WP-Safety

PeerRaiser – Peer-to-Peer Fundraising Donation Plugin Security & Risk Analysis

wordpress.org/plugins/peerraiser

PeerRaiser is a donation plugin that makes it easy to create powerful peer-to-peer fundraising campaigns on your own WordPress site.

10 active installs v1.3.2 PHP + WP 4.4.0+ Updated Apr 8, 2020
donationdonation-pluginfundraisingnonprofitpeer-to-peer
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is PeerRaiser – Peer-to-Peer Fundraising Donation Plugin Safe to Use in 2026?

Generally Safe

Score 85/100

PeerRaiser – Peer-to-Peer Fundraising Donation Plugin has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago
Risk Assessment

The "peerraiser" plugin v1.3.2 presents a mixed security posture. While the absence of known CVEs and the use of prepared statements in a majority of SQL queries are positive indicators, significant concerns arise from the static analysis. A notable portion of its attack surface, specifically 9 out of 15 AJAX handlers, lacks proper authentication checks, creating a potential entry point for unauthorized actions. Furthermore, the taint analysis reveals two high-severity flows with unsanitized paths, indicating a risk of data manipulation or leakage if these paths are exploited.

The vulnerability history being clean suggests the plugin may have been developed with some security awareness or has not yet been thoroughly targeted. However, the static analysis findings, particularly the unprotected AJAX endpoints and high-severity taint flows, suggest that the plugin's security is not as robust as it could be. The large number of output operations (1141) with only 62% properly escaped also leaves room for potential cross-site scripting (XSS) vulnerabilities, though these are not explicitly flagged as critical in the taint analysis. A balanced conclusion would note the lack of historical vulnerabilities as a strength, but the static analysis highlights areas demanding immediate attention to prevent future exploits.

Key Concerns

  • Unprotected AJAX handlers
  • High severity unsanitized taint flows
  • Significant portion of output not escaped
Vulnerabilities
None known

PeerRaiser – Peer-to-Peer Fundraising Donation Plugin Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

PeerRaiser – Peer-to-Peer Fundraising Donation Plugin Code Analysis

Dangerous Functions
0
Raw SQL Queries
13
30 prepared
Unescaped Output
438
703 escaped
Nonce Checks
29
Capability Checks
6
File Operations
1
External Requests
3
Bundled Libraries
0

SQL Query Safety

70% prepared43 total queries

Output Escaping

62% escaped1141 total outputs
Data Flows
8 unsanitized

Data Flow Analysis

10 flows8 with unsanitized paths
ajax_get_posts (application\controller\class-admin.php:440)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
9 unprotected

PeerRaiser – Peer-to-Peer Fundraising Donation Plugin Attack Surface

Entry Points21
Unprotected9

AJAX Handlers 15

authwp_ajax_peerraiser_get_fundraisersapplication\controller\admin\class-campaigns.php:30
noprivwp_ajax_peerraiser_get_fundraisersapplication\controller\admin\class-campaigns.php:31
authwp_ajax_peerraiser_dismiss_messageapplication\controller\admin\class-dashboard.php:19
authwp_ajax_peerraiser_dismiss_message-post-new.phpapplication\controller\admin\class-dashboard.php:20
authwp_ajax_peerraiser_update_settingsapplication\controller\admin\class-settings.php:12
authwp_ajax_peerraiser_get_postsapplication\controller\class-admin.php:34
authwp_ajax_peerraiser_get_donorsapplication\controller\class-admin.php:35
authwp_ajax_peerraiser_get_campaignsapplication\controller\class-admin.php:36
authwp_ajax_peerraiser_get_teamsapplication\controller\class-admin.php:37
authwp_ajax_peerraiser_get_usersapplication\controller\class-admin.php:38
authwp_ajax_peerraiser_get_slugapplication\controller\class-admin.php:39
authwp_ajax_peerraiser_update_avatarapplication\controller\frontend\class-participant-dashboard.php:13
authwp_ajax_peerraiser_update_avatarapplication\controller\frontend\class-participant-dashboard.php:14
authwp_ajax_cmb2_oembed_handlerlibrary\CMB2\includes\CMB2_Ajax.php:51
noprivwp_ajax_cmb2_oembed_handlerlibrary\CMB2\includes\CMB2_Ajax.php:52

