WP-Safety

GiftFlow – Donation & Fundraising Security & Risk Analysis

wordpress.org/plugins/giftflow

A comprehensive WordPress plugin for managing donations, donors, and campaigns with modern features and extensible architecture.

0 active installs v1.0.15 PHP 7.4+ WP 6.0+ Updated Apr 12, 2026
campaignscharitydonationsfundraisingnonprofit
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is GiftFlow – Donation & Fundraising Safe to Use in 2026?

Generally Safe

Score 100/100

GiftFlow – Donation & Fundraising has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The giftflow plugin v1.0.15 exhibits a generally good security posture, with a strong emphasis on prepared SQL statements and proper output escaping. The plugin successfully utilizes nonce and capability checks for a significant portion of its entry points, which is a positive indicator of secure development practices. The absence of any recorded CVEs further suggests a history of responsible maintenance.

However, the static analysis reveals several areas of concern. The presence of 5 AJAX handlers without authentication checks represents a significant attack surface that could be exploited if these handlers perform sensitive operations or expose information. While the taint analysis did not identify any critical or high-severity issues, the 11 flows with unsanitized paths warrant attention, as they could potentially lead to vulnerabilities if exploited in conjunction with other weaknesses. The use of the `unserialize` function, even once, is a known risk and should be mitigated wherever possible.

In conclusion, giftflow demonstrates strengths in its foundational security coding practices, particularly regarding data sanitization for SQL and output. The lack of historical vulnerabilities is encouraging. The primary weaknesses lie in the unprotected AJAX endpoints and the potential risks associated with unsanitized paths and the use of `unserialize`. Addressing these specific points will significantly improve the plugin's overall security.

Key Concerns

  • AJAX handlers without authentication checks
  • Use of unserialize function
  • Flows with unsanitized paths
Vulnerabilities
None known

GiftFlow – Donation & Fundraising Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

GiftFlow – Donation & Fundraising Release Timeline

v1.0.15Current
v1.0.14
v1.0.12
v1.0.11
v1.0.10
v1.0.9
v1.0.8
v1.0.7
v1.0.6
v1.0.4
v1.0.3
v1.0.2
Code Analysis
Analyzed Apr 16, 2026

GiftFlow – Donation & Fundraising Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
15 prepared
Unescaped Output
48
1732 escaped
Nonce Checks
16
Capability Checks
16
File Operations
8
External Requests
10
Bundled Libraries
2

Dangerous Functions Found

unserialize$preset_donation_amounts = unserialize( $preset_donation_amounts );includes/common.php:452

Bundled Libraries

Select2Stripe PHP

SQL Query Safety

100% prepared15 total queries

Output Escaping

97% escaped1780 total outputs
Data Flows · Security
11 unsanitized

Data Flow Analysis

16 flows11 with unsanitized paths
add_status_filter (admin/includes/post-types/class-campaign.php:257)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
5 unprotected

GiftFlow – Donation & Fundraising Attack Surface

Entry Points31
Unprotected5

AJAX Handlers 24

authwp_ajax_giftflow_dismiss_first_activation_noticegiftflow.php:301
authwp_ajax_giftflow_get_gallery_imagesincludes/core/class-ajax.php:27
authwp_ajax_giftflow_get_pagination_donation_list_htmlincludes/core/class-ajax.php:29
noprivwp_ajax_giftflow_get_pagination_donation_list_htmlincludes/core/class-ajax.php:30
authwp_ajax_giftflow_get_campaign_donation_formincludes/core/class-ajax.php:33
noprivwp_ajax_giftflow_get_campaign_donation_formincludes/core/class-ajax.php:34
authwp_ajax_giftflow_donation_formincludes/frontend/class-forms.php:35
noprivwp_ajax_giftflow_donation_formincludes/frontend/class-forms.php:36
authwp_ajax_giftflow_paypal_create_orderincludes/gateways/class-paypal.php:343
noprivwp_ajax_giftflow_paypal_create_orderincludes/gateways/class-paypal.php:344
authwp_ajax_giftflow_paypal_capture_orderincludes/gateways/class-paypal.php:346
noprivwp_ajax_giftflow_paypal_capture_orderincludes/gateways/class-paypal.php:347
authwp_ajax_giftflow_process_paypal_paymentincludes/gateways/class-paypal.php:350
noprivwp_ajax_giftflow_process_paypal_paymentincludes/gateways/class-paypal.php:351
authwp_ajax_giftflow_paypal_webhookincludes/gateways/class-paypal.php:354
noprivwp_ajax_giftflow_paypal_webhookincludes/gateways/class-paypal.php:355
authwp_ajax_giftflow_paypal_create_subscriptionincludes/gateways/class-paypal.php:358
noprivwp_ajax_giftflow_paypal_create_subscriptionincludes/gateways/class-paypal.php:359
authwp_ajax_giftflow_paypal_create_productincludes/gateways/class-paypal.php:363
authwp_ajax_giftflow_paypal_cancel_subscriptionincludes/gateways/class-paypal.php:366
authwp_ajax_giftflow_stripe_webhookincludes/gateways/class-stripe.php:347
noprivwp_ajax_giftflow_stripe_webhookincludes/gateways/class-stripe.php:348
authwp_ajax_giftflow_stripe_cancel_subscriptionincludes/gateways/class-stripe.php:354
authwp_ajax_giftflow_test_send_mailincludes/mail.php:55

