WP-Safety

Cryptocurrency Donation Box – Bitcoin & Crypto Donations Security & Risk Analysis

wordpress.org/plugins/cryptocurrency-donation-box

Accept crypto payments and donations on your WordPress site easily with this free cryptocurrency donation box plugin

600 active installs v2.2.13 PHP 5.6+ WP 4.5+ Updated Feb 6, 2025
bitcoincryptocurrencydonationethereummetamask
91
A · Safe
CVEs total1
Unpatched0
Last CVEMay 5, 2023
Plugin page Download
Safety Verdict

Is Cryptocurrency Donation Box – Bitcoin & Crypto Donations Safe to Use in 2026?

Generally Safe

Score 91/100

Cryptocurrency Donation Box – Bitcoin & Crypto Donations has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: May 5, 2023Updated 1yr ago
Risk Assessment

The cryptocurrency-donation-box plugin exhibits a mixed security posture. While it shows strengths in its handling of dangerous functions and file operations, and a notable absence of critical or high severity taint flows, several concerns warrant attention. A significant number of AJAX handlers (5 out of 12) lack authentication checks, creating potential entry points for unauthorized actions. Furthermore, the presence of a past high severity SQL Injection vulnerability, even though currently patched, indicates a potential area for future risk if not diligently maintained. The vulnerability history, with a past high severity SQLi, suggests that input sanitization and database query security are areas that have required attention in the past and may require ongoing vigilance.

Despite the good percentage of properly escaped output and a respectable number of nonce and capability checks, the unprotected AJAX endpoints represent a clear attack vector. The static analysis doesn't reveal any immediate critical vulnerabilities in the current version, but the past SQLi and the unprotected AJAX handlers are significant weaknesses. The plugin's overall security is moderate, with potential for improvement in securing its AJAX endpoints and ensuring continued robust database query protection, even though no current high-risk issues are evident in the static analysis.

Key Concerns

  • Unprotected AJAX handlers
  • Past high severity SQLi vulnerability
  • 50% of SQL queries not using prepared statements
  • 28% of outputs not properly escaped
Vulnerabilities
1

Cryptocurrency Donation Box – Bitcoin & Crypto Donations Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
Patched Has unpatched

Severity Breakdown

High
1

1 total CVE

CVE-2023-32128high · 7.2Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Cryptocurrency Donation Box – Bitcoin & Crypto Donations <= 2.2.7 - Authenticated (Administrator+) SQL Injection

May 5, 2023 Patched in 2.2.8 (263d)
Code Analysis
Analyzed Mar 16, 2026

Cryptocurrency Donation Box – Bitcoin & Crypto Donations Code Analysis

Dangerous Functions
0
Raw SQL Queries
9
9 prepared
Unescaped Output
250
653 escaped
Nonce Checks
11
Capability Checks
11
File Operations
0
External Requests
1
Bundled Libraries
1

Bundled Libraries

Select2

SQL Query Safety

50% prepared18 total queries

Output Escaping

72% escaped903 total outputs
Data Flows
All sanitized

Data Flow Analysis

5 flows
csf_export (admin\codestar-framework\functions\actions.php:62)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
5 unprotected

Cryptocurrency Donation Box – Bitcoin & Crypto Donations Attack Surface

Entry Points13
Unprotected5

AJAX Handlers 12

authwp_ajax_cdbbc_dismiss_noticeadmin\class.review-notice.php:14
authwp_ajax_cmb2_oembed_handleradmin\cmb2\includes\CMB2_Ajax.php:51
noprivwp_ajax_cmb2_oembed_handleradmin\cmb2\includes\CMB2_Ajax.php:52
authwp_ajax_csf-get-iconsadmin\codestar-framework\functions\actions.php:50
authwp_ajax_csf-exportadmin\codestar-framework\functions\actions.php:87
authwp_ajax_csf-importadmin\codestar-framework\functions\actions.php:123
authwp_ajax_csf-resetadmin\codestar-framework\functions\actions.php:150
authwp_ajax_csf-chosenadmin\codestar-framework\functions\actions.php:189
authwp_ajax_cdbbc_activate_siteadmin\hooks.php:63
noprivwp_ajax_cdbbc_payment_verifycryptocurrency-donation-box.php:83
authwp_ajax_cdbbc_payment_verifycryptocurrency-donation-box.php:84
authwp_ajax_cdbbc_activate_sitecryptocurrency-donation-box.php:85

