WP-Safety

Kudos Donations: Easy Donations with Mollie | One-off & Recurring | PDF Invoices | Buttons & Forms Security & Risk Analysis

wordpress.org/plugins/kudos-donations

Add a donation button to any page on your website. Easy & fast setup. Works with Mollie payments.

100 active installs v4.1.6 PHP 7.4+ WP 6.6+ Updated Nov 20, 2025
charitydonationfundraisingmollierecurring-donations
97
A · Safe
CVEs total3
Unpatched0
Last CVENov 27, 2024
Plugin page Download
Safety Verdict

Is Kudos Donations: Easy Donations with Mollie | One-off & Recurring | PDF Invoices | Buttons & Forms Safe to Use in 2026?

Generally Safe

Score 97/100

Kudos Donations: Easy Donations with Mollie | One-off & Recurring | PDF Invoices | Buttons & Forms has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Nov 27, 2024Updated 4mo ago
Risk Assessment

The 'kudos-donations' v4.1.6 plugin exhibits a generally positive security posture, with a strong emphasis on secure coding practices. The static analysis reveals a very small attack surface consisting of a single shortcode, with no unprotected entry points identified. The code demonstrates good utilization of prepared statements for SQL queries (80%) and excellent output escaping (98%). The presence of numerous nonce and capability checks further indicates a commitment to security. However, the plugin does have a history of known vulnerabilities, including one high and two medium severity issues, primarily related to Cross-Site Scripting and Cross-Site Request Forgery. While there are currently no unpatched vulnerabilities, this history suggests a recurring pattern of susceptibility to input manipulation and unauthorized action, necessitating ongoing vigilance. The presence of 'dompdf' as a bundled library, while potentially useful, could represent a risk if not kept up-to-date, though no specific outdated library issues were flagged in the static analysis.

Key Concerns

  • High severity known CVE history
  • Medium severity known CVE history (x2)
  • Bundled library (dompdf) potential risk
  • Taint analysis shows unsanitized paths
Vulnerabilities
3

Kudos Donations: Easy Donations with Mollie | One-off & Recurring | PDF Invoices | Buttons & Forms Security Vulnerabilities

CVEs by Year

1 CVE in 2021
2021
2 CVEs in 2024
2024
Patched Has unpatched

Severity Breakdown

High
1
Medium
2

3 total CVEs

CVE-2024-11685medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Kudos Donations – Easy donations and payments with Mollie <= 3.2.9 - Reflected Cross-Site Scripting via 'add_query_arg'

Nov 27, 2024 Patched in 3.3.0 (1d)
CVE-2024-11684medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Kudos Donations – Easy donations and payments with Mollie <= 3.2.9 - Reflected Cross-Site Scripting

Nov 27, 2024 Patched in 3.3.0 (1d)
WF-8af26db8-5cae-45ba-9573-2bc4e885de81-kudos-donationshigh · 8.8Cross-Site Request Forgery (CSRF)

Kudos Donations – Easy donations and payments with Mollie < 3.1.2 - Cross-Site Request Forgery

Nov 22, 2021 Patched in 3.1.2 (792d)
Code Analysis
Analyzed Mar 16, 2026

Kudos Donations: Easy Donations with Mollie | One-off & Recurring | PDF Invoices | Buttons & Forms Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
4 prepared
Unescaped Output
2
78 escaped
Nonce Checks
12
Capability Checks
10
File Operations
1
External Requests
1
Bundled Libraries
1

