Does Add Donation to Cart have any unpatched vulnerabilities?

No. All known vulnerabilities in Add Donation to Cart have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Add Donation to Cart compatible with WordPress 6.9.4?

According to WordPress.org data, Add Donation to Cart 1.3.5 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Add Donation to Cart compatible with PHP 7.4+?

Add Donation to Cart requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Add Donation to Cart updated?

Add Donation to Cart was last updated on Unknown. Frequent updates are generally a positive security signal.

What is Add Donation to Cart's security score?

Add Donation to Cart has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Add Donation to Cart Security & Risk Analysis

wordpress.org/plugins/youbehero

Add Donation to Cart by YouBeHero is a powerful WordPress plugin that adds a donation widget to your WooCommerce checkout.

0 active installs v1.3.5 PHP 7.4+ WP 5.7+ Updated Unknown

checkoutdonationsfundraisingnonprofitwoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Add Donation to Cart Safe to Use in 2026?

Generally Safe

Score 100/100

Add Donation to Cart has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs

Risk Assessment

The security posture of the 'youbehero' v1.3.5 plugin presents a mixed bag of good practices alongside significant potential risks. On the positive side, the plugin demonstrates strong adherence to secure coding practices by utilizing prepared statements for all SQL queries and a high percentage (79%) of properly escaped output. The absence of known CVEs and a clean vulnerability history further suggests a relatively well-maintained codebase regarding publicly disclosed vulnerabilities.

However, the plugin's attack surface is a major concern, with a substantial number of unprotected AJAX handlers. Specifically, all 10 identified AJAX handlers lack authentication checks, making them prime targets for unauthorized actions. While the taint analysis shows no critical or high-severity unsanitized flows, the unprotected AJAX endpoints could still be exploited for various attacks if they perform sensitive operations or expose information. The limited number of nonce and capability checks on these entry points exacerbates this risk, as attackers could potentially bypass intended security measures.

In conclusion, while the plugin benefits from secure SQL handling and good output escaping, the lack of authentication on a significant portion of its AJAX interface poses a serious security risk. The vulnerability history is currently clear, but this could change if the unprotected AJAX handlers are not addressed. A concerted effort should be made to implement proper authentication and authorization checks on all AJAX endpoints to mitigate these identified risks.

Key Concerns

Unprotected AJAX handlers
Limited nonce checks
Limited capability checks
Significant attack surface without auth

Vulnerabilities

None known

Add Donation to Cart Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Add Donation to Cart Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

278 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

79% escaped353 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

ybhd_submit_apikey (admin\class-you-be-hero-admin.php:165)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

10 unprotected

Add Donation to Cart Attack Surface

Entry Points15

Unprotected10

AJAX Handlers 10

authwp_ajax_ybh_update_dashboard_jsonincludes\class-you-be-hero.php:232

noprivwp_ajax_ybh_update_dashboard_jsonincludes\class-you-be-hero.php:233

authwp_ajax_ybhd_logoutincludes\class-you-be-hero.php:236

noprivwp_ajax_ybhd_logoutincludes\class-you-be-hero.php:237

authwp_ajax_update_donation_feeincludes\class-you-be-hero.php:260

noprivwp_ajax_update_donation_feeincludes\class-you-be-hero.php:261

authwp_ajax_woocommerce_update_order_reviewincludes\class-you-be-hero.php:283

noprivwp_ajax_woocommerce_update_order_reviewincludes\class-you-be-hero.php:284

authwp_ajax_youbehero_get_widget_htmlincludes\class-you-be-hero.php:288

noprivwp_ajax_youbehero_get_widget_htmlincludes\class-you-be-hero.php:289

Shortcodes 5

[youbehero_donation_form] public\class-you-be-hero-shortcodes-public.php:25

[ybhd_donation_form] public\class-you-be-hero-shortcodes-public.php:26

[total-donations] public\class-you-be-hero-shortcodes-public.php:27

[total-number-of-donations] public\class-you-be-hero-shortcodes-public.php:28

[total-number-supported-non-profits] public\class-you-be-hero-shortcodes-public.php:29

