WP-Safety

FundPress – WordPress Donation Plugin Security & Risk Analysis

wordpress.org/plugins/fundpress

Easily build your own crowdfunding platform like Kickstarter with this free WordPress donation plugin in just a few clicks. No coding required.

300 active installs v2.0.8 PHP 7.0+ WP 6.0+ Updated Jul 23, 2025
charitycrowdfundingdonationfundraisingnonprofit
98
A · Safe
CVEs total1
Unpatched0
Last CVEJan 20, 2025
Plugin page Download
Safety Verdict

Is FundPress – WordPress Donation Plugin Safe to Use in 2026?

Generally Safe

Score 98/100

FundPress – WordPress Donation Plugin has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jan 20, 2025Updated 8mo ago
Risk Assessment

The fundpress plugin v2.0.8 exhibits a generally good security posture with several strengths, notably the exclusive use of prepared statements for all SQL queries and a high percentage of properly escaped outputs. The presence of nonce and capability checks on its entry points (AJAX handlers) is also a positive indicator, suggesting an effort to prevent unauthorized access and actions. However, there are areas for concern. The taint analysis revealed two flows with unsanitized paths, which, while not classified as critical or high severity in this instance, represent potential avenues for injection vulnerabilities if not handled with utmost care. The plugin's vulnerability history includes one high severity CVE related to deserialization, indicating past issues with handling untrusted data which, even if patched now, warrants vigilance. The static analysis also identified two file operations and two external HTTP requests, which, depending on their implementation, could be points of exploitation if not secured properly.

Despite the positive signs of secure coding practices like prepared statements and output escaping, the presence of unsanitized paths in taint flows and the historical high-severity deserialization vulnerability are significant weaknesses. The number of entry points, while low and apparently protected, still constitutes an attack surface that requires constant scrutiny. The plugin's strengths lie in its diligent use of database security and output sanitization. However, the identified taint issues and past deserialization vulnerability highlight potential risks that require ongoing monitoring and a robust security strategy to mitigate. A balanced view suggests that while the plugin is making good efforts, these specific areas need to be prioritized for review and hardening.

Key Concerns

  • Taint flows with unsanitized paths
  • High severity historical CVE (Deserialization)
Vulnerabilities
1

FundPress – WordPress Donation Plugin Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

High
1

1 total CVE

CVE-2025-24601high · 8.1Deserialization of Untrusted Data

FundPress <= 2.0.6 - Unauthenticated PHP Object Injection

Jan 20, 2025 Patched in 2.0.7 (9d)
Code Analysis
Analyzed Mar 16, 2026

FundPress – WordPress Donation Plugin Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
44 prepared
Unescaped Output
84
369 escaped
Nonce Checks
7
Capability Checks
7
File Operations
2
External Requests
2
Bundled Libraries
2

Bundled Libraries

Select2Stripe PHP

SQL Query Safety

100% prepared44 total queries

Output Escaping

81% escaped453 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

6 flows2 with unsanitized paths
verify (inc\gateways\authorize-net\class-dn-payment-authorize-net.php:83)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

