Crypto Live Widget Security & Risk Analysis

wordpress.org/plugins/crypto-live

Coincap Widget plugin allow you to easily create realtime cryptocurrency price and history char shortcode and show up anywhere on your site.

10 active installs v1.0.0 PHP + WP 3.3+ Updated Apr 11, 2018
bitcoincryptocrypto-livecryptocurrencyxgenious
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is Crypto Live Widget Safe to Use in 2026?

Generally Safe

Score 85/100

Crypto Live Widget has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago
Risk Assessment

The "crypto-live" v1.0.0 plugin exhibits a mixed security posture. On the positive side, there are no known vulnerabilities in its history, and the static analysis reveals no dangerous functions, file operations, external HTTP requests, or external HTTP requests. The plugin also correctly utilizes prepared statements for all SQL queries, which is a strong security practice. However, there are significant concerns regarding output escaping and the absence of nonce checks.

A critical weakness identified is that 100% of the detected output operations are not properly escaped. This creates a substantial risk of Cross-Site Scripting (XSS) vulnerabilities, where malicious scripts could be injected into the website through the plugin's output. Furthermore, the plugin lacks any nonce checks for its entry points. While the static analysis shows no unprotected entry points in terms of authentication or authorization, the absence of nonces makes it susceptible to Cross-Site Request Forgery (CSRF) attacks. The presence of 5 shortcodes also contributes to the attack surface, and without proper input validation and output escaping, these can become vectors for XSS or CSRF.

In conclusion, while the plugin demonstrates good practices in data handling for SQL and has a clean vulnerability history, the critical lack of output escaping and nonce checks poses a significant risk. The plugin should be updated to address these immediate security flaws to improve its overall security posture.

Key Concerns

  • 100% of outputs are not properly escaped
  • 0 Nonce checks present
Vulnerabilities
None known

Crypto Live Widget Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Crypto Live Widget Release Timeline

v1.0.1
v1.0
Code Analysis
Analyzed Apr 16, 2026

Crypto Live Widget Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
2
0 escaped
Nonce Checks
0
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
1

Bundled Libraries

DataTables

Output Escaping

0% escaped2 total outputs
Attack Surface

Crypto Live Widget Attack Surface

Entry Points5
Unprotected0

Shortcodes 5

[xgenious_crypto_live_table_01] inc/xgenious-crypto-live-shortcode.php:53
[xgenious_crypto_live_table_02] inc/xgenious-crypto-live-shortcode.php:95
[xgenious_crypto_live_table_03] inc/xgenious-crypto-live-shortcode.php:137
[xgenious_crypto_live_price_ticker_01] inc/xgenious-crypto-live-shortcode.php:156
[xgenious_crypto_live_price_ticker_02] inc/xgenious-crypto-live-shortcode.php:174
WordPress Hooks 3
actionadmin_menuinc/xgenious-crypto-live-admin-dashboard.php:11
actionwp_enqueue_scriptsxgenious-crypto-live.php:44
actionadmin_enqueue_scriptsxgenious-crypto-live.php:52
Maintenance & Trust

Crypto Live Widget Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29
Last updatedApr 11, 2018
PHP min version
Downloads7K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Developer Profile

Crypto Live Widget Developer Profile

xgenious

6 plugins · 60 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Crypto Live Widget

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/crypto-live/assets/coins/coins.css/wp-content/plugins/crypto-live/assets/css/bootstrap.min.css/wp-content/plugins/crypto-live/assets/css/jquery.dataTables.css/wp-content/plugins/crypto-live/assets/css/xgenious-crypto-live-custom.css/wp-content/plugins/crypto-live/assets/css/xgenious-crypto-live-dashboard.css/wp-content/plugins/crypto-live/assets/js/jquery.dataTables.js/wp-content/plugins/crypto-live/assets/js/socket.io.slim.js/wp-content/plugins/crypto-live/assets/js/xgenious.price.table.js+1 more
Script Paths
/wp-content/plugins/crypto-live/assets/js/socket.io.slim.js/wp-content/plugins/crypto-live/assets/js/jquery.dataTables.js/wp-content/plugins/crypto-live/assets/js/xgenious.price.table.js/wp-content/plugins/crypto-live/assets/js/xgenious-crypto-live-admin-dashboard.js
Version Parameters
crypto-live/assets/css/bootstrap.min.css?ver=crypto-live/assets/coins/coins.css?ver=crypto-live/assets/css/jquery.dataTables.css?ver=crypto-live/assets/css/xgenious-crypto-live-custom.css?ver=crypto-live/assets/js/socket.io.slim.js?ver=crypto-live/assets/js/jquery.dataTables.js?ver=crypto-live/assets/js/xgenious.price.table.js?ver=crypto-live/assets/css/xgenious-crypto-live-dashboard.css?ver=crypto-live/assets/js/xgenious-crypto-live-admin-dashboard.js?ver=

HTML / DOM Fingerprints

CSS Classes
crypto-table-wrappercrypto-tablecrypto-loadercrypto-loader-innercssload-containercssload-lcssload-squarecssload-triangle+7 more
Data Attributes
data-currency
JS Globals
xcoinJs
Shortcode Output
<div class="crypto-table-wrapper"><div class="crypto-table"><div class="crypto-loader"><div class="crypto-loader-inner"><div class="cssload-container"><table id="crypto_price" class="table table-default crypto-table-01"><tbody id="crypto_data"<table id="crypto_price_02" class="table table-default crypto-table-02">
FAQ

Frequently Asked Questions about Crypto Live Widget