Does Cryptocurrency Price Widget have any unpatched vulnerabilities?

No. All known vulnerabilities in Cryptocurrency Price Widget have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Cryptocurrency Price Widget compatible with WordPress 6.9.4?

According to WordPress.org data, Cryptocurrency Price Widget 1.2.4 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Cryptocurrency Price Widget compatible with PHP 5.3+?

Cryptocurrency Price Widget requires PHP 5.3 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Cryptocurrency Price Widget updated?

Cryptocurrency Price Widget was last updated on Dec 1, 2025. Frequent updates are generally a positive security signal.

What is Cryptocurrency Price Widget's security score?

Cryptocurrency Price Widget has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Cryptocurrency Price Widget Security & Risk Analysis

wordpress.org/plugins/cryptocurrency-price-widget

Gives you a customizable Cryptocurrency Price Widget for website with ⚡live real-time price update and flexible settings.

200 active installs v1.2.4 PHP 5.3+ WP 3.1+ Updated Dec 1, 2025

bitcoincoinmarketcapcryptocryptocurrencyticker

A · Safe

CVEs total1

Unpatched0

Last CVEDec 11, 2024

Plugin page Download

Safety Verdict

Is Cryptocurrency Price Widget Safe to Use in 2026?

Generally Safe

Score 99/100

Cryptocurrency Price Widget has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Dec 11, 2024Updated 4mo ago

Risk Assessment

The cryptocurrency-price-widget plugin v1.2.4 exhibits a generally good security posture, particularly in its handling of SQL queries and output escaping, with a high percentage of outputs being properly escaped. The plugin also incorporates a nonce check for its single AJAX handler, which is a positive security practice. The attack surface is minimal, with only one AJAX handler and no shortcodes or REST API routes, further reducing potential entry points. However, the plugin has a history of Cross-Site Scripting (XSS) vulnerabilities, with one medium-severity vulnerability recorded in the past. Although currently unpatched vulnerabilities are zero, this history suggests a recurring weakness that warrants attention. The lack of capability checks on the AJAX handler, while not immediately exploitable due to the absence of other vulnerabilities, presents a potential risk if new functionalities are added or if the AJAX handler's purpose evolves.

Key Concerns

Medium severity XSS vulnerability in history
Missing capability checks on AJAX handler

Vulnerabilities

Cryptocurrency Price Widget Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2024-54308medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cryptocurrency Price Widget <= 1.2.3 - Authenticated (Editor+) Stored Cross-Site Scripting

Dec 11, 2024 Patched in 1.2.4 (9d)

Code Analysis

Analyzed Mar 16, 2026

Cryptocurrency Price Widget Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

14 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2

Output Escaping

93% escaped15 total outputs

Attack Surface

Cryptocurrency Price Widget Attack Surface

Entry Points1

Unprotected0

AJAX Handlers 1

authwp_ajax_CRCPW_assets_datawidget_init.php:55

WordPress Hooks 5

actionadmin_menuwidget_init.php:52

actionadmin_enqueue_scriptswidget_init.php:53

actionadmin_enqueue_scriptswidget_init.php:54

filterplugin_action_linkswidget_init.php:56

actionplugins_loadedwidget_init.php:196

Maintenance & Trust

Cryptocurrency Price Widget Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 1, 2025

PHP min version5.3

Downloads18K

Community Trust

Rating86/100

Number of ratings6

Active installs200

Alternatives

Cryptocurrency Price Widget Alternatives

Cryptocurrency Widgets Pack

cryptocurrency-widgets-pack

Price ticker, table, cards, label widget for all cryptocurrencies using Coingecko API.

900 1 unpatched

Cryptocurrency Widgets From Coinlib

cryptocurrency-widgets-from-coinlib

Full free cryptocurrency widget pack from Coinlib (https://coinlib.io).

40 No CVEs

Crypto Price Table

crypto-price-table

Customizable Cryptocurrency Price Table with real-time price update, marketcap and flexible settings.

10 No CVEs

Cryptocurrency Widgets – Price Ticker & Coins List

cryptocurrency-price-ticker-widget

Display cryptocurrency price ticker widget, coins live price list, table, labels & coin marketcap via shortcodes.

8K 4 CVEs

Cryptocurrency Ticker

cryptocurrency-ticker

Fetches, caches, and displays current cryptocurrency prices (bitcoin, ethereum, and litecoin, for now).

30 No CVEs

Developer Profile

Cryptocurrency Price Widget Developer Profile

falselight

9 plugins · 5K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

22 days

View full developer profile

Detection Fingerprints

How We Detect Cryptocurrency Price Widget

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/cryptocurrency-price-widget/assets/select2/js/select2.min.js

HTML / DOM Fingerprints

JS Globals

crCryptocoinPriceWidget

Shortcode Output

<script>!function(){var e=document.getElementsByTagName("script"),t=e[e.length-1],n=document.createElement("script");function r(){var e=crCryptocoinPriceWidget.init({

by <a href="https://currencyrate.today" target="_blank" rel="noopener">CurrencyRate.Today</a>

FAQ