[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f1bUl8cpwJmDYinXUv77csjegM3wk1ldo8MfIOc7eYqc":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":36,"analysis":37,"fingerprints":545},"coinremitter-crypto-payment-gateway","Coinremitter Crypto Payment Gateway","1.1.6","CoinRemitter","https:\u002F\u002Fprofiles.wordpress.org\u002Fcoinremitter\u002F","\u003Ch4>What Is Crypto Payment Gateway?\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fcoinremitter.com?utm_source=wordpress&utm_medium=plugin&utm_campaign=cr\" rel=\"nofollow ugc\">Crypto Payment Gateway\u003C\u002Fa> acts as a bridge between the merchant’s website and the cryptocurrency network, allowing the merchant to receive payments in the form of cryptocurrency.\u003C\u002Fp>\n\u003Ch4>What kind of services we are providing on our plugin?\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>100% free plugin\u003C\u002Fli>\n\u003Cli>No bank account requires\u003C\u002Fli>\n\u003Cli>No chargebacks\u003C\u002Fli>\n\u003Cli>Accept crypto payments from all over the world\u003C\u002Fli>\n\u003Cli>Accept all major cryptocurrencies\u003C\u002Fli>\n\u003Cli>Multiple wallets support\u003C\u002Fli>\n\u003Cli>Free customer support\u003C\u002Fli>\n\u003Cli>Low transaction fee\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Configuration of Plugin\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Go to the sidebar of wordpress’s admin panel.\u003C\u002Fli>\n\u003Cli>Click the \u003Cstrong>Woocommerce\u003C\u002Fstrong> option and select Settings.\u003C\u002Fli>\n\u003Cli>Now, you will need to locate the \u003Cstrong>Payments\u003C\u002Fstrong> section in Settings.\u003C\u002Fli>\n\u003Cli>You’ll find a \u003Cstrong>CoinRemitter Crypto Payment Gateway\u003C\u002Fstrong> there.\u003C\u002Fli>\n\u003Cli>Click \u003Cstrong>Manage\u003C\u002Fstrong> at the end of the same line.\u003C\u002Fli>\n\u003Cli>The configure settings page will be opened.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>TITLE:\u003C\u002Fstrong> The title written by you will appear on the checkout page.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>DESCRIPTION:\u003C\u002Fstrong> You can add a few details to tell the customer something important before the customer takes any step during checkout.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>ORDER STATUS:\u003C\u002Fstrong> Set the order status, when customers successfully make a payment using cryptocurrency.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>INVOICE EXPIRY TIME IN MINUTES:\u003C\u002Fstrong> If you’ve set the value to 30 then the generated invoice will expire after 30 minutes.\u003C\u002Fli>\n\u003Cli>That’s all, save the setting.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>How to link a Coinremitter wallet on your website?\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>First you install and activate this plugin. Read installation instructions first\u003C\u002Fli>\n\u003Cli>click on the sidebar menu name “Coinremitter”\u003C\u002Fli>\n\u003Cli>Click on \u003Cstrong>Add New Wallet\u003C\u002Fstrong>. It will open a popup.\u003C\u002Fli>\n\u003Cli>Add \u003Cstrong>API key\u003C\u002Fstrong> and \u003Cstrong>Password\u003C\u002Fstrong> You can get it from your coinremitter account. If you don’t have wallet on coinremitter.com, Please follow this instruction to create a wallet. \u003Ca href=\"https:\u002F\u002Fblog.coinremitter.com\u002Fhow-to-create-a-wallet-on-coinremitter\" rel=\"nofollow ugc\">How to create a wallet in Coinremitter ?