WP-Safety

WP Crowdfunding Security & Risk Analysis

wordpress.org/plugins/wp-crowdfunding

WP Crowdfunding is a WordPress plugin for fundraising/backer sites. This WooCommerce based plugin lets you launch a site like Kickstarter easily.

3K active installs v2.1.17 PHP + WP 5.9+ Updated Jul 30, 2025
backercrowdfundingdonationfund-risingkickstarter
97
A · Safe
CVEs total13
Unpatched0
Last CVEApr 1, 2025
Plugin page Download
Safety Verdict

Is WP Crowdfunding Safe to Use in 2026?

Generally Safe

Score 97/100

WP Crowdfunding has a strong security track record. Known vulnerabilities have been patched promptly.

13 known CVEsLast CVE: Apr 1, 2025Updated 8mo ago
Risk Assessment

The wp-crowdfunding plugin v2.1.17 exhibits a mixed security posture. On the positive side, it demonstrates good practices with a high percentage of properly escaped output (91%) and a significant number of nonce checks (17) and capability checks (8). The absence of bundled libraries and external HTTP requests is also a strength. However, concerns arise from the presence of an unprotected AJAX handler, representing a direct entry point without authentication. The taint analysis reveals one high-severity flow with unsanitized input, which could lead to vulnerabilities if exploited. While there are no currently unpatched CVEs, the plugin has a history of 13 medium-severity vulnerabilities, with common themes including missing authorization, cross-site scripting, and CSRF. This history, combined with the identified unprotected AJAX handler and high-severity taint flow, suggests a pattern of potential oversight in input validation and authorization checks, despite improvements in other areas.

Key Concerns

  • Unprotected AJAX handler identified
  • High severity taint flow with unsanitized input
  • History of 13 medium severity CVEs
Vulnerabilities
13

WP Crowdfunding Security Vulnerabilities

CVEs by Year

7 CVEs in 2023
2023
4 CVEs in 2024
2024
2 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
13

13 total CVEs

CVE-2025-31892medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Crowdfunding <= 2.1.15 - Authenticated (Contributor+) Stored Cross-Site Scripting

Apr 1, 2025 Patched in 2.1.16 (53d)
CVE-2025-1508medium · 5.3Missing Authorization

WP Crowdfunding <= 2.1.14 - Missing Authorization to Authenticated (Subscriber+) Post Content Download

Mar 11, 2025 Patched in 2.1.15 (50d)
CVE-2024-11911medium · 4.3Missing Authorization

WP Crowdfunding <= 2.1.12 - Missing Authorization to Authenticated (Subscriber+) WooCommerce Installation

Dec 12, 2024 Patched in 2.1.13 (1d)
CVE-2024-11910medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Crowdfunding <= 2.1.15 - Authenticated (Contributor+) Stored Cross-Site Scripting

Dec 12, 2024 Patched in 2.1.16 (175d)
CVE-2024-10117medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Crowdfunding <= 2.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpcf_donate Shortcode

Oct 25, 2024 Patched in 2.1.12 (1d)
CVE-2024-43937medium · 4.3Missing Authorization

WP Crowdfunding <= 2.1.10 - Missing Authorization to Authenticated (Subscriber+) to Enable/Disable Addons

Aug 26, 2024 Patched in 2.1.11 (60d)
CVE-2023-50859medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Crowdfunding <= 2.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

Dec 22, 2023 Patched in 2.1.7 (32d)
CVE-2023-6163medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Crowdfunding <= 2.1.9 - Authenticated (Admin+) Stored Cross-Site Scripting

Dec 22, 2023 Patched in 2.1.10 (47d)
CVE-2023-6161medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Crowdfunding <= 2.1.8 - Reflected Cross-Site Scripting

Dec 13, 2023 Patched in 2.1.9 (56d)
CVE-2023-5757medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Crowdfunding <= 2.1.7 - Authenticated (Admin+) Stored Cross-Site Scripting

Nov 28, 2023 Patched in 2.1.8 (56d)
CVE-2023-47532medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Crowdfunding <= 2.1.6 - Reflected Cross-Site Scripting via postid

Nov 7, 2023 Patched in 2.1.7 (77d)
WF-e4dc8f18-d990-4e41-8bf8-dfa9de4c0f6e-wp-crowdfundingmedium · 4.3Cross-Site Request Forgery (CSRF)