REST API Routes 4

GET/wp-json/giftflow/v1/campaignsadmin/includes/api.php:19
GET/wp-json/giftflow/v1/dashboard/overviewadmin/includes/api.php:65
GET/wp-json/giftflow/v1/dashboard/statistics/chartsadmin/includes/api.php:77
GET/wp-json/giftflow/v1/campaign/csv-exportadmin/includes/api.php:96

Shortcodes 3

[giftflow_donation_form] includes/frontend/class-shortcodes.php:30
[giftflow_campaign_grid] includes/frontend/class-shortcodes.php:33
[giftflow_campaign_status_bar] includes/frontend/class-shortcodes.php:36
WordPress Hooks 119
actionrest_api_initadmin/includes/api.php:16
actionadmin_menuadmin/includes/dashboard.php:48
actionadd_meta_boxesadmin/includes/meta-boxes/class-base-meta-box.php:58
actionsave_postadmin/includes/meta-boxes/class-base-meta-box.php:59
actionpre_get_postsadmin/includes/post-types/class-base-post-type.php:82
filterparent_fileadmin/includes/post-types/class-campaign.php:114
filtersubmenu_fileadmin/includes/post-types/class-campaign.php:115
actionadmin_menuadmin/includes/post-types/class-campaign.php:118
actionrestrict_manage_postsadmin/includes/post-types/class-campaign.php:121
actionrestrict_manage_postsadmin/includes/post-types/class-campaign.php:122
filterparse_queryadmin/includes/post-types/class-campaign.php:123
filtermanage_donation_posts_columnsadmin/includes/post-types/class-donation.php:66
actionmanage_donation_posts_custom_columnadmin/includes/post-types/class-donation.php:67
filtermanage_edit-donation_sortable_columnsadmin/includes/post-types/class-donation.php:68
actionrestrict_manage_postsadmin/includes/post-types/class-donation.php:71
actionrestrict_manage_postsadmin/includes/post-types/class-donation.php:72
actionrestrict_manage_postsadmin/includes/post-types/class-donation.php:73
filterparse_queryadmin/includes/post-types/class-donation.php:74
filtermanage_donor_posts_columnsadmin/includes/post-types/class-donor.php:66
actionmanage_donor_posts_custom_columnadmin/includes/post-types/class-donor.php:67
filtermanage_edit-donor_sortable_columnsadmin/includes/post-types/class-donor.php:68
actionrestrict_manage_postsadmin/includes/post-types/class-donor.php:71
filterparse_queryadmin/includes/post-types/class-donor.php:72
actionadmin_menuadmin/includes/settings.php:30
actionadmin_initadmin/includes/settings.php:343
actioninitblocks/campaign-single-content/block.php:30
actioninitblocks/campaign-single-images/block.php:30
actioninitblocks/campaign-status-bar/block.php:37
actioninitblocks/campaigns-grid/block.php:62
actioninitblocks/donation-button/block.php:59
actioninitblocks/donor-account/block.php:31
actioninitblocks/donor-account/block.php:135
filterquery_varsblocks/donor-account/block.php:154
actioninitblocks/share/block.php:49
actioninitblocks/thank-donor/block.php:170
actionadmin_noticesgiftflow.php:34
actionplugins_loadedgiftflow.php:120
actionadmin_bar_menugiftflow.php:183
actionadmin_initgiftflow.php:251
actionadmin_noticesgiftflow.php:274
filterget_block_templatesincludes/core/class-block-template.php:28
filterget_block_templateincludes/core/class-block-template.php:29
actionwp_insert_postincludes/core/class-campaigns.php:44
actionpost_updatedincludes/core/class-campaigns.php:45
actionbefore_delete_postincludes/core/class-campaigns.php:46
actiontrash_postincludes/core/class-campaigns.php:47
actionuntrash_postincludes/core/class-campaigns.php:48
actionupdated_post_metaincludes/core/class-campaigns.php:51
actionadded_post_metaincludes/core/class-campaigns.php:52
actiondeleted_post_metaincludes/core/class-campaigns.php:53
actionadd_meta_boxesincludes/core/class-donation-event-history.php:150
actionwp_insert_postincludes/core/class-donations.php:57
actionpost_updatedincludes/core/class-donations.php:58
actionbefore_delete_postincludes/core/class-donations.php:59
actiontrash_postincludes/core/class-donations.php:60
actionuntrash_postincludes/core/class-donations.php:61
actionupdated_post_metaincludes/core/class-donations.php:64
actionadded_post_metaincludes/core/class-donations.php:65
actiondeleted_post_metaincludes/core/class-donations.php:66
actioninitincludes/core/class-loader.php:103
actioninitincludes/core/class-loader.php:104
actionwp_enqueue_scriptsincludes/core/class-loader.php:105