\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Paste the API key and Password from your Coinremitter wallet.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Minimum Order Value\u003C\u002Fstrong>: Setting the minimum Order limit is necessary, This wallet option will not display on checkout page if total order value is less then minimum order value.\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Order Multiplier\u003C\u002Fstrong>: We suggest you set it to 1. For instance, if you set it to 1.10, then prices for cryptocurrencies will be increased by 10%, and you can set it to 0.95 in this text box for a 5% discount.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Now click on \u003Cstrong>Add Wallet\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>Congratulations! You have successfully linked your wallet. It will display the wallet on the same page.\u003C\u002Fli>\n\u003Cli>Now you can accept and receive payments in your wallet.\u003C\u002Fli>\n\u003Cli>You can also add multiple wallets the same way for other coins.\u003C\u002Fli>\n\u003Cli>If you want to Delete your wallet then, click on the \u003Cstrong>Delete\u003C\u002Fstrong> button. It will just disconnect your wallet from your WordPress but you can still use the same credential in the future.\u003C\u002Fli>\n\u003Cli>If you want to change the password of your wallet. First you have to change the password of that wallet from your Coinremitter wallet then you can change it on your WordPress site using \u003Cstrong>Edit\u003C\u002Fstrong> Option.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>How to withdraw coin?\u003C\u002Fh4>\n\u003Cp>Withdrawal is only available on our official website only. You can log in to your account on Coinremitter and withdraw coins from there\u003C\u002Fp>\n","Coinremitter Official Bitcoin\u002FAltcoin Payment Gateway for WordPress. Accept Crypto Payments on your wordpress site",10,13051,0,"2025-12-26T13:20:00.000Z","6.9.4","6.8","8.1",[19,20,21,22,23],"best-crypto-payment-gateway","bitcoin-api","blockchain-api","crypto-api","crypto-payment-processor","https:\u002F\u002Fcoinremitter.com\u002Fplugins","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcoinremitter-crypto-payment-gateway.1.1.6.zip",100,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"coinremitter",1,30,94,"2026-04-04T09:14:48.570Z",[],{"attackSurface":38,"codeSignals":169,"taintFlows":327,"riskAssessment":527,"analyzedAt":544},{"hooks":39,"ajaxHandlers":141,"restRoutes":163,"shortcodes":164,"cronEvents":165,"entryPointCount":168,"unprotectedCount":168},[40,46,51,55,59,63,67,73,77,81,85,89,92,95,99,103,107,111,115,119,123,127,132,137],{"type":41,"name":42,"callback":43,"file":44,"line":45},"action","admin_notices","display_admin_notices","admin\\coinremitter-payment-setting.php",53,{"type":41,"name":47,"callback":48,"file":49,"line":50},"init","coinre_actions_call","coinremitter-wordpress.php",49,{"type":41,"name":52,"callback":53,"file":49,"line":54},"coinremitter_enqueue_script_admin","coinremitter_wp_admin_script",55,{"type":41,"name":56,"callback":57,"file":49,"line":58},"admin_menu","coinremitter_wp_admin_menu",69,{"type":41,"name":60,"callback":61,"file":49,"line":62},"add_meta_boxes","coinremitter_cd_meta_box_add",74,{"type":41,"name":64,"callback":65,"priority":11,"file":49,"line":66},"update_option","track_currency_change",77,{"type":68,"name":69,"callback":70,"priority":71,"file":49,"line":72},"filter","woocommerce_get_return_url","coinremitter_override_return_url