WP Crowdfunding <= 2.1.5 - Cross-Site Request Forgery

Sep 8, 2023 Patched in 2.1.6 (137d)
CVE-2023-41870medium · 4.3Missing Authorization

WP Crowdfunding <= 2.1.4 - Missing Authorization via settings_reset

Sep 5, 2023 Patched in 2.1.5 (140d)
Code Analysis
Analyzed Mar 16, 2026

WP Crowdfunding Code Analysis

Dangerous Functions
0
Raw SQL Queries
6
14 prepared
Unescaped Output
90
946 escaped
Nonce Checks
17
Capability Checks
8
File Operations
1
External Requests
0
Bundled Libraries
0

SQL Query Safety

70% prepared20 total queries

Output Escaping

91% escaped1036 total outputs
Data Flows
5 unsanitized

Data Flow Analysis

13 flows5 with unsanitized paths
wpcf_front_end_login_fail (wp-crowdfunding.php:61)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

WP Crowdfunding Attack Surface

Entry Points40
Unprotected1

AJAX Handlers 22

authwp_ajax_wpcf_embed_actionaddons\social-share\classes\Init.php:27
noprivwp_ajax_wpcf_embed_actionaddons\social-share\classes\Init.php:28
authwp_ajax_wpcf_registrationincludes\blocks\Registration.php:11
noprivwp_ajax_wpcf_registrationincludes\blocks\Registration.php:12
authwp_ajax_install_woocommerce_pluginincludes\Initial_Setup.php:15
authwp_ajax_wpneo_dashboard_formincludes\woocommerce\Actions.php:32
authwp_ajax_wpneo_profile_formincludes\woocommerce\Actions.php:33
authwp_ajax_wpneo_contact_formincludes\woocommerce\Actions.php:34
authwp_ajax_wpneo_password_formincludes\woocommerce\Actions.php:35
authwp_ajax_wpneo_update_status_saveincludes\woocommerce\Actions.php:36
authwp_ajax_wpcf_settings_resetincludes\woocommerce\Base.php:40
authwp_ajax_wpcf_addon_enable_disableincludes\woocommerce\Base.php:41
authwp_ajax_wpcf_ratedincludes\woocommerce\Base.php:43
authwp_ajax_remove_love_campaign_actionincludes\woocommerce\Common.php:28
authwp_ajax_love_campaign_actionincludes\woocommerce\Common.php:29
noprivwp_ajax_love_campaign_actionincludes\woocommerce\Common.php:30
authwp_ajax_wpcf_order_actionincludes\woocommerce\Dashboard.php:22
authwp_ajax_addfrontenddataincludes\woocommerce\Submit_Form.php:9
authwp_ajax_wpcf_registrationshortcode\Registration.php:11
noprivwp_ajax_wpcf_registrationshortcode\Registration.php:12
noprivwp_ajax_wpcf_bio_actionwpcftemplate\woocommerce\basic\wpneo-functions.php:43
authwp_ajax_wpcf_bio_actionwpcftemplate\woocommerce\basic\wpneo-functions.php:44

