WP-Safety

BitMate Author Donations Security & Risk Analysis

wordpress.org/plugins/bitmate-author-donations

BitMate Author Donations is a WordPress plugin for authors on WordPress powered sites to accept cryptocurrency donations.

40 active installs v2.0.2 PHP + WP 3.0+ Updated Mar 13, 2018
bitcoincryptocurrencycurrencydonatedonations
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is BitMate Author Donations Safe to Use in 2026?

Generally Safe

Score 85/100

BitMate Author Donations has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago
Risk Assessment

The bitmate-author-donations plugin v2.0.2 exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and avoids external HTTP requests. The absence of known CVEs and bundled libraries is also a strong indicator of a secure past and present. However, significant concerns arise from the static analysis. The presence of an unprotected AJAX handler represents a critical entry point that could be exploited if it performs sensitive operations or exposes data without proper authentication. Furthermore, the low percentage of properly escaped output (40%) suggests a high likelihood of Cross-Site Scripting (XSS) vulnerabilities, allowing attackers to inject malicious scripts into the site. The taint analysis, while showing no critical or high severity flows, did reveal two flows with unsanitized paths, which warrants further investigation to understand the potential impact.

Key Concerns

  • Unprotected AJAX handler
  • Low output escaping percentage
  • Unsanitized paths in taint flows
  • No nonce checks on AJAX
Vulnerabilities
None known

BitMate Author Donations Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

BitMate Author Donations Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
27
18 escaped
Nonce Checks
0
Capability Checks
1
File Operations
8
External Requests
0
Bundled Libraries
0

Output Escaping

40% escaped45 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
ajax_notice_handler (admin\bm-admin.php:376)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

BitMate Author Donations Attack Surface

Entry Points3
Unprotected1

AJAX Handlers 1

authwp_ajax_dismissed_notice_handleradmin\bm-admin.php:380

Shortcodes 2

[bitmate-author-donate] bitmate-author-donations.php:633
[bitmate-author-donate-widget] bitmate-author-donations.php:889
WordPress Hooks 13
actionadmin_menuadmin\bm-admin.php:43
actionadmin_initadmin\bm-admin.php:110
actionadmin_noticesadmin\bm-admin.php:373
actionshow_user_profileadmin\bm-users.php:17
actionedit_user_profileadmin\bm-users.php:18
actionpersonal_options_updateadmin\bm-users.php:70
actionedit_user_profile_updateadmin\bm-users.php:71
actionwp_enqueue_scriptsbitmate-author-donations.php:91
actionadmin_enqueue_scriptsbitmate-author-donations.php:113
filterthe_contentbitmate-author-donations.php:116
actionwidgets_initbitmate-author-donations.php:942
actionadmin_initwelcome\welcome-logic.php:48
actionadmin_enqueue_scriptswelcome\welcome-logic.php:92
Maintenance & Trust

BitMate Author Donations Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29
Last updatedMar 13, 2018
PHP min version
Downloads9K

Community Trust

Rating94/100
Number of ratings3
Active installs40
Alternatives

BitMate Author Donations Alternatives

Cryptocurrency Widgets For Elementor

Cryptocurrency Widgets For Elementor

cryptocurrency-widgets-for-elementor

A
98

Easily display cryptocurrency prices and generate customizable widgets for 250+ coins, including Bitcoin, Ethereum, and more in Elementor.

2K 1 CVE
Cryptothanks

Cryptothanks

cryptothanks

A
85

This is the plugin where your visitors make payment to you. You can change the label of the button to make it either donation or payment button.

20 No CVEs
BTCPay for GiveWP

BTCPay for GiveWP

btcpay-for-givewp

A
100

A BTCPay Server Bitcoin / Lightning Network (and other cryptocurrencies) payment gateway for GiveWP.

0 No CVEs
elegro Crypto Payment

elegro Crypto Payment

elegro-payment

A
85

Increase your customers base by accepting cryptocurrencies.

20K No CVEs
NOWPayments for WooCommerce – Crypto Payment Gateway

NOWPayments for WooCommerce – Crypto Payment Gateway

nowpayments-for-woocommerce

A
100

Accept Bitcoin, Ethereum, and 300+ cryptocurrencies in WooCommerce using the official NOWPayments crypto payment gateway.

3K No CVEs
Developer Profile

BitMate Author Donations Developer Profile

Daniel McClure

2 plugins · 70 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect BitMate Author Donations

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/bitmate-author-donations/style.css/wp-content/plugins/bitmate-author-donations/css/cryptofont.min.css/wp-content/plugins/bitmate-author-donations/js/bm-admin.js/wp-content/plugins/bitmate-author-donations/includes/qrme.php
Script Paths
/wp-content/plugins/bitmate-author-donations/js/bm-admin.js
Version Parameters
bitmate-author-donations/style.css?ver=bitmate-author-donations/css/cryptofont.min.css?ver=bitmate-author-donations/js/bm-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
bitmate-author-creditbm-cc-btcbm-cc-btc-altbm-cc-ethbm-cc-ltcbm-cc-xmrbm-cc-zecbm-qr-code+3 more
Data Attributes
id="bitmate-author-donation"id="bm-cc-btc"class="bm-cc-tabs"id="bm-qr-code"id="bm-window-detail"id="bm-classic"+3 more
JS Globals
plugins_url
FAQ

Frequently Asked Questions about BitMate Author Donations