| #1 | Civist – Petitions and Fundraising | 100 | | 0 | 1k+ | | | No open findings |
| #2 | ActBlue Contributions | 98 | 2 | 3 | 400 | | | Missing direct file access protection |
| #3 | Zeffy Donate Button | 90 | 3 | 0 | 900 | | | Output is not escaped |
| #4 | Donorbox – Free Recurring Donation Plugin and Fundraising Platform | 87 | 5 | 6 | 8k+ | | | Missing Arg Domain |
| #5 | Donation Thermometer | 39 | 718 | 84 | 2k+ | | | Output is not escaped |
| #6 | FaniMani.pl | 39 | 103 | 11 | 600 | | | Output is not escaped |
| #7 | GiveWP Donation Widgets for Elementor | 38 | 483 | 13 | 7k+ | | | Text Domain Mismatch |
| #8 | FundEngine – Donation and Crowdfunding Platform | 37 | 90 | 9 | 1k+ | | | Exception output is not escaped |
| #9 | Potent Donations for WooCommerce | 35 | 14 | 25 | 2k+ | | | Missing nonce verification |
| #10 | Give – Divi Donation Modules | 35 | 286 | 12 | 600 | | | Text Domain Mismatch |
| #11 | Donation Platform for WooCommerce: Fundraising & Donation Management | 34 | 331 | 448 | 7k+ | | | Non-prefixed global variable |
| #12 | Crowdfundly | 31 | 594 | 402 | 600 | | | Output is not escaped |
| #13 | Paymattic – Secure, Simple Payment & Donation with Subscription Payments, Recurring Donations, Customer Management | 29 | 53 | 496 | 3k+ | | | Direct Query |
| #14 | WhyDonate – FREE Donate button – Crowdfunding – Fundraising | 28 | 216 | 328 | 800 | | | Non-prefixed global variable |
| #15 | Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More | 26 | 97 | 270 | 10k+ | | | error log error log |
| #16 | Better Payment – Instant Payments, Donations, Fundraising with Subscriptions & More | 24 | 342 | 930 | 6k+ | | | Non-prefixed global variable |
| #17 | Leyka | 22 | 253 | 3,445 | 2k+ | | | Request data is not unslashed |
| #18 | Ultimeter | 22 | 751 | 1,344 | 1k+ | | | Non-prefixed global variable |
| #19 | GiveWP – Donation Plugin and Fundraising Platform | 20 | 3,437 | 3,577 | 100k+ | | | Output is not escaped |
