[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f8MImiT8TN3b7o-FY3-6DAAdHrRK-mQpv6Gz3qmNuIws":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":85,"crawl_stats":38,"alternatives":90,"analysis":184,"fingerprints":302},"buymeacoffee","Buy Me a Coffee – Button and Widget Plugin","4.4.2","Buy Me a Coffee","https:\u002F\u002Fprofiles.wordpress.org\u002Fbuymeacoffee\u002F","\u003Cp>The \u003Ca href=\"https:\u002F\u002Fbuymeacoffee.com\u002F?utm_source=wordpress-plugin\" rel=\"nofollow ugc\">Buy Me a Coffee\u003C\u002Fa> WordPress plugin makes it easier for you to accept donations from your blog, website, or project visitors and encourages them to become your paid supporters.\u003C\u002Fp>\n\u003Cp>It takes just a few minutes to setup the plugin and to place your Buy Me a Coffee buttons or widgets anywhere on your site. The widget allows your supporters to make payments then and there without having to leave your site, and the button takes them directly to your BMC page from where you can accept one-off donations as well as sell extras and memberships (yearly\u002Fmonthly) to your visitors.\u003C\u002Fp>\n\u003Cp>Create your free page at Buy Me a Coffee in just a few minutes and link your Stripe or Bank account to start receiving donations via credit cards, debit cards, Apple Pay, and Google Pay options. So, add a Buy Me a Coffee widget\u002Fbutton to accept direct payments from your website visitors, without having to wait for your ads\u002Faffiliate revenue to come in.\u003C\u002Fp>\n\u003Cp>BMC is used by 200,000+ creators online to accept donations as well as sell memberships, making it the number one \u003Ca href=\"https:\u002F\u002Fwww.buymeacoffee.com\u002Fpatreon-alternative\u002F?utm_source=wordpress-plugin\" rel=\"nofollow ugc\">patreon alternative\u003C\u002Fa>. Whether you’re creating: videos, images, podcasts, or original songs you can share them exclusively via the locked posts option, to which only paid members will have access to.\u003C\u002Fp>\n\u003Cp>Buy Me a Coffee is ultimately a free fast and friendly way for creators to accept donations from their audience. Here’s how our creator Alex Tech describes Buy Me a Coffee to be.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FNhzVaYH_YTI?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n","A free, fast, and friendly way to accept donations and memberships (recurring payments) from your visitors.",6000,152897,76,16,"2025-10-15T06:19:00.000Z","6.8.5","3.0.1","5.2",[20,21,22,23,24],"apple-pay","buy-me-a-coffee","donate-plugin","donation","members","https:\u002F\u002Fwww.buymeacoffee.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbuymeacoffee.4.4.2.zip",97,4,0,"2023-07-13 00:00:00","2026-03-15T15:16:48.613Z",[33,49,64,74],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":48},"CVE-2023-2082","buy-me-a-coffee-button-and-widget-plugin-authenticated-subscriber-stored-cross-site-scripting","Buy Me a Coffee – Button and Widget Plugin \u003C= 3.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting","The \"Buy Me a Coffee – Button and Widget Plugin\" plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 3.6 due to insufficient sanitization and escaping on the 'text value set via the bmc_post_reception action. This makes it possible for authenticated attackers, with subscriber-level permissions, and above to inject arbitrary web scripts into pages that execute whenever a victim accesses a page with the injected scripts.",null,"\u003C=3.6","3.7","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-01-22 19:56:02",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fed9f8948-085b-4ac5-befd-c70085aa23cd?source=api-prod",194,{"id":50,"url_slug":51,"title":52,"description":53,"plugin_slug":4,"theme_slug":38,"affected_versions":54,"patched_in_version":55,"severity":56,"cvss_score":57,"cvss_vector":58,"vuln_type":59,"published_date":60,"updated_date":45,"references":61,"days_to_patch":63},"CVE-2023-2079","buy-me-a-coffee-button-and-widget-plugin-cross-site-request-forgery","Buy Me a Coffee – Button and Widget Plugin \u003C= 3.7 - Cross-Site Request Forgery","The \"Buy Me a Coffee – Button and Widget Plugin\" plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the recieve_post, bmc_disconnect, name_post, and widget_post functions in versions up to, and including, 3.7. This makes it possible for unauthenticated attackers to update the plugins settings, via a forged request granted the attacker can trick a site's administrator into performing an action such as clicking on a link.","\u003C=3.7","3.8","high",7.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:L","Cross-Site Request Forgery (CSRF)","2023-07-10 00:00:00",[62],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F6309258e-e4fc-4edf-a771-2d82a9a85a5c?source=api-prod",197,{"id":65,"url_slug":66,"title":67,"description":68,"plugin_slug":4,"theme_slug":38,"affected_versions":54,"patched_in_version":55,"severity":56,"cvss_score":69,"cvss_vector":70,"vuln_type":71,"published_date":60,"updated_date":45,"references":72,"days_to_patch":63},"CVE-2023-2078","buy-me-a-coffee-button-and-widget-plugin-missing-authorization","Buy Me a Coffee – Button and Widget Plugin \u003C= 3.7 - Missing Authorization","The \"Buy Me a Coffee – Button and Widget Plugin\" plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the recieve_post, bmc_disconnect, name_post, and widget_post functions in versions up to, and including, 3.7. This makes it possible for authenticated attackers, with minimal permissions such as subscribers, to update the plugins settings. CVE-2023-25030 may be a duplicate of this issue.",7.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:L\u002FI:L\u002FA:L","Missing Authorization",[73],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fc1c218c6-1599-4dc9-846f-e0ef74821488?source=api-prod",{"id":75,"url_slug":76,"title":77,"description":78,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":79,"cvss_vector":80,"vuln_type":44,"published_date":81,"updated_date":45,"references":82,"days_to_patch":84},"CVE-2023-2578","buy-me-a-coffee-button-and-widget-plugin-authenticated-administrator-stored-cross-site-scripting","Buy Me a Coffee – Button and Widget Plugin \u003C= 3.6 - Authenticated (Administrator+) Stored Cross-Site Scripting","The Buy Me a Coffee – Button and Widget Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.",4.4,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","2023-06-19 00:00:00",[83],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Ff8f3ce3d-ae8a-4c0f-a74d-657225a932f1?source=api-prod",218,{"slug":4,"display_name":7,"profile_url":8,"plugin_count":86,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":87,"trust_score":88,"computed_at":89},1,202,77,"2026-04-05T03:01:08.736Z",[91,114,133,151,169],{"slug":92,"name":93,"version":94,"author":95,"author_profile":96,"description":97,"short_description":98,"active_installs":99,"downloaded":100,"rating":101,"num_ratings":86,"last_updated":102,"tested_up_to":103,"requires_at_least":104,"requires_php":105,"tags":106,"homepage":111,"download_link":112,"security_score":101,"vuln_count":86,"unpatched_count":29,"last_vuln_date":113,"fetched_at":31},"ko-fi-button","Ko-fi Button","1.3.10","koficommunity","https:\u002F\u002Fprofiles.wordpress.org\u002Fkoficommunity\u002F","\u003Cp>Ko-fi is a fast and friendly way to earn money from your blog, website or project.\u003C\u002Fp>\n\u003Cp>Create your free page at ko-fi.com in just a few minutes and link your PayPal or Stripe account to start receiving donations.\u003C\u002Fp>\n\u003Cp>Use the Plugin to add a Ko-fi button or donation panel to any widget area, sidebar or use the shortcode [kofi] to add a button to any page or post.\u003C\u002Fp>\n\u003Cp>Not sure where to start? \u003Ca href=\"https:\u002F\u002Fhelp.ko-fi.com\u002Fhc\u002Fen-us\u002Farticles\u002F115004002614-Adding-a-Ko-fi-Button-to-your-WordPress-site-or-blog\" rel=\"nofollow ugc\">Take a look at our guide!\u003C\u002Fa>\u003C\u002Fp>\n","Receive donations on your Ko-fi page with a button on your WordPress site.",5000,87139,100,"2025-12-12T01:46:00.000Z","6.9.4","4.6","5.6",[22,107,108,109,110],"ko-fi","membership","monetization","paypal-donate","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fko-fi-button.1.3.10.zip","2023-04-25 00:00:00",{"slug":115,"name":116,"version":117,"author":118,"author_profile":119,"description":120,"short_description":121,"active_installs":122,"downloaded":123,"rating":29,"num_ratings":29,"last_updated":124,"tested_up_to":103,"requires_at_least":125,"requires_php":126,"tags":127,"homepage":131,"download_link":132,"security_score":101,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"buy-me-coffee","Buy Me a Coffee button & widgets – Fundraise with Stripe and PayPal","1.0.6","WP Miners","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpminers\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fwpminers.com\u002Fbuymecoffee\u002Fdocs\u002Fgetting-started\u002Fquick-setup\u002F\" rel=\"nofollow ugc\">User Guide\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwpminers.com\u002Fbuymecoffee-demo\" rel=\"nofollow ugc\">Demo\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Stripe onsite and PayPal pro module allow you to get paid right on your site. Buy Me a Coffee offers you different templates like donate a coffee or donate a custom amount.\u003Cbr \u002F>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002Fm3T5LQ1DOEc?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Buy me a Coffee\u003C\u002Fstrong> is a free WordPress plugin that allows you to accept donations from your visitors. It is a simple and effective way to monetize your content. You can accept donations via PayPal or Stripe. The plugin is very easy to use and configure. You can add a PayPal donation button, Form, or template anywhere on your website using a shortcode or a widget.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Buy Me a Coffee\u003C\u002Fstrong> is a perfect solution for content creators, bloggers, musicians, artists, developers, gamers, photographers, and all other types of content creators who want to accept donations (as Buy Coffee for Me) from their visitors.\u003C\u002Fp>\n\u003Cp>You can use it for free without any limitations. You can accept donations from your visitors without any commission.\u003Cbr \u002F>\nDonations are collected directly into your own PayPal or Stripe account merchant. You can accept donations in any currency supported by PayPal or Stripe.\u003Cbr \u002F>\none-time donations are available now will implement recurring donations in the future.