Does Growfund – Ultimate Donation & Crowdfunding Solution have any unpatched vulnerabilities?

No. All known vulnerabilities in Growfund – Ultimate Donation & Crowdfunding Solution have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Growfund – Ultimate Donation & Crowdfunding Solution compatible with WordPress 6.9.4?

According to WordPress.org data, Growfund – Ultimate Donation & Crowdfunding Solution 1.0.9 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Growfund – Ultimate Donation & Crowdfunding Solution compatible with PHP 7.4+?

Growfund – Ultimate Donation & Crowdfunding Solution requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

What is Growfund – Ultimate Donation & Crowdfunding Solution's security score?

Growfund – Ultimate Donation & Crowdfunding Solution has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Growfund – Ultimate Donation & Crowdfunding Solution Security & Risk Analysis

wordpress.org/plugins/growfund

A complete crowdfunding and donation plugin for WordPress with dual operation modes, advanced analytics, and a modern user experience.

40 active installs v1.0.9 PHP 7.4+ WP 5.9+ Updated Mar 12, 2026

charitycrowdfundingdonationfundraisingrewards

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Growfund – Ultimate Donation & Crowdfunding Solution Safe to Use in 2026?

Generally Safe

Score 100/100

Growfund – Ultimate Donation & Crowdfunding Solution has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 22d ago

Risk Assessment

The "growfund" v1.0.9 plugin exhibits a generally strong security posture based on the static analysis and vulnerability history provided. The plugin demonstrates good practices by predominantly using prepared statements for SQL queries and properly escaping output, which significantly mitigates common risks like SQL injection and cross-site scripting. The absence of any reported vulnerabilities, CVEs, or critical taint flows further reinforces this positive assessment.

However, there are areas for improvement. While the attack surface appears minimal with zero entry points, the limited number of capability and nonce checks (1 and 2 respectively) could potentially be a concern if the plugin's functionality grows or if specific entry points are hidden. The presence of file operations and external HTTP requests, while not flagged as problematic in this analysis, warrants ongoing scrutiny as these can be vectors for exploitation if not handled with extreme care.

In conclusion, "growfund" v1.0.9 appears to be a relatively secure plugin with no known major vulnerabilities. The development team has implemented several good security practices. Future development should focus on maintaining this high standard and potentially increasing the robustness of authentication and authorization checks as the plugin evolves, especially around file operations and external requests.

Key Concerns

Limited capability checks (1)
Limited nonce checks (2)
Raw SQL queries detected (1 out of 80)
Output not properly escaped detected (9% of 1155)

Vulnerabilities

None known

Growfund – Ultimate Donation & Crowdfunding Solution Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Growfund – Ultimate Donation & Crowdfunding Solution Code Analysis

Dangerous Functions

Raw SQL Queries

63 prepared

Unescaped Output

1056 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

TinyMCE

SQL Query Safety

79% prepared80 total queries

Output Escaping

91% escaped1155 total outputs

Attack Surface

Growfund – Ultimate Donation & Crowdfunding Solution Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 36

actionpre_current_active_pluginsgrowfund.php:121

filterplugin_row_metagrowfund.php:130

filtermap_meta_capsrc\Capabilities\BackerCapabilities.php:25

filtermap_meta_capsrc\Capabilities\BookmarkCapabilities.php:29

filtermap_meta_capsrc\Capabilities\CampaignCapabilities.php:35

filtermap_meta_capsrc\Capabilities\DonationCapabilities.php:35

filtermap_meta_capsrc\Capabilities\DonorCapabilities.php:25

filtermap_meta_capsrc\Capabilities\FundCapabilities.php:30

filtermap_meta_capsrc\Capabilities\PledgeCapabilities.php:34

filteraction_scheduler_queue_runner_time_limitsrc\Core\Scheduler.php:33

filteraction_scheduler_queue_runner_concurrent_batchessrc\Core\Scheduler.php:40

filteraction_scheduler_queue_runner_batch_sizesrc\Core\Scheduler.php:47

filteraction_scheduler_timeout_periodsrc\Core\Scheduler.php:54

filteraction_scheduler_failure_periodsrc\Core\Scheduler.php:61

filteraction_scheduler_default_cleaner_statusessrc\Core\Scheduler.php:68

actionaction_scheduler_completed_actionsrc\Hooks\Scheduler\RecurringScheduler.php:93

actionaction_scheduler_stored_actionsrc\Hooks\Scheduler\RecurringScheduler.php:123

