Does Bitcoin Payments – Blockonomics have any unpatched vulnerabilities?

No. All known vulnerabilities in Bitcoin Payments – Blockonomics have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Bitcoin Payments – Blockonomics compatible with WordPress 6.9.4?

According to WordPress.org data, Bitcoin Payments – Blockonomics 3.9.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Bitcoin Payments – Blockonomics compatible with PHP 7.4+?

Bitcoin Payments – Blockonomics requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Bitcoin Payments – Blockonomics updated?

Bitcoin Payments – Blockonomics was last updated on Jan 29, 2026. Frequent updates are generally a positive security signal.

What is Bitcoin Payments – Blockonomics's security score?

Bitcoin Payments – Blockonomics has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Bitcoin Payments – Blockonomics Security & Risk Analysis

wordpress.org/plugins/blockonomics-bitcoin-payments

Accept Bitcoin/USDT payments on your WooCommerce website. Crypto payments go directly to your wallet.

3K active installs v3.9.0 PHP 7.4+ WP 5.6+ Updated Jan 29, 2026

accept-bitcoinbitcoinbitcoin-paymentsbitcoin-woocommercebitcoin-wordpress-plugin

A · Safe

CVEs total2

Unpatched0

Last CVEJan 3, 2023

Plugin page Download

Safety Verdict

Is Bitcoin Payments – Blockonomics Safe to Use in 2026?

Generally Safe

Score 99/100

Bitcoin Payments – Blockonomics has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Jan 3, 2023Updated 2mo ago

Risk Assessment

The 'blockonomics-bitcoin-payments' plugin v3.9.0 presents a mixed security posture. While it demonstrates some good practices, such as a significant percentage of SQL queries using prepared statements and a good number of nonce and capability checks in its code, there are notable areas of concern. The presence of an unprotected AJAX handler is a significant risk, as it represents an entry point that could be exploited without proper authentication. Furthermore, the taint analysis reveals a concerning trend of unsanitized paths in all analyzed flows, although thankfully, these did not escalate to critical or high severity vulnerabilities in this scan. The vulnerability history indicates past issues with Cross-Site Scripting (XSS), with two medium severity CVEs recorded. The fact that the most recent vulnerability was in January 2023 and is currently unpatched suggests a potential for lingering security weaknesses or a lack of consistent security maintenance. In conclusion, while the plugin has areas of strength, the unprotected AJAX endpoint and the patterns identified in taint analysis, combined with past XSS vulnerabilities, necessitate careful attention to mitigate potential risks.

Key Concerns

Unprotected AJAX handler found
All taint flows have unsanitized paths
Medium severity CVEs in vulnerability history
57% output escaping is not properly escaped
0 capability checks found

Vulnerabilities

Bitcoin Payments – Blockonomics Security Vulnerabilities

CVEs by Year

1 CVE in 2021

2021

1 CVE in 2023

2023

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2022-47145medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WordPress Bitcoin Payments – Blockonomics <= 3.5.7 - Reflected Cross-Site Scripting

Jan 3, 2023 Patched in 3.5.8 (385d)

WF-a5bcf040-cc43-4b3d-a6fc-d41973725af6-blockonomics-bitcoin-paymentsmedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WordPress Bitcoin Payments – Blockonomics <= 3.2 - Reflected Cross-Site Scripting

Jun 1, 2021 Patched in 3.3 (966d)

Code Analysis

Analyzed Mar 16, 2026

Bitcoin Payments – Blockonomics Code Analysis

Dangerous Functions

Raw SQL Queries

19 prepared

Unescaped Output

118

156 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

73% prepared26 total queries

Output Escaping

57% escaped274 total outputs

Data Flows

6 unsanitized

Data Flow Analysis

6 flows6 with unsanitized paths

blockonomics_woocommerce_init (blockonomics-woocommerce.php:65)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Bitcoin Payments – Blockonomics Attack Surface

Entry Points2

Unprotected1

AJAX Handlers 1

authwp_ajax_test_setupblockonomics-woocommerce.php:112

Shortcodes 1

[blockonomics_payment] blockonomics-woocommerce.php:85

WordPress Hooks 27

actionadmin_menublockonomics-woocommerce.php:77

actioninitblockonomics-woocommerce.php:78

actionwoocommerce_order_details_after_order_tableblockonomics-woocommerce.php:79

actionwoocommerce_email_customer_detailsblockonomics-woocommerce.php:80

actionadmin_enqueue_scriptsblockonomics-woocommerce.php:81

filterwoocommerce_get_checkout_payment_urlblockonomics-woocommerce.php:82

filterwoocommerce_payment_gatewaysblockonomics-woocommerce.php:83

actionwoocommerce_cart_calculate_feesblockonomics-woocommerce.php:84

actionwp_enqueue_scriptsblockonomics-woocommerce.php:86

actionwp_enqueue_scriptsblockonomics-woocommerce.php:87

filterwp_list_pages_excludesblockonomics-woocommerce.php:88

actionadmin_menublockonomics-woocommerce.php:89

actionwoocommerce_order_list_table_restrict_manage_ordersblockonomics-woocommerce.php:92

