Does WP Donate have any unpatched vulnerabilities?

Yes — WP Donate currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is WP Donate compatible with WordPress 5.9.13?

According to WordPress.org data, WP Donate 2.0 has been tested up to WordPress 5.9.13. Check the plugin's changelog for the latest compatibility information.

Is WP Donate compatible with PHP 7.4+?

WP Donate requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WP Donate updated?

WP Donate was last updated on Apr 26, 2022. Frequent updates are generally a positive security signal.

What is WP Donate's security score?

WP Donate has a WP-Safety security score of 55/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Donate Security & Risk Analysis

wordpress.org/plugins/wp-donate

WP-Donate provides a payment form and recent donor by utilizing Stripe.

30 active installs v2.0 PHP 7.4+ WP 5.0+ Updated Apr 26, 2022

credit-carddonatepaypaymentstripe

C · Use Caution

CVEs total2

Unpatched1

Last CVEApr 15, 2025

Plugin page Download

Safety Verdict

Is WP Donate Safe to Use in 2026?

Use With Caution

Score 55/100

WP Donate has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

2 known CVEs 1 unpatched Last CVE: Apr 15, 2025Updated 3yr ago

Risk Assessment

The wp-donate v2.0 plugin exhibits a concerning security posture, despite having a limited attack surface and no critical taint flows flagged in static analysis. The primary concerns stem from significant weaknesses in output escaping and a history of critical vulnerabilities, including an unpatched critical CVE. The fact that 0% of outputs are properly escaped is a major red flag, indicating a high likelihood of cross-site scripting (XSS) vulnerabilities. Furthermore, the presence of raw SQL queries, with only 36% using prepared statements, alongside a known history of SQL injection, amplifies this risk. The plugin's reliance on bundled libraries, without clear versioning information, also presents a potential avenue for exploitation if these libraries are outdated. While the plugin demonstrates some good practices like limited file operations and external HTTP requests, these are overshadowed by the critical lack of output sanitization and the persistent threat of unpatched vulnerabilities.

Key Concerns

Unpatched critical CVE exists
0% of outputs properly escaped
SQL queries not always prepared
No nonce checks
No capability checks
High severity taint flows found

Vulnerabilities

WP Donate Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Critical

Medium

2 total CVEs

CVE-2025-32637medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Donate <= 2.0 - Unauthenticated Stored Cross-Site Scripting

Apr 15, 2025Unpatched

CVE-2015-10122critical · 9.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

WP Donate <= 1.4 - Unauthenticated SQL Injection in donate-display.php

Jul 16, 2023 Patched in 1.5 (327d)

Code Analysis

Analyzed Mar 16, 2026

WP Donate Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Stripe PHP

SQL Query Safety

36% prepared11 total queries

Output Escaping

0% escaped26 total outputs

Data Flows

5 unsanitized

Data Flow Analysis

5 flows5 with unsanitized paths

wp_donate_payment_proccess (includes\donate-display.php:17)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

WP Donate Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[Display_Donate] wp-donate.php:69

WordPress Hooks 7

actiontemplate_redirectincludes\donate-display.php:16

actionwp_print_styleswp-donate.php:19

actionwp_print_scriptswp-donate.php:20

actionadmin_print_styleswp-donate.php:21

actionadmin_print_scriptswp-donate.php:22

actionadmin_menuwp-donate.php:57

filterthe_contentwp-donate.php:63

Maintenance & Trust

WP Donate Maintenance & Trust

Maintenance Signals

WordPress version tested5.9.13

Last updatedApr 26, 2022

PHP min version7.4

Downloads11K

Community Trust

Rating78/100

Number of ratings15

Active installs30

Alternatives

WP Donate Alternatives

WooCommerce Stripe Payment Gateway

woocommerce-gateway-stripe

Accept debit and credit cards in 135+ currencies, many local methods like Alipay, ACH, and SEPA, and express checkout with Apple Pay and Google Pay.

700K 4 CVEs

Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions

wp-full-stripe-free

🚀 Create Stripe payment forms for WordPress. Accept credit cards, Apple Pay, donations, subscriptions & more. Easy setup, no coding needed!

10K 5 CVEs

Payment Gateway of Stripe for WooCommerce

payment-gateway-stripe-and-woocommerce-integration

Integrate Stripe Payment Gateway in WooCommerce and accept cards, Google Pay, Apple Pay, Klarna, Alipay, and more with seamless, secure checkout.

9K 4 CVEs

Stripe Payment Forms by WP Simple Pay – Accept Credit Card Payments + Subscriptions with Stripe

stripe

100

🤩 Accept Stripe payments and recurring subscriptions on your WordPress using WP Simple Pay, the best Stripe payments plugin! 🚀

9K No CVEs

Contact Form 7 – PayPal & Stripe Add-on

contact-form-7-paypal-add-on

Easily add PayPal and Stripe to Contact Form 7. Accept credit card payments with Stripe & PayPal on your site today. Offical PayPal & Stripe Partner.

8K 5 CVEs

Developer Profile

WP Donate Developer Profile

ketanajani

2 plugins · 230 total installs

trust score

Avg Security Score

59/100

Avg Patch Time

327 days

View full developer profile

Detection Fingerprints

How We Detect WP Donate

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-donate/css/wp-donate-display.css/wp-content/plugins/wp-donate/css/wp-donate-widget.css/wp-content/plugins/wp-donate/css/wp-donate-admin.css/wp-content/plugins/wp-donate/js/paymentmethods.js/wp-content/plugins/wp-donate/js/jquery.validate.js

Script Paths

/wp-content/plugins/wp-donate/js/paymentmethods.js/wp-content/plugins/wp-donate/js/jquery.validate.js

HTML / DOM Fingerprints

CSS Classes

wp_donate_form

Data Attributes

data-donate-nonce

JS Globals

wp_donate_obj

Shortcode Output

[Display_Donate]

FAQ