Does Give – Double the Donation have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Give – Double the Donation compatible with WordPress 6.9.4?

According to WordPress.org data, Give – Double the Donation 2.1.2 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Give – Double the Donation compatible with PHP 7.2+?

Give – Double the Donation requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Give – Double the Donation updated?

Give – Double the Donation was last updated on Jan 7, 2026. Frequent updates are generally a positive security signal.

What is Give – Double the Donation's security score?

Give – Double the Donation has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Give – Double the Donation Security & Risk Analysis

wordpress.org/plugins/give-double-the-donation

Empower your GiveWP donors to have their company match their donations with the most powerful Company Matching platform: Double the Donation.

100 active installs v2.1.2 PHP 7.2+ WP 6.6+ Updated Jan 7, 2026

company-matching-donationdouble-the-donationemployer-matchingemployer-matching-donationsgivewp

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Give – Double the Donation Safe to Use in 2026?

Generally Safe

Score 100/100

Give – Double the Donation has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago

Risk Assessment

The "give-double-the-donation" plugin v2.1.2 exhibits a concerning security posture primarily due to its unprotected entry points and weak output escaping. While the plugin demonstrates good practices in database interaction by exclusively using prepared statements and has no recorded vulnerabilities or critical taint flows, the absence of permission callbacks on its two REST API routes presents a significant risk. This means any user, regardless of their role, could potentially interact with these API endpoints, leading to unauthorized actions or information disclosure if the API functionality is not robustly secured internally. The low percentage of properly escaped output (23%) is another major red flag, increasing the likelihood of cross-site scripting (XSS) vulnerabilities where user-supplied data is not properly sanitized before being displayed on the frontend.

Key Concerns

REST API routes without permission callbacks
Low percentage of properly escaped output
No nonce checks
No capability checks

Vulnerabilities

None known

Give – Double the Donation Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Give – Double the Donation Release Timeline

v2.1.2Current

v2.1.1

v2.1.0

v2.0.2

v2.0.1

v2.0.0

v1.0.1

v1.0

Code Analysis

Analyzed Mar 16, 2026

Give – Double the Donation Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

3 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

23% escaped13 total outputs

Attack Surface

2 unprotected

Give – Double the Donation Attack Surface

Entry Points2

Unprotected2

REST API Routes 2

GET/wp-json/givewp/dtddonation/(?P<id>[0-9]+)src\DoubleTheDonation\API\REST\CompanyMatching.php:17

GET/wp-json/givewp/dtddonation/(?P<id>[0-9]+)src\DoubleTheDonation\API\REST\CompanyMatching.php:66

WordPress Hooks 5

actionbefore_give_initgive-double-the-donation.php:49

actionadmin_initgive-double-the-donation.php:61

actionadmin_noticessrc\Addon\Environment.php:22

actionadmin_noticessrc\Addon\Environment.php:27

filtergive-settings_get_settings_pagessrc\DoubleTheDonation\Helpers\SettingsPage.php:24

Maintenance & Trust

Give – Double the Donation Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 7, 2026

PHP min version7.2

Downloads6K

Community Trust

Rating0/100

Number of ratings0

Active installs100

Alternatives

Give – Double the Donation Alternatives

GiveWP Donation Widgets for Elementor

givewp-donation-widgets-for-elementor

100

A GiveWP add-on which allows you to embed any GiveWP shortcode into your Elementor-powered pages.

7K No CVEs

Seamless Donations is Sunset

seamless-donations

Sunset Notice

2K 2 CVEs

Double the Donation – A workplace giving tool

double-the-donation

Double the Donation – Easily add our matching gifts plugin and volunteering plugin on your site to help your fundraising efforts

1K 3 CVEs

Give – Paystack Gateway

paystack-for-give

100

Fundraise with Paystack and GiveWP.

1K No CVEs

Give – Divi Donation Modules

give-donation-modules-for-divi

A GiveWP add-on which allows you to embed any GiveWP shortcode into your Divi-powered pages.

600 1 CVE

Developer Profile

Give – Double the Donation Developer Profile

Matt Cromwell

1 plugin · 100 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Give – Double the Donation

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/give-double-the-donation/build/backend.asset.php/wp-content/plugins/give-double-the-donation/build/backend.js/wp-content/plugins/give-double-the-donation/build/frontend.asset.php/wp-content/plugins/give-double-the-donation/build/frontend.js

Script Paths

https://doublethedonation.com/api/js/ddplugin.js

Version Parameters

give-double-the-donation/build/backend.asset.php?ver=give-double-the-donation/build/frontend.asset.php?ver=

HTML / DOM Fingerprints

Data Attributes

data-give-dtd-public-key

JS Globals

DDCONF

REST Endpoints

/wp-json/givewp/dtd/donation/

FAQ