",20,83,{"type":41,"name":74,"callback":75,"file":49,"line":76},"plugins_loaded","coinremitter_wp_payment_gateways",84,{"type":41,"name":78,"callback":79,"priority":71,"file":49,"line":80},"wp_enqueue_scripts","coinremitter_wp_plugin_scripts",86,{"type":68,"name":82,"callback":83,"file":49,"line":84},"body_class","add_custom_class_to_body",87,{"type":41,"name":86,"callback":87,"file":49,"line":88},"wc_ajax_coinremitter_webhook_data","coinremitter_webhook_data",90,{"type":41,"name":90,"callback":87,"file":49,"line":91},"wc_ajax_nopriv_coinremitter_webhook_data",91,{"type":41,"name":93,"callback":94,"file":49,"line":34},"wc_ajax_coinremitter_cancel_order","coinremitter_cancel_order",{"type":41,"name":96,"callback":97,"priority":11,"file":49,"line":98},"woocommerce_order_details_after_order_table","coinremitter_thank_you_field_display_cust_order_meta",97,{"type":41,"name":100,"callback":101,"priority":32,"file":49,"line":102},"parse_request","callback_parse_request_coinremitter",98,{"type":68,"name":104,"callback":105,"file":49,"line":106},"woocommerce_payment_gateways","coinremitter_wp_gateway_class",101,{"type":41,"name":108,"callback":109,"file":49,"line":110},"update_fiat_rate_hook","coinremitter_wp_update_fiat_rate",103,{"type":41,"name":112,"callback":113,"file":49,"line":114},"wp","coinremitter_wp_schedule_fiat_rate_update",104,{"type":68,"name":116,"callback":117,"file":49,"line":118},"page_template","cr_register_template",150,{"type":68,"name":120,"callback":121,"priority":11,"file":49,"line":122},"theme_page_templates","cr_template_to_select",153,{"type":41,"name":124,"callback":125,"priority":11,"file":49,"line":126},"upgrader_process_complete","update_cr_tables",201,{"type":68,"name":128,"callback":129,"file":130,"line":131},"cron_schedules","coinremitter_wp_cron_interval","front\\cron-event.php",5,{"type":41,"name":133,"callback":134,"file":135,"line":136},"woocommerce_blocks_loaded","oawoo_register_order_approval_payment_method_type","front\\payment-setting.php",11,{"type":41,"name":138,"callback":139,"file":135,"line":140},"woocommerce_blocks_payment_method_type_registration","closure",27,[142,146,149,152,154,157,159,162],{"action":143,"nopriv":144,"callback":143,"hasNonce":144,"hasCapCheck":144,"file":49,"line":145},"coinremitter_wp_wallet_add",false,57,{"action":143,"nopriv":147,"callback":143,"hasNonce":144,"hasCapCheck":144,"file":49,"line":148},true,58,{"action":150,"nopriv":144,"callback":150,"hasNonce":144,"hasCapCheck":144,"file":49,"line":151},"coinremitter_wp_wallet_edit",61,{"action":150,"nopriv":147,"callback":150,"hasNonce":144,"hasCapCheck":144,"file":49,"line":153},62,{"action":155,"nopriv":144,"callback":155,"hasNonce":144,"hasCapCheck":144,"file":49,"line":156},"coinremitter_wp_wallet_delete",65,{"action":155,"nopriv":147,"callback":155,"hasNonce":144,"hasCapCheck":144,"file":49,"line":158},66,{"action":160,"nopriv":144,"callback":160,"hasNonce":144,"hasCapCheck":144,"file":49,"line":161},"store_rel_value",99,{"action":160,"nopriv":147,"callback":160,"hasNonce":144,"hasCapCheck":144,"file":49,"line":26},[],[],[166],{"hook":108,"callback":108,"file":130,"line":167},64,8,{"dangerousFunctions":170,"sqlUsage":171,"outputEscaping":193,"fileOperations":32,"externalRequests":168,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":323},[],{"prepared":172,"raw":168,"locations":173},39,[174,178,180,182,185,188,190,191],{"file":175,"line":176,"context":177},"admin\\coin-data.php",102,"$wpdb->get_results() with variable