Shortcodes 1

[crypto-donation-box] includes\cdbbc-shortcode.php:16
WordPress Hooks 83
actioncmb2_admin_initadmin\cdbbc-settings.php:14
actionadmin_menuadmin\class-plugin-activation.php:30
actionadmin_initadmin\class-plugin-activation.php:31
actionadmin_enqueue_scriptsadmin\class-plugin-activation.php:32
actionadmin_noticesadmin\class.review-notice.php:13
actionadmin_enqueue_scriptsadmin\class.review-notice.php:15
filtercmb2_render_pw_selectadmin\cmb2\cmb-field-select2.php:17
filtercmb2_render_pw_multiselectadmin\cmb2\cmb-field-select2.php:18
filtercmb2_sanitize_pw_multiselectadmin\cmb2\cmb-field-select2.php:19
filtercmb2_types_esc_pw_multiselectadmin\cmb2\cmb-field-select2.php:20
filtercmb2_repeat_table_row_typesadmin\cmb2\cmb-field-select2.php:21
actionadmin_initadmin\cmb2\cmb2-conditionals.php:53
actionadmin_footeradmin\cmb2\cmb2-conditionals.php:54
actioninitadmin\cmb2\cmb2-conditionals.php:219
actionadmin_enqueue_scriptsadmin\cmb2\cmb2-tabs.php:22
actiondoing_dark_modeadmin\cmb2\cmb2-tabs.php:23
actioncmb2_before_formadmin\cmb2\cmb2-tabs.php:24
actioncmb2_after_formadmin\cmb2\cmb2-tabs.php:25
filterwp_prepare_attachment_for_jsadmin\cmb2\includes\CMB2.php:1558
actionadmin_enqueue_scriptsadmin\cmb2\includes\CMB2.php:1576
actioncmb2_save_options-page_fieldsadmin\cmb2\includes\CMB2_Ajax.php:54
filterget_post_metadataadmin\cmb2\includes\CMB2_Ajax.php:152
filterupdate_post_metadataadmin\cmb2\includes\CMB2_Ajax.php:155
filtercmb2_show_onadmin\cmb2\includes\CMB2_Hookup.php:79
actionedit_form_topadmin\cmb2\includes\CMB2_Hookup.php:115
actionedit_form_before_permalinkadmin\cmb2\includes\CMB2_Hookup.php:119
actionedit_form_after_titleadmin\cmb2\includes\CMB2_Hookup.php:123
actionedit_form_after_editoradmin\cmb2\includes\CMB2_Hookup.php:127
actionadd_meta_boxesadmin\cmb2\includes\CMB2_Hookup.php:131
actionadd_meta_boxesadmin\cmb2\includes\CMB2_Hookup.php:134
actionadd_attachmentadmin\cmb2\includes\CMB2_Hookup.php:135
actionedit_attachmentadmin\cmb2\includes\CMB2_Hookup.php:136
actionsave_postadmin\cmb2\includes\CMB2_Hookup.php:137
actionpre_get_postsadmin\cmb2\includes\CMB2_Hookup.php:144
actionadd_meta_boxes_commentadmin\cmb2\includes\CMB2_Hookup.php:152
actionedit_commentadmin\cmb2\includes\CMB2_Hookup.php:153
filtermanage_edit-comments_columnsadmin\cmb2\includes\CMB2_Hookup.php:156
actionmanage_comments_custom_columnadmin\cmb2\includes\CMB2_Hookup.php:157
filtermanage_edit-comments_sortable_columnsadmin\cmb2\includes\CMB2_Hookup.php:158
actionpre_get_postsadmin\cmb2\includes\CMB2_Hookup.php:159
actionshow_user_profileadmin\cmb2\includes\CMB2_Hookup.php:168
actionedit_user_profileadmin\cmb2\includes\CMB2_Hookup.php:169
actionuser_new_formadmin\cmb2\includes\CMB2_Hookup.php:170
actionpersonal_options_updateadmin\cmb2\includes\CMB2_Hookup.php:172
actionedit_user_profile_updateadmin\cmb2\includes\CMB2_Hookup.php:173
actionuser_registeradmin\cmb2\includes\CMB2_Hookup.php:174
filtermanage_users_columnsadmin\cmb2\includes\CMB2_Hookup.php:177
