress Hooks 45

actioninitfundcollector.php:78

actioninitfundcollector.php:81

actionplugins_loadedfundcollector.php:95

actionplugins_loadedfundcollector.php:208

actionplugins_loadedfundcollector.php:211

actioninitfundcollector.php:214

actioninitfundcollector.php:259

actionfundcollector_cleanup_temp_datafundcollector.php:278

actionautomatic_updates_completefundcollector.php:287

filterallowed_redirect_hostsfundcollector.php:351

filterdisplay_post_statesincludes\admin\class-fundcollector-admin-pages.php:22

actionadmin_menuincludes\admin\class-fundcollector-admin.php:22

actionadmin_enqueue_scriptsincludes\admin\class-fundcollector-admin.php:23

actionadmin_post_fundcollector_save_settingsincludes\admin\class-fundcollector-admin.php:25

actionadmin_post_fundcollector_delete_donationincludes\admin\class-fundcollector-donations-manager.php:46

actionadmin_post_fundcollector_donations_bulk_actionsincludes\admin\class-fundcollector-donations-manager.php:47

actionadmin_noticesincludes\admin\class-fundcollector-donations-manager.php:50

actionadmin_post_fundcollector_save_form_settingsincludes\admin\class-fundcollector-forms-manager.php:25

actionadmin_post_fundcollector_create_new_formincludes\admin\class-fundcollector-forms-manager.php:26

actionadmin_post_fundcollector_delete_formincludes\admin\class-fundcollector-forms-manager.php:27

actionadmin_post_fundcollector_bulk_actionsincludes\admin\class-fundcollector-forms-manager.php:28

actioninitincludes\blocks\class-fundcollector-blocks.php:29

filterblock_categories_allincludes\blocks\class-fundcollector-blocks.php:32

actionenqueue_block_editor_assetsincludes\blocks\class-fundcollector-blocks.php:35

filterrender_block_dataincludes\blocks\class-fundcollector-blocks.php:40

filterrender_blockincludes\blocks\class-fundcollector-blocks.php:41

actionwp_loadedincludes\blocks\class-fundcollector-blocks.php:45

actionplugins_loadedincludes\core\class-fundcollector-activator.php:37

actionwp_mail_failedincludes\core\class-fundcollector-email.php:1075

actionwp_headincludes\frontend\class-fundcollector-frontend.php:52

actioninitincludes\frontend\class-fundcollector-frontend.php:55

actionadmin_post_fundcollector_paypal_webhookincludes\frontend\class-fundcollector-frontend.php:58

actionadmin_post_nopriv_fundcollector_paypal_webhookincludes\frontend\class-fundcollector-frontend.php:59

actioninitincludes\frontend\class-fundcollector-frontend.php:63

actionwp_enqueue_scriptsincludes\frontend\class-fundcollector-frontend.php:66

actiontemplate_redirectincludes\frontend\class-fundcollector-frontend.php:69

actionwp_footerincludes\frontend\class-fundcollector-frontend.php:1460

actionadmin_post_nopriv_fundcollector_paypal_webhookincludes\integrations\class-fundcollector-payment-gateway.php:38

actionadmin_post_fundcollector_paypal_webhookincludes\integrations\class-fundcollector-payment-gateway.php:39

actionwpincludes\integrations\class-fundcollector-payment-gateway.php:42

filterallowed_redirect_hostsincludes\integrations\class-fundcollector-payment-gateway.php:45

actionwp_footerincludes\integrations\class-fundcollector-payment-gateway.php:1028

actionadmin_post_nopriv_fundcollector_paypal_webhook_restincludes\integrations\class-fundcollector-paypal-rest-gateway.php:40

actionadmin_post_fundcollector_paypal_webhook_restincludes\integrations\class-fundcollector-paypal-rest-gateway.php:41

actionfundcollector_cleanup_expired_donationsincludes\integrations\class-fundcollector-paypal-rest-gateway.php:44

Scheduled Events 2

fundcollector_cleanup_temp_data

fundcollector_cleanup_expired_donations

Maintenance & Trust

FundCollector – Donations Plugin and Fundraising Platform for WordPress Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 17, 2025

PHP min version7.4

Downloads188

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

FundCollector – Donations Plugin and Fundraising Platform for WordPress Alternatives

Philantro – Donations and Donor Management

philantro

A

99

Securely accept one-time and recurring donations with automated donor records, analytics and fundraising campaign tracking.

60 2 CVEs

Donorbox – Free Recurring Donation Plugin and Fundraising Platform

donorbox-donation-form

A

99

Donorbox is a powerful and secure donation management plugin for WordPress. We are the only donation plugin for WordPress that offers a fast feature-f …

9K 2 CVEs

Better Payment – Instant Payments, Donations, Fundraising with Subscriptions & More

better-payment

A

100

Better Payment allows you to automate payment transactions to manage payments, donations, subscriptions, sell products, etc on your Elementor website.

6K No CVEs

FundPress – WordPress Donation Plugin

fundpress

A

98

Easily build your own crowdfunding platform like Kickstarter with this free WordPress donation plugin in just a few clicks. No coding required.

300 1 CVE

Kudos Donations: Easy Donations with Mollie | One-off & Recurring | PDF Invoices | Buttons & Forms

kudos-donations

A

97

Add a donation button to any page on your website. Easy & fast setup. Works with Mollie payments.

100 3 CVEs

Developer Profile

FundCollector – Donations Plugin and Fundraising Platform for WordPress Developer Profile

Bruno Alesiani

1 plugin · 0 total installs

94

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect FundCollector – Donations Plugin and Fundraising Platform for WordPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/fundcollector/assets/css/fundcollector-public.css/wp-content/plugins/fundcollector/assets/css/fundcollector-donation-form.css/wp-content/plugins/fundcollector/assets/css/fundcollector-admin.css/wp-content/plugins/fundcollector/assets/js/fundcollector-public.js/wp-content/plugins/fundcollector/assets/js/fundcollector-donation-form.js/wp-content/plugins/fundcollector/assets/js/fundcollector-admin.js

Script Paths

/wp-content/plugins/fundcollector/assets/js/fundcollector-public.js/wp-content/plugins/fundcollector/assets/js/fundcollector-donation-form.js/wp-content/plugins/fundcollector/assets/js/fundcollector-admin.js

Version Parameters

fundcollector/assets/css/fundcollector-public.css?ver=fundcollector/assets/css/fundcollector-donation-form.css?ver=fundcollector/assets/css/fundcollector-admin.css?ver=fundcollector/assets/js/fundcollector-public.js?ver=fundcollector/assets/js/fundcollector-donation-form.js?ver=fundcollector/assets/js/fundcollector-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

fundcollector-donation-formfundcollector-wrapperfundcollector-form-fieldfundcollector-submit-buttonfundcollector-paypal-buttonfundcollector-bank-transfer-instructionsfundcollector-admin-wrapfundcollector-settings-page

HTML Comments

Data Attributes

data-fundcollector-iddata-fundcollector-amountdata-fundcollector-currencydata-fundcollector-post-id

JS Globals

fundcollector_paramsFundcollectorPublic

REST Endpoints

/wp-json/fundcollector/v1/donation/wp-json/fundcollector/v1/settings

Shortcode Output

[fundcollector_donation_form][fundcollector_donate_button]

FAQ

FundCollector – Donations Plugin and Fundraising Platform for WordPress Security & Risk Analysis