WP-Safety

Seamless Donations is Sunset Security & Risk Analysis

wordpress.org/plugins/seamless-donations

Sunset Notice

2K active installs v5.3 PHP + WP 4.0+ Updated Mar 22, 2024
givewp
83
B · Generally Safe
CVEs total2
Unpatched0
Last CVEMay 26, 2022
Plugin page Download
Safety Verdict

Is Seamless Donations is Sunset Safe to Use in 2026?

Mostly Safe

Score 83/100

Seamless Donations is Sunset is generally safe to use though it hasn't been updated recently. 2 past CVEs were resolved.

2 known CVEsLast CVE: May 26, 2022Updated 2yr ago
Risk Assessment

The Seamless Donations plugin version 5.3 exhibits a mixed security posture. On the positive side, it demonstrates good practices with a high percentage of properly escaped outputs, robust nonce and capability checks, and a majority of SQL queries utilizing prepared statements. The attack surface, while present with AJAX handlers and shortcodes, is entirely protected by authentication checks, which is a strong indicator of security awareness. Furthermore, there are no currently unpatched CVEs, suggesting active maintenance and remediation of past issues.

However, several areas warrant attention. The presence of 9 dangerous function calls, specifically `unserialize`, introduces a potential risk if user-controlled data is passed to it without proper sanitization, which is further highlighted by 7 high-severity taint flows originating from unsanitized paths. The plugin also makes 16 external HTTP requests, which could be an avenue for attackers if these requests are not handled securely and can be influenced by user input. The vulnerability history, with 2 high-severity CVEs in the past, primarily involving CSRF and XSS, indicates a pattern of past vulnerabilities that required significant patching. While these are no longer unpatched, it suggests the need for continued vigilance.

In conclusion, Seamless Donations 5.3 has made significant strides in security, particularly in input validation and authentication. The protected entry points and a low number of unpatched vulnerabilities are commendable. However, the reliance on `unserialize` and the identified high-severity taint flows represent tangible risks that could be exploited. The history of high-severity XSS and CSRF vulnerabilities also suggests that comprehensive input validation and output escaping should remain a top priority to prevent future recurrences.

Key Concerns

  • High severity taint flows
  • Dangerous function: unserialize
  • Past high severity CVEs (2)
  • External HTTP requests (16)
Vulnerabilities
2 published

Seamless Donations is Sunset Security Vulnerabilities

CVEs by Year

2 CVEs in 2022
2022
Patched Has unpatched

Severity Breakdown

High
2

2 total CVEs

CVE-2022-1610high · 8.8Cross-Site Request Forgery (CSRF)

Seamless Donations: A Platform for Global Fundraising and Rebuilding using Stripe and PayPal <= 5.1.7 - Cross-Site Request Forgery to Settings Chage

May 26, 2022 Patched in 5.1.8 (607d)
WF-d159130a-c99d-44d3-a130-aa0146f17157-seamless-donationshigh · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Seamless Donations: A Platform for Global Fundraising and Rebuilding using Stripe and PayPal <= 5.1.12 - Cross-Site Scripting

May 24, 2022 Patched in 5.1.13 (609d)
Version History

Seamless Donations is Sunset Release Timeline

v5.3Current
v5.2.7
v5.2.6
v5.2.5
v5.2.4
v5.2.3
v5.2.2
v5.2.0
v5.1.21
v5.1.20
v5.1.19
v5.1.18
v5.1.17
v5.1.16
v5.1.15
v5.1.14
v5.1.13
v5.1.121 CVE
WF-d159130a-c99d-44d3-a130-aa0146f17157-seamless-donations
v5.1.111 CVE
WF-d159130a-c99d-44d3-a130-aa0146f17157-seamless-donations
v5.1.101 CVE
WF-d159130a-c99d-44d3-a130-aa0146f17157-seamless-donations
Code Analysis
Analyzed Mar 16, 2026

Seamless Donations is Sunset Code Analysis

Dangerous Functions
9
Raw SQL Queries
3
9 prepared
Unescaped Output
63
564 escaped
Nonce Checks
25
Capability Checks
9
File Operations
3
External Requests
16
Bundled Libraries
1

Dangerous Functions Found

unserialize$license_array = unserialize( $value );admin\logs.php:420
unserialize$license_array = unserialize( $license_array );admin\logs.php:422
unserialize$value_array = unserialize( $option_value );admin\logs.php:500
unserialize$audit_array[] = unserialize( $option_value );inc\audit.php:288
unserialize$button_list_array = unserialize( $button_list_option );inc\cmb2.php:120
unserialize$button_list_array = unserialize( $button_list_option );inc\cmb2.php:147
unserialize$button_list_array = unserialize( $button_list_option );inc\cmb2.php:202
unserialize$button_list_array = unserialize( $button_list_option );inc\cmb2.php:245
unserialize$license_array = unserialize( get_option( 'dgxdonate_licenses' ) );inc\utilities.php:652