Shortcodes 6

[peerraiser_donation_form] application\controller\frontend\class-shortcode.php:13
[peerraiser_receipt] application\controller\frontend\class-shortcode.php:14
[peerraiser_login] application\controller\frontend\class-shortcode.php:15
[peerraiser_signup] application\controller\frontend\class-shortcode.php:16
[peerraiser_participant_dashboard] application\controller\frontend\class-shortcode.php:17
[peerraiser_registration] application\controller\frontend\class-shortcode.php:18
WordPress Hooks 164
actionadmin_noticesapplication\controller\admin\class-admin-notices.php:7
actionadmin_noticesapplication\controller\admin\class-admin-notices.php:8
actionadmin_bar_menuapplication\controller\admin\class-admin-notices.php:9
actioncmb2_admin_initapplication\controller\admin\class-campaigns.php:20
actionpeerraiser_page_peerraiser-campaignsapplication\controller\admin\class-campaigns.php:21
actionpeerraiser_add_campaignapplication\controller\admin\class-campaigns.php:22
actionpeerraiser_update_campaignapplication\controller\admin\class-campaigns.php:23
actionpeerraiser_delete_campaignapplication\controller\admin\class-campaigns.php:24
actionpeerraiser_updated_campaign_metaapplication\controller\admin\class-campaigns.php:25
actionpeerraiser_updated_campaign_metaapplication\controller\admin\class-campaigns.php:26
actionpeerraiser_deleted_campaign_metaapplication\controller\admin\class-campaigns.php:27
actionpeerraiser_deleted_campaign_metaapplication\controller\admin\class-campaigns.php:28
actionpeerraiser_end_campaignapplication\controller\admin\class-campaigns.php:29
actionpeerraiser_page_peerraiser-donationsapplication\controller\admin\class-donations.php:8
actionadmin_initapplication\controller\admin\class-donations.php:9
actioncmb2_admin_initapplication\controller\admin\class-donations.php:10
actionpeerraiser_after_donation_metaboxesapplication\controller\admin\class-donations.php:11
actionpublish_pr_donationapplication\controller\admin\class-donations.php:12
actionpeerraiser_add_donationapplication\controller\admin\class-donations.php:13
actionpeerraiser_update_donationapplication\controller\admin\class-donations.php:14
actionpeerraiser_delete_donationapplication\controller\admin\class-donations.php:15
actioncmb2_admin_initapplication\controller\admin\class-donors.php:11
actionpeerraiser_after_donor_metaboxesapplication\controller\admin\class-donors.php:12
actionpeerraiser_page_peerraiser-donorsapplication\controller\admin\class-donors.php:13
actionuser_registerapplication\controller\admin\class-donors.php:14
actionpeerraiser_add_donorapplication\controller\admin\class-donors.php:15
actionpeerraiser_update_donorapplication\controller\admin\class-donors.php:16
actionpeerraiser_delete_donorapplication\controller\admin\class-donors.php:17
actionpeerraiser_donor_updated_first_nameapplication\controller\admin\class-donors.php:18
actionpeerraiser_donor_updated_last_nameapplication\controller\admin\class-donors.php:19
actioncmb2_admin_initapplication\controller\admin\class-fundraisers.php:8
actionadmin_print_styles-post-new.phpapplication\controller\admin\class-fundraisers.php:9
actionadmin_print_styles-post.phpapplication\controller\admin\class-fundraisers.php:10
actionadded_post_metaapplication\controller\admin\class-fundraisers.php:11
actionupdate_post_metaapplication\controller\admin\class-fundraisers.php:12
actiondelete_post_metaapplication\controller\admin\class-fundraisers.php:13
actionmanage_fundraiser_posts_custom_columnapplication\controller\admin\class-fundraisers.php:14
actionmeta_boxesapplication\controller\admin\class-fundraisers.php:15
actionpost_edit_form_tagapplication\controller\admin\class-fundraisers.php:16
actionpre_get_postsapplication\controller\admin\class-fundraisers.php:17
filtermanage_edit-fundraiser_sortable_columnsapplication\controller\admin\class-fundraisers.php:19
actioncmb2_admin_initapplication\controller\admin\class-participants.php:11
actionpeerraiser_after_participant_metaboxesapplication\controller\admin\class-participants.php:12
actionpeerraiser_page_peerraiser-participantsapplication\controller\admin\class-participants.php:13
actionpeerraiser_add_participantapplication\controller\admin\class-participants.php:14
