Crypto-Currency Shortcode Security & Risk Analysis
wordpress.org/plugins/cryptocurrency-shortcodeDefines a shortcode for embeddeding the standard donation button on your WordPress blog.
Is Crypto-Currency Shortcode Safe to Use in 2026?
Generally Safe
Score 85/100Crypto-Currency Shortcode has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The cryptocurrency-shortcode plugin version 1.4 exhibits a mixed security posture. On the positive side, it has a very small attack surface with only one shortcode identified and no unprotected entry points. Furthermore, all SQL queries are properly prepared, and there are no known vulnerabilities or CVEs associated with this plugin, suggesting a generally well-maintained codebase.
However, several significant concerns arise from the static analysis. The extremely low percentage of properly escaped output (5%) is a major red flag, indicating a high likelihood of Cross-Site Scripting (XSS) vulnerabilities. This is further compounded by the absence of nonce checks and capability checks on any entry points, making it easier for attackers to trigger potentially harmful actions or exfiltrate data. The presence of file operations without clear sanitization context and external HTTP requests also warrants careful review.
While the lack of recorded vulnerabilities is encouraging, it might be a consequence of insufficient in-depth security auditing or the plugin's limited adoption. The identified code signals, particularly the widespread output unescaping and lack of nonces/capabilities, present a clear and present risk of XSS and potentially other injection attacks, outweighing the positive indicators of good SQL handling and zero CVEs.
Key Concerns
- Low output escaping percentage (5%)
- No nonce checks found
- No capability checks found
- File operations without clear context
- External HTTP requests without context
Crypto-Currency Shortcode Security Vulnerabilities
Crypto-Currency Shortcode Code Analysis
Output Escaping
Crypto-Currency Shortcode Attack Surface
Shortcodes 1
WordPress Hooks 1
Maintenance & Trust
Crypto-Currency Shortcode Maintenance & Trust
Maintenance Signals
Community Trust
Crypto-Currency Shortcode Alternatives
CoinPayments.net Payment Gateway for WooCommerce
coinpayments-payment-gateway-for-woocommerce
This plugin implements a payment gateway for WooCommerce to let buyers pay with Bitcoin, Litecoin, Ripple, and other cryptocurrencies via CoinPayments …
Coinbase Commerce – Crypto Gateway for WooCommerce
commerce-coinbase-for-woocommerce
Coinbase Commerce is the best crypto gateway, allows users to checkout with popular crypto currencies such as Bitcoin, Bitcoin Cash, DAI, Ethereum, Do …
Accept Cryptocurrencies with Plisio
plisio-payment-gateway-for-woocommerce
The easiest and quickest way to accept Bitcoin, Litecoin, Ethereum and other cryptocurrencies.
CoinGate for WooCommerce
coingate-for-woocommerce
Accept Crypto Payments with CoinGate for WooCommerce
Multi CryptoCurrency Payments
multi-crypto-currency-payment
WooCommerce plugin - Multi CryptoCurrency Payments Requires at least WooCommerce: 6.0 Tested up to: 9.8.2 License: GPLv2 or later
Crypto-Currency Shortcode Developer Profile
1 plugin · 10 total installs
How We Detect Crypto-Currency Shortcode
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/cryptocurrency-shortcode/coin_js_wrapper.php/wp-content/plugins/cryptocurrency-shortcode/coin_js_wrapper.phpHTML / DOM Fingerprints
CoinWidgetCom<script>CoinWidgetCom.go({wallet_address:currency:counter: