[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fv_SE2y2Mii8Reke72EchYAKw7Vge3B3toAFznvvmXaM":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":17,"download_link":19,"security_score":20,"vuln_count":13,"unpatched_count":13,"last_vuln_date":21,"fetched_at":22,"vulnerabilities":23,"developer":24,"crawl_stats":21,"alternatives":31,"analysis":32,"fingerprints":104},"cointopay-com-cc-only","Cointopay.com CC Only","1.3.8","Cointopaydev","https:\u002F\u002Fprofiles.wordpress.org\u002Fcointopay\u002F","\u003Cp>Card payment plugin for WordPress WooCommerce, you can receive card payments into any currency and we can payout to your bank or you can keep it in crypto currency. Your choice.\u003C\u002Fp>\n\u003Cp>\u003Cem>There are three prerequisites to get started:\u003C\u002Fem>\u003Cbr \u002F>\n1. Please create an account on Cointopay.com, note down MerchantID, Security Code and Default Receive Currency as preferred checkout currency from the Account section (625 = EUR, 1 = bitcoin, 2 = litecoin etc.). Here is a complete list \u003Ca href=\"https:\u002F\u002Ftinyurl.com\u002Fujfk7qy\" rel=\"nofollow ugc\">https:\u002F\u002Ftinyurl.com\u002Fujfk7qy\u003C\u002Fa>\u003Cbr \u002F>\n2. Install the Curl PHP Extension on your server\u003Cbr \u002F>\n3. Install JSON Encode on your server\u003C\u002Fp>\n\u003Ch3>About Cointopay.com\u003C\u002Fh3>\n\u003Cp>We are an international crypto currency payment processor, meaning that we accept payments from your customers and make the funds available to you (incl. in form of fiat currency like euro). The direct integration with WordPress Woocommerce provides you with a seamless payment experience while underlying dealing with diverse and complex blockchain technologies like Bitcoin, Ethereum, Neo, Dash, Ripple and many more. P.S. If you want your own crypto currency to become available in this plugin, we can provide that for you as well, Cointopay has been a technological payment incubator since 2014!\u003C\u002Fp>\n\u003Ch3>FOR DEVELOPERS AND SALES REPS\u003C\u002Fh3>\n\u003Cp>PLEASE NOTE OUR AFFILIATE PROGRAM, YOU RECEIVE 0.5% OF ALL YOUR REFERRALS!\u003Cbr \u002F>\nCreate an account on Cointopay.com and send your prospects the following link: https:\u002F\u002Fcointopay.com\u002F?r=[yourmerchantid], you will receive mails when payments come into your account.\u003C\u002Fp>\n","Extends WooCommerce with card payments gateway.",50,969,0,"2026-03-12T16:10:00.000Z","6.9.4","3.8.1","",[],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcointopay-com-cc-only.zip",100,null,"2026-03-15T15:16:48.613Z",[],{"slug":25,"display_name":7,"profile_url":8,"plugin_count":26,"total_installs":27,"avg_security_score":20,"avg_patch_time_days":28,"trust_score":29,"computed_at":30},"cointopay",5,70,30,94,"2026-04-05T02:08:00.403Z",[],{"attackSurface":33,"codeSignals":83,"taintFlows":92,"riskAssessment":93,"analyzedAt":103},{"hooks":34,"ajaxHandlers":70,"restRoutes":80,"shortcodes":81,"cronEvents":82,"entryPointCount":77,"unprotectedCount":77},[35,41,45,48,52,58,62,66],{"type":36,"name":37,"callback":38,"file":39,"line":40},"action","init","cointopay_cc_check_response","classes\\wc_cointopay_cc_gateway.php",37,{"type":36,"name":42,"callback":43,"file":39,"line":44},"admin_notices","api_key_missing_message",59,{"type":36,"name":42,"callback":46,"file":39,"line":47},"secret_missing_message",64,{"type":36,"name":49,"callback":50,"file":39,"line":51},"admin_enqueue_scripts","cointopay_cc_include_custom_js",66,{"type":53,"name":54,"callback":55,"file":56,"line":57},"filter","woocommerce_payment_gateways","wc_cointopay_cc_gateway_class","wc-cointopay-cc-only.php",19,{"type":36,"name":59,"callback":60,"file":56,"line":61},"plugins_loaded","woocommerce_cointopay_cc_init",25,{"type":36,"name":63,"callback":64,"file":56,"line":65},"woocommerce_blocks_loaded","woocommerce_gateway_cointopay_cc_woocommerce_block_support",38,{"type":36,"name":67,"callback":68,"file":56,"line":69},"woocommerce_blocks_payment_method_type_registration","closure",67,[71,78],{"action":72,"nopriv":73,"callback":74,"hasNonce":75,"hasCapCheck":75,"file":76,"line":77},"getCTPCCMerchantCoins",true,"cointopay_cc_getCTPCCMerchantCoins",false,"hooks\\get_merchant_coins.php",2,{"action":72,"nopriv":75,"callback":74,"hasNonce":75,"hasCapCheck":75,"file":76,"line":79},3,[],[],[],{"dangerousFunctions":84,"sqlUsage":85,"outputEscaping":87,"fileOperations":13,"externalRequests":90,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":91},[],{"prepared":13,"raw":13,"locations":86},[],{"escaped":88,"rawEcho":13,"locations":89},58,[],4,[],[],{"summary":94,"deductions":95},"The cointopay-com-cc-only v1.3.8 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by exclusively using prepared statements for SQL queries and ensuring all outputs are properly escaped, indicating a good understanding of common web vulnerabilities.  There are no recorded historical vulnerabilities, which is a positive sign for the plugin's maintainability and overall security track record.\n\nHowever, significant concerns arise from the static analysis. The plugin exposes two AJAX handlers, both of which lack authentication checks. This creates a substantial attack surface, as any unauthenticated user could potentially trigger these handlers. The absence of nonce checks further exacerbates this risk, making cross-site request forgery (CSRF) attacks a distinct possibility.  While taint analysis did not reveal any specific unsanitized paths, the lack of proper input validation on the unprotected AJAX endpoints could still lead to unexpected behavior or vulnerabilities if combined with other factors.\n\nIn conclusion, while the plugin avoids common pitfalls like raw SQL or unescaped output, the unprotected AJAX endpoints represent a critical security weakness.  The lack of any capability or nonce checks on these entry points significantly lowers its overall security score, despite its otherwise clean code practices.  The absence of historical vulnerabilities is encouraging, but it does not mitigate the immediate risks posed by the exposed and unprotected AJAX functionality.",[96,99,101],{"reason":97,"points":98},"2 unprotected AJAX handlers",10,{"reason":100,"points":98},"0 Nonce checks on AJAX handlers",{"reason":102,"points":26},"0 Capability checks on AJAX handlers","2026-03-16T21:55:37.006Z",{"wat":105,"direct":112},{"assetPaths":106,"generatorPatterns":108,"scriptPaths":109,"versionParams":110},[107],"\u002Fwp-content\u002Fplugins\u002Fcointopay-com-cc-only\u002Fassets\u002Fjs\u002Fctp_cc_custom.js",[],[107],[111],"cointopay-com-cc-only\u002Fassets\u002Fjs\u002Fctp_cc_custom.js?ver=",{"cssClasses":113,"htmlComments":114,"htmlAttributes":116,"restEndpoints":117,"jsGlobals":118,"shortcodeOutput":120},[],[115],"\u003C!-- Provides a secure way to accept crypto currencies. -->",[],[],[119],"ajaxurlctpcc",[]]