WP-Safety

SureDonation Security & Risk Analysis

wordpress.org/plugins/suredonation

A powerful donation management plugin for WordPress with campaign tracking, Stripe payment processing, and donor management.

0 active installs v0.0.1 PHP 7.4+ WP 6.4+ Updated Mar 4, 2026
campaignsdonationsfundraisingnonprofitstripe
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is SureDonation Safe to Use in 2026?

Generally Safe

Score 100/100

SureDonation has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The suredonation plugin v0.0.1 exhibits a generally strong security posture based on the provided static analysis. The code demonstrates excellent adherence to secure coding practices, with 100% of SQL queries utilizing prepared statements and all output being properly escaped. Furthermore, the absence of dangerous functions and critical or high-severity taint flows suggests a low likelihood of common injection vulnerabilities. The plugin also has no recorded vulnerability history, which is a positive indicator. However, the presence of two unprotected REST API routes represents a significant concern, as these could potentially be exploited without proper authorization checks. The plugin also has a moderate attack surface with 15 total entry points, and while most are protected, these two exceptions warrant attention.

Key Concerns

  • Unprotected REST API routes
Vulnerabilities
None known

SureDonation Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

SureDonation Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
112 prepared
Unescaped Output
1
596 escaped
Nonce Checks
5
Capability Checks
25
File Operations
1
External Requests
4
Bundled Libraries
0

SQL Query Safety

100% prepared112 total queries

Output Escaping

100% escaped597 total outputs
Attack Surface
2 unprotected

SureDonation Attack Surface

Entry Points15
Unprotected2

AJAX Handlers 6

authwp_ajax_suredonation_submit_donationinc\ajax\donation-handler.php:36
noprivwp_ajax_suredonation_submit_donationinc\ajax\donation-handler.php:37
authwp_ajax_suredonation_create_payment_intentinc\payments\stripe\stripe-frontend.php:37
noprivwp_ajax_suredonation_create_payment_intentinc\payments\stripe\stripe-frontend.php:38
authwp_ajax_suredonation_complete_donationinc\payments\stripe\stripe-frontend.php:41
noprivwp_ajax_suredonation_complete_donationinc\payments\stripe\stripe-frontend.php:42

REST API Routes 8

GET/wp-json/suredonation/v1/payments/stripe/settingsinc\payments\stripe\stripe-settings.php:49
GET/wp-json/suredonation/v1/payments/stripe/settingsinc\payments\stripe\stripe-settings.php:60
GET/wp-json/suredonation/v1/payments/stripe/connect-urlinc\payments\stripe\stripe-settings.php:71
GET/wp-json/suredonation/v1/payments/stripe/disconnectinc\payments\stripe\stripe-settings.php:82
GET/wp-json/suredonation/v1/payments/stripe/webhook/createinc\payments\stripe\stripe-settings.php:93
GET/wp-json/suredonation/v1/payments/stripe/webhook/deleteinc\payments\stripe\stripe-settings.php:124
GET/wp-json/suredonation/webhook_testinc\payments\stripe\stripe-webhook.php:50
GET/wp-json/suredonation/webhook_liveinc\payments\stripe\stripe-webhook.php:66

Shortcodes 1

[suredonation_form] inc\shortcodes\donation-form.php:36
WordPress Hooks 20
actionadmin_menuinc\admin\admin.php:31
actionadmin_menuinc\admin\admin.php:32
actionadmin_enqueue_scriptsinc\admin\admin.php:33
actioninitinc\blocks\register.php:32
actionenqueue_block_editor_assetsinc\blocks\register.php:33
filterblock_categories_allinc\blocks\register.php:34
actioninitinc\campaigns\campaign-cpt.php:47
actioninitinc\campaigns\campaign-cpt.php:48
actionenqueue_block_editor_assetsinc\form-editor\assets.php:35
actioninitinc\form-editor\assets.php:36
actionwp_enqueue_scriptsinc\payments\stripe\stripe-frontend.php:45
actionrest_api_initinc\payments\stripe\stripe-settings.php:37
actionadmin_initinc\payments\stripe\stripe-settings.php:38
actionrest_api_initinc\payments\stripe\stripe-webhook.php:39
actioninitinc\post-types\donation-form.php:46
actioninitinc\post-types\donation-form.php:47
filterallowed_block_types_allinc\post-types\donation-form.php:48
actionenqueue_block_editor_assetsinc\post-types\donation-form.php:49
actionrest_api_initinc\rest-api.php:52
actionplugins_loadedplugin-loader.php:185
Maintenance & Trust

SureDonation Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 4, 2026
PHP min version7.4
Downloads141

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

SureDonation Alternatives

Donorbox – Free Recurring Donation Plugin and Fundraising Platform

Donorbox – Free Recurring Donation Plugin and Fundraising Platform

donorbox-donation-form

A
99

Donorbox is a powerful and secure donation management plugin for WordPress. We are the only donation plugin for WordPress that offers a fast feature-f …

9K 2 CVEs
Better Payment – Instant Payments, Donations, Fundraising with Subscriptions & More

Better Payment – Instant Payments, Donations, Fundraising with Subscriptions & More

better-payment

A
100

Better Payment allows you to automate payment transactions to manage payments, donations, subscriptions, sell products, etc on your Elementor website.

6K No CVEs
Philantro – Donations and Donor Management

Philantro – Donations and Donor Management

philantro

A
99

Securely accept one-time and recurring donations with automated donor records, analytics and fundraising campaign tracking.

60 2 CVEs
Stripe Political Donations

Stripe Political Donations

stripe-political-donations

A
85

This plugin helps you integrate and use Stripe.com in order to solicit campaign donations from your site.

10 No CVEs
Crowded Collect — Dues & Fundraising

Crowded Collect — Dues & Fundraising

crowded-collect-dues-fundraising

A
100

Embed your Crowded collection directly into your WordPress site with no coding required!

0 No CVEs
Developer Profile

SureDonation Developer Profile

Brainstorm Force

32 plugins · 8.6M total installs

78
trust score
Avg Security Score
98/100
Avg Patch Time
196 days
View full developer profile
Detection Fingerprints

How We Detect SureDonation

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/suredonation/assets/build/admin.css/wp-content/plugins/suredonation/assets/build/admin.js
Version Parameters
suredonation/assets/build/admin.js?ver=suredonation/assets/build/admin.css?ver=

HTML / DOM Fingerprints

CSS Classes
suredonation-admin-root
Data Attributes
id="suredonation-admin-root"
JS Globals
suredonation_admin
REST Endpoints
/wp-json/suredonation/v1
FAQ

Frequently Asked Questions about SureDonation