actionpeerraiser_update_participantapplication\controller\admin\class-participants.php:15
actionpeerraiser_delete_participantapplication\controller\admin\class-participants.php:16
actioninitapplication\controller\admin\class-settings.php:13
actioncmb2_admin_initapplication\controller\admin\class-teams.php:11
actionpeerraiser_page_peerraiser-teamsapplication\controller\admin\class-teams.php:12
actionpeerraiser_add_teamapplication\controller\admin\class-teams.php:13
actionpeerraiser_update_teamapplication\controller\admin\class-teams.php:14
actionpeerraiser_delete_teamapplication\controller\admin\class-teams.php:15
actionsave_postapplication\controller\class-activity-feed.php:11
actiondelete_postapplication\controller\class-activity-feed.php:12
actionpeerraiser_campaign_addedapplication\controller\class-activity-feed.php:13
actionpeerraiser_campaign_deletedapplication\controller\class-activity-feed.php:14
actionpeerraiser_donation_addedapplication\controller\class-activity-feed.php:15
actionpeerraiser_donation_deletedapplication\controller\class-activity-feed.php:16
actioncmb2_initapplication\controller\class-admin.php:25
actionadmin_menuapplication\controller\class-admin.php:26
actioncurrent_screenapplication\controller\class-admin.php:27
actionadmin_headapplication\controller\class-admin.php:28
actionadmin_print_footer_scriptsapplication\controller\class-admin.php:29
actionadmin_enqueue_scriptsapplication\controller\class-admin.php:30
actionadmin_enqueue_scriptsapplication\controller\class-admin.php:31
actionadmin_enqueue_scriptsapplication\controller\class-admin.php:32
actionadmin_enqueue_scriptsapplication\controller\class-admin.php:33
filterenter_title_hereapplication\controller\class-admin.php:41
filtermanage_users_columnsapplication\controller\class-admin.php:42
filtermanage_users_custom_columnapplication\controller\class-admin.php:43
actionpeerraiser_readyapplication\controller\class-custom-post-type.php:11
actionadmin_initapplication\controller\class-install.php:45
actionadmin_initapplication\controller\class-install.php:46
actionpeerraiser_update_capabilitiesapplication\controller\class-install.php:47
actionpeerraiser_check_requirementsapplication\controller\class-install.php:48
actionadmin_noticesapplication\controller\class-install.php:49
actionadmin_noticesapplication\controller\class-install.php:50
actioninitapplication\controller\class-taxonomy.php:11
actionadmin_post_nopriv_peerraiser_loginapplication\controller\frontend\class-account.php:8
actionadmin_post_peerraiser_loginapplication\controller\frontend\class-account.php:9
actionadmin_post_nopriv_peerraiser_signupapplication\controller\frontend\class-account.php:10
actionadmin_post_peerraiser_signupapplication\controller\frontend\class-account.php:11
actionpeerraiser_add_pending_donationapplication\controller\frontend\class-donation.php:11
actionpeerraiser_donation_completedapplication\controller\frontend\class-donation.php:12
actionpeerraiser_donation_completedapplication\controller\frontend\class-donation.php:13
actioninitapplication\controller\frontend\class-frontend.php:10
actionafter_setup_themeapplication\controller\frontend\class-frontend.php:11
filterquery_varsapplication\controller\frontend\class-frontend.php:13
filtercmb2_wrap_classesapplication\controller\frontend\class-frontend.php:14
filtertemplate_includeapplication\controller\frontend\class-frontend.php:15
actiontemplate_redirectapplication\controller\frontend\class-participant-dashboard.php:10
actioncmb2_save_user_fieldsapplication\controller\frontend\class-participant-dashboard.php:11
actionadmin_post_peerraiser_change_passwordapplication\controller\frontend\class-participant-dashboard.php:12
actionwp_enqueue_scriptsapplication\controller\frontend\class-post.php:10
actionwp_enqueue_scriptsapplication\controller\frontend\class-post.php:11
actiontemplate_redirectapplication\controller\frontend\class-registration.php:15
actioncmb2_initapplication\controller\frontend\class-registration.php:16
actionpeerraiser_register_individualapplication\controller\frontend\class-registration.php:17
actionpeerraiser_register_teamapplication\controller\frontend\class-registration.php:18