FundPress – WordPress Donation Plugin Attack Surface

Entry Points2
Unprotected0

AJAX Handlers 2

authwp_ajax_cmb2_oembed_handlerinc\vendors\cmb2\includes\CMB2_Ajax.php:51
noprivwp_ajax_cmb2_oembed_handlerinc\vendors\cmb2\includes\CMB2_Ajax.php:52
WordPress Hooks 129
filtercmb2_meta_box_urlfundpress.php:138
actioninitfundpress.php:147
actionadd_meta_boxesinc\abstracts\class-dn-abstract-metaboxs.php:74
actiondelete_postinc\abstracts\class-dn-abstract-metaboxs.php:75
filterdonate_admin_setting_fieldsinc\abstracts\class-dn-abstract-payments.php:46
filterdonate_admin_settingsinc\abstracts\class-dn-abstract-settings.php:56
filterdonate_settings_fieldinc\abstracts\class-dn-abstract-settings.php:64
actiondonate_before_wrap_shortcodeinc\abstracts\class-dn-abstract-shortcodes.php:40
actiondonate_after_wrap_shortcodeinc\abstracts\class-dn-abstract-shortcodes.php:41
actiondonate_before_enqueue_scriptsinc\admin\class-dn-admin-assets.php:25
actionadmin_menuinc\admin\class-dn-admin-menu.php:36
actionadmin_initinc\admin\class-dn-admin-metabox.php:25
actionadmin_initinc\admin\class-dn-admin-metabox.php:26
actionsave_postinc\admin\class-dn-admin-metabox.php:28
actioninitinc\admin\class-dn-admin.php:25
filterpost_row_actionsinc\admin\dn-admin-functions.php:97
actionadmin_noticesinc\admin\dn-admin-functions.php:117
filterpost_row_actionsinc\admin\functions.php:77
actionadmin_noticesinc\admin\functions.php:89
actiondonate_metabox_setting_sectioninc\admin\metaboxes\class-dn-metabox-campaign.php:43
actionadmin_footerinc\admin\metaboxes\class-dn-metabox-campaign.php:44
actiondonate_process_update_dn_campaign_metainc\admin\metaboxes\class-dn-metabox-campaign.php:49
actiondonate_process_update_dn_donate_metainc\admin\metaboxes\class-dn-metabox-donate-action.php:60
actiondonate_process_update_dn_donate_metainc\admin\metaboxes\class-dn-metabox-donate-action.php:76
actiondonate_process_update_dn_donate_metainc\admin\metaboxes\class-dn-metabox-donate-note.php:60
actiondonate_process_update_dn_donate_metainc\admin\metaboxes\class-dn-metabox-donate.php:55
actionadmin_enqueue_scriptsinc\class-dn-assets.php:40
actionwp_enqueue_scriptsinc\class-dn-assets.php:41
actioninitinc\class-dn-cart.php:85
actioninitinc\class-dn-custom-post-type.php:27
actioninitinc\class-dn-custom-post-type.php:29
actioninitinc\class-dn-custom-post-type.php:31
filtermanage_dn_campaign_posts_columnsinc\class-dn-custom-post-type.php:34
actionmanage_dn_campaign_posts_custom_columninc\class-dn-custom-post-type.php:35
filtermanage_edit-dn_campaign_sortable_columnsinc\class-dn-custom-post-type.php:36
filtermanage_dn_donate_posts_columnsinc\class-dn-custom-post-type.php:38
actionmanage_dn_donate_posts_custom_columninc\class-dn-custom-post-type.php:39
filtermanage_edit-dn_donate_sortable_columnsinc\class-dn-custom-post-type.php:40
filtermanage_dn_donor_posts_columnsinc\class-dn-custom-post-type.php:42
actionmanage_dn_donor_posts_custom_columninc\class-dn-custom-post-type.php:43
filtermanage_edit-dn_donor_sortable_columnsinc\class-dn-custom-post-type.php:44
filterrequestinc\class-dn-custom-post-type.php:47
actioncmb2_initinc\class-dn-custom-post-type.php:50
filterwp_mail_frominc\class-dn-email.php:63
filterwp_mail_from_nameinc\class-dn-email.php:65
filterwp_mail_content_typeinc\class-dn-email.php:67
filterwp_mail_charsetinc\class-dn-email.php:69
actiondonate_before_enqueue_scriptsinc\class-dn-frontend-assets.php:25
filterwp_privacy_personal_data_exportersinc\class-dn-gdpr.php:16
filterwp_privacy_personal_data_erasersinc\class-dn-gdpr.php:17
filterdonate_admin_menusinc\class-dn-setting.php:49
actionadmin_initinc\class-dn-setting.php:50
actiondonate_before_wrap_shortcodeinc\class-dn-shortcodes.php:25
actiondonate_after_wrap_shortcodeinc\class-dn-shortcodes.php:26
filtertemplate_includeinc\class-dn-template-include.php:26
filterthe_contentinc\dn-core-hooks.php:15
actiondonate_cancel_payment_orderinc\dn-core-hooks.php:41
actiondonate_update_status_completedinc\dn-core-hooks.php:57
actioninitinc\dn-core-hooks.php:73
actionwp_footerinc\dn-core-hooks.php:86
actiondonate_update_statusinc\dn-core-hooks.php:108
actiondonate_create_booking_donateinc\dn-core-hooks.php:149
actiondonate_update_statusinc\dn-core-hooks.php:150
actionwidgets_initinc\dn-core-hooks.php:169
actiondonate_loop_campaign_titleinc\dn-template-hooks.php:17