Shortcodes 18

[wp_crowdfunding_campaign_box] includes\compatibility\Shortcodes.php:5
[wpneo_crowdfunding_dashboard] includes\compatibility\Shortcodes.php:6
[wpneo_crowdfunding_listing] includes\compatibility\Shortcodes.php:7
[wpneo_crowdfunding_form] includes\compatibility\Shortcodes.php:8
[wpneo_search_shortcode] includes\compatibility\Shortcodes.php:9
[wpneo_registration] includes\compatibility\Shortcodes.php:10
[wp_crowdfunding_single_campaign] includes\compatibility\Shortcodes.php:11
[wp_crowdfunding_donate] includes\compatibility\Shortcodes.php:12
[wp_crowdfunding_popular_campaigns] includes\compatibility\Shortcodes.php:13
[wpcf_campaign_box] shortcode\Campaign_Box.php:9
[wpcf_dashboard] shortcode\Dashboard.php:9
[wpcf_donate] shortcode\Donate.php:10
[wpcf_popular_campaigns] shortcode\Popular_Campaigns.php:9
[wpcf_listing] shortcode\Project_Listing.php:9
[wpcf_registration] shortcode\Registration.php:9
[wpcf_search] shortcode\Search.php:8
[wpcf_single_campaign] shortcode\Single_Campaign.php:9
[wpcf_form] shortcode\Submit_Form.php:8
WordPress Hooks 126
actioninitaddons\social-share\classes\Init.php:22
actionwp_enqueue_scriptsaddons\social-share\classes\Init.php:23
filterwpcf_settings_panel_tabsaddons\social-share\classes\Init.php:24
actioninitaddons\social-share\classes\Init.php:26
actionwpcf_after_single_campaign_summaryaddons\social-share\classes\Init.php:29
filterwpcf_addons_lists_configaddons\social-share\social-share.php:15
actionwpneo_before_crowdfunding_single_campaign_summaryincludes\compatibility\Actions.php:5
actionwpneo_crowdfunding_after_feature_imgincludes\compatibility\Actions.php:6
actionwpneo_crowdfunding_single_campaign_summaryincludes\compatibility\Actions.php:7
actionwpneo_crowdfunding_default_single_campaign_tabsincludes\compatibility\Actions.php:8
actionwpneo_after_crowdfunding_single_campaign_summaryincludes\compatibility\Actions.php:9
actionwpneo_campaign_story_right_sidebarincludes\compatibility\Actions.php:11
actionwpneo_campaign_loop_item_before_contentincludes\compatibility\Actions.php:12
actionwpneo_campaign_loop_item_contentincludes\compatibility\Actions.php:14
actionwpneo_dashboard_campaign_loop_item_contentincludes\compatibility\Actions.php:15
actionwpneo_dashboard_campaign_loop_item_before_contentincludes\compatibility\Actions.php:16
actionwpneo_cf_select_themeincludes\compatibility\Actions.php:19
actionwidgets_initincludes\Crowdfunding.php:56
actionadmin_noticesincludes\Crowdfunding.php:58
actionadmin_noticesincludes\Crowdfunding.php:64
actionadmin_noticesincludes\Crowdfunding.php:66
actioninitincludes\Gutenberg.php:9
actionenqueue_block_editor_assetsincludes\Gutenberg.php:10
filterblock_categoriesincludes\Gutenberg.php:11
actionadmin_initincludes\Initial_Setup.php:13
actionadmin_initincludes\Initial_Setup.php:14
actionadmin_action_activate_woocommerce_freeincludes\Initial_Setup.php:16
filterwoocommerce_locate_templateincludes\Initial_Setup.php:17
actionrest_api_initincludes\register_api_hook.php:6
actioninitincludes\woocommerce\Account_Dashboard.php:9
filterquery_varsincludes\woocommerce\Account_Dashboard.php:10
filterwoocommerce_account_menu_itemsincludes\woocommerce\Account_Dashboard.php:11
actionwoocommerce_account_crowdfunding-dashboard_endpointincludes\woocommerce\Account_Dashboard.php:12
actionwoocommerce_account_profile_endpointincludes\woocommerce\Account_Dashboard.php:13
actionwoocommerce_account_my-campaigns_endpointincludes\woocommerce\Account_Dashboard.php:14
actionwoocommerce_account_backed-campaigns_endpointincludes\woocommerce\Account_Dashboard.php:15
actionwoocommerce_account_pledges-received_endpointincludes\woocommerce\Account_Dashboard.php:16
actionwoocommerce_account_bookmarks_endpointincludes\woocommerce\Account_Dashboard.php:17
actionadmin_enqueue_scriptsincludes\woocommerce\Base.php:35
actionwp_enqueue_scriptsincludes\woocommerce\Base.php:36
actioninitincludes\woocommerce\Base.php:37
actionadmin_initincludes\woocommerce\Base.php:38
actionadmin_headincludes\woocommerce\Base.php:39
filteradmin_footer_textincludes\woocommerce\Base.php:42
actionpre_get_postsincludes\woocommerce\Base.php:53
actionadmin_noticesincludes\woocommerce\Base.php:91
filtermce_external_pluginsincludes\woocommerce\Base.php:114
filtermce_buttonsincludes\woocommerce\Base.php:115
filterquery_varsincludes\woocommerce\Common.php:31
actioninitincludes\woocommerce\Common.php:32
filterauthor_templateincludes\woocommerce\Common.php:33
actionwp_dashboard_setupincludes\woocommerce\Dashboard.php:17
filtermanage_edit-product_columnsincludes\woocommerce\Dashboard.php:18
actionmanage_product_posts_custom_columnincludes\woocommerce\Dashboard.php:19
actionadd_meta_boxesincludes\woocommerce\Dashboard.php:20
actionadd_meta_boxesincludes\woocommerce\Dashboard.php:21
filterwoocommerce_product_data_tabsincludes\woocommerce\Reward.php:9
actionwoocommerce_product_data_panelsincludes\woocommerce\Reward.php:10