\u003Cbr \u002F>\nYou can accept donations from your visitors using a Stripe and PayPal donation button, Form, or template. Accept donations from your visitors using a shortcode or a widget.\u003Cbr \u002F>\nIt Will be available using a popup or a page.\u003C\u002Fp>\n\u003Cp>What is the purpose for “Buy Me a Coffee” Plugin?\u003Cbr \u002F>\nIt’s a Fundraising plugin with the most easy and flexible way for WordPress.\u003Cbr \u002F>\nIn the age of digital content creation, monetizing your efforts has never been more important. Whether you’re a blogger, artist, musician, or other form of content creation, the ability to take donations can dramatically improve your financial stability and allow you to continue producing high-quality content. The Buy Me a Coffee Donation Button & Widgets plugin for WordPress makes it simple to convert visitors into supporters by easily receiving donations using PayPal Pro and Stripe gateway.\u003C\u002Fp>\n\u003Cp>The Buy Me a Coffee donation button and widgets plugin is a strong fundraising tool that enables authors to collect monetary donations from their audience without any charge.\u003C\u002Fp>\n\u003Cp>To include a contribution button on the WordPress website or blog, asking fans to show their appreciation for efforts with donations. This method is particularly effective at motivating tiny, generous contributions that can accumulate to a significant income over time.\u003C\u002Fp>\n\u003Cp>Key Features\u003Cbr \u002F>\n1. Seamless Integration with Stripe and PayPal\u003Cbr \u002F>\n   One of the plugin’s major features is its ability to interface with two of the most popular payment gateways: PayPal and Stripe. This provides your visitors with secure and familiar payment choices, resulting in a smooth transaction procedure.\u003C\u002Fp>\n\u003Cp>PayPal Pro: Accept credit and debit card payments directly on your website, without redirecting people to another site, which improves the user experience.\u003C\u002Fp>\n\u003Cp>Stripe: Stripe is always recommended for security and ease of use. It accepts multiple payment methods, making it simple for fans to donate using their favourite method.\u003C\u002Fp>\n\u003Col>\n\u003Cli>\n\u003Cp>Customizable Donation Buttons.\u003Cbr \u002F>\nPersonalize your contribution button, and form easily even pages to match your requirements. You may easily change the colour, size, and create your own button to link it your own donation page.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Flexible Donation Options\u003Cbr \u002F>\nThe Buy Me a Coffee plugin provides versatility by allowing you to select specified donation amounts or let users enter their own. This versatility is critical; some supporters may want to contribute more than the normal amount, while others may choose to offer a specified amount.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Widget Support\u003Cbr \u002F>\nThere are some widgets to show buttons, forms and pages easily on your WordPress site using Gutenberg editor. Also, you may use shortcode for the old editors\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Reporting and Analytics\u003Cbr \u002F>\nTo get a clear report about recent donations and support no need to calculate manually. It is directly available on the dashboard.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Why Take Donations Like Buy Me a Coffee?\u003Cbr \u002F>\nTo establish a stronger bond with the audience by promoting donations, supporters can feel more connected when they can donate financially.\u003C\u002Fp>\n\u003Cp>Buy Me a Coffee button & widgets plugin is easy to set up plugin for WordPress websites. Set it up and encourage people to support your work by letting them know about the donation option via blog posts, newsletters, or social media sharing the link to your own site.\u003C\u002Fp>\n\u003Cp>To make an effective fundraising with PayPal Pro and Stripe seamlessly and personalise donation experiences Buy Me a Coffee is the quickest solution ever.\u003C\u002Fp>\n\u003Cp>In addition to improving audience engagement, adding a contribution button to your website creates a steady stream of revenue that lets you keep doing what you love. Use the Buy Me a Coffee donation button and widgets to begin fundraising right now, and change the way you connect with your supporters without spending a single penny.\u003C\u002Fp>\n\u003Cp>You can accept donations from your visitors using custom amounts.\u003C\u002Fp>\n\u003Cp>Features:\u003Cbr \u002F>\nCustom number of donations\u003Cbr \u002F>\nAccept donations using Onsite Stripe and PayPal Pro\u003Cbr \u002F>\nCustomizable templates\u003Cbr \u002F>\nForm shortcode and widget\u003Cbr \u002F>\nButtons Shortcode and widget\u003Cbr \u002F>\nDonor profiles\u003Cbr \u002F>\nDonation statistics\u002Freports\u003Cbr \u002F>\nQuick setup mode\u003Cbr \u002F>\nBuy Me a Coffee counter\u003Cbr \u002F>\nMultiple theme templates\u003C\u002Fp>\n","Easy way to collect donations like \"buy me a coffee\" directly your own Stripe and PayPal for free.",50,2809,"2026-01-11T07:04:00.000Z","4.5","7.4",[21,23,128,129,130],"fundraising","payments","stripe-payments","https:\u002F\u002Fwpminers.com\u002Fbuymecoffee\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbuy-me-coffee.1.0.6.zip",{"slug":134,"name":135,"version":136,"author":137,"author_profile":138,"description":139,"short_description":140,"active_installs":122,"downloaded":141,"rating":101,"num_ratings":142,"last_updated":143,"tested_up_to":16,"requires_at_least":104,"requires_php":126,"tags":144,"homepage":147,"download_link":148,"security_score":149,"vuln_count":28,"unpatched_count":29,"last_vuln_date":150,"fetched_at":31},"simple-payment","Simple Payment","2.4.7","Ido Kobelkowsky","https:\u002F\u002Fprofiles.wordpress.org\u002Fidokd\u002F","\u003Cp>Simple Payment enables a simple, fast and powerful integration to process payments, converting any post or page to a Product or Service, no need to install complicated plugins.\u003C\u002Fp>\n\u003Cp>Simple Payment works with many payment gateways, and enables you to add you customized gateway easily\u003C\u002Fp>\n\u003Cp>Major features in Simple Payment include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Integrate any of the supported Payment gateways (PayPal, Cardcom, iCount, PayMe, iCredit, Credit2000)\u003C\u002Fli>\n\u003Cli>Selection of Payment Forms to choose from (Basic, Bootstrap, Legacy, Donation)\u003C\u002Fli>\n\u003Cli>Works with plugins such as: Gutenberg Editor, WooCommerce, WPJobBoard, GravityForms, Form Maker.\u003C\u002Fli>\n\u003Cli>Extend workflow with Zapier – get triggers and preform actions on payments via Zapier.\u003C\u002Fli>\n\u003Cli>Donation Form for free entry amount\u003C\u002Fli>\n\u003Cli>PCI-DSS Data Protection Ready (All sensitive are masked in database)\u003C\u002Fli>\n\u003Cli>Convert Any Post \u002F Page to a Service\u002F Product\u003C\u002Fli>\n\u003Cli>Automatically takes Post\u002FPage Title as Product Name\u003C\u002Fli>\n\u003Cli>Simple integrate Buy Button everywhere\u003C\u002Fli>\n\u003Cli>Custom Field: amount – will be the amount to be charged\u003C\u002Fli>\n\u003Cli>Full Form with Templates: Bootstrap, Legacy\u003C\u002Fli>\n\u003Cli>Support for personalized theme payment forms templates\u003C\u002Fli>\n\u003Cli>Simple Use of Shortcode to convert any post\u002Fpage\u003C\u002Fli>\n\u003Cli>Enable Multiple Payment Engines\u003C\u002Fli>\n\u003Cli>Transactions \u002F Payments Log with Filtering\u003C\u002Fli>\n\u003Cli>Export Transactions to CSV\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Currently on Beta: PayMe – please contact if require assistance.\u003C\u002Fp>\n\u003Cp>Soon to be released: Pelecard, Tranzilla, CreditGuard\u003C\u002Fp>\n\u003Cp>PS: You’ll need an \u003Ca href=\"https:\u002F\u002Fsimple-payment.yalla-ya.com\u002Fget\u002F\" rel=\"nofollow ugc\">Simple Payment API key for advanced gateways\u003C\u002Fa> to use it.  Keys are available for personal blogs; single domain, multiple domains, businesses and commercial sites.\u003C\u002Fp>\n\u003Ch3>Feedback and Support\u003C\u002Fh3>\n\u003Cp>I would be happy to receive your feedback to improve this plugin.\u003C\u002Fp>\n\u003Cp>Please let me know through \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fsimple-payment\u002F\" rel=\"ugc\">support forums\u003C\u002Fa> if you like it and please be sure to leave a review..\u003C\u002Fp>\n\u003Cp>Also you can contact me on my personal page \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fusers\u002Fidokd\u002F\" rel=\"ugc\">Ido Kobelkowsky\u003C\u002Fa> or even visit \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fidokd\u002Fwp-simple-payment\" rel=\"nofollow ugc\">Github\u003C\u002Fa> of Simple Payment where you can find all the development code of this plugin.\u003C\u002Fp>\n\u003Cp>I hope it is useful for you and look forward to reading your reviews! 😉 Thanks!\u003C\u002Fp>\n\u003Ch3>Advanced Configuration: Theme Custom Payment Processing\u003C\u002Fh3>\n\u003Cp>To write your own payment processing integration, to be plugin, read the information at this link: \u003Ca href=\"https:\u002F\u002Fsimple-payment.yalla-ya.com\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fsimple-payment.yalla-ya.com\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>you will require to write a simple php class that Pre Process, Process and Post Process the transaction with your your payment gateway.\u003C\u002Fp>\n","Simple Payment enables a simple, fast and powerful integration to process payments. Convert any Post\u002FPage to a product - easy and very customizable to &hellip;",11303,3,"2025-10-06T05:44:00.000Z",[145,146,23,108,134],"checkout","credit-card","https:\u002F\u002Fsimple-payment.yalla-ya.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-payment.2.4.7.zip",87,"2025-10-29 00:00:00",{"slug":152,"name":153,"version":154,"author":155,"author_profile":156,"description":157,"short_description":158,"active_installs":159,"downloaded":160,"rating":29,"num_ratings":29,"last_updated":161,"tested_up_to":103,"requires_at_least":162,"requires_php":126,"tags":163,"homepage":167,"download_link":168,"security_score":101,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"chama","ChamaWP – Monetize With Donations, Memberships, Crowdfunding, Commissions & Restricted Content","1.0.12","chamawp","https:\u002F\u002Fprofiles.wordpress.org\u002Fchamawp\u002F","\u003Ch4>ChamaWP: The Ultimate WordPress Monetization Tool for Creators.\u003C\u002Fh4>\n\u003Cp>ChamaWP is a powerful, easy-to-use monetization platform designed for creators who want to turn their passion into income. With this plugin, you can effortlessly set up a range of income-generating tools—whether it’s donations, paid memberships, crowdfunding campaigns, or commission-based work—all within minutes.\u003C\u002Fp>\n\u003Cp>Are you looking for a good alternative to Patreon\u002FKo-fi\u002FKickstarter that helps you avoid paying steep platform fees and control your relationship with your supporters? With ChamaWP, you get \u003Cstrong>complete control\u003C\u002Fstrong> over your monetization strategy. Payments go directly to your Stripe account, with no middleman — \u003Cstrong>meaning you keep more of every dollar\u003C\u002Fstrong> your fans contribute. Plus, with the built-in \u003Cstrong>newsletter feature\u003C\u002Fstrong>, you can schedule targeted updates for subscribers based on membership tiers and grow your mailing list with a customizable signup form (much like Substack).\u003C\u002Fp>\n\u003Cp>Whether you’re a content creator, artist, writer, podcaster or freelancer, ChamaWP empowers you to build deeper connections with your supporters and transform that engagement into a sustainable income.\u003C\u002Fp>\n\u003Ch3>Why Choose ChamaWP?\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Keep More of Your Earnings\u003C\u002Fstrong>: 0-3% platform fees in addition to Stripe’s standard processing charges. That means significantly lower costs than Patreon, Ko-fi, or Kickstarter.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Full Control\u003C\u002Fstrong>: Own your content, your community, and your payment processing on your own WordPress site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Flexible Monetization Options\u003C\u002Fstrong>: Offer one-time donations, recurring memberships, limited-time campaigns, and commission-based services—all from one plugin.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Seamless Stripe Integration\u003C\u002Fstrong>: Secure, fast, and globally trusted payment processing with Stripe\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Substack-Style Newsletters\u003C\u002Fstrong>: Send targeted newsletters to your subscribers, segment by membership tier, and grow your mailing list with customizable signup forms.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002F5ab-IlU2nkY?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>💸 \u003Cstrong>One-Time & Recurring Payments\u003C\u002Fstrong>: Accept both one-time donations and subscription-based memberships.\u003C\u002Fli>\n\u003Cli>🎁 \u003Cstrong>Unlimited Membership Tiers\u003C\u002Fstrong>: Create as many membership levels as you need to engage your supporters with unique rewards.\u003C\u002Fli>\n\u003Cli>🚀 \u003Cstrong>Crowdfunding Campaigns\u003C\u002Fstrong>: Launch and manage campaigns to fund your next project, product, or initiative.\u003C\u002Fli>\n\u003Cli>👩🏻‍🎨 \u003Cstrong>Commissioned Work Sales\u003C\u002Fstrong>: Let your audience commission custom work directly from you.\u003C\u002Fli>\n\u003Cli>📬 \u003Cstrong>Email Activation for Free Memberships\u003C\u002Fstrong>: Build your mailing list and grow your community.\u003C\u002Fli>\n\u003Cli>📰 \u003Cstrong>Newsletter Management\u003C\u002Fstrong>: Schedule newsletters for subscribers based on membership tiers with a customizable signup form to capture new subscribers.\u003C\u002Fli>\n\u003Cli>🔒 \u003Cstrong>Content Protection\u003C\u002Fstrong>: Restrict access to your exclusive content to paying members only.\u003C\u002Fli>\n\u003Cli>🧾 \u003Cstrong>Supporter Dashboard\u003C\u002Fstrong>: Your supporters can easily manage their memberships, donations, and commissions through a personalized dashboard.\u003C\u002Fli>\n\u003Cli>📊 \u003Cstrong>Transaction History\u003C\u002Fstrong>: View detailed records of all payments in your WordPress Admin Dashboard.\u003C\u002Fli>\n\u003Cli>🎨 \u003Cstrong>Seamless Integration with Toocheke Theme\u003C\u002Fstrong>: Fully compatible with the Toocheke WordPress theme for a smooth user experience.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Stop giving away your earnings. Start building a sustainable income with ChamaWP—on your terms.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fdemo.chamawp.com\u002F\" rel=\"nofollow ugc\">Free Demo\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fdocs.chamawp.com\u002F\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Licenses & Credits\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Gamajo_Template_Loader by Gary Jones licensed to use under the GPL-2.0 and later license (https:\u002F\u002Fgithub.com\u002FGaryJones\u002FGamajo-Template-Loader)\u003C\u002Fli>\n\u003Cli>jQuery Validation by Jörn Zaefferer licensed to use under the MIT license (https:\u002F\u002Fgithub.com\u002Fjquery-validation\u002Fjquery-validation)\u003C\u002Fli>\n\u003Cli>Font Awesome Free 6.6.0 by @fontawesome is licensed under (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) https:\u002F\u002Ffontawesome.com\u002Flicense\u002Ffree\u003C\u002Fli>\n\u003Cli>Featherlight by Noel Bossart licensed to use under the MIT license (https:\u002F\u002Fgithub.com\u002Fnoelboss\u002Ffeatherlight\u002F)\u003C\u002Fli>\n\u003Cli>Micromodal by Indrashish Ghosh licensed to use under the MIT license (https:\u002F\u002Fgithub.com\u002Fghosh\u002FMicromodal\u002F)\u003C\u002Fli>\n\u003Cli>All UI elements and artwork in screenshot-1.png , screenshot-2.png, screenshot-3.png, screenshot-4.png,screenshot-5.png and screenshot-6.png, were created by Leetoo and are © 2025 under standard plugin licensing.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin connects to the following external services to provide essential features:\u003C\u002Fp>\n\u003Ch4>WhatsApp Sharing\u003C\u002Fh4>\n\u003Cp>This service is used to allow users to share content (such as a page or post link) via WhatsApp.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>What data is sent and when: The URL or text content selected by the user is sent to WhatsApp when they click a share button. No data is sent automatically; it only occurs when the user initiates the action.\u003C\u002Fli>\n\u003Cli>Why: To provide social sharing functionality via WhatsApp.\u003C\u002Fli>\n\u003Cli>Terms of Service: https:\u002F\u002Fwww.whatsapp.com\u002Flegal\u002Fbusiness-terms\u003C\u002Fli>\n\u003Cli>Privacy Policy: https:\u002F\u002Fwww.whatsapp.com\u002Fprivacy\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Google reCAPTCHA Verification\u003C\u002Fh4>\n\u003Cp>This service is used to verify that a form submission is made by a human and not a bot.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>What data is sent and when: When a user submits a form that includes reCAPTCHA, their browser and interaction data (e.g. IP address, user agent, mouse movement) is sent to Google’s servers to verify the challenge.\u003C\u002Fli>\n\u003Cli>Why: To help protect forms from spam and automated abuse.\u003C\u002Fli>\n\u003Cli>Terms of Service: https:\u002F\u002Fpolicies.google.com\u002Fterms\u003C\u002Fli>\n\u003Cli>Privacy Policy: https:\u002F\u002Fpolicies.google.com\u002Fprivacy\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Stripe JavaScript Library\u003C\u002Fh4>\n\u003Cp>This service is used to securely handle and tokenize payment information during checkout.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>What data is sent and when: When a user interacts with payment forms, sensitive payment data (such as credit card number, expiration date) is securely sent directly to Stripe via this library. The plugin does not store this data.\u003C\u002Fli>\n\u003Cli>Why: To facilitate secure payments using Stripe.\u003C\u002Fli>\n\u003Cli>Terms of Service: https:\u002F\u002Fstripe.com\u002Flegal\u003C\u002Fli>\n\u003Cli>Privacy Policy: https:\u002F\u002Fstripe.com\u002Fprivacy\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Google reCAPTCHA JavaScript API\u003C\u002Fh4>\n\u003Cp>This script is loaded to display the reCAPTCHA widget and handle client-side challenge functionality.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>What data is sent and when: When the reCAPTCHA widget loads, Google collects browser and user interaction data to assess risk before the user submits a form.\u003C\u002Fli>\n\u003Cli>Why: To enable Google reCAPTCHA functionality on the front end.\u003C\u002Fli>\n\u003Cli>Terms of Service: https:\u002F\u002Fpolicies.google.com\u002Fterms\u003C\u002Fli>\n\u003Cli>Privacy Policy: https:\u002F\u002Fpolicies.google.com\u002Fprivacy\u003C\u002Fli>\n\u003C\u002Ful>\n","💳 A WordPress plugin for monetizing your tribe! 🚀",10,769,"2026-02-09T23:51:00.000Z","5.3",[164,23,108,165,166],"content-restriction","stripe","subscription","https:\u002F\u002Fwww.chamawp.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fchama.1.0.12.zip",{"slug":170,"name":171,"version":172,"author":173,"author_profile":174,"description":175,"short_description":176,"active_installs":159,"downloaded":177,"rating":29,"num_ratings":29,"last_updated":111,"tested_up_to":103,"requires_at_least":178,"requires_php":179,"tags":180,"homepage":111,"download_link":182,"security_score":101,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":183},"minimal-stripe-wrapper","Minimal Stripe Wrapper","1.1.8","jerrystewart99","https:\u002F\u002Fprofiles.wordpress.org\u002Fjerrystewart99\u002F","\u003Cp>Minimal Stripe Wrapper (MSW) is a lightweight and secure WordPress plugin designed to streamline Stripe payments with minimal setup and maximum flexibility. Unlike complex, feature-heavy payment plugins, MSW provides a low-footprint solution that leverages Stripe Checkout, ensuring the highest level of security while keeping your site’s payment workflow simple and efficient.\u003C\u002Fp>\n\u003Cp>Please visit the full \u003Ca href=\"https:\u002F\u002Fplugins.webworkz.nz\" rel=\"nofollow ugc\">Plugin Documentation\u003C\u002Fa> page.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>Single payments via Stripe-hosted Checkout\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>No card or payment information are stored locally.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Can use Stripe Test mode for sandbox testing.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Can automatically add a surcharge to cover the Stripe transaction fee.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Will work with either logged in users (eg. a membership site) or not logged in users (eg. a donation)\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Includes a shortcode Donate Form with variable amount.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Downloadable transactions history in the WP dashboard for tracking and cross-referencing transactions.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Security\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>Uses Stripe-hosted forms. No card data touches your server.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Rate-limiting for extra protection.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Stripe secret keys are stored encrypted.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Uses the WordPress REST API with corresponding validation checks in addition to Stripe validation.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>External services\u003C\u002Fh3>\n\u003Cp>This plugin connects to the Stripe API in order to initiate a Stripe Checkout session and to receive a Webhook response.\u003C\u002Fp>\n\u003Cp>You may specify what information is supplied to Stripe.\u003C\u002Fp>\n\u003Cp>The minimum information you must supply is the payment amount.\u003C\u002Fp>\n\u003Cp>You may optionally include a Users email, product name and quantity.\u003C\u002Fp>\n\u003Cp>Where an email is not supplied, Stripe will require the user to enter an email.\u003C\u002Fp>\n\u003Cp>See also the \u003Ca href=\"https:\u002F\u002Fstripe.com\u002Flegal\u002Fconsumer\" rel=\"nofollow ugc\">Stripe Consumer Terms of Service\u003C\u002Fa> and the \u003Ca href=\"https:\u002F\u002Fstripe.com\u002Fprivacy\" rel=\"nofollow ugc\">Stripe Privacy Policy\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>How it Works\u003C\u002Fh3>\n\u003Cp>You can initiate a Stripe payment with any of these methods:\u003C\u002Fp>\n\u003Col>\n\u003Cli>The Gutenberg block element ‘Minimal Stripe Button’\u003C\u002Fli>\n\u003Cli>By using any clickable element of your choice (eg. a \u003Cbutton> or \u003Ca>) \u003C\u002Fli>\n\u003Cli>By using the shortcode-generated button.\u003C\u002Fli>\n\u003Cli>By using an action hook. \u003C\u002Fli>\n\u003Cli>By using the shortcode-generated donate-form.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Method 1: A Gutenberg block element\u003C\u002Fh4>\n\u003Cp>Add to your page using the WordPress block editor.\u003C\u002Fp>\n\u003Ch4>Method 2: Use an existing clickable element\u003C\u002Fh4>\n\u003Cp>Add a css class to any clickable target element.\u003Cbr \u002F>\neg. Use the page builder of your choice (eg. A Divi Button).\u003C\u002Fp>\n\u003Cpre>\u003Ccode>class=\"mswr-stripe-payment\"\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Then add a filter hook to enter\u002Fmodify your specific payment details.\u003C\u002Fp>\n\u003Cp>For example:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter( 'mswr_pre_stripe_checkout', function( $args ) {\n\n  \u002F\u002F add payment details\n  $args[ 'amount' ] = $amount;              \u002F\u002F use the smallest unit of your currency. ie. $123.45 => '12345'\n  $args[ 'currency' ] = 'nzd';              \u002F\u002F iso 4217 currency code\n  $args[ 'email' ] = abc@test.com;          \u002F\u002F eg. wp_get_current_user()->user_email;\n  $args[ 'product' ] = 'Your Product\u002FService name'; \u002F\u002F will appear on the Stripe Checkput page\n  $args[ 'user_meta' ] = 'Membership Renewal';  \u002F\u002F user-defined tag that can help identify a transaction in the Stripe webhook callback\n\n  return $args;\n});\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Method 3: Using a shortcode-generated button\u003C\u002Fh4>\n\u003Cp>This method requires no php code. You can however, optionally add a php hook (as above) to modify the Stripe parameters and to perform extra actions on the Stripe webhook callback.\u003C\u002Fp>\n\u003Cp>Example shortcode:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[mswr_stripe_button amount=\"1234\" currency=\"usd\" email=\"abc@test.com\" product=\"Sample Product\" quantity=\"2\"  success_url=\"\u002Fpayment_success\" cancelled_url=\"\u002Fpayment_cancelled\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Method 4: WP hook\u003C\u002Fh4>\n\u003Cp>A developer method.\u003Cbr \u002F>\nUse PHP from your code to fire a WordPress ‘action’ which initiates a Stripe Checkout session with the specified Stripe arguments\u003C\u002Fp>\n\u003Cp>Action hook: \u003Ccode>mswr_initiate_stripe_payment\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>Example:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$args = [ 'amount' => '12345' ];\nadd_action( 'mswr_initiate_stripe_payment', $args );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>…\u003C\u002Fp>\n\u003Ch3>Hooks available in Minimal Stripe Wrapper\u003C\u002Fh3>\n\u003Cpre>\u003Ccode>1. mswr_initiate_stripe_payment\n2. mswr_pre_stripe_checkout\n3. mswr_{\\$type}\n4. mswr_shortcode_html\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Method 5: Donate Form\u003C\u002Fh4>\n\u003Cp>Shortcode generated Donate Form where the user can select the amount to pay.\u003C\u002Fp>\n\u003Cp>See the \u003Ca href=\"https:\u002F\u002Fplugins.webworkz.nz\" rel=\"nofollow ugc\">Plugin Documentation\u003C\u002Fa> for a full description\u003C\u002Fp>\n","Minimal Stripe Wrapper (MSW) – Simple, Secure, and Lightweight Stripe Integration for WordPress",740,"6.2","7.0",[146,23,108,181,165],"payment","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fminimal-stripe-wrapper.1.1.8.zip","2026-03-15T10:48:56.248Z",{"attackSurface":185,"codeSignals":233,"taintFlows":289,"riskAssessment":290,"analyzedAt":301},{"hooks":186,"ajaxHandlers":229,"restRoutes":230,"shortcodes":231,"cronEvents":232,"entryPointCount":29,"unprotectedCount":29},[187,193,198,201,203,206,209,212,215,218,221,224,227],{"type":188,"name":189,"callback":190,"file":191,"line":192},"action","wp_head","header_widget","admin\\class-buy-me-a-coffee-admin.php",59,{"type":188,"name":194,"callback":195,"file":196,"line":197},"plugins_loaded","anonymous","includes\\class-buy-me-a-coffee.php",152,{"type":188,"name":199,"callback":195,"file":196,"line":200},"admin_enqueue_scripts",167,{"type":188,"name":199,"callback":195,"file":196,"line":202},168,{"type":188,"name":204,"callback":195,"file":196,"line":205},"admin_post_bmc_post_reception",170,{"type":188,"name":207,"callback":195,"file":196,"line":208},"admin_post_bmc_disconnect",172,{"type":188,"name":210,"callback":195,"file":196,"line":211},"admin_post_bmc_name_post",174,{"type":188,"name":213,"callback":195,"file":196,"line":214},"admin_post_bmc_widget_post",176,{"type":188,"name":216,"callback":195,"file":196,"line":217},"admin_menu",179,{"type":188,"name":219,"callback":195,"file":196,"line":220},"widgets_init",181,{"type":188,"name":222,"callback":195,"file":196,"line":223},"activated_plugin",183,{"type":188,"name":225,"callback":195,"file":196,"line":226},"wp_enqueue_scripts",198,{"type":188,"name":225,"callback":195,"file":196,"line":228},199,[],[],[],[],{"dangerousFunctions":234,"sqlUsage":235,"outputEscaping":246,"fileOperations":29,"externalRequests":86,"nonceChecks":142,"capabilityChecks":142,"bundledLibraries":288},[],{"prepared":236,"raw":142,"locations":237},5,[238,241,243],{"file":191,"line":239,"context":240},282,"$wpdb->get_row() with variable interpolation",{"file":191,"line":242,"context":240},407,{"file":244,"line":245,"context":240},"admin\\partials\\buy-me-a-cofee-widget.php",44,{"escaped":247,"rawEcho":248,"locations":249},14,23,[250,253,254,255,256,257,258,259,261,263,265,267,269,271,273,275,277,279,280,282,284,285,286],{"file":191,"line":251,"context":252},409,"raw output",{"file":191,"line":251,"context":252},{"file":191,"line":251,"context":252},{"file":191,"line":251,"context":252},{"file":191,"line":251,"context":252},{"file":191,"line":251,"context":252},{"file":191,"line":251,"context":252},{"file":244,"line":260,"context":252},45,{"file":244,"line":262,"context":252},51,{"file":244,"line":264,"context":252},52,{"file":244,"line":266,"context":252},72,{"file":244,"line":268,"context":252},122,{"file":244,"line":270,"context":252},125,{"file":244,"line":272,"context":252},139,{"file":244,"line":274,"context":252},150,{"file":244,"line":276,"context":252},158,{"file":244,"line":278,"context":252},162,{"file":244,"line":200,"context":252},{"file":244,"line":281,"context":252},262,{"file":244,"line":283,"context":252},266,{"file":244,"line":283,"context":252},{"file":244,"line":283,"context":252},{"file":244,"line":287,"context":252},270,[],[],{"summary":291,"deductions":292},"The static analysis of the 'buymeacoffee' plugin version 4.4.2 reveals a generally positive security posture with no identified direct entry points for attack in the form of unprotected AJAX handlers, REST API routes, shortcodes, or cron events.  The absence of dangerous functions and file operations further contributes to a reduced attack surface. However, the code signals do raise some concerns.  While the majority of SQL queries utilize prepared statements, a significant portion of output is not properly escaped, increasing the risk of Cross-Site Scripting (XSS) vulnerabilities. The presence of 3 nonce checks and 3 capability checks is encouraging, but their placement and effectiveness would require a deeper code review.\n\nThe plugin's vulnerability history is a significant area of concern. With a total of 4 known CVEs, including 2 high and 2 medium severity vulnerabilities, and a last vulnerability recorded in July 2023, it indicates a pattern of past security weaknesses. The common vulnerability types like XSS, CSRF, and Missing Authorization directly align with the potential risks identified in the static analysis, particularly the unescaped output. While there are no currently unpatched vulnerabilities, the history suggests a need for vigilant monitoring and prompt patching of future issues.  In conclusion, while the current version of 'buymeacoffee' shows improvements in its attack surface, the historical vulnerability data and the concerning rate of unescaped output necessitate a cautious approach to its deployment.",[293,296,299],{"reason":294,"points":295},"Significant unescaped output detected",12,{"reason":297,"points":298},"History of high severity vulnerabilities",15,{"reason":300,"points":159},"History of medium severity vulnerabilities","2026-03-16T18:03:38.332Z",{"wat":303,"direct":313},{"assetPaths":304,"generatorPatterns":307,"scriptPaths":308,"versionParams":309},[305,306],"\u002Fwp-content\u002Fplugins\u002Fbuymeacoffee\u002Fcss\u002Fbuy-me-a-coffee-admin.css","\u002Fwp-content\u002Fplugins\u002Fbuymeacoffee\u002Fjs\u002Fbuy-me-a-coffee-admin.js",[],[],[310,311,312],"buymeacoffee?ver=","buy-me-a-coffee-admin.css?ver=","buy-me-a-coffee-admin.js?ver=",{"cssClasses":314,"htmlComments":316,"htmlAttributes":317,"restEndpoints":319,"jsGlobals":320,"shortcodeOutput":323},[315],"bmc-widget-button-wrapper",[],[318],"data-bmc-widget-id",[],[321,322],"bmc_plugin_data","bmc_plugin_ajax_object",[324],"[buy-me-a-coffee]"]