filterwoocommerce_shop_order_list_table_prepare_items_query_argsblockonomics-woocommerce.php:93

actionrestrict_manage_postsblockonomics-woocommerce.php:95

filterrequestblockonomics-woocommerce.php:96

actionadmin_enqueue_scriptsblockonomics-woocommerce.php:111

actionplugins_loadedblockonomics-woocommerce.php:458

actionadmin_noticesblockonomics-woocommerce.php:461

actionbefore_woocommerce_initblockonomics-woocommerce.php:463

actionplugins_loadedblockonomics-woocommerce.php:571

actionwoocommerce_blocks_loadedblockonomics-woocommerce.php:656

actionwoocommerce_blocks_payment_method_type_registrationblockonomics-woocommerce.php:665

actionadmin_initphp\admin-page.php:197

filterwoocommerce_gateway_iconphp\WC_Gateway_Blockonomics.php:27

actionwoocommerce_receipt_blockonomicsphp\WC_Gateway_Blockonomics.php:46

actionwoocommerce_api_wc_gateway_blockonomicsphp\WC_Gateway_Blockonomics.php:55

Maintenance & Trust

Bitcoin Payments – Blockonomics Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 29, 2026

PHP min version7.4

Downloads209K

Community Trust

Rating90/100

Number of ratings35

Active installs3K

Alternatives

Bitcoin Payments – Blockonomics Alternatives

GoUrl Bitcoin Payment Gateway & Paid Downloads & Membership

gourl-bitcoin-payment-gateway-paid-downloads-membership

GoUrl Official Bitcoin/Altcoin Payment Gateway for Wordpress. Accept Bitcoin, Bitcoin Cash, Litecoin, Dash, Dogecoin, etc. Payments Online

900 1 unpatched

Acceptcoin

accept-coin

100

Acceptcoin is an innovative integrated payment gateway for accepting cryptocurrencies as payment for the purchase of goods and services on the seller& …

0 No CVEs

GoUrl WooCommerce – Bitcoin Altcoin Payment Gateway Addon

gourl-woocommerce-bitcoin-altcoin-payment-gateway-addon

Provides Bitcoin/Altcoin Payment Gateway for WooCommerce 2.1+ or higher. White Label Product. Accept Bitcoin, Bitcoin Cash, Bitcoin SV, Litecoin, Dash …

700 No CVEs

Speed Bitcoin and Stablecoin Payments for WooCommerce

speed-accept-bitcoin-payments

100

Start accepting bitcoin or stablecoin payments instantly on your platform using Speed, without exchange rate volatility risk.

80 No CVEs

Bitcoin Payments for WP WooCommerce

bitcoin-payments-for-wp-woocommerce

Bitcoin Payments for WooCommerce is a Wordpress plugin that allows to accept bitcoins at WooCommerce-powered online stores.

10 No CVEs

Developer Profile

Bitcoin Payments – Blockonomics Developer Profile

blockonomics

2 plugins · 3K total installs

trust score

Avg Security Score

92/100

Avg Patch Time

676 days

View full developer profile

Detection Fingerprints

How We Detect Bitcoin Payments – Blockonomics

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/blockonomics-bitcoin-payments/css/admin.css/wp-content/plugins/blockonomics-bitcoin-payments/js/admin.js/wp-content/plugins/blockonomics-bitcoin-payments/css/admin-setup.css

Script Paths

/wp-content/plugins/blockonomics-bitcoin-payments/js/admin.js

Version Parameters

blockonomics-bitcoin-payments/style.css?ver=blockonomics-bitcoin-payments/script.js?ver=

HTML / DOM Fingerprints

CSS Classes

blockonomics-payment-formblockonomics-addressblockonomics-qr-codeblockonomics-qrcodeblockonomics-deposit

HTML Comments

Data Attributes

data-blockonomics-addressdata-blockonomics-amountdata-blockonomics-payment-id

JS Globals

blockonomics_params

REST Endpoints

/wp-json/blockonomics/v1/payment

Shortcode Output

[blockonomics_payment]

FAQ