actionwoocommerce_process_product_metaincludes\woocommerce\Reward.php:11
actionwoocommerce_order_details_after_order_tableincludes\woocommerce\Reward.php:14
actionwoocommerce_review_order_after_cart_contentsincludes\woocommerce\Reward.php:15
actionwpcf_before_single_campaign_summaryincludes\woocommerce\Template_Hooks.php:9
actionwpcf_after_feature_imgincludes\woocommerce\Template_Hooks.php:10
actionwpcf_single_campaign_summaryincludes\woocommerce\Template_Hooks.php:13
filterwpcf_default_single_campaign_tabsincludes\woocommerce\Template_Hooks.php:14
actionwpcf_after_single_campaign_summaryincludes\woocommerce\Template_Hooks.php:15
actionwpcf_campaign_story_right_sidebarincludes\woocommerce\Template_Hooks.php:17
actionwpcf_campaign_loop_item_before_contentincludes\woocommerce\Template_Hooks.php:19
actionwpcf_campaign_loop_item_contentincludes\woocommerce\Template_Hooks.php:20
actionwpcf_dashboard_campaign_loop_item_contentincludes\woocommerce\Template_Hooks.php:22
actionwpcf_dashboard_campaign_loop_item_before_contentincludes\woocommerce\Template_Hooks.php:23
filterpre_get_postsincludes\woocommerce\Template_Hooks.php:25
actionget_the_generator_htmlincludes\woocommerce\Template_Hooks.php:26
actionget_the_generator_xhtmlincludes\woocommerce\Template_Hooks.php:27
actionwpincludes\woocommerce\Template_Hooks.php:28
actionwoocommerce_single_product_summaryincludes\woocommerce\Template_Hooks.php:36
actionwoocommerce_single_product_summaryincludes\woocommerce\Template_Hooks.php:37
actionwoocommerce_single_product_summaryincludes\woocommerce\Template_Hooks.php:38
actionwoocommerce_single_product_summaryincludes\woocommerce\Template_Hooks.php:39
actionwoocommerce_single_product_summaryincludes\woocommerce\Template_Hooks.php:40
filterwoocommerce_single_product_image_htmlincludes\woocommerce\Template_Hooks.php:41
filtertemplate_includeincludes\woocommerce\Templating.php:115
actionwpcf_select_themeincludes\woocommerce\Templating.php:118
actionadmin_noticesincludes\woocommerce\Templating.php:119
actioninitincludes\woocommerce\Templating.php:120
actionwp_enqueue_scriptsincludes\woocommerce\Templating.php:121
actionplugins_loadedincludes\woocommerce\Woocommerce.php:17
filterproduct_type_selectorincludes\woocommerce\Woocommerce.php:18
actionwp_loadedincludes\woocommerce\Woocommerce.php:19
actionwoocommerce_product_options_general_product_dataincludes\woocommerce\Woocommerce.php:20
actionadd_meta_boxesincludes\woocommerce\Woocommerce.php:21
actionwoocommerce_process_product_metaincludes\woocommerce\Woocommerce.php:22
actionwoocommerce_process_product_metaincludes\woocommerce\Woocommerce.php:23
filterwoocommerce_add_cart_itemincludes\woocommerce\Woocommerce.php:24
actionwoocommerce_before_calculate_totalsincludes\woocommerce\Woocommerce.php:25
filterwoocommerce_add_to_cart_redirectincludes\woocommerce\Woocommerce.php:26
filterwoocommerce_get_price_htmlincludes\woocommerce\Woocommerce.php:27
filterwoocommerce_is_purchasableincludes\woocommerce\Woocommerce.php:28
filterwoocommerce_paypal_argsincludes\woocommerce\Woocommerce.php:29
actionwoocommerce_add_to_cart_validationincludes\woocommerce\Woocommerce.php:30
actionwoocommerce_new_orderincludes\woocommerce\Woocommerce.php:31
actionwoocommerce_review_order_before_paymentincludes\woocommerce\Woocommerce.php:32
actionwoocommerce_checkout_order_processedincludes\woocommerce\Woocommerce.php:33
actionwoocommerce_new_order_itemincludes\woocommerce\Woocommerce.php:34
filterwc_tax_enabledincludes\woocommerce\Woocommerce.php:35
actionproduct_cat_edit_form_fieldsincludes\woocommerce\Woocommerce.php:36
actionproduct_cat_add_form_fieldsincludes\woocommerce\Woocommerce.php:37
actioncreate_product_catincludes\woocommerce\Woocommerce.php:38
actionedit_product_catincludes\woocommerce\Woocommerce.php:39
filtermanage_product_cat_custom_columnincludes\woocommerce\Woocommerce.php:40
filtermanage_edit-product_cat_columnsincludes\woocommerce\Woocommerce.php:41
actionwoocommerce_after_shop_loop_itemincludes\woocommerce\Woocommerce.php:44
filterwoocommerce_product_tabsincludes\woocommerce\Woocommerce.php:45
filterwoocommerce_is_sold_individuallyincludes\woocommerce\Woocommerce.php:46
actionwoocommerce_product_queryincludes\woocommerce\Woocommerce.php:48
actionwoocommerce_product_thumbnailsincludes\woocommerce\Woocommerce.php:50
filterwoocommerce_coupons_enabledincludes\woocommerce\Woocommerce.php:51
actionwoocommerce_email_order_metaincludes\woocommerce\Woocommerce.php:52
actionwp_logoutincludes\woocommerce\Woocommerce.php:54
actionwoocommerce_product_queryincludes\woocommerce\Woocommerce.php:69
actionwp_headsettings\Admin_Menu.php:9
actionadmin_menusettings\Admin_Menu.php:10
actionadmin_initsettings\Admin_Menu.php:11
actioninitwp-crowdfunding.php:41
actionwp_login_failedwp-crowdfunding.php:60
actionwpcf_campaign_listing_before_loopwpcftemplate\woocommerce\basic\wpneo-functions.php:4
Maintenance & Trust