Bundled Libraries

dompdf

SQL Query Safety

80% prepared5 total queries

Output Escaping

98% escaped80 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
handle_query_variables (includes\Controller\Front.php:224)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Kudos Donations: Easy Donations with Mollie | One-off & Recurring | PDF Invoices | Buttons & Forms Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[kudos] includes\Controller\Front.php:142
WordPress Hooks 28
actionadmin_enqueue_scriptsincludes\Admin\AbstractAdminPage.php:76
actionadmin_footerincludes\Admin\DebugAdminPage.php:89
filterpost_row_actionsincludes\Admin\TableColumnsTrait.php:54
filterpost_date_column_statusincludes\Admin\TableColumnsTrait.php:94
actionpre_get_postsincludes\Admin\TableColumnsTrait.php:217
actionadmin_noticesincludes\Autoloader.php:55
actionupgrader_process_completeincludes\Container\Handler\UpgradeHandler.php:61
actionadmin_print_footer_scriptsincludes\Controller\Admin.php:158
actionwp_footerincludes\Controller\Front.php:63
actionwp_footerincludes\Controller\Front.php:195
actionrest_api_initincludes\Domain\RegisterRestFieldsTrait.php:38
actionplugins_loadedincludes\namespace.php:69
actioninitincludes\Plugin.php:82
filterkudos_global_localizationincludes\Plugin.php:94
filterkudos_receipt_attachmentincludes\Service\InvoiceService.php:41
actionadmin_enqueue_scriptsincludes\Service\MigrationService.php:144
actionadmin_noticesincludes\Service\NoticeService.php:94
actionkudos_transaction_paidincludes\Service\PaymentService.php:45
actionkudos_process_transactionincludes\Service\PaymentService.php:47
filterrest_urlincludes\Service\PaymentService.php:49
actionkudos_post_savedincludes\Service\PaymentService.php:51
filterkudos_global_localizationincludes\Vendor\AbstractVendorFactory.php:35
actionphpmailer_initincludes\Vendor\EmailVendor\SMTPVendor.php:88
filterwp_mail_fromincludes\Vendor\EmailVendor\SMTPVendor.php:89
filterwp_mail_from_nameincludes\Vendor\EmailVendor\SMTPVendor.php:90
filterwp_mail_content_typeincludes\Vendor\EmailVendor\SMTPVendor.php:91
actionwp_mail_failedincludes\Vendor\EmailVendor\SMTPVendor.php:92
actionshutdownuninstall.php:29
Maintenance & Trust

Kudos Donations: Easy Donations with Mollie | One-off & Recurring | PDF Invoices | Buttons & Forms Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedNov 20, 2025
PHP min version7.4
Downloads13K

Community Trust

Rating100/100
Number of ratings5
Active installs100
Alternatives

Kudos Donations: Easy Donations with Mollie | One-off & Recurring | PDF Invoices | Buttons & Forms Alternatives

GiveWP – Donation Plugin and Fundraising Platform

GiveWP – Donation Plugin and Fundraising Platform

give

B
76

Accept donations and begin fundraising with GiveWP, the highest rated WordPress donation plugin for online giving.

100K 69 CVEs
Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More

Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More

charitable

B
80

The best WordPress donation plugin. Create fundraising donation forms, accept recurring donations, easy donor management, add crowdfunding, and more.

10K 14 CVEs
Donation Platform for WooCommerce: Fundraising & Donation Management

Donation Platform for WooCommerce: Fundraising & Donation Management

wc-donation-platform

A
100

Open source donation system for your fundraising that supports recurring donations and more

7K 1 CVE
Better Payment – Instant Payments, Donations, Fundraising with Subscriptions & More

Better Payment – Instant Payments, Donations, Fundraising with Subscriptions & More

better-payment

A
100

Better Payment allows you to automate payment transactions to manage payments, donations, subscriptions, sell products, etc on your Elementor website.

6K No CVEs
Leyka

Leyka

leyka

D
38

Leyka is a plugin for crowdfunding and donations collection via WordPress website.

2K 2 unpatched
Developer Profile

Kudos Donations: Easy Donations with Mollie | One-off & Recurring | PDF Invoices | Buttons & Forms Developer Profile

Michael Iseard

1 plugin · 100 total installs

77
trust score
Avg Security Score
97/100
Avg Patch Time
265 days
View full developer profile
Detection Fingerprints

How We Detect Kudos Donations: Easy Donations with Mollie | One-off & Recurring | PDF Invoices | Buttons & Forms

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/kudos-donations/assets/css/admin/kudos-admin.css/wp-content/plugins/kudos-donations/assets/js/admin/kudos-admin.js/wp-content/plugins/kudos-donations/assets/css/front/kudos-fonts.css/wp-content/plugins/kudos-donations/assets/js/front/block/kudos-front.js/wp-content/plugins/kudos-donations/assets/js/front/block/index.js/wp-content/plugins/kudos-donations/assets/css/front/block/kudos-front.css
Script Paths
/wp-content/plugins/kudos-donations/assets/js/admin/kudos-admin.js/wp-content/plugins/kudos-donations/assets/js/front/block/kudos-front.js/wp-content/plugins/kudos-donations/assets/js/front/block/index.js
Version Parameters
kudos-donations/assets/css/admin/kudos-admin.css?ver=kudos-donations/assets/js/admin/kudos-admin.js?ver=kudos-donations/assets/css/front/kudos-fonts.css?ver=kudos-donations/assets/js/front/block/kudos-front.js?ver=kudos-donations/assets/js/front/block/index.js?ver=kudos-donations/assets/css/front/block/kudos-front.css?ver=

HTML / DOM Fingerprints

CSS Classes
kudos-admin-page
Data Attributes
data-titledata-view
JS Globals
kudos
FAQ

Frequently Asked Questions about Kudos Donations: Easy Donations with Mollie | One-off & Recurring | PDF Invoices | Buttons & Forms