actiondonate_loop_campaign_thumbnailinc\dn-template-hooks.php:28
actiondonate_loop_campaign_countdowninc\dn-template-hooks.php:39
actiondonate_loop_campaign_goal_raisedinc\dn-template-hooks.php:52
actiondonate_loop_campaign_postedinc\dn-template-hooks.php:66
actiondonate_loop_campaign_excerptinc\dn-template-hooks.php:77
actiondonate_loop_campaign_contentinc\dn-template-hooks.php:88
actiondonate_single_campaign_titleinc\dn-template-hooks.php:103
actiondonate_single_campaign_thumbnailinc\dn-template-hooks.php:114
actiondonate_single_campaign_donateinc\dn-template-hooks.php:125
actiondonate_single_campaign_countdowninc\dn-template-hooks.php:136
actiondonate_single_campaign_goal_raisedinc\dn-template-hooks.php:149
actiondonate_single_campaign_postedinc\dn-template-hooks.php:162
actiondonate_single_campaign_contentinc\dn-template-hooks.php:173
filterthe_postinc\dn-template-hooks.php:185
actioncampaign_after_archive_loopinc\dn-template-hooks.php:201
actioninitinc\gateways\authorize-net\class-dn-payment-authorize-net.php:77
actioninitinc\gateways\paypal\class-dn-payment-paypal.php:65
actioninitinc\gateways\stripe\class-dn-payment-stripe.php:69
actioncmb2_admin_initinc\vendors\cmb2\example-functions.php:105
actioncmb2_admin_initinc\vendors\cmb2\example-functions.php:470
actioncmb2_admin_initinc\vendors\cmb2\example-functions.php:500
actioncmb2_admin_initinc\vendors\cmb2\example-functions.php:564
actioncmb2_admin_initinc\vendors\cmb2\example-functions.php:633
actioncmb2_admin_initinc\vendors\cmb2\example-functions.php:674
actioncmb2_initinc\vendors\cmb2\example-functions.php:776
filterwp_prepare_attachment_for_jsinc\vendors\cmb2\includes\CMB2.php:1549
actionadmin_enqueue_scriptsinc\vendors\cmb2\includes\CMB2.php:1567
actioncmb2_save_options-page_fieldsinc\vendors\cmb2\includes\CMB2_Ajax.php:54
filterget_post_metadatainc\vendors\cmb2\includes\CMB2_Ajax.php:147
filterupdate_post_metadatainc\vendors\cmb2\includes\CMB2_Ajax.php:150
filtercmb2_show_oninc\vendors\cmb2\includes\CMB2_Hookup.php:79
actionedit_form_topinc\vendors\cmb2\includes\CMB2_Hookup.php:115
actionedit_form_before_permalinkinc\vendors\cmb2\includes\CMB2_Hookup.php:119
actionedit_form_after_titleinc\vendors\cmb2\includes\CMB2_Hookup.php:123
actionedit_form_after_editorinc\vendors\cmb2\includes\CMB2_Hookup.php:127
actionadd_meta_boxesinc\vendors\cmb2\includes\CMB2_Hookup.php:131
actionadd_meta_boxesinc\vendors\cmb2\includes\CMB2_Hookup.php:134
actionadd_attachmentinc\vendors\cmb2\includes\CMB2_Hookup.php:135
actionedit_attachmentinc\vendors\cmb2\includes\CMB2_Hookup.php:136
actionsave_postinc\vendors\cmb2\includes\CMB2_Hookup.php:137
actionpre_get_postsinc\vendors\cmb2\includes\CMB2_Hookup.php:144
actionadd_meta_boxes_commentinc\vendors\cmb2\includes\CMB2_Hookup.php:152
actionedit_commentinc\vendors\cmb2\includes\CMB2_Hookup.php:153
filtermanage_edit-comments_columnsinc\vendors\cmb2\includes\CMB2_Hookup.php:156
actionmanage_comments_custom_columninc\vendors\cmb2\includes\CMB2_Hookup.php:157
filtermanage_edit-comments_sortable_columnsinc\vendors\cmb2\includes\CMB2_Hookup.php:158
actionpre_get_postsinc\vendors\cmb2\includes\CMB2_Hookup.php:159
actionshow_user_profileinc\vendors\cmb2\includes\CMB2_Hookup.php:168
actionedit_user_profileinc\vendors\cmb2\includes\CMB2_Hookup.php:169
actionuser_new_forminc\vendors\cmb2\includes\CMB2_Hookup.php:170
actionpersonal_options_updateinc\vendors\cmb2\includes\CMB2_Hookup.php:172
actionedit_user_profile_updateinc\vendors\cmb2\includes\CMB2_Hookup.php:173
actionuser_registerinc\vendors\cmb2\includes\CMB2_Hookup.php:174
filtermanage_users_columnsinc\vendors\cmb2\includes\CMB2_Hookup.php:177
filtermanage_users_custom_columninc\vendors\cmb2\includes\CMB2_Hookup.php:178
filtermanage_users_sortable_columnsinc\vendors\cmb2\includes\CMB2_Hookup.php:179
actionpre_get_postsinc\vendors\cmb2\includes\CMB2_Hookup.php:180
actionpre_get_postsinc\vendors\cmb2\includes\CMB2_Hookup.php:226
actioncreated_terminc\vendors\cmb2\includes\CMB2_Hookup.php:230
actionedited_termsinc\vendors\cmb2\includes\CMB2_Hookup.php:231
actiondelete_terminc\vendors\cmb2\includes\CMB2_Hookup.php:232
actioncmb2_do_oembedinc\vendors\cmb2\includes\helper-functions.php:131
filteris_protected_metainc\vendors\cmb2\includes\rest-api\CMB2_REST.php:144
actioninitinc\vendors\cmb2\init.php:131