actionadmin_enqueue_scriptsincludes/core/class-loader.php:106
actionenqueue_block_assetsincludes/core/class-loader.php:107
filterblock_categories_allincludes/core/class-loader.php:108
actiongiftflow_cleanup_logsincludes/core/class-loader.php:109
actionadmin_menuincludes/core/class-loader.php:112
filterdisplay_post_statesincludes/core/class-loader.php:178
actiontemplate_includeincludes/core/class-loader.php:229
filterthe_contentincludes/core/class-loader.php:232
actiontemplate_includeincludes/core/class-loader.php:236
actiontemplate_includeincludes/core/class-loader.php:239
actiontemplate_includeincludes/core/class-loader.php:242
actiontemplate_includeincludes/core/class-loader.php:245
actiongiftflow_before_single_campaignincludes/frontend/campaign-single-template-hooks.php:40
actiongiftflow_after_single_campaignincludes/frontend/campaign-single-template-hooks.php:41
actiongiftflow_single_campaign_imagesincludes/frontend/campaign-single-template-hooks.php:43
actiongiftflow_single_campaign_summaryincludes/frontend/campaign-single-template-hooks.php:44
actiongiftflow_single_campaign_summaryincludes/frontend/campaign-single-template-hooks.php:45
actiongiftflow_single_campaign_summaryincludes/frontend/campaign-single-template-hooks.php:46
actiongiftflow_single_campaign_summaryincludes/frontend/campaign-single-template-hooks.php:47
actiongiftflow_single_campaign_summaryincludes/frontend/campaign-single-template-hooks.php:48
actiongiftflow_single_campaign_summaryincludes/frontend/campaign-single-template-hooks.php:49
actiongiftflow_single_campaign_summaryincludes/frontend/campaign-single-template-hooks.php:50
actiongiftflow_single_campaign_tabsincludes/frontend/campaign-single-template-hooks.php:53
actioninitincludes/frontend/campaign-single-template-hooks.php:55
actiongiftflow_campaign_taxonomy_archive_headerincludes/frontend/campaign-taxonomy-archive-template-hooks.php:30
actiongiftflow_campaign_taxonomy_archive_headerincludes/frontend/campaign-taxonomy-archive-template-hooks.php:31
actiongiftflow_campaign_taxonomy_loopincludes/frontend/campaign-taxonomy-archive-template-hooks.php:32
filtergiftflow_campaign_grid_pagination_argsincludes/frontend/campaign-taxonomy-archive-template-hooks.php:34
actioninitincludes/frontend/campaign-taxonomy-archive-template-hooks.php:36
actiongiftflow_campaigns_page_headerincludes/frontend/campaigns-page-template-hooks.php:31
actiongiftflow_campaigns_page_headerincludes/frontend/campaigns-page-template-hooks.php:32
actiongiftflow_campaigns_page_loopincludes/frontend/campaigns-page-template-hooks.php:33
filtergiftflow_campaign_grid_pagination_argsincludes/frontend/campaigns-page-template-hooks.php:35
actioninitincludes/frontend/campaigns-page-template-hooks.php:37
actionwp_enqueue_scriptsincludes/frontend/class-forms.php:34
actiongiftflow_register_gatewaysincludes/gateways/class-direct-bank-transfer.php:264
filtergiftflow_payment_gatewaysincludes/gateways/class-gateway-base.php:159
actiongiftflow_payment_methods_settingsincludes/gateways/class-gateway-base.php:160
actionwp_enqueue_scriptsincludes/gateways/class-gateway-base.php:163
actionadmin_enqueue_scriptsincludes/gateways/class-gateway-base.php:164
actionwp_enqueue_scriptsincludes/gateways/class-paypal.php:184
actionadmin_noticesincludes/gateways/class-paypal.php:362
actiontemplate_redirectincludes/gateways/class-paypal.php:369
actiongiftflow_register_gatewaysincludes/gateways/class-paypal.php:2925
actioninitincludes/gateways/class-stripe.php:351
actiongiftflow_register_gatewaysincludes/gateways/class-stripe.php:1645
actiongiftflow_donation_form_after_payment_methodincludes/hooks.php:12
actiongiftflow_donation_form_after_payment_methodincludes/hooks.php:13
actiongiftflow_donation_after_payment_processedincludes/hooks.php:16
actiongiftflow_donation_form_after_formincludes/hooks.php:19
actiongiftflow_donation_form_before_process_donationincludes/hooks.php:20
actionwp_enqueue_scriptsincludes/hooks.php:23
actiongiftflow_my_donations_table_beforeincludes/hooks.php:27
actiontemplate_redirectincludes/hooks.php:30
actiongiftflow_test_send_mailincludes/mail.php:75
actiongiftflow_donation_after_payment_processedincludes/mail.php:165
actiongiftflow_donation_after_payment_processedincludes/mail.php:225