filtermanage_users_custom_columnadmin\cmb2\includes\CMB2_Hookup.php:178
filtermanage_users_sortable_columnsadmin\cmb2\includes\CMB2_Hookup.php:179
actionpre_get_postsadmin\cmb2\includes\CMB2_Hookup.php:180
actionpre_get_postsadmin\cmb2\includes\CMB2_Hookup.php:226
actioncreated_termadmin\cmb2\includes\CMB2_Hookup.php:230
actionedited_termsadmin\cmb2\includes\CMB2_Hookup.php:231
actiondelete_termadmin\cmb2\includes\CMB2_Hookup.php:232
actioncmb2_do_oembedadmin\cmb2\includes\helper-functions.php:131
filteris_protected_metaadmin\cmb2\includes\rest-api\CMB2_REST.php:144
actioninitadmin\cmb2\init.php:83
actionwp_enqueue_scriptsadmin\codestar-framework\classes\abstract.class.php:20
actionadmin_menuadmin\codestar-framework\classes\admin-options.class.php:107
actionadmin_bar_menuadmin\codestar-framework\classes\admin-options.class.php:108
actionnetwork_admin_menuadmin\codestar-framework\classes\admin-options.class.php:112
filteradmin_footer_textadmin\codestar-framework\classes\admin-options.class.php:493
actionafter_setup_themeadmin\codestar-framework\classes\setup.class.php:70
actioninitadmin\codestar-framework\classes\setup.class.php:71
actionswitch_themeadmin\codestar-framework\classes\setup.class.php:72
actionadmin_enqueue_scriptsadmin\codestar-framework\classes\setup.class.php:73
actionwp_enqueue_scriptsadmin\codestar-framework\classes\setup.class.php:74
actionwp_headadmin\codestar-framework\classes\setup.class.php:75
filteradmin_body_classadmin\codestar-framework\classes\setup.class.php:76
actionadmin_footeradmin\codestar-framework\fields\icon\icon.php:41
actioncustomize_controls_print_footer_scriptsadmin\codestar-framework\fields\icon\icon.php:42
actionadmin_print_footer_scriptsadmin\codestar-framework\fields\link\link.php:65
actionprint_default_editor_scriptsadmin\codestar-framework\fields\wp_editor\wp_editor.php:62
actionadmin_initcryptocurrency-donation-box.php:71
actionplugins_loadedcryptocurrency-donation-box.php:72
actioninitcryptocurrency-donation-box.php:73
actionadmin_enqueue_scriptscryptocurrency-donation-box.php:78
actionadmin_noticescryptocurrency-donation-box.php:79
actionadmin_menucryptocurrency-donation-box.php:80
actionrest_api_initcryptocurrency-donation-box.php:87
actionadmin_menumeta-plugin-library\class-license-manager.php:52
actionadmin_initmeta-plugin-library\class-license-manager.php:53
actionadmin_enqueue_scriptsmeta-plugin-library\class-license-manager.php:54
Maintenance & Trust

Cryptocurrency Donation Box – Bitcoin & Crypto Donations Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedFeb 6, 2025
PHP min version5.6
Downloads83K

Community Trust

Rating94/100
Number of ratings72
Active installs600
Alternatives

Cryptocurrency Donation Box – Bitcoin & Crypto Donations Alternatives

NOWPayments for WooCommerce – Crypto Payment Gateway

NOWPayments for WooCommerce – Crypto Payment Gateway

nowpayments-for-woocommerce

A
100

Accept Bitcoin, Ethereum, and 300+ cryptocurrencies in WooCommerce using the official NOWPayments crypto payment gateway.