actionpeerraiser_individual_registration_completedapplication\controller\frontend\class-registration.php:157
actionpeerraiser_team_registration_completedapplication\controller\frontend\class-registration.php:219
actioncmb2_initapplication\controller\frontend\class-shortcode.php:20
filterarchive_templateapplication\controller\frontend\class-template.php:8
actionwidgets_initapplication\controller\frontend\class-widget.php:10
actionwidgets_initapplication\controller\frontend\class-widget.php:11
actionwidgets_initapplication\controller\frontend\class-widget.php:12
actionrest_api_initapplication\core\class-bootstrap.php:82
filterposts_orderbyapplication\helper\class-field.php:593
actioninitapplication\model\class-custom-post-type.php:153
actioninitapplication\model\class-custom-post-type.php:156
actioninitapplication\model\class-custom-post-type.php:159
filterpost_updated_messagesapplication\model\class-custom-post-type.php:165
filterbulk_post_updated_messagesapplication\model\class-custom-post-type.php:166
actionload-edit.phpapplication\model\class-custom-post-type.php:571
actionplugins_loadedapplication\model\database\class-donation-meta-table.php:21
actionplugins_loadedapplication\model\database\class-donor-meta-table.php:22
actioncmb2_admin_initlibrary\CMB2\example-functions.php:105
actioncmb2_admin_initlibrary\CMB2\example-functions.php:470
actioncmb2_admin_initlibrary\CMB2\example-functions.php:500
actioncmb2_admin_initlibrary\CMB2\example-functions.php:564
actioncmb2_admin_initlibrary\CMB2\example-functions.php:633
actioncmb2_admin_initlibrary\CMB2\example-functions.php:674
actioncmb2_initlibrary\CMB2\example-functions.php:776
filterwp_prepare_attachment_for_jslibrary\CMB2\includes\CMB2.php:1549
actionadmin_enqueue_scriptslibrary\CMB2\includes\CMB2.php:1567
actioncmb2_save_options-page_fieldslibrary\CMB2\includes\CMB2_Ajax.php:54
filterget_post_metadatalibrary\CMB2\includes\CMB2_Ajax.php:147
filterupdate_post_metadatalibrary\CMB2\includes\CMB2_Ajax.php:150
filtercmb2_show_onlibrary\CMB2\includes\CMB2_Hookup.php:79
actionedit_form_toplibrary\CMB2\includes\CMB2_Hookup.php:115
actionedit_form_before_permalinklibrary\CMB2\includes\CMB2_Hookup.php:119
actionedit_form_after_titlelibrary\CMB2\includes\CMB2_Hookup.php:123
actionedit_form_after_editorlibrary\CMB2\includes\CMB2_Hookup.php:127
actionadd_meta_boxeslibrary\CMB2\includes\CMB2_Hookup.php:131
actionadd_meta_boxeslibrary\CMB2\includes\CMB2_Hookup.php:134
actionadd_attachmentlibrary\CMB2\includes\CMB2_Hookup.php:135
actionedit_attachmentlibrary\CMB2\includes\CMB2_Hookup.php:136
actionsave_postlibrary\CMB2\includes\CMB2_Hookup.php:137
actionpre_get_postslibrary\CMB2\includes\CMB2_Hookup.php:144
actionadd_meta_boxes_commentlibrary\CMB2\includes\CMB2_Hookup.php:152
actionedit_commentlibrary\CMB2\includes\CMB2_Hookup.php:153
filtermanage_edit-comments_columnslibrary\CMB2\includes\CMB2_Hookup.php:156
actionmanage_comments_custom_columnlibrary\CMB2\includes\CMB2_Hookup.php:157
filtermanage_edit-comments_sortable_columnslibrary\CMB2\includes\CMB2_Hookup.php:158
actionpre_get_postslibrary\CMB2\includes\CMB2_Hookup.php:159
actionshow_user_profilelibrary\CMB2\includes\CMB2_Hookup.php:168
actionedit_user_profilelibrary\CMB2\includes\CMB2_Hookup.php:169
actionuser_new_formlibrary\CMB2\includes\CMB2_Hookup.php:170
actionpersonal_options_updatelibrary\CMB2\includes\CMB2_Hookup.php:172
actionedit_user_profile_updatelibrary\CMB2\includes\CMB2_Hookup.php:173
actionuser_registerlibrary\CMB2\includes\CMB2_Hookup.php:174
filtermanage_users_columnslibrary\CMB2\includes\CMB2_Hookup.php:177
filtermanage_users_custom_columnlibrary\CMB2\includes\CMB2_Hookup.php:178
filtermanage_users_sortable_columnslibrary\CMB2\includes\CMB2_Hookup.php:179
actionpre_get_postslibrary\CMB2\includes\CMB2_Hookup.php:180
actionpre_get_postslibrary\CMB2\includes\CMB2_Hookup.php:226
actioncreated_termlibrary\CMB2\includes\CMB2_Hookup.php:230
actionedited_termslibrary\CMB2\includes\CMB2_Hookup.php:231
actiondelete_termlibrary\CMB2\includes\CMB2_Hookup.php:232
actioncmb2_do_oembedlibrary\CMB2\includes\helper-functions.php:131
filteris_protected_metalibrary\CMB2\includes\rest-api\CMB2_REST.php:144
actioninitlibrary\CMB2\init.php:78
actionplugins_loadedpeerraiser.php:44

