[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fbzXgIGFjkHMbbf1I4xhzbHCfGRcr0TvGV8WvpHhSaD4":3,"$fXrT4mjS1bpQwbXgMHTnhrjlIDqiOfoUBGzt6UariTUU":121,"$fFNxDKjNiWPv5gkmLIcZiCLMhl0T31hBT3XpCLGVkzWo":125},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":16,"download_link":18,"security_score":19,"vuln_count":11,"unpatched_count":11,"last_vuln_date":20,"fetched_at":21,"discovery_status":22,"vulnerabilities":23,"developer":24,"crawl_stats":20,"alternatives":31,"analysis":32,"fingerprints":103},"cointopay-com-bank-only","Cointopay.com Bank Only","1.3.1","Cointopaydev","https:\u002F\u002Fprofiles.wordpress.org\u002Fcointopay\u002F","\u003Cp>Bank payment plugin for WordPress WooCommerce, you can receive bank payments into any currency and we can payout to your bank or you can keep it in crypto currency. Your choice.\u003C\u002Fp>\n\u003Cp>\u003Cem>There are three prerequisites to get started:\u003C\u002Fem>\u003Cbr \u002F>\n1. Please create an account on Cointopay.com, note down MerchantID, Security Code and Default Receive Currency as preferred checkout currency from the Account section (625 = EUR, 1 = bitcoin, 2 = litecoin etc.). Here is a complete list \u003Ca href=\"https:\u002F\u002Ftinyurl.com\u002Fujfk7qy\" rel=\"nofollow ugc\">https:\u002F\u002Ftinyurl.com\u002Fujfk7qy\u003C\u002Fa>\u003Cbr \u002F>\n2. Install the Curl PHP Extension on your server\u003Cbr \u002F>\n3. Install JSON Encode on your server\u003C\u002Fp>\n\u003Ch3>About Cointopay.com\u003C\u002Fh3>\n\u003Cp>We are an international crypto currency payment processor, meaning that we accept payments from your customers and make the funds available to you (incl. in form of fiat currency like euro). The direct integration with WordPress Woocommerce provides you with a seamless payment experience while underlying dealing with diverse and complex blockchain technologies like Bitcoin, Ethereum, Neo, Dash, Ripple and many more. P.S. If you want your own crypto currency to become available in this plugin, we can provide that for you as well, Cointopay has been a technological payment incubator since 2014!\u003C\u002Fp>\n\u003Ch3>FOR DEVELOPERS AND SALES REPS\u003C\u002Fh3>\n\u003Cp>PLEASE NOTE OUR AFFILIATE PROGRAM, YOU RECEIVE 0.5% OF ALL YOUR REFERRALS!\u003Cbr \u002F>\nCreate an account on Cointopay.com and send your prospects the following link: https:\u002F\u002Fcointopay.com\u002F?r=[yourmerchantid], you will receive mails when payments come into your account.\u003C\u002Fp>\n","Extends WooCommerce with card payments gateway.",0,567,"2026-03-12T16:07:00.000Z","6.9.4","6.6","",[],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcointopay-com-bank-only.zip",100,null,"2026-04-06T09:54:40.288Z","no_bundle",[],{"slug":25,"display_name":7,"profile_url":8,"plugin_count":26,"total_installs":27,"avg_security_score":19,"avg_patch_time_days":28,"trust_score":29,"computed_at":30},"cointopay",6,60,30,94,"2026-05-20T04:32:45.660Z",[],{"attackSurface":33,"codeSignals":84,"taintFlows":94,"riskAssessment":95,"analyzedAt":102},{"hooks":34,"ajaxHandlers":70,"restRoutes":80,"shortcodes":81,"cronEvents":82,"entryPointCount":83,"unprotectedCount":11},[35,41,45,48,52,58,62,66],{"type":36,"name":37,"callback":38,"file":39,"line":40},"action","init","cointopay_bank_check_response","classes\u002Fwc_cointopay_bank_gateway.php",41,{"type":36,"name":42,"callback":43,"file":39,"line":44},"admin_notices","api_key_missing_message",62,{"type":36,"name":42,"callback":46,"file":39,"line":47},"