Scheduled Events 1

donate_cancel_payment_order
Maintenance & Trust

FundPress – WordPress Donation Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedJul 23, 2025
PHP min version7.0
Downloads22K

Community Trust

Rating76/100
Number of ratings4
Active installs300
Alternatives

FundPress – WordPress Donation Plugin Alternatives

Mightycause Donation Forms and Embeds

Mightycause Donation Forms and Embeds

mightycause-widgets

A
100

Easily embed Mightycause donation buttons, widgets, or forms on your WordPress website with no coding required.

100 No CVEs
Philantro – Donations and Donor Management

Philantro – Donations and Donor Management

philantro

A
99

Securely accept one-time and recurring donations with automated donor records, analytics and fundraising campaign tracking.

60 2 CVEs
Growfund – Ultimate Donation & Crowdfunding Solution

Growfund – Ultimate Donation & Crowdfunding Solution

growfund

A
100

A complete crowdfunding and donation plugin for WordPress with dual operation modes, advanced analytics, and a modern user experience.

40 No CVEs
Fundrizer Lite – Donation Plugin for Transparent Fundraising

Fundrizer Lite – Donation Plugin for Transparent Fundraising

fundrizer

A
100

A donation plugin for charity fundraising, crowdfunding campaigns, and nonprofits with WooCommerce payments, donor management, and customizable forms &hellip;

10 No CVEs
Crowded Collect — Dues & Fundraising

Crowded Collect — Dues & Fundraising

crowded-collect-dues-fundraising

A
100

Embed your Crowded collection directly into your WordPress site with no coding required!

0 No CVEs
Developer Profile

FundPress – WordPress Donation Plugin Developer Profile

ThimPress

21 plugins · 209K total installs

70
trust score
Avg Security Score
87/100
Avg Patch Time
265 days
View full developer profile
Detection Fingerprints

How We Detect FundPress – WordPress Donation Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/fundpress/inc/class-dn-assets.php/wp-content/plugins/fundpress/inc/class-dn-shortcodes.php/wp-content/plugins/fundpress/inc/class-dn-template-include.php/wp-content/plugins/fundpress/inc/dn-template-hooks.php/wp-content/plugins/fundpress/inc/dn-core-hooks.php/wp-content/plugins/fundpress/inc/dn-core-functions.php/wp-content/plugins/fundpress/inc/class-dn-payment-gateways.php/wp-content/plugins/fundpress/inc/class-dn-email.php+14 more

HTML / DOM Fingerprints

CSS Classes
fundpress-campaign-shortcodefundpress_campaign_formfundpress_campaign_detailfundpress-contentfundpress-shortcode
HTML Comments
<!-- FundPress is activated --><!-- End FundPress --><!-- FundPress Plugin -->
Data Attributes
data-fundpress-campaign-iddata-fundpress-target-amount
JS Globals
FPFundPress
Shortcode Output
[fundpress_campaign_form][fundpress_campaign_detail][fundpress_donors_list]
FAQ

Frequently Asked Questions about FundPress – WordPress Donation Plugin