WP-Safety

Coinsnap Bitcoin Paywall Security & Risk Analysis

wordpress.org/plugins/coinsnap-paywall

Offer pay-per-text, -video/audio, -digital goods with a Coinsnap Bitcoin paywall. Buyers get instant access after sending Bitcoin/Sats to your wallet

0 active installs v1.3.1 PHP + WP + Updated Dec 3, 2025
bitcoinbtcpaylightningpaywallsats
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Coinsnap Bitcoin Paywall Safe to Use in 2026?

Generally Safe

Score 100/100

Coinsnap Bitcoin Paywall has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago
Risk Assessment

The "coinsnap-paywall" plugin v1.3.1 exhibits a mixed security posture. On the positive side, it demonstrates good practices in SQL query handling, with 100% of queries using prepared statements. Furthermore, its vulnerability history is clean, with no recorded CVEs, suggesting a generally secure development approach or a lack of past exploitation.

However, significant concerns arise from the static analysis. The plugin exposes a considerable attack surface, with 8 AJAX handlers, 6 of which lack authentication checks. This presents a high risk of unauthorized actions if these endpoints are not properly secured by other means. While taint analysis shows no immediate critical or high severity flows, the large number of unprotected entry points can facilitate further exploitation if a vulnerability is discovered or introduced.

In conclusion, while the plugin's SQL practices and lack of vulnerability history are strengths, the substantial number of unprotected AJAX endpoints is a critical weakness that significantly elevates the overall risk. Further investigation into the functionality of these unprotected AJAX handlers is highly recommended to mitigate potential security breaches.

Key Concerns

  • Unprotected AJAX handlers
  • Large attack surface without auth checks
  • Moderate unescaped output
Vulnerabilities
None known

Coinsnap Bitcoin Paywall Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Coinsnap Bitcoin Paywall Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
6 prepared
Unescaped Output
17
75 escaped
Nonce Checks
5
Capability Checks
2
File Operations
1
External Requests
7
Bundled Libraries
0

SQL Query Safety

100% prepared6 total queries

Output Escaping

82% escaped92 total outputs
Attack Surface
6 unprotected

Coinsnap Bitcoin Paywall Attack Surface

Entry Points9
Unprotected6

AJAX Handlers 8

authwp_ajax_coinsnap_create_invoicecoinsnap-paywall.php:112
noprivwp_ajax_coinsnap_create_invoicecoinsnap-paywall.php:113
authwp_ajax_check_invoice_statuscoinsnap-paywall.php:119
noprivwp_ajax_check_invoice_statuscoinsnap-paywall.php:120
authwp_ajax_coinsnap_paywall_grant_accesscoinsnap-paywall.php:121
noprivwp_ajax_coinsnap_paywall_grant_accesscoinsnap-paywall.php:122
authwp_ajax_coinsnap_paywall_btcpay_apiurl_handlercoinsnap-paywall.php:124
authwp_ajax_coinsnap_paywall_connection_handlercoinsnap-paywall.php:125

Shortcodes 1

[paywall_payment] includes\class-coinsnap-paywall-shortcode.php:8
WordPress Hooks 18
actionadmin_initcoinsnap-paywall.php:37
actioninitcoinsnap-paywall.php:38
actionadmin_noticescoinsnap-paywall.php:69
filterthe_contentcoinsnap-paywall.php:117
actioninitcoinsnap-paywall.php:512
filterrequestcoinsnap-paywall.php:518
actiontemplate_redirectcoinsnap-paywall.php:539
actioninitincludes\class-coinsnap-paywall-post-type.php:9
actionadd_meta_boxesincludes\class-coinsnap-paywall-post-type.php:12
actionsave_postincludes\class-coinsnap-paywall-post-type.php:15
filtermanage_paywall-shortcode_posts_columnsincludes\class-coinsnap-paywall-post-type.php:18
actionmanage_paywall-shortcode_posts_custom_columnincludes\class-coinsnap-paywall-post-type.php:19
actionadmin_enqueue_scriptsincludes\class-coinsnap-paywall-scripts.php:8
actionwp_enqueue_scriptsincludes\class-coinsnap-paywall-scripts.php:9
actionadmin_menuincludes\class-coinsnap-paywall-settings.php:11
actionadmin_initincludes\class-coinsnap-paywall-settings.php:12
actionupdate_option_coinsnap_paywall_optionsincludes\class-coinsnap-paywall-settings.php:13
actionadmin_noticesincludes\class-coinsnap-paywall-settings.php:14
Maintenance & Trust