Bundled Libraries

Stripe PHP

SQL Query Safety

75% prepared12 total queries

Output Escaping

90% escaped627 total outputs
Data Flows · Security
10 unsanitized

Data Flow Analysis

20 flows10 with unsanitized paths
seamless_donations_process_payment (inc\payment.php:18)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Seamless Donations is Sunset Attack Surface

Entry Points4
Unprotected0

AJAX Handlers 2

authwp_ajax_cmb2_oembed_handlerlibrary\cmb2\includes\CMB2_Ajax.php:51
noprivwp_ajax_cmb2_oembed_handlerlibrary\cmb2\includes\CMB2_Ajax.php:52

Shortcodes 2

[seamless_formtest] inc\form-engine.php:749
[seamless-donations] seamless-donations.php:265
WordPress Hooks 129
actioncmb2_admin_initadmin\addons.php:19
actioncmb2_admin_initadmin\forms.php:20
actionadmin_post_seamless_donations_tab_formsadmin\forms.php:44
actioncmb2_admin_initadmin\licenses.php:19
actionadmin_post_seamless_donations_tab_licensesadmin\licenses.php:46
actioncmb2_admin_initadmin\logs.php:20
actionadmin_post_seamless_donations_tab_logsadmin\logs.php:47
actioncmb2_admin_initadmin\main.php:19
actionadmin_post_seamless_donations_tab_mainadmin\main.php:45
actioncmb2_admin_initadmin\settings.php:19
actionadmin_post_seamless_donations_tab_settingsadmin\settings.php:46
actioncmb2_admin_initadmin\templates.php:19
actionadmin_post_seamless_donations_tab_templatesadmin\templates.php:46
actioncmb2_admin_initadmin\thanks.php:20
actionadmin_post_seamless_donations_tab_thanksadmin\thanks.php:47
actionadd_meta_boxes_donationcpt\donation-detail.php:42
filteradmin_body_classcpt\donation-detail.php:339
filtermanage_edit-donation_columnscpt\donation-list.php:45
actionmanage_donation_posts_custom_columncpt\donation-list.php:46
actionload-edit.phpcpt\donation-list.php:47
filtermanage_edit-donation_sortable_columnscpt\donation-list.php:48
actionadmin_menucpt\donation-list.php:57
filterwp_sitemaps_post_typescpt\donation-list.php:63
filterrequestcpt\donation-list.php:211
filteradmin_body_classcpt\donation-list.php:218
actionadd_meta_boxes_donorcpt\donor-detail.php:40
filteradmin_body_classcpt\donor-detail.php:197
filtermanage_edit-donor_columnscpt\donor-list.php:44
actionmanage_donor_posts_custom_columncpt\donor-list.php:45
actionload-edit.phpcpt\donor-list.php:46
filtermanage_edit-donor_sortable_columnscpt\donor-list.php:47
actionadmin_menucpt\donor-list.php:56
filterwp_sitemaps_post_typescpt\donor-list.php:62
filterrequestcpt\donor-list.php:218
filteradmin_body_classcpt\donor-list.php:225
actionpost_updatedcpt\funds-detail.php:19
actionadd_meta_boxes_fundscpt\funds-detail.php:43
filteradmin_body_classcpt\funds-detail.php:162
filtermanage_edit-funds_columnscpt\funds-list.php:45
actionmanage_funds_posts_custom_columncpt\funds-list.php:46
actionload-edit.phpcpt\funds-list.php:47
filtermanage_edit-funds_sortable_columnscpt\funds-list.php:48
filterwp_sitemaps_post_typescpt\funds-list.php:61
filterrequestcpt\funds-list.php:165
filteradmin_body_classcpt\funds-list.php:172
actionadmin_initinc\alerts.php:44
actionseamless_donations_daily_cron_hookinc\cron.php:14
actionseamless_donations_hourly_cron_hookinc\cron.php:15
actionpre_post_updateinc\debug.php:330
actionedit_attachmentinc\debug.php:331
actionattachment_updatedinc\debug.php:332
actionadd_attachmentinc\debug.php:333
actionpost_updatedinc\debug.php:334
actionsave_postinc\debug.php:335
actionwp_insert_postinc\debug.php:336
actionwidgets_initinc\widgets.php:157
actioncmb2_admin_initlibrary\cmb2\example-functions.php:105
actioncmb2_admin_initlibrary\cmb2\example-functions.php:470
actioncmb2_admin_initlibrary\cmb2\example-functions.php:500
actioncmb2_admin_initlibrary\cmb2\example-functions.php:564
actioncmb2_admin_initlibrary\cmb2\example-functions.php:633
actioncmb2_admin_initlibrary\cmb2\example-functions.php:674
actioncmb2_initlibrary\cmb2\example-functions.php:777
filterwp_prepare_attachment_for_jslibrary\cmb2\includes\CMB2.php:1558
actionadmin_enqueue_scriptslibrary\cmb2\includes\CMB2.php:1576
actioncmb2_save_options-page_fieldslibrary\cmb2\includes\CMB2_Ajax.php:54
filterget_post_metadatalibrary\cmb2\includes\CMB2_Ajax.php:147
filterupdate_post_metadatalibrary\cmb2\includes\CMB2_Ajax.php:150
filtercmb2_show_onlibrary\cmb2\includes\CMB2_Hookup.php:79
actionedit_form_toplibrary\cmb2\includes\CMB2_Hookup.php:115
actionedit_form_before_permalinklibrary\cmb2\includes\CMB2_Hookup.php:119
actionedit_form_after_titlelibrary\cmb2\includes\CMB2_Hookup.php:123
actionedit_form_after_editorlibrary\cmb2\includes\CMB2_Hookup.php:127
actionadd_meta_boxeslibrary\cmb2\includes\CMB2_Hookup.php:131
actionadd_meta_boxeslibrary\cmb2\includes\CMB2_Hookup.php:134
actionadd_attachmentlibrary\cmb2\includes\CMB2_Hookup.php:135
actionedit_attachmentlibrary\cmb2\includes\CMB2_Hookup.php:136
actionsave_postlibrary\cmb2\includes\CMB2_Hookup.php:137
actionpre_get_postslibrary\cmb2\includes\CMB2_Hookup.php:144
actionadd_meta_boxes_commentlibrary\cmb2\includes\CMB2_Hookup.php:152
actionedit_commentlibrary\cmb2\includes\CMB2_Hookup.php:153
filtermanage_edit-comments_columnslibrary\cmb2\includes\CMB2_Hookup.php:156
actionmanage_comments_custom_columnlibrary\cmb2\includes\CMB2_Hookup.php:157
filtermanage_edit-comments_sortable_columnslibrary\cmb2\includes\CMB2_Hookup.php:158
actionpre_get_postslibrary\cmb2\includes\CMB2_Hookup.php:159
actionshow_user_profilelibrary\cmb2\includes\CMB2_Hookup.php:168
actionedit_user_profilelibrary\cmb2\includes\CMB2_Hookup.php:169
actionuser_new_formlibrary\cmb2\includes\CMB2_Hookup.php:170
actionpersonal_options_updatelibrary\cmb2\includes\CMB2_Hookup.php:172
actionedit_user_profile_updatelibrary\cmb2\includes\CMB2_Hookup.php:173
actionuser_registerlibrary\cmb2\includes\CMB2_Hookup.php:174
filtermanage_users_columnslibrary\cmb2\includes\CMB2_Hookup.php:177
filtermanage_users_custom_columnlibrary\cmb2\includes\CMB2_Hookup.php:178
filtermanage_users_sortable_columnslibrary\cmb2\includes\CMB2_Hookup.php:179
actionpre_get_postslibrary\cmb2\includes\CMB2_Hookup.php:180
actionpre_get_postslibrary\cmb2\includes\CMB2_Hookup.php:226
actioncreated_termlibrary\cmb2\includes\CMB2_Hookup.php:230
actionedited_termslibrary\cmb2\includes\CMB2_Hookup.php:231
actiondelete_termlibrary\cmb2\includes\CMB2_Hookup.php:232
actioncmb2_do_oembedlibrary\cmb2\includes\helper-functions.php:131
filteris_protected_metalibrary\cmb2\includes\rest-api\CMB2_REST.php:144
actioninitlibrary\cmb2\init.php:131
actioncmb2_render_radio_imagelibrary\cmb2-addons\cmb2-radio-image.php:23
filtercmb2_list_input_attributeslibrary\cmb2-addons\cmb2-radio-image.php:24
actionadmin_headlibrary\cmb2-addons\cmb2-radio-image.php:25
actioncmb2_render_radio_staticlibrary\cmb2-addons\cmb2-radio-image.php:93
filtercmb2_list_input_attributeslibrary\cmb2-addons\cmb2-radio-image.php:94
actionadmin_headlibrary\cmb2-addons\cmb2-radio-image.php:95
filterseamless_donations_form_section_orderpay\paypal-2022\paypal-2022.php:13
actionplugins_loadedseamless-donations.php:125
actionwp_enqueue_scriptsseamless-donations.php:199
actionadmin_enqueue_scriptsseamless-donations.php:200
actionwp_enqueue_scriptsseamless-donations.php:228
actionwp_enqueue_scriptsseamless-donations.php:231
actionadmin_enqueue_scriptsseamless-donations.php:245
actionadmin_noticesseamless-donations.php:434
actionadmin_noticesseamless-donations.php:471
actionadmin_noticesseamless-donations.php:476
actionadmin_noticesseamless-donations.php:487
actionadmin_noticesseamless-donations.php:496
actionadmin_noticesseamless-donations.php:507
actioninitseamless-donations.php:524
actioncmb2_admin_initseamless-donations.php:800
actioncmb2_admin_initseamless-donations.php:802
actioncmb2_admin_initseamless-donations.php:804
filterplugin_row_metaseamless-donations.php:863
filterseamless_donations_deactivate_feedback_form_pluginstelemetry\deactivate.php:14
actionadmin_enqueue_scriptstelemetry\deactivate.php:47
filterseamless_donations_deactivate_feedback_form_pluginstelemetry\deactivate.php:106

Scheduled Events 1

seamless_donations_daily_cron_hook
Maintenance & Trust

Seamless Donations is Sunset Maintenance & Trust

Maintenance Signals

WordPress version tested6.4.8
Last updatedMar 22, 2024
PHP min version
Downloads477K

Community Trust

Rating82/100
Number of ratings70
Active installs2K
Alternatives

Seamless Donations is Sunset Alternatives

GiveWP Donation Widgets for Elementor

GiveWP Donation Widgets for Elementor

givewp-donation-widgets-for-elementor

A
100

A GiveWP add-on which allows you to embed any GiveWP shortcode into your Elementor-powered pages.

7K No CVEs
Give – Paystack Gateway

Give – Paystack Gateway

paystack-for-give

A
100

Fundraise with Paystack and GiveWP.

1K No CVEs
Give – Divi Donation Modules

Give – Divi Donation Modules

give-donation-modules-for-divi

A
91

A GiveWP add-on which allows you to embed any GiveWP shortcode into your Divi-powered pages.

600 1 CVE
LSX PayFast Gateway for Give

LSX PayFast Gateway for Give

lsx-give-payfast-gateway

A
85

PayFast payment gateway for Give.

200 No CVEs
Give – Double the Donation

Give – Double the Donation

give-double-the-donation

A
100

Empower your GiveWP donors to have their company match their donations with the most powerful Company Matching platform: Double the Donation.

100 No CVEs
Developer Profile

Seamless Donations is Sunset Developer Profile

GiveWP

1 plugin · 2K total installs

67
trust score
Avg Security Score
83/100
Avg Patch Time
608 days
View full developer profile
Detection Fingerprints

How We Detect Seamless Donations is Sunset

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/seamless-donations/css/style.css/wp-content/plugins/seamless-donations/js/seamless-donations.js/wp-content/plugins/seamless-donations/js/seamless-donations-admin.js/wp-content/plugins/seamless-donations/js/seamless-donations-validate.js/wp-content/plugins/seamless-donations/js/validation/additional-methods.min.js/wp-content/plugins/seamless-donations/js/validation/jquery.validate.min.js
Script Paths
/wp-content/plugins/seamless-donations/js/seamless-donations.js/wp-content/plugins/seamless-donations/js/seamless-donations-admin.js/wp-content/plugins/seamless-donations/js/seamless-donations-validate.js/wp-content/plugins/seamless-donations/js/validation/jquery.validate.min.js/wp-content/plugins/seamless-donations/js/validation/additional-methods.min.js
Version Parameters
seamless-donations/css/style.css?ver=seamless-donations/js/seamless-donations.js?ver=seamless-donations/js/seamless-donations-admin.js?ver=seamless-donations/js/seamless-donations-validate.js?ver=seamless-donations/js/validation/jquery.validate.min.js?ver=seamless-donations/js/validation/additional-methods.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
sd-donate-formsd-donation-buttonsd-donor-infosd-payment-gateway-optionssd-thank-you-messagesd-donation-totalsd-recurring-donation-optionssd-donation-amount-field+8 more
HTML Comments
<!-- Start Seamless Donations Form --><!-- End Seamless Donations Form --><!-- Seamless Donations: Donation Form Start --><!-- Seamless Donations: Donation Form End -->+2 more
Data Attributes
data-seamless-donations-form-iddata-sd-currency-symboldata-sd-currency-positiondata-sd-donate-button-text
JS Globals
seamlessDonationssdVars
REST Endpoints
/wp-json/seamless-donations/v1/process-donation
Shortcode Output
<form class="sd-donate-form"<input type="hidden" name="seamless_donations_nonce"<div class="sd-donation-total"<button type="submit" class="sd-donation-button"
FAQ

Frequently Asked Questions about Seamless Donations is Sunset