interpolation",{"file":175,"line":179,"context":177},283,{"file":44,"line":181,"context":177},198,{"file":183,"line":184,"context":177},"admin\\coinremitter.php",135,{"file":183,"line":186,"context":187},245,"$wpdb->get_row() with variable interpolation",{"file":183,"line":189,"context":177},338,{"file":130,"line":71,"context":177},{"file":192,"line":80,"context":177},"front\\payment-class-block.php",{"escaped":194,"rawEcho":58,"locations":195},52,[196,200,201,203,204,206,208,209,211,213,215,217,219,221,223,225,227,229,231,233,235,237,239,240,242,244,246,248,250,252,254,256,258,260,262,264,266,268,270,272,274,276,278,280,283,284,286,287,289,290,292,293,295,296,298,299,301,303,304,306,308,310,312,314,315,317,319,321,322],{"file":197,"line":198,"context":199},"admin\\admin-js.php",19,"raw output",{"file":175,"line":54,"context":199},{"file":175,"line":202,"context":199},125,{"file":175,"line":184,"context":199},{"file":175,"line":205,"context":199},158,{"file":175,"line":207,"context":199},189,{"file":44,"line":91,"context":199},{"file":44,"line":210,"context":199},318,{"file":44,"line":212,"context":199},345,{"file":44,"line":214,"context":199},860,{"file":183,"line":216,"context":199},92,{"file":183,"line":218,"context":199},129,{"file":183,"line":220,"context":199},140,{"file":183,"line":222,"context":199},164,{"file":183,"line":224,"context":199},169,{"file":183,"line":226,"context":199},176,{"file":183,"line":228,"context":199},209,{"file":183,"line":230,"context":199},240,{"file":183,"line":232,"context":199},249,{"file":183,"line":234,"context":199},279,{"file":183,"line":236,"context":199},284,{"file":183,"line":238,"context":199},292,{"file":135,"line":194,"context":199},{"file":135,"line":241,"context":199},553,{"file":135,"line":243,"context":199},560,{"file":135,"line":245,"context":199},607,{"file":135,"line":247,"context":199},644,{"file":135,"line":249,"context":199},732,{"file":135,"line":251,"context":199},739,{"file":135,"line":253,"context":199},748,{"file":135,"line":255,"context":199},750,{"file":135,"line":257,"context":199},752,{"file":135,"line":259,"context":199},775,{"file":135,"line":261,"context":199},777,{"file":135,"line":263,"context":199},781,{"file":135,"line":265,"context":199},786,{"file":135,"line":267,"context":199},789,{"file":135,"line":269,"context":199},810,{"file":135,"line":271,"context":199},811,{"file":135,"line":273,"context":199},818,{"file":135,"line":275,"context":199},819,{"file":135,"line":277,"context":199},826,{"file":135,"line":279,"context":199},827,{"file":281,"line":282,"context":199},"template-page.php",134,{"file":281,"line":222,"context":199},{"file":281,"line":285,"context":199},170,{"file":281,"line":285,"context":199},{"file":281,"line":288,"context":199},182,{"file":281,"line":288,"context":199},{"file":281,"line":291,"context":199},217,{"file":281,"line":291,"context":199},{"file":281,"line":294,"context":199},222,{"file":281,"line":294,"context":199},{"file":281,"line":297,"context":199},239,{"file":281,"line":232,"context":199},{"file":281,"line":300,"context":199},259,{"file":281,"line":302,"context":199},272,{"file":281,"line":179,"context":199},{"file":281,"line":305,"context":199},294,{"file":281,"line":307,"context":199},301,{"file":281,"line":309,"context":199},306,{"file":281,"line":311,"context":199},311,{"file":281,"line":313,"context":199},313,{"file":281,"line":210,"context":199},{"file":281,"line":316,"context":199},322,{"file":281,"line":318,"context":199},327,{"file":281,"line":320,"context":199},336,{"file":281,"line":320,"context":199},{"file":281,"line":320,"context":199},[324],{"name":325,"version":27,"knownCves":326},"jQuery",[],[328,350,360,371,385,409,433,449,463,473,488,505],{"entryPoint":329,"graph":330,"unsanitizedCount":32,"severity":349},"coinremitter_wp_wallet_add (admin\\coinremitter.php:73)",{"nodes":331,"edges":346},[332,336,340],{"id":333,"type":334,"label":335,"file":183,"line":176},"n0","source","$_POST",{"id":337,"type":338,"label":339,"file":183,"line":176},"n1","transform","→ cr_save_coin_logo()",{"id":341,"type":342,"label":343,"file":183,"line":344,"wp_function":345},"n2","sink","file_put_contents() [File Write]",60,"file_put_contents",[347,348],{"from":333,"to":337,"sanitized":144},{"from":337,"to":341,"sanitized":144},"medium",{"entryPoint":351,"graph":352,"unsanitizedCount":32,"severity":349},"\u003Ccoinremitter> (admin\\coinremitter.php:0)",{"nodes":353,"edges":357},[354,355,356],{"id":333,"type":334,"label":335,"file":183,"line":176},{"id":337,"type":338,"label":339,"file":183,"line":176},{"id":341,"type":342,"label":343,"file":183,"line":344,"wp_function":345},[358,359],{"from":333,"to":337,"sanitized":144},{"from":337,"to":341,"sanitized":144},{"entryPoint":361,"graph":362,"unsanitizedCount":32,"severity":349},"store_rel_value (front\\payment-setting.php:45)",{"nodes":363,"edges":369},[364,366],{"id":333,"type":334,"label":335,"file":135,"line":365},48,{"id":337,"type":342,"label":367,"file":135,"line":194,"wp_function":368},"echo() [XSS]","echo",[370],{"from":333,"to":337,"sanitized":144},{"entryPoint":372,"graph":373,"unsanitizedCount":32,"severity":384},"coinremitter_cd_meta_box_add (admin\\coinremitter-payment-setting.php:426)",{"nodes":374,"edges":382},[375,378],{"id":333,"type":334,"label":376,"file":44,"line":377},"$_GET",432,{"id":337,"type":342,"label":379,"file":44,"line":380,"wp_function":381},"get_results() [SQLi]",436,"get_results",[383],{"from":333,"to":337,"sanitized":144},"high",{"entryPoint":386,"graph":387,"unsanitizedCount":408,"severity":384},"coinremitter_cd_meta_box_cb (admin\\coinremitter-payment-setting.php:450)",{"nodes":388,"edges":404},[389,392,394,395,400,402],{"id":333,"type":334,"label":390,"file":44,"line":391},"$_GET (x3)",456,{"id":337,"type":342,"label":379,"file":44,"line":393,"wp_function":381},462,{"id":341,"type":334,"label":376,"file":44,"line":391},{"id":396,"type":342,"label":397,"file":44,"line":398,"wp_function":399},"n3","get_row() [SQLi]",474,"get_row",{"id":401,"type":334,"label":376,"file":44,"line":391},"n4",{"id":403,"type":342,"label":367,"file":44,"line":214,"wp_function":368},"n5",[405,406,407],{"from":333,"to":337,"sanitized":144},{"from":341,"to":396,"sanitized":144},{"from":401,"to":403,"sanitized":147},4,{"entryPoint":410,"graph":411,"unsanitizedCount":432,"severity":384},"\u003Ccoinremitter-payment-setting> (admin\\coinremitter-payment-setting.php:0)",{"nodes":412,"edges":427},[413,415,416,417,418,419,420,422],{"id":333,"type":334,"label":414,"file":44,"line":377},"$_GET (x4)",{"id":337,"type":342,"label":379,"file":44,"line":380,"wp_function":381},{"id":341,"type":334,"label":376,"file":44,"line":391},{"id":396,"type":342,"label":397,"file":44,"line":398,"wp_function":399},{"id":401,"type":334,"label":376,"file":44,"line":391},{"id":403,"type":342,"label":367,"file":44,"line":214,"wp_function":368},{"id":421,"type":334,"label":376,"file":44,"line":391},"n6",{"id":423,"type":342,"label":424,"file":44,"line":425,"wp_function":426},"n7","wp_remote_post() [SSRF]",1075,"wp_remote_post",[428,429,430,431],{"from":333,"to":337,"sanitized":144},{"from":341,"to":396,"sanitized":144},{"from":401,"to":403,"sanitized":147},{"from":421,"to":423,"sanitized":144},6,{"entryPoint":434,"graph":435,"unsanitizedCount":131,"severity":384},"\u003Ccoinremitter.webhook> (front\\coinremitter.webhook.php:0)",{"nodes":436,"edges":446},[437,441,443,444],{"id":333,"type":334,"label":438,"file":439,"line":440},"$_POST (x4)","front\\coinremitter.webhook.php",9,{"id":337,"type":342,"label":379,"file":439,"line":442,"wp_function":381},31,{"id":341,"type":334,"label":335,"file":439,"line":11},{"id":396,"type":342,"label":397,"file":439,"line":445,"wp_function":399},76,[447,448],{"from":333,"to":337,"sanitized":144},{"from":341,"to":396,"sanitized":144},{"entryPoint":450,"graph":451,"unsanitizedCount":131,"severity":384},"coinremitter_webhook_data (front\\payment-setting.php:223)",{"nodes":452,"edges":460},[453,455,457,458],{"id":333,"type":334,"label":414,"file":135,"line":454},227,{"id":337,"type":342,"label":379,"file":135,"line":456,"wp_function":381},235,{"id":341,"type":334,"label":376,"file":135,"line":454},{"id":396,"type":342,"label":397,"file":135,"line":459,"wp_function":399},252,[461,462],{"from":333,"to":337,"sanitized":144},{"from":341,"to":396,"sanitized":144},{"entryPoint":464,"graph":465,"unsanitizedCount":32,"severity":384},"coinremitter_cancel_order (front\\payment-setting.php:618)",{"nodes":466,"edges":471},[467,469],{"id":333,"type":334,"label":376,"file":135,"line":468},622,{"id":337,"type":342,"label":379,"file":135,"line":470,"wp_function":381},627,[472],{"from":333,"to":337,"sanitized":144},{"entryPoint":474,"graph":475,"unsanitizedCount":136,"severity":384},"coinremitter_thank_you_field_display_cust_order_meta (front\\payment-setting.php:654)",{"nodes":476,"edges":485},[477,480,482,484],{"id":333,"type":334,"label":478,"file":135,"line":479},"$_GET (x2)",666,{"id":337,"type":342,"label":379,"file":135,"line":481,"wp_function":381},672,{"id":341,"type":334,"label":483,"file":135,"line":479},"$_GET (x9)",{"id":396,"type":342,"label":367,"file":135,"line":249,"wp_function":368},[486,487],{"from":333,"to":337,"sanitized":144},{"from":341,"to":396,"sanitized":144},{"entryPoint":489,"graph":490,"unsanitizedCount":71,"severity":384},"\u003Cpayment-setting> (front\\payment-setting.php:0)",{"nodes":491,"edges":500},[492,493,494,495,496,497,498,499],{"id":333,"type":334,"label":335,"file":135,"line":365},{"id":337,"type":342,"label":367,"file":135,"line":194,"wp_function":368},{"id":341,"type":334,"label":483,"file":135,"line":454},{"id":396,"type":342,"label":379,"file":135,"line":456,"wp_function":381},{"id":401,"type":334,"label":376,"file":135,"line":454},{"id":403,"type":342,"label":397,"file":135,"line":459,"wp_function":399},{"id":421,"type":334,"label":483,"file":135,"line":479},{"id":423,"type":342,"label":367,"file":135,"line":249,"wp_function":368},[501,502,503,504],{"from":333,"to":337,"sanitized":144},{"from":341,"to":396,"sanitized":144},{"from":401,"to":403,"sanitized":144},{"from":421,"to":423,"sanitized":144},{"entryPoint":506,"graph":507,"unsanitizedCount":136,"severity":384},"\u003Ctemplate-page> (template-page.php:0)",{"nodes":508,"edges":522},[509,510,512,513,517,519,520,521],{"id":333,"type":334,"label":376,"file":281,"line":168},{"id":337,"type":342,"label":379,"file":281,"line":511,"wp_function":381},67,{"id":341,"type":334,"label":478,"file":281,"line":168},{"id":396,"type":342,"label":514,"file":281,"line":515,"wp_function":516},"wp_redirect() [Open