Coinsnap Bitcoin Paywall Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 3, 2025
PHP min version
Downloads811

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Coinsnap Bitcoin Paywall Alternatives

Coinsnap Bitcoin Donation

Coinsnap Bitcoin Donation

coinsnap-bitcoin-donation

A
100

Let visitors donate Bitcoin anywhere on your WordPress site. Simple setup, optional shoutouts, and display messages beside or below the donation form

10 No CVEs
BTCPay Server – Accept Bitcoin payments in WooCommerce

BTCPay Server – Accept Bitcoin payments in WooCommerce

btcpay-greenfield-for-woocommerce

A
100

BTCPay Server is a free and open-source bitcoin payment processor which allows you to receive payments in Bitcoin and altcoins directly, with no fees, …

1K No CVEs
Bitcoin Lightning Publisher for WordPress

Bitcoin Lightning Publisher for WordPress

bitcoin-lightning-publisher

A
91

Bitcoin Lightning Publisher is a Paywall, Donation and Value 4 Value plugin to accept instant Bitcoin payments directly to your favorit wallet.

100 1 CVE
Bitcoin payment for WooCommerce

Bitcoin payment for WooCommerce

coinsnap-for-woocommerce

A
100

Accept Bitcoin payments with WooCommerce. All Bitcoin payments are transferred directly from your customer’s wallet into your Lightning wallet.

50 No CVEs
Lightning Publisher for WordPress

Lightning Publisher for WordPress

lightning-publisher

A
85

Lightning Publisher for WordPress allows you to offer previews of your blog posts and require a Lightning Network payment to release the rest.

10 No CVEs
Developer Profile

Coinsnap Bitcoin Paywall Developer Profile

Coinsnap

13 plugins · 60 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Coinsnap Bitcoin Paywall

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/coinsnap-paywall/assets/css/coinsnap-paywall-frontend.css/wp-content/plugins/coinsnap-paywall/assets/css/coinsnap-paywall-admin.css/wp-content/plugins/coinsnap-paywall/assets/js/coinsnap-paywall-frontend.js/wp-content/plugins/coinsnap-paywall/assets/js/coinsnap-paywall-admin.js
Script Paths
/wp-content/plugins/coinsnap-paywall/assets/js/coinsnap-paywall-frontend.js/wp-content/plugins/coinsnap-paywall/assets/js/coinsnap-paywall-admin.js
Version Parameters
coinsnap-paywall/assets/css/coinsnap-paywall-frontend.css?ver=coinsnap-paywall/assets/css/coinsnap-paywall-admin.css?ver=coinsnap-paywall/assets/js/coinsnap-paywall-frontend.js?ver=coinsnap-paywall/assets/js/coinsnap-paywall-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
coinsnap-paywall-wrappercoinsnap-paywall-buttoncoinsnap-paywall-payment-formcoinsnap-paywall-invoice-detailscoinsnap-paywall-access-grantedcoinsnap-paywall-access-deniedcoinsnap-paywall-loader
HTML Comments
<!-- Elementor support in next version --><!-- Uninstall callback to clean up the database. --><!-- Register AJAX handlers for payment initiation --><!-- Restrict content -->+8 more
Data Attributes
data-coinsnap-paywall-post-iddata-coinsnap-paywall-nonce
JS Globals
coinsnapPaywallFrontendcoinsnapPaywallAdmincoinSnapAjaxUrl
REST Endpoints
/wp-json/coinsnap-paywall/v1/invoice/wp-json/coinsnap-paywall/v1/payment-status
Shortcode Output
[coinsnap_paywall][coinsnap_paywall_button]
FAQ

Frequently Asked Questions about Coinsnap Bitcoin Paywall