WP-Safety

WPExperts Square For GiveWP Security & Risk Analysis

wordpress.org/plugins/wpexperts-square-for-give

GiveWP Square plugin for WordPress allows users to donate from their give-donation form using Square payment gateway. Now, you can accept credit card …

100 active installs v1.3.2 PHP 5.6+ WP 4.4+ Updated Feb 18, 2025
donationgivewppayment-gatewaypaymentssquare
91
A · Safe
CVEs total2
Unpatched0
Last CVEFeb 20, 2025
Plugin page Download
Safety Verdict

Is WPExperts Square For GiveWP Safe to Use in 2026?

Generally Safe

Score 91/100

WPExperts Square For GiveWP has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Feb 20, 2025Updated 1yr ago
Risk Assessment

The "wpexperts-square-for-give" plugin v1.3.2 exhibits a concerning security posture, primarily due to a significant number of unprotected AJAX handlers. While the plugin demonstrates good practices in SQL query handling and output escaping, the absence of authentication checks on all identified AJAX entry points represents a critical vulnerability. This means that any user, even unauthenticated ones, could potentially interact with these AJAX endpoints, leading to unintended actions or information disclosure.

The taint analysis reveals two high-severity flows with unsanitized paths, which, despite the absence of critical severity issues, indicate potential for serious exploitation. Coupled with the plugin's history of two medium-severity CVEs, specifically related to SQL injection, this suggests a recurring pattern of vulnerabilities that require diligent patching and code review. The fact that there are no currently unpatched CVEs is a positive sign, but the historical context and the findings from the static analysis highlight a need for improved security controls, particularly around input validation and authorization for its AJAX endpoints.

In conclusion, while the plugin has strengths in its SQL query preparation and output escaping, the large attack surface presented by unprotected AJAX handlers and the identified high-severity taint flows are significant weaknesses. The past vulnerability history further underscores the need for a proactive approach to security. Addressing the unprotected AJAX endpoints and thoroughly reviewing the identified taint flows should be immediate priorities to mitigate potential risks.

Key Concerns

  • Unprotected AJAX handlers
  • High severity taint flows
  • Previous SQL Injection vulnerabilities
  • Missing capability checks on AJAX
Vulnerabilities
2

WPExperts Square For GiveWP Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2024-13713medium · 6.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

WPExperts Square For GiveWP <= 1.3.1 - Authenticated (Subscriber+) SQL Injection

Feb 20, 2025 Patched in 1.3.2 (1d)
CVE-2024-47338medium · 4.9Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

WPExperts Square For GiveWP <= 1.3 - Authenticated (Administrator+) SQL Injection

Sep 26, 2024 Patched in 1.3.2 (519d)
Code Analysis
Analyzed Mar 16, 2026

WPExperts Square For GiveWP Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
2 prepared
Unescaped Output
2
106 escaped
Nonce Checks
2
Capability Checks
0
File Operations
0
External Requests
3
Bundled Libraries
0

SQL Query Safety

100% prepared2 total queries

Output Escaping

98% escaped108 total outputs
Data Flows
5 unsanitized

Data Flow Analysis

6 flows5 with unsanitized paths
gas_check_for_disconnect (givewp-square.php:50)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
7 unprotected

WPExperts Square For GiveWP Attack Surface

Entry Points7
Unprotected7

AJAX Handlers 7

authwp_ajax_my_actionincludes\class-give-square.php:46
authwp_ajax_my_dc_actionincludes\class-give-square.php:47
authwp_ajax_oauth_status_updateincludes\class-give-square.php:48
authwp_ajax_get_form_id_give_squareincludes\class-give-square.php:49
authwp_ajax_gas_get_square_keysincludes\class-give-square.php:51
noprivwp_ajax_gas_get_square_keysincludes\class-give-square.php:52
authwp_ajax_gas_location_dropdownincludes\class-give-square.php:54
WordPress Hooks 16
actionadmin_enqueue_scriptsgivewp-square.php:32
actionadmin_initgivewp-square.php:33
actionadmin_noticesgivewp-square.php:34
actionadmin_noticesgivewp-square.php:239
actiondeactivated_plugingivewp-square.php:259
actionplugins_loadedgivewp-square.php:366
filtergive_payment_gatewaysincludes\class-give-square.php:21
filtergive_metabox_form_data_settingsincludes\class-give-square.php:25
filtergive_get_sections_gatewaysincludes\class-give-square.php:27
filtergive_get_settings_gatewaysincludes\class-give-square.php:28
actiongive_before_cc_fieldsincludes\class-give-square.php:31
actionwp_enqueue_scriptsincludes\class-give-square.php:32
actiongive_square_cc_formincludes\class-give-square.php:34
actiongive_gateway_squareincludes\class-give-square.php:37
actiongive_payment_mode_selectincludes\class-give-square.php:40
actionadmin_noticesincludes\class-give-square.php:42
Maintenance & Trust

WPExperts Square For GiveWP Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5
Last updatedFeb 18, 2025
PHP min version5.6
Downloads5K

Community Trust

Rating100/100
Number of ratings3
Active installs100
Alternatives

WPExperts Square For GiveWP Alternatives

WP Easy Pay – Payment and Donation form Builder for Square

WP Easy Pay – Payment and Donation form Builder for Square

wp-easy-pay

A
97

Integrate Square with WordPress easily, quickly, and securely. The Square Payment Form Builder for WordPress to accept Subscriptions, Donations and On &hellip;

1K 4 CVEs
LSX PayFast Gateway for Give

LSX PayFast Gateway for Give

lsx-give-payfast-gateway

A
85

PayFast payment gateway for Give.

200 No CVEs
Braintree Donations

Braintree Donations

braintree-donations

A
85

The Braintree Donations plugin allows websites to accept one time or recurring donations using Braintree payment Gateway.

10 No CVEs
LinkNacional Multi Currency for GiveWP

LinkNacional Multi Currency for GiveWP

lknaci-multi-currency-for-givewp

A
100

Transform your GiveWP donation forms with seamless multi-currency support and real-time exchange rates.

0 No CVEs
myCred Square

myCred Square

mycred-square

A
100

📢🚨 Important Notice: myCred Square is now part of the myCred Toolkit and will no longer receive updates here. Only security fixes will be provided.

0 No CVEs
Developer Profile

WPExperts Square For GiveWP Developer Profile

Saad Iqbal

84 plugins · 1.4M total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
287 days
View full developer profile
Detection Fingerprints

How We Detect WPExperts Square For GiveWP

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wpexperts-square-for-give/assets/css/gas-square-admin.css/wp-content/plugins/wpexperts-square-for-give/assets/js/gas-square-admin.js/wp-content/plugins/wpexperts-square-for-give/assets/js/gas-square-frontend.js
Script Paths
/wp-content/plugins/wpexperts-square-for-give/assets/js/gas-square-admin.js/wp-content/plugins/wpexperts-square-for-give/assets/js/gas-square-frontend.js
Version Parameters
wpexperts-square-for-give/assets/css/gas-square-admin.css?ver=wpexperts-square-for-give/assets/js/gas-square-admin.js?ver=wpexperts-square-for-give/assets/js/gas-square-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
gas-square-admin-wrap
HTML Comments
Immediately Connect your Square Account as we have introduced easy way to Auth without entering Application / Token details from Square manually.
FAQ

Frequently Asked Questions about WPExperts Square For GiveWP