CoinbarPay Payment Gateway Security & Risk Analysis

wordpress.org/plugins/coinbarpay-payment-gateway

Coinbar Pay is a Woocommerce Payment Gateway plugin that allows online merchants to accept crypto payments on their website.

0 active installs v1.0.0 PHP 7.4+ WP 6.0+ Updated Apr 17, 2024
crypto-paymentscrypto-fiat-paymentspayment-gatewaypayment-methodwoocommerce
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is CoinbarPay Payment Gateway Safe to Use in 2026?

Generally Safe

Score 85/100

CoinbarPay Payment Gateway has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago
Risk Assessment

The coinbarpay-payment-gateway v1.0.0 plugin exhibits a mixed security posture. On the positive side, it has a very small attack surface, with no apparent AJAX handlers, REST API routes, shortcodes, or cron events. Furthermore, all SQL queries utilize prepared statements, and there are no recorded vulnerabilities or CVEs, suggesting a history of responsible development or a lack of significant security focus from attackers. However, the plugin has several concerning aspects. The absence of any nonce or capability checks on any of its entry points (even though the attack surface is currently zero) is a significant red flag. If any entry points were to be introduced or discovered, they would likely be unprotected. The taint analysis revealing two flows with unsanitized paths is also a concern, even though they are not classified as critical or high severity, suggesting potential for information disclosure or manipulation if these paths are ever exposed to user input. Finally, the 57% output escaping rate indicates that a portion of the plugin's output is not properly sanitized, posing a risk of cross-site scripting (XSS) vulnerabilities.

Key Concerns

  • Zero nonce checks
  • Zero capability checks
  • Unsanitized paths in taint flows
  • Output escaping not fully implemented
Vulnerabilities
None known

CoinbarPay Payment Gateway Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

CoinbarPay Payment Gateway Release Timeline

No version history available.
Code Analysis
Analyzed Apr 16, 2026

CoinbarPay Payment Gateway Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
12
16 escaped
Nonce Checks
0
Capability Checks
0
File Operations
2
External Requests
0
Bundled Libraries
0

Output Escaping

57% escaped28 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
fe_callback (src/CoinbarPay/Woo/WC_CB_PaymentGateway.php:297)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

CoinbarPay Payment Gateway Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 5
actionwoocommerce_api_cbpay-webhooksrc/CoinbarPay/Woo/WC_CB_PaymentGateway.php:60
actionwoocommerce_api_cbpay-webhook-dbgsrc/CoinbarPay/Woo/WC_CB_PaymentGateway.php:61
actionwoocommerce_api_cbpay-fe-callbacksrc/CoinbarPay/Woo/WC_CB_PaymentGateway.php:62
filterwoocommerce_payment_gatewayswoocommerce-coinbar-pay.php:36
actionplugins_loadedwoocommerce-coinbar-pay.php:42
Maintenance & Trust

CoinbarPay Payment Gateway Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8
Last updatedApr 17, 2024
PHP min version7.4
Downloads1K

Community Trust

Rating100/100
Number of ratings2
Active installs0
Developer Profile

CoinbarPay Payment Gateway Developer Profile

Coinbar s.p.a.

1 plugin · 0 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect CoinbarPay Payment Gateway

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

HTML Comments
Copyright (c) Coinbar Spa 2023.This file is free software: you can redistribute it and/or modifyit under the terms of the GNU General Public License as published bythe Free Software Foundation, either version 3 of the License, or+7 more
Data Attributes
data-plugin-name="CoinbarPay"data-plugin-version="1.0.0"
JS Globals
window.coinbarPayConfig
REST Endpoints
/wp-json/coinbarpay-payment-gateway/v1/webhook/wp-json/coinbarpay-payment-gateway/v1/webhook_debug/wp-json/coinbarpay-payment-gateway/v1/fe_callback
FAQ

Frequently Asked Questions about CoinbarPay Payment Gateway