WP Crowdfunding Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedJul 30, 2025
PHP min version
Downloads158K

Community Trust

Rating88/100
Number of ratings89
Active installs3K
Alternatives

WP Crowdfunding Alternatives

DonatePress – Donation, Crowdfunding and Fundraising Platform

DonatePress – Donation, Crowdfunding and Fundraising Platform

donatepress

A
85

Add a donation button using Gutenberg and accept payment via PayPal.

0 No CVEs
GiveWP – Donation Plugin and Fundraising Platform

GiveWP – Donation Plugin and Fundraising Platform

give

B
76

Accept donations and begin fundraising with GiveWP, the highest rated WordPress donation plugin for online giving.

100K 69 CVEs
Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More

Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More

charitable

B
80

The best WordPress donation plugin. Create fundraising donation forms, accept recurring donations, easy donor management, add crowdfunding, and more.

10K 14 CVEs
Leyka

Leyka

leyka

D
38

Leyka is a plugin for crowdfunding and donations collection via WordPress website.

2K 2 unpatched
FundEngine – Donation and Crowdfunding Platform

FundEngine – Donation and Crowdfunding Platform

wp-fundraising-donation

A
88

FundEngine - Fundraising Donation plugin and Crowdfunding Platform comes with Single donation and crowdfunding solution. You can use our plugin Either &hellip;

1K 5 CVEs
Developer Profile

WP Crowdfunding Developer Profile

Themeum

14 plugins · 675K total installs

70
trust score
Avg Security Score
87/100
Avg Patch Time
269 days
View full developer profile
Detection Fingerprints

How We Detect WP Crowdfunding

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

FAQ

Frequently Asked Questions about WP Crowdfunding