WP-Safety

Bitcoin Lightning Publisher for WordPress Security & Risk Analysis

wordpress.org/plugins/bitcoin-lightning-publisher

Bitcoin Lightning Publisher is a Paywall, Donation and Value 4 Value plugin to accept instant Bitcoin payments directly to your favorit wallet.

100 active installs v1.4.2 PHP 7.4+ WP 5.6.0+ Updated Dec 21, 2024
bitcoindonationlightningpaymentpaywall
91
A · Safe
CVEs total1
Unpatched0
Last CVEDec 23, 2024
Download
Safety Verdict

Is Bitcoin Lightning Publisher for WordPress Safe to Use in 2026?

Generally Safe

Score 91/100

Bitcoin Lightning Publisher for WordPress has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Dec 23, 2024Updated 1yr ago
Risk Assessment

The bitcoin-lightning-publisher plugin version 1.4.2 exhibits a mixed security posture. On the positive side, it demonstrates good practices with a high percentage of properly escaped outputs and a decent proportion of SQL queries using prepared statements. The attack surface is relatively small, consisting solely of shortcodes, and importantly, none of the identified entry points are directly unprotected. The plugin also includes capability checks, which is a positive security control.

However, there are notable concerns. The taint analysis reveals two flows with unsanitized paths, both rated as high severity. This indicates potential vulnerabilities where user-supplied data could be processed in an unsafe manner, leading to risks such as cross-site scripting or other input-based attacks. The absence of nonce checks is another significant weakness, especially given that shortcodes can be invoked via various means, including direct requests. While there are no currently unpatched CVEs, the plugin has a history of medium-severity vulnerabilities, specifically Cross-site Scripting. This pattern suggests a recurring need for diligent input sanitization and output escaping, particularly around user-controllable data.

In conclusion, while the plugin implements some strong security measures, the high-severity taint flows and the lack of nonce checks present immediate risks. The historical pattern of XSS vulnerabilities further underscores the need for ongoing vigilance. Addressing the identified taint flows and implementing nonce checks on shortcodes would significantly improve the plugin's security.

Key Concerns

  • High severity taint flows (2)
  • No nonce checks on entry points
  • 50% SQL queries not using prepared statements
  • 1 Medium CVE in history
Vulnerabilities
1

Bitcoin Lightning Publisher for WordPress Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2024-12100medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Bitcoin Lightning Publisher for WordPress <= 1.4.1 - Reflected Cross-Site Scripting

Dec 23, 2024 Patched in 1.4.2 (1d)
Code Analysis
Analyzed Mar 16, 2026

Bitcoin Lightning Publisher for WordPress Code Analysis

Dangerous Functions
0
Raw SQL Queries
5
5 prepared
Unescaped Output
10
113 escaped
Nonce Checks
0
Capability Checks
2
File Operations
1
External Requests
1
Bundled Libraries
1

Bundled Libraries

Guzzle

SQL Query Safety

50% prepared10 total queries

Output Escaping

92% escaped123 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
prepare_items (includes\db\transactions.php:33)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Bitcoin Lightning Publisher for WordPress Attack Surface

Entry Points2
Unprotected0

Shortcodes 2

[ln_v4v] includes\class-bln-publisher.php:406
[ln_simple_boost] includes\class-bln-publisher.php:407
WordPress Hooks 22
actionadmin_menuadmin\settings\class-abstract-settings.php:32
actionadmin_initadmin\settings\class-abstract-settings.php:33
actionadmin_noticesadmin\settings\class-connections.php:21
actionplugins_loadedincludes\class-bln-publisher.php:254
actionadmin_enqueue_scriptsincludes\class-bln-publisher.php:349
actionadmin_enqueue_scriptsincludes\class-bln-publisher.php:351
actionadmin_menuincludes\class-bln-publisher.php:353
actioninitincludes\class-bln-publisher.php:355
filteruser_contactmethodsincludes\class-bln-publisher.php:357
filterplugin_action_linksincludes\class-bln-publisher.php:358
actionwp_enqueue_scriptsincludes\class-bln-publisher.php:371
actionwp_enqueue_scriptsincludes\class-bln-publisher.php:373
actionwp_headincludes\class-bln-publisher.php:375
filterscript_loader_tagincludes\class-bln-publisher.php:377
actionrss2_itemincludes\class-bln-publisher.php:382
actionrss2_headincludes\class-bln-publisher.php:386
actionrss2_nsincludes\class-bln-publisher.php:388
filterno_texturize_shortcodesincludes\class-bln-publisher.php:393
filterthe_contentincludes\class-bln-publisher.php:394
actionrest_api_initincludes\rest-api\class-rest-server.php:63
actionrest_api_initincludes\rest-api\class-rest-server.php:64
filterrest_pre_serve_requestincludes\rest-api\class-rest-server.php:128
Maintenance & Trust

