Does BTCP Pay have any unpatched vulnerabilities?

No. All known vulnerabilities in BTCP Pay have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is BTCP Pay compatible with WordPress 3.4.0?

According to WordPress.org data, BTCP Pay 1.0 has been tested up to WordPress 3.4.0. Check the plugin's changelog for the latest compatibility information.

Is BTCP Pay compatible with PHP 5.0+?

BTCP Pay requires PHP 5.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is BTCP Pay updated?

BTCP Pay was last updated on Unknown. Frequent updates are generally a positive security signal.

What is BTCP Pay's security score?

BTCP Pay has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

BTCP Pay Security & Risk Analysis

wordpress.org/plugins/btcp-pay

Enables users of your WordPress site to hit a button to make a Bitcoin Private payment to you.

0 active installs v1.0 PHP 5.0+ WP 3.0.1+ Updated Unknown

bitcoincryptocurrencywidget

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is BTCP Pay Safe to Use in 2026?

Generally Safe

Score 100/100

BTCP Pay has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs

Risk Assessment

The "btcp-pay" v1.0 plugin exhibits a generally good security posture based on the provided static analysis. The absence of dangerous functions, raw SQL queries, file operations, and external HTTP requests is commendable. The plugin also has no recorded vulnerabilities, which is a strong indicator of good past development practices and careful code review.

However, there are areas that warrant attention. The limited output escaping (67% properly escaped) suggests that a portion of the plugin's output might be vulnerable to Cross-Site Scripting (XSS) attacks. Additionally, the lack of any nonce checks or capability checks across all entry points, even though the attack surface is currently small, presents a significant risk. As the plugin evolves and new entry points are added, the absence of these fundamental security measures could lead to serious vulnerabilities like Cross-Site Request Forgery (CSRF) or unauthorized actions.

The complete lack of taint analysis results (0 flows analyzed) is unusual. While it could mean there are no taint flows, it might also indicate an incomplete analysis or a tool limitation. The overall conclusion is that while the plugin has a solid foundation by avoiding common pitfalls, the missing nonce and capability checks, combined with incomplete output escaping, create potential security gaps that should be addressed proactively.

Key Concerns

Unescaped output detected
Missing nonce checks on entry points
Missing capability checks on entry points

Vulnerabilities

None known

BTCP Pay Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

BTCP Pay Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

2 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

67% escaped3 total outputs

Attack Surface

BTCP Pay Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[btcp_pay_widget] btcp-pay.php:123

WordPress Hooks 3

actionactivated_pluginbtcp-pay.php:22

actionadmin_menubtcp-pay.php:25

actionadmin_initbtcp-pay.php:87

Maintenance & Trust

BTCP Pay Maintenance & Trust

Maintenance Signals

WordPress version tested3.4.0

Last updatedUnknown

PHP min version5.0

Downloads6K

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

BTCP Pay Alternatives

Cryptocurrency Widgets For Elementor

cryptocurrency-widgets-for-elementor

Easily display cryptocurrency prices and generate customizable widgets for 250+ coins, including Bitcoin, Ethereum, and more in Elementor.

2K 1 CVE

Crypto Converter ⚡ Widget

crypto-converter-widget

Effortless ❤️ crypto/fiat conversion: ⚡ live, secure, fast, customizable WP 📟 widget—no API keys needed, completely free!

1K 2 CVEs

Kades Crypto Widgets

kades-crypto-widgets

Displays Cryptocurrency widgets. More widgets and chart to come. Crypto market data from https://www.cryptocompare.com/dev/widget/wizard/ and ICOs inf …

30 No CVEs

Bitcoin Widgets

itez-payment-gateway-for-woocommerce

Using WooCommerce you can accept payment for orders in BTC.

0 No CVEs

Bitcoin Widgets

widgets-bitcoin

Simple widget for displaying current bitcoin quotes to currencies.

0 No CVEs

Developer Profile

BTCP Pay Developer Profile

mattpass

2 plugins · 10 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect BTCP Pay

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/btcp-pay/

Script Paths

//btcppay.com/widget.js

HTML / DOM Fingerprints

HTML Comments

Data Attributes

id="btcp_widget_data"id="btcp_widget"

JS Globals

btcpWidget

Shortcode Output

[btcp_pay_widget][btcp_pay_widget amount=

FAQ

BTCP Pay Security & Risk Analysis

Is BTCP Pay Safe to Use in 2026?

Generally Safe

Key Concerns

BTCP Pay Security Vulnerabilities

BTCP Pay Code Analysis

Output Escaping

BTCP Pay Attack Surface

Shortcodes 1

BTCP Pay Maintenance & Trust

Maintenance Signals

Community Trust

BTCP Pay Alternatives

Cryptocurrency Widgets For Elementor

Crypto Converter ⚡ Widget

Kades Crypto Widgets

Bitcoin Widgets

Bitcoin Widgets

BTCP Pay Developer Profile

How We Detect BTCP Pay

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about BTCP Pay