Scheduled Events 1

peerraiser_end_campaign
Maintenance & Trust

PeerRaiser – Peer-to-Peer Fundraising Donation Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested5.4.19
Last updatedApr 8, 2020
PHP min version
Downloads5K

Community Trust

Rating60/100
Number of ratings4
Active installs10
Alternatives

PeerRaiser – Peer-to-Peer Fundraising Donation Plugin Alternatives

Donorbox – Free Recurring Donation Plugin and Fundraising Platform

Donorbox – Free Recurring Donation Plugin and Fundraising Platform

donorbox-donation-form

A
99

Donorbox is a powerful and secure donation management plugin for WordPress. We are the only donation plugin for WordPress that offers a fast feature-f …

9K 2 CVEs
Zeffy Donate Button

Zeffy Donate Button

zeffy-donate-button

A
100

Embed Zeffy donation forms on your WordPress site with customizable popup buttons. Simple setup with no coding required.

400 No CVEs
FundPress – WordPress Donation Plugin

FundPress – WordPress Donation Plugin

fundpress

A
98

Easily build your own crowdfunding platform like Kickstarter with this free WordPress donation plugin in just a few clicks. No coding required.

300 1 CVE
Funraise Giving Form

Funraise Giving Form

funraise-donation-form

A
100

Use Funraise to add donation forms to your website with a shortcode. Manage donations and donors in Funraise's free platform.

300 No CVEs
SKT Donation – Charity and Fundraising Plugin

SKT Donation – Charity and Fundraising Plugin

skt-donation

A
99

SKT Donation plugin has been created to facilitate donations for NGO, non profit, charity, charitable organizations, crowdfunding, fundraisers via pay …

200 1 CVE
Developer Profile

PeerRaiser – Peer-to-Peer Fundraising Donation Plugin Developer Profile

Nate Allen

1 plugin · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect PeerRaiser – Peer-to-Peer Fundraising Donation Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/peerraiser/css/peerraiser-admin.css/wp-content/plugins/peerraiser/css/peerraiser-admin-campaigns.css/wp-content/plugins/peerraiser/css/peerraiser-font-awesome.css/wp-content/plugins/peerraiser/css/peerraiser-select2.css/wp-content/plugins/peerraiser/js/peerraiser-admin.js/wp-content/plugins/peerraiser/js/peerraiser-admin-campaigns.js/wp-content/plugins/peerraiser/js/peerraiser-select2.js
Script Paths
/wp-content/plugins/peerraiser/js/peerraiser-admin-campaigns.js
Version Parameters
peerraiser-admin.css?ver=peerraiser-admin-campaigns.css?ver=peerraiser-admin.js?ver=peerraiser-admin-campaigns.js?ver=

HTML / DOM Fingerprints

CSS Classes
peerraiser-adminpeerraiser-admin-campaigns
Data Attributes
data-campaign-iddata-fundraiser-id
JS Globals
peerraiser_object
FAQ

Frequently Asked Questions about PeerRaiser – Peer-to-Peer Fundraising Donation Plugin