| #1 | GiveWP – Donation Plugin and Fundraising Platform | 20 | 3,437 | 3,577 | 100k+ | | | Output is not escaped |
| #2 | Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More | 26 | 97 | 270 | 10k+ | | | error log error log |
| #3 | Donations via PayPal | 40 | 143 | 17 | 20k+ | | | Output is not escaped |
| #4 | Accept Donations with PayPal & Stripe | 26 | 916 | 572 | 10k+ | | | Unsafe printing function |
| #5 | Better Payment – Instant Payments, Donations, Fundraising with Subscriptions & More | 24 | 342 | 930 | 6k+ | | | Non-prefixed global variable |
| #6 | Buy Me a Coffee – Button and Widget Plugin | 30 | 139 | 140 | 6k+ | | | Output is not escaped |
| #7 | Paymattic – Secure, Simple Payment & Donation with Subscription Payments, Recurring Donations, Customer Management | 29 | 53 | 496 | 3k+ | | | Direct Query |
| #8 | WP Crowdfunding | 23 | 199 | 1,629 | 2k+ | | | Non-prefixed global variable |
| #9 | Donorbox – Free Recurring Donation Plugin and Fundraising Platform | 87 | 5 | 6 | 8k+ | | | Missing Arg Domain |
| #10 | Paytium: Mollie payment forms & donations | 26 | 506 | 551 | 3k+ | | | Unsafe printing function |
| #11 | Payment Forms for Paystack | 90 | 494 | 23 | 3k+ | | | Text Domain Mismatch |
| #12 | Donation Thermometer | 39 | 718 | 84 | 2k+ | | | Output is not escaped |
| #13 | Donation Platform for WooCommerce: Fundraising & Donation Management | 34 | 331 | 448 | 7k+ | | | Non-prefixed global variable |
| #14 | Cryptocurrency Donation Box – Bitcoin & Crypto Donations | Pending | - | - | 500 | | | Pending scan |
| #15 | Potent Donations for WooCommerce | 35 | 14 | 25 | 2k+ | | | Missing nonce verification |
| #16 | FundEngine – Donation and Crowdfunding Platform | 37 | 90 | 9 | 1k+ | | | Exception output is not escaped |
| #17 | Crowdfundly | 31 | 594 | 402 | 600 | | | Output is not escaped |
| #18 | AidWP – Donation & Payment Forms (Stripe Powered) | 22 | 1,317 | 1,675 | 800 | | | Non-prefixed global variable |
| #19 | Order Tip for WooCommerce | 93 | 42 | 68 | 2k+ | | | Non-prefixed global variable |
| #20 | Donation Block For PayPal | 37 | 23 | 106 | 600 | | | Input is not validated |
| #21 | Civist – Petitions and Fundraising | 100 | | 0 | 1k+ | | | No open findings |
| #22 | Give – Paystack Gateway | 40 | 96 | 10 | 1k+ | | | Text Domain Mismatch |
| #23 | Charity Addon for Elementor | 40 | 480 | 8 | 1k+ | | | Text Domain Mismatch |
| #24 | Recurring PayPal Donations | 41 | 48 | 47 | 800 | | | Text Domain Mismatch |
| #25 | Integrate Razorpay for Contact Form 7 | Pending | - | - | 500 | | | Pending scan |
| #26 | Give – Divi Donation Modules | 35 | 286 | 12 | 600 | | | Text Domain Mismatch |
| #27 | Give – Cloudflare Turnstile | Pending | - | - | 500 | | | Pending scan |
| #28 | Zeffy Donate Button | 90 | 3 | 0 | 900 | | | Output is not escaped |
