Give
Recent Updates
Security
- Added additional escaping and sanitization to the Sequoia (Multi-Step Form) template settings and donation form markup (CVE-2026-13704).
Security
- Standardized email access confirmation AJAX responses to prevent distinguishable server responses.
- Added additional escaping and sanitization to the Campaign Comments block and shortcode attributes (CVE-2026-13246).
Features
- Added an optional donation ID parameter to gateway webhook event handlers, allowing gateways to locate donations when the transaction ID is only available in the webhook payload.
Fixes
- Resolved an issue where multi-step donation forms could be incorrectly rejected as spam because Akismet was checked on every form step; the spam check now runs once on final submission.
Fixes
- Fixed an issue where PayFast subscription renewals were incorrectly marked as complete
Features
- Added PayFast webhook events handlers
Fixes
- Prevented false "Needs Approval" admin emails and incomplete registration fee team activation when Disable Team/Fundraiser Approval was enabled alongside Enable Registration Fees
- Resolved an issue where PayPal inline credit card fields failed on P2P campaign, team, and fundraiser donate pages because the donation form iframe was rendered inside the app's Shadow DOM
- Resolved an issue where the Fundraiser button URL was incorrect until campaign data finished loading, and reduced redundant API calls with response caching
Security
- Improved the security of the Donor Dashboard login process.
Security
- Added additional protection to the email notification settings.
Fixes
- Resolved a user role permission conflict with The Events Calendar Pro
- Resolved an issue when using multiple Stripe accounts, recurring donations, and webhook API 2026-02-25.clover
Fixes
- Resolved an issue with subscriptions and renewals and the correct fund designation