actionadmin_headsrc\Menu\Separator.php:57

filterpre_user_querysrc\Services\BackerService.php:100

filterpre_user_querysrc\Services\BackerService.php:106

filterposts_wheresrc\Services\CampaignService.php:294

filterposts_wheresrc\Services\CampaignService.php:295

filterposts_wheresrc\Services\CampaignService.php:296

filterpre_user_querysrc\Services\DonorService.php:158

filterpre_user_querysrc\Services\DonorService.php:164

filteradmin_memory_limitsrc\Services\Migration\DonationMigrationService.php:43

filteradmin_memory_limitsrc\Services\Migration\PledgeMigrationService.php:51

filterwp_pre_insert_user_datasrc\Services\UserService.php:113

actioninitsrc\SiteRouter.php:98

filterquery_varssrc\SiteRouter.php:99

actioninitsrc\SiteRouter.php:102

actiontemplate_redirectsrc\SiteRouter.php:122

filterthe_contentsrc\SiteRouter.php:313

filterscript_loader_tagsrc\Supports\Assets.php:54

filterscript_loader_tagsrc\Supports\Assets.php:199

filterwp_safe_redirect_fallbacksrc\Supports\Url.php:56

Maintenance & Trust

Growfund – Ultimate Donation & Crowdfunding Solution Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 12, 2026

PHP min version7.4

Downloads420

Community Trust

Rating0/100

Number of ratings0

Active installs40

Alternatives

Growfund – Ultimate Donation & Crowdfunding Solution Alternatives

FundPress – WordPress Donation Plugin

fundpress

Easily build your own crowdfunding platform like Kickstarter with this free WordPress donation plugin in just a few clicks. No coding required.

300 1 CVE

Fundrizer Lite – Donation Plugin for Transparent Fundraising

fundrizer

100

A donation plugin for charity fundraising, crowdfunding campaigns, and nonprofits with WooCommerce payments, donor management, and customizable forms …

10 No CVEs

GiveWP – Donation Plugin and Fundraising Platform

give

Accept donations and begin fundraising with GiveWP, the highest rated WordPress donation plugin for online giving.

100K 69 CVEs

Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More

charitable

The best WordPress donation plugin. Create fundraising donation forms, accept recurring donations, easy donor management, add crowdfunding, and more.

10K 14 CVEs

Donation Platform for WooCommerce: Fundraising & Donation Management

wc-donation-platform

100

Open source donation system for your fundraising that supports recurring donations and more

7K 1 CVE

Developer Profile

Growfund – Ultimate Donation & Crowdfunding Solution Developer Profile

Themeum

14 plugins · 675K total installs

trust score

Avg Security Score

87/100

Avg Patch Time

269 days

View full developer profile

Detection Fingerprints

How We Detect Growfund – Ultimate Donation & Crowdfunding Solution

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/growfund/resources/assets/css/main.css/wp-content/plugins/growfund/resources/assets/css/frontend.css/wp-content/plugins/growfund/resources/assets/css/backend.css/wp-content/plugins/growfund/resources/assets/js/frontend.js/wp-content/plugins/growfund/resources/assets/js/backend.js/wp-content/plugins/growfund/resources/assets/js/frontend.vendor.js/wp-content/plugins/growfund/resources/assets/js/backend.vendor.js

Script Paths

/wp-content/plugins/growfund/resources/assets/js/frontend.js/wp-content/plugins/growfund/resources/assets/js/backend.js/wp-content/plugins/growfund/resources/assets/js/frontend.vendor.js/wp-content/plugins/growfund/resources/assets/js/backend.vendor.js

Version Parameters

growfund/resources/assets/css/main.css?ver=growfund/resources/assets/css/frontend.css?ver=growfund/resources/assets/css/backend.css?ver=growfund/resources/assets/js/frontend.js?ver=growfund/resources/assets/js/backend.js?ver=growfund/resources/assets/js/frontend.vendor.js?ver=growfund/resources/assets/js/backend.vendor.js?ver=

HTML / DOM Fingerprints

CSS Classes

growfund-campaign-progressgrowfund-campaign-goalgrowfund-campaign-days-leftgrowfund-donate-buttongrowfund-reward-item

Data Attributes

data-growfund-campaign-id

JS Globals

growfund_frontend_paramsgrowfund_backend_params

REST Endpoints

/wp-json/growfund/v1/campaigns/wp-json/growfund/v1/donations

Shortcode Output

[growfund_campaign_progress][growfund_campaign_goal][growfund_donate_button][growfund_rewards_list]

FAQ