Bitcoin Lightning Publisher for WordPress Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedDec 21, 2024
PHP min version7.4
Downloads6K

Community Trust

Rating80/100
Number of ratings4
Active installs100
Alternatives

Bitcoin Lightning Publisher for WordPress Alternatives

Lightning Publisher for WordPress

Lightning Publisher for WordPress

lightning-publisher

A
85

Lightning Publisher for WordPress allows you to offer previews of your blog posts and require a Lightning Network payment to release the rest.

10 No CVEs
Instant Crypto Payments

Instant Crypto Payments

icpay-payments

A
100

Accept crypto payments (ICP, Bitcoin, stablecoins) with Instant Crypto Payments. Charity, donations, paywall, tips, webhooks, sync, reports.

0 No CVEs
BTCPay Server – Accept Bitcoin payments in WooCommerce

BTCPay Server – Accept Bitcoin payments in WooCommerce

btcpay-greenfield-for-woocommerce

A
100

BTCPay Server is a free and open-source bitcoin payment processor which allows you to receive payments in Bitcoin and altcoins directly, with no fees, &hellip;

1K No CVEs
Accept Bitcoin instantly via OpenNode

Accept Bitcoin instantly via OpenNode

opennode-for-woocommerce

A
100

Start accepting Bitcoin instantly through Lightning Network today. Powered by OpenNode

400 No CVEs
Blink For WooCommerce

Blink For WooCommerce

blink-for-woocommerce

A
92

A simple, fast and secure Bitcoin payment gateway for WooCommerce using Blink.

60 No CVEs
Developer Profile

Bitcoin Lightning Publisher for WordPress Developer Profile

getalby

1 plugin · 100 total installs

94
trust score
Avg Security Score
91/100
Avg Patch Time
1 days
View full developer profile
Detection Fingerprints

How We Detect Bitcoin Lightning Publisher for WordPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/bitcoin-lightning-publisher/admin/css/bln-publisher-admin.css/wp-content/plugins/bitcoin-lightning-publisher/admin/js/bln-publisher-admin.js/wp-content/plugins/bitcoin-lightning-publisher/public/js/bln-publisher-public.js
Script Paths
/wp-content/plugins/bitcoin-lightning-publisher/admin/js/bln-publisher-admin.js/wp-content/plugins/bitcoin-lightning-publisher/public/js/bln-publisher-public.js
Version Parameters
bitcoin-lightning-publisher/admin/css/bln-publisher-admin.css?ver=bitcoin-lightning-publisher/admin/js/bln-publisher-admin.js?ver=bitcoin-lightning-publisher/public/js/bln-publisher-public.js?ver=

HTML / DOM Fingerprints

CSS Classes
wp-lnp-twentyuno-widgetwp-lnp-webln-button-wrapperwp-lnp-webln-button
HTML Comments
<!-- Gutenberg is not active. --><!-- Path to Js that handles block functionality -->
Data Attributes
data-amountdata-currencydata-successaccenttoimage+1 more
JS Globals
wp_lnp_donate_params
REST Endpoints
/wp-json/lnp-alby/v1/lnurlp
Shortcode Output
[lnpaywall
FAQ

Frequently Asked Questions about Bitcoin Lightning Publisher for WordPress