Scheduled Events 1

giftflow_cleanup_logs
Maintenance & Trust

GiftFlow – Donation & Fundraising Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 12, 2026
PHP min version7.4
Downloads572

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

GiftFlow – Donation & Fundraising Alternatives

Philantro – Donations and Donor Management

Philantro – Donations and Donor Management

philantro

A
99

Securely accept one-time and recurring donations with automated donor records, analytics and fundraising campaign tracking.

60 2 CVEs
FundCollector – Donations Plugin and Fundraising Platform for WordPress

FundCollector – Donations Plugin and Fundraising Platform for WordPress

fundcollector

A
100

Easily receive donations on your website. Accept payments made with PayPal. For bank transfers, it automatically sends payment instructions via email.

0 No CVEs
SureDonation

SureDonation

suredonation

A
100

A powerful donation management plugin for WordPress with campaign tracking, Stripe payment processing, and donor management.

0 No CVEs
Donorbox – Free Recurring Donation Plugin and Fundraising Platform

Donorbox – Free Recurring Donation Plugin and Fundraising Platform

donorbox-donation-form

A
99

Donorbox is a powerful and secure donation management plugin for WordPress. We are the only donation plugin for WordPress that offers a fast feature-f …

9K 2 CVEs
FundPress – WordPress Donation Plugin

FundPress – WordPress Donation Plugin

fundpress

A
96

Easily build your own crowdfunding platform like Kickstarter with this free WordPress donation plugin in just a few clicks. No coding required.

300 2 CVEs
Developer Profile

GiftFlow – Donation & Fundraising Developer Profile

Beplus

1 plugin · 0 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect GiftFlow – Donation & Fundraising

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/giftflow/assets/css/giftflow.css/wp-content/plugins/giftflow/assets/js/giftflow.js
Generator Patterns
GiftFlow – Donation & Fundraising
Script Paths
/wp-content/plugins/giftflow/assets/js/giftflow.js
Version Parameters
giftflow/assets/css/giftflow.css?ver=giftflow/assets/js/giftflow.js?ver=

HTML / DOM Fingerprints

CSS Classes
giftflow-donation-formgiftflow-campaign-listinggiftflow-donor-profile
HTML Comments
<!-- GiftFlow Donation Form --><!-- GiftFlow Campaign Card -->
Data Attributes
data-giftflow-campaign-iddata-giftflow-donation-amount
JS Globals
giftflow_params
REST Endpoints
/wp-json/giftflow/v1/donations/wp-json/giftflow/v1/campaigns
Shortcode Output
[giftflow_donation_form][giftflow_campaign_listing][giftflow_donor_profile]
FAQ

Frequently Asked Questions about GiftFlow – Donation & Fundraising