Redirect]",70,"wp_redirect",{"id":401,"type":334,"label":518,"file":281,"line":168},"$_GET (x8)",{"id":403,"type":342,"label":367,"file":281,"line":282,"wp_function":368},{"id":421,"type":334,"label":414,"file":281,"line":168},{"id":423,"type":342,"label":367,"file":281,"line":285,"wp_function":368},[523,524,525,526],{"from":333,"to":337,"sanitized":144},{"from":341,"to":396,"sanitized":144},{"from":401,"to":403,"sanitized":144},{"from":421,"to":423,"sanitized":147},{"summary":528,"deductions":529},"The security posture of the coinremitter-crypto-payment-gateway plugin v1.1.6 presents significant concerns. While there is no recorded vulnerability history, which is a positive indicator, the static analysis reveals critical weaknesses. The most alarming finding is the presence of 8 unprotected AJAX handlers, constituting the entire attack surface. This means that any unauthenticated user can potentially trigger these actions, leading to a high risk of unauthorized access or manipulation.  Furthermore, the taint analysis indicates 9 high-severity flows with unsanitized paths, suggesting a strong likelihood of cross-site scripting (XSS) or other injection vulnerabilities if these flows are not handled with extreme care. The limited number of file operations and external HTTP requests, along with the majority of SQL queries using prepared statements, are positive signs, but they are overshadowed by the critical lack of authentication checks on essential entry points. The absence of nonce and capability checks on AJAX actions, coupled with a significant portion of outputs not being properly escaped, further exacerbates the risk profile. The plugin's reliance on jQuery is standard but does not mitigate the fundamental authentication and sanitization issues.",[530,532,535,537,539,542],{"reason":531,"points":11},"8 unprotected AJAX handlers",{"reason":533,"points":534},"9 high severity taint flows",13,{"reason":536,"points":11},"0 nonce checks on AJAX",{"reason":538,"points":11},"0 capability checks",{"reason":540,"points":541},"57% of outputs not properly escaped",7,{"reason":543,"points":432},"12 unsanitized paths in taint analysis","2026-03-17T00:16:57.970Z",{"wat":546,"direct":557},{"assetPaths":547,"generatorPatterns":551,"scriptPaths":552,"versionParams":553},[548,549,550],"\u002Fwp-content\u002Fplugins\u002Fcoinremitter-crypto-payment-gateway\u002Fcss\u002Fmain.css","\u002Fwp-content\u002Fplugins\u002Fcoinremitter-crypto-payment-gateway\u002Fjs\u002Fmain.js","\u002Fwp-content\u002Fplugins\u002Fcoinremitter-crypto-payment-gateway\u002Fjs\u002Fadmin.js",[],[549,550],[554,555,556],"coinremitter-crypto-payment-gateway\u002Fcss\u002Fmain.css?ver=","coinremitter-crypto-payment-gateway\u002Fjs\u002Fmain.js?ver=","coinremitter-crypto-payment-gateway\u002Fjs\u002Fadmin.js?ver=",{"cssClasses":558,"htmlComments":561,"htmlAttributes":566,"restEndpoints":569,"jsGlobals":572,"shortcodeOutput":575},[559,560],"coinremitter_payment_form","coinremitter-form-wrap",[562,563,564,565],"\u003C!-- coinremitter payment block setting -->","\u003C!-- invoice page create -->","\u003C!-- plugin activation invoice timer set -->","\u003C!-- CoinRemitter Crypto Payment Gateway -->",[567,568],"data-coinremitter-coin-id","data-coinremitter-coin-symbol",[570,571],"\u002Fwp-json\u002Fcoinremitter\u002Fv1\u002Fcreate-invoice","\u002Fwp-json\u002Fcoinremitter\u002Fv1\u002Fget-invoice-status",[573,574],"coinremitter_ajax_object","coinremitter_vars",[576],"[coinremitter_payment]"]