Does Open Orphanage have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Open Orphanage compatible with WordPress 5.2.24?

According to WordPress.org data, Open Orphanage 0.2.20190622a has been tested up to WordPress 5.2.24. Check the plugin's changelog for the latest compatibility information.

Is Open Orphanage compatible with PHP 7.0+?

Open Orphanage requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Open Orphanage updated?

Open Orphanage was last updated on Jun 22, 2019. Frequent updates are generally a positive security signal.

What is Open Orphanage's security score?

Open Orphanage has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Open Orphanage Security & Risk Analysis

wordpress.org/plugins/open-orphanage

Praise Jesus, a plugin that works with an Android app, to help orphanages with the process of sponsoring orphans, and God willing more in the future.

10 active installs v0.2.20190622a PHP 7.0+ WP 5.0+ Updated Jun 22, 2019

churchcommunicationsjesusorphanssponsorship

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Open Orphanage Safe to Use in 2026?

Generally Safe

Score 85/100

Open Orphanage has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago

Risk Assessment

The open-orphanage plugin version 0.2.20190622a exhibits a mixed security posture. On the positive side, it avoids dangerous functions, uses prepared statements for all SQL queries, and shows no history of recorded vulnerabilities. The absence of critical taint analysis findings and SQL injection risks is commendable. However, significant concerns arise from its attack surface and output handling. The presence of seven AJAX handlers, with four lacking authentication checks, presents a considerable risk. While some nonces and capability checks are in place, the unprotected AJAX endpoints can be exploited to perform unintended actions. Furthermore, a concerning 37% of output is not properly escaped, indicating a potential for Cross-Site Scripting (XSS) vulnerabilities when user-supplied data is displayed without sufficient sanitization. The bundled Stripe PHP library, though not inherently a vulnerability, could become one if it's outdated and contains known security flaws, though no specific information is provided here.

Key Concerns

4 AJAX handlers without auth checks
37% of output unescaped
Bundled Stripe PHP library

Vulnerabilities

None known

Open Orphanage Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Open Orphanage Release Timeline

No version history available.

Code Analysis

Analyzed Apr 16, 2026

Open Orphanage Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

106

63 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Stripe PHP

Output Escaping

37% escaped169 total outputs

Attack Surface

4 unprotected

Open Orphanage Attack Surface

Entry Points11

Unprotected4

AJAX Handlers 7

authwp_ajax_oo_one_time_supporter_donation_aleluyaadmin-aleluya/oo-admin-supporter-aleluya.php:129

authwp_ajax_oo_enable_user_registration_aleluyaadmin-aleluya/oo-option-page1-aleluya.php:207

authwp_ajax_oo_child_get_image_aleluyaincludes-aleluya/child-custom-post-type-aleluya.php:100

authwp_ajax_oo_child_get_image_aleluyaincludes-aleluya/custom-post-types-aleluya/child-custom-post-type-aleluya.php:85

authwp_ajax_oo_stripe_donation_aleluyaincludes-aleluya/donation-block-shortcode-aleluya.php:13

authwp_ajax_oo_support_request_aleluyaincludes-aleluya/functions-aleluya.php:164

authwp_ajax_oo_stripe_donation_aleluyaincludes-aleluya/shortcodes-aleluya/donation-block-shortcode-aleluya.php:11

Shortcodes 4

[oo_donation_block_aleluya] includes-aleluya/donation-block-shortcode-aleluya.php:227

[oo_donation_block_aleluya] includes-aleluya/shortcodes-aleluya/donation-block-shortcode-aleluya.php:192

[oo_aleluya] includes-aleluya/shortcodes-aleluya/show-children-shortcode-aleluya.php:54

[oo_aleluya] includes-aleluya/show-children-shortcode-aleluya.php:163

WordPress Hooks 42

actionadmin_enqueue_scriptsadmin-aleluya/oo-admin-aleluya.php:10

actionadd_meta_boxesadmin-aleluya/oo-admin-child-aleluya.php:22

actionsave_postadmin-aleluya/oo-admin-child-aleluya.php:166

actionrest_api_initadmin-aleluya/oo-admin-child-aleluya.php:172

actionshow_user_profileadmin-aleluya/oo-admin-supporter-aleluya.php:19

actionedit_user_profileadmin-aleluya/oo-admin-supporter-aleluya.php:20

actionuser_profile_update_errorsadmin-aleluya/oo-admin-supporter-aleluya.php:146

actionpersonal_options_updateadmin-aleluya/oo-admin-supporter-aleluya.php:162

actionedit_user_profile_updateadmin-aleluya/oo-admin-supporter-aleluya.php:163

actionadmin_footeradmin-aleluya/oo-admin-supporter-aleluya.php:180

actionadmin_enqueue_scriptsadmin-aleluya/oo-admin-supporter-aleluya.php:181

actionuser_profile_update_errorsadmin-aleluya/oo-admin-supporter-aleluya.php:260

actionpersonal_options_updateadmin-aleluya/oo-admin-supporter-aleluya.php:278

actionedit_user_profile_updateadmin-aleluya/oo-admin-supporter-aleluya.php:279

actionadmin_noticesadmin-aleluya/oo-admin-supporter-aleluya.php:345

actionadmin_noticesadmin-aleluya/oo-admin-supporter-aleluya.php:346

actionshow_user_profileadmin-aleluya/oo-admin-supporter-aleluya.php:348

actionedit_user_profileadmin-aleluya/oo-admin-supporter-aleluya.php:349

actionadmin_menuadmin-aleluya/oo-option-page1-aleluya.php:7

actionadmin_initadmin-aleluya/oo-option-page1-aleluya.php:8

filterdetermine_current_userincludes-aleluya/basic-auth-aleluya.php:37

filterdetermine_current_userincludes-aleluya/basic-auth-aleluya.php:48

filterrest_authentication_errorsincludes-aleluya/basic-auth-aleluya.php:60

actionwidgets_initincludes-aleluya/bible-verse-widget-aleluya.php:16

actionadmin_enqueue_scriptsincludes-aleluya/child-custom-post-type-aleluya.php:39

actioninitincludes-aleluya/child-custom-post-type-aleluya.php:54

actioninitincludes-aleluya/custom-post-types-aleluya/child-custom-post-type-aleluya.php:39

filterthe_contentincludes-aleluya/custom-post-types-aleluya/child-custom-post-type-aleluya.php:216

actionwp_headincludes-aleluya/donation-block-shortcode-aleluya.php:57

actionwp_enqueue_scriptsincludes-aleluya/functions-aleluya.php:35

filterwp_mail_fromincludes-aleluya/functions-aleluya.php:84

filterwp_mail_from_nameincludes-aleluya/functions-aleluya.php:85

actionlogin_enqueue_scriptsincludes-aleluya/functions-aleluya.php:104

actionwp_headincludes-aleluya/shortcodes-aleluya/donation-block-shortcode-aleluya.php:55

actionwp_headincludes-aleluya/show-children-shortcode-aleluya.php:8

filterthe_contentincludes-aleluya/show-children-shortcode-aleluya.php:301

actionregister_formincludes-aleluya/supporters-aleluya.php:28

actionuser_registerincludes-aleluya/supporters-aleluya.php:36

actionwidgets_initincludes-aleluya/widgets-aleluya/bible-verse-widget-aleluya.php:16

actionplugins_loadedopen-orphanage.php:33

actionenqueue_block_assetssrc/init.php:34

actionenqueue_block_editor_assetssrc/init.php:65

Maintenance & Trust

Open Orphanage Maintenance & Trust

Maintenance Signals

WordPress version tested5.2.24

Last updatedJun 22, 2019

PHP min version7.0

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Open Orphanage Alternatives

Catholic Bible Scripturizer

catholicbible-scripturizer

Catholic Bible Scripturizer will convert Bible references in your posts and comments into hyperlinks to online Bibles.

10 No CVEs

GodInterest Share Button

godinterest-share-button

Add a "Share to Godinterest" Button to your site and get your visitors to start sharing your awesome content!.

10 No CVEs

Church Content – Sermons, Events and More

church-theme-content

100

Provides an interface for managing sermons, events, people and locations. A compatible theme is required for presenting content from these church-cent …

4K 1 CVE

Advanced Sermons

advanced-sermons

Elevate your church's digital outreach with audio/video sermons, organized speakers, and series management.

1K 5 CVEs

Church Admin

church-admin

Organise and communicate church life, with associated Android and iOS app for your congregation.

900 26 CVEs

Developer Profile

Open Orphanage Developer Profile

lovejesus

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Open Orphanage

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/open-orphanage/public-aleluya/js-aleluya/oo-child-admin-aleluya.js

Script Paths

/wp-content/plugins/open-orphanage/public-aleluya/js-aleluya/oo-child-admin-aleluya.js

Version Parameters

open-orphanage/public-aleluya/js-aleluya/oo-child-admin-aleluya.js?ver=

HTML / DOM Fingerprints

CSS Classes

card-element-aleluyacard-errors-aleluyaform-row

HTML Comments

For God so loved the world, that He gave His only begotten Son, that all who believe in Him should not perishbut have everlasting lifeThanks Jesus for https://www.cssigniter.com/how-to-add-a-custom-user-field-in-wordpress/Custom profile fields, Hallelujah+2 more

Data Attributes

zipcode_aleluyacard-element-aleluyacard-errors-aleluyanewcard-button-aleluyaoo_one_time_donation_aleluyaoo_one_time_donation_price_aleluya+3 more

JS Globals

oo_one_time_donation_button_clicked_aleluya

REST Endpoints

/wp-json/oo-aleluya/v1/donation

FAQ