3K No CVEs
Cryptocurrency Widgets For Elementor

Cryptocurrency Widgets For Elementor

cryptocurrency-widgets-for-elementor

A
98

Easily display cryptocurrency prices and generate customizable widgets for 250+ coins, including Bitcoin, Ethereum, and more in Elementor.

2K 1 CVE
Crypto Price Widgets – CryptoWP

Crypto Price Widgets – CryptoWP

cryptowp

A
100

A lightweight plugin to show the latest Bitcoin, Ethereum, and other cryptocurrency widgets on your website.

700 No CVEs
Cryptocurrency Payment Gateway

Cryptocurrency Payment Gateway

cryptocurrency-payment-gateway

A
100

Digital Currency Payment Gateway for WooCommerce. Easily accept Bitcoin, Bitcoin Cash, Litecoin, Dogecoin, and more in your store.

500 No CVEs
EthPress – Web3 Login

EthPress – Web3 Login

ethpress

A
92

EthPress Web3 Login Wordpress Plugin adds the capability to connect with cryptocurrency wallets such as MetaMask or WalletConnect QR code.

100 No CVEs
Developer Profile

Cryptocurrency Donation Box – Bitcoin & Crypto Donations Developer Profile

AdAstraCrypto

1 plugin · 600 total installs

73
trust score
Avg Security Score
91/100
Avg Patch Time
263 days
View full developer profile
Detection Fingerprints

How We Detect Cryptocurrency Donation Box – Bitcoin & Crypto Donations

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/cryptocurrency-donation-box/assets/css/cdbbc-admin.css/wp-content/plugins/cryptocurrency-donation-box/assets/js/cdbbc-replace.js
Script Paths
/wp-content/plugins/cryptocurrency-donation-box/includes/php-jwt/include-jwt.php/wp-content/plugins/cryptocurrency-donation-box/includes/Api.php/wp-content/plugins/cryptocurrency-donation-box/includes/cdbbc-payment-verify.php/wp-content/plugins/cryptocurrency-donation-box/admin/table/cdbbc-transaction-table.php/wp-content/plugins/cryptocurrency-donation-box/admin/table/cdbbc-list-table.php/wp-content/plugins/cryptocurrency-donation-box/admin/codestar-framework/codestar-framework.php+6 more
Version Parameters
cryptocurrency-donation-box/assets/css/cdbbc-admin.css?ver=cryptocurrency-donation-box/assets/js/cdbbc-replace.js?ver=

HTML / DOM Fingerprints

CSS Classes
cdbbc-donation-box-wrapcdbbc-walletscdbbc-coinscdbbc-coincdbbc-qr-code-displaycdbbc-payment-dialogcdbbc-close-btncdbbc-modal-content+5 more
HTML Comments
<!-- cryptocurrency-donation-box start --><!-- cryptocurrency-donation-box end --><!-- The donation box will be shown here --><!-- Donation Box Options -->+3 more
Data Attributes
data-cdbbc-coindata-cdbbc-addressdata-cdbbc-amountdata-cdbbc-donation-iddata-cdbbc-plugin-name
JS Globals
CDBBC_PREFIXCDBBC_AJAX_URLCDBBC_NONCE
REST Endpoints
/wp-json/cdbbc-crypto-donations/v1/activate/wp-json/cdbbc-crypto-donations/v1/status
Shortcode Output
[donationbox][donationbox title="" text="" style="" ]
FAQ

Frequently Asked Questions about Cryptocurrency Donation Box – Bitcoin & Crypto Donations