secret_missing_message",67,{"type":36,"name":49,"callback":50,"file":39,"line":51},"admin_enqueue_scripts","cointopay_bank_include_custom_js",69,{"type":53,"name":54,"callback":55,"file":56,"line":57},"filter","woocommerce_payment_gateways","wc_cointopay_bank_gateway_class","cointopay-com-bank-only.php",19,{"type":36,"name":59,"callback":60,"file":56,"line":61},"plugins_loaded","woocommerce_cointopay_bank_init",25,{"type":36,"name":63,"callback":64,"file":56,"line":65},"woocommerce_blocks_loaded","woocommerce_gateway_cointopay_bank_woocommerce_block_support",39,{"type":36,"name":67,"callback":68,"file":56,"line":69},"woocommerce_blocks_payment_method_type_registration","closure",68,[71,78],{"action":72,"nopriv":73,"callback":74,"hasNonce":73,"hasCapCheck":75,"file":76,"line":77},"getCTPBankMerchantCoins",true,"wc_cointopay_bank_getCTPBankMerchantCoins",false,"hooks\u002Fget_merchant_coins.php",4,{"action":72,"nopriv":75,"callback":74,"hasNonce":73,"hasCapCheck":75,"file":76,"line":79},5,[],[],[],2,{"dangerousFunctions":85,"sqlUsage":86,"outputEscaping":88,"fileOperations":11,"externalRequests":91,"nonceChecks":92,"capabilityChecks":11,"bundledLibraries":93},[],{"prepared":11,"raw":11,"locations":87},[],{"escaped":89,"rawEcho":11,"locations":90},99,[],3,1,[],[],{"summary":96,"deductions":97},"The \"cointopay-com-bank-only\" plugin v1.3.2 demonstrates a strong security posture based on the provided static analysis. The plugin effectively utilizes prepared statements for all SQL queries and ensures 100% of its output is properly escaped, significantly mitigating risks of SQL injection and cross-site scripting (XSS) vulnerabilities.  The absence of dangerous functions, file operations, and taint analysis showing no unsanitized paths further reinforces this good security practice.  Furthermore, the plugin has no recorded vulnerability history, indicating a consistent track record of security. \n\nDespite these strengths, there are minor areas for improvement. The plugin has two AJAX handlers, and while one has a nonce check, the other does not explicitly state a check. Additionally, there are zero capability checks recorded, which could be a concern for access control if these AJAX handlers perform sensitive operations. The presence of external HTTP requests also warrants attention to ensure these are handled securely and do not introduce supply chain risks. Overall, the plugin is well-secured, but addressing the potential gap in AJAX security and reviewing external requests would further enhance its robustness.",[98,100],{"reason":99,"points":79},"AJAX handler potentially missing nonce check",{"reason":101,"points":79},"No capability checks on entry points","2026-04-16T13:04:01.807Z",{"wat":104,"direct":111},{"assetPaths":105,"generatorPatterns":107,"scriptPaths":108,"versionParams":110},[106],"\u002Fwp-content\u002Fplugins\u002Fcointopay-com-bank-only\u002Fassets\u002Fimages\u002Fcrypto.png",[],[109],"\u002Fwp-content\u002Fplugins\u002Fcointopay-com-bank-only\u002Fassets\u002Fjs\u002Fctp_bank_custom.js",[],{"cssClasses":112,"htmlComments":114,"htmlAttributes":115,"restEndpoints":116,"jsGlobals":117,"shortcodeOutput":120},[113],"cointopay_bank_alt_coin",[],[],[],[118,119],"ajaxurlctpbank","ctpbanknonce",[],{"error":73,"url":122,"statusCode":123,"statusMessage":124,"message":124},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fcointopay-com-bank-only\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":11,"versions":126},[]]