WordPress Hooks 36

actionplugins_loadedincludes\class-you-be-hero.php:152

actionplugins_loadedincludes\class-you-be-hero.php:153

actionelementor/widgets/registerincludes\class-you-be-hero.php:178

actionvc_before_initincludes\class-you-be-hero.php:211

actionenqueue_block_editor_assetsincludes\class-you-be-hero.php:226

actionenqueue_block_editor_assetsincludes\class-you-be-hero.php:227

actionwoocommerce_admin_order_totals_after_discountincludes\class-you-be-hero.php:228

actionadmin_enqueue_scriptsincludes\class-you-be-hero.php:229

actionadmin_enqueue_scriptsincludes\class-you-be-hero.php:230

actionadmin_menuincludes\class-you-be-hero.php:231

actionadmin_post_ybhd_submit_apikeyincludes\class-you-be-hero.php:234

actionadmin_post_nopriv_ybhd_submit_apikeyincludes\class-you-be-hero.php:235

actionyoubehero_refresh_dashboard_jsonincludes\class-you-be-hero.php:240

actionadmin_initincludes\class-you-be-hero.php:243

actionwpincludes\class-you-be-hero.php:258

actionwoocommerce_cart_calculate_feesincludes\class-you-be-hero.php:259

actionwoocommerce_checkout_create_order_fee_itemincludes\class-you-be-hero.php:262

actioninitincludes\class-you-be-hero.php:265

actioninitincludes\class-you-be-hero.php:266

actioninitincludes\class-you-be-hero.php:267

actionwp_enqueue_scriptsincludes\class-you-be-hero.php:268

actionwp_enqueue_scriptsincludes\class-you-be-hero.php:269

actionwp_enqueue_scriptsincludes\class-you-be-hero.php:270

actionwoocommerce_thankyouincludes\class-you-be-hero.php:271

actionwp_enqueue_scriptsincludes\class-you-be-hero.php:272

actionwoocommerce_new_orderincludes\class-you-be-hero.php:273

filterwp_kses_allowed_htmlincludes\class-you-be-hero.php:274

actionwoocommerce_order_details_after_order_tableincludes\class-you-be-hero.php:276

actionwoocommerce_email_after_order_tableincludes\class-you-be-hero.php:277

actiontemplate_redirectincludes\class-you-be-hero.php:278

actionwoocommerce_checkout_update_order_reviewincludes\class-you-be-hero.php:279

actionwoocommerce_checkout_update_order_reviewincludes\class-you-be-hero.php:285

actionwoocommerce_before_checkout_formincludes\class-you-be-hero.php:286

actiontemplate_redirectincludes\class-you-be-hero.php:291

actionwoocommerce_checkout_update_order_reviewincludes\class-you-be-hero.php:292

filterscript_loader_tagpublic\class-you-be-hero-public.php:115

Scheduled Events 2

youbehero_refresh_dashboard_json

Maintenance & Trust

Add Donation to Cart Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedUnknown

PHP min version7.4

Downloads501

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Add Donation to Cart Alternatives

Donorbox – Free Recurring Donation Plugin and Fundraising Platform

donorbox-donation-form

Donorbox is a powerful and secure donation management plugin for WordPress. We are the only donation plugin for WordPress that offers a fast feature-f …

9K 2 CVEs

Potent Donations for WooCommerce

donations-for-woocommerce

Easily accept donations of varying amounts through your WooCommerce store.

2K 1 CVE

Philantro – Donations and Donor Management

philantro

Securely accept one-time and recurring donations with automated donor records, analytics and fundraising campaign tracking.

60 2 CVEs

Crowded Collect — Dues & Fundraising

crowded-collect-dues-fundraising

100

Embed your Crowded collection directly into your WordPress site with no coding required!

0 No CVEs

Donation Amount Tracker

donation-amount-tracker

Track and display donation amounts from WooCommerce orders with customizable progress bars and displays for fundraising campaigns.

0 No CVEs

Developer Profile

Add Donation to Cart Developer Profile

YouBeHero

1 plugin · 0 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Add Donation to Cart

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/youbehero/admin/css/you-be-hero-admin.css/wp-content/plugins/youbehero/admin/js/you-be-hero-admin.js

Script Paths

/wp-content/plugins/youbehero/admin/js/you-be-hero-admin.js

Version Parameters

you-be-hero-admin.css?ver=you-be-hero-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

youbehero-widget-wrapper

HTML Comments

Data Attributes

data-youbehero-widget-iddata-youbehero-widget-settings

JS Globals

YouBeHeroWidget

REST Endpoints

/wp-json/youbehero/v1/settings

Shortcode Output

[youbehero_widget]

FAQ