Does Cryptocurrency Widgets Pack have any unpatched vulnerabilities?

Yes — Cryptocurrency Widgets Pack currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Cryptocurrency Widgets Pack compatible with WordPress 6.4.8?

According to WordPress.org data, Cryptocurrency Widgets Pack 2.0.1 has been tested up to WordPress 6.4.8. Check the plugin's changelog for the latest compatibility information.

Is Cryptocurrency Widgets Pack compatible with PHP 5.6+?

Cryptocurrency Widgets Pack requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Cryptocurrency Widgets Pack updated?

Cryptocurrency Widgets Pack was last updated on Jan 26, 2024. Frequent updates are generally a positive security signal.

What is Cryptocurrency Widgets Pack's security score?

Cryptocurrency Widgets Pack has a WP-Safety security score of 53/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Cryptocurrency Widgets Pack Security & Risk Analysis

wordpress.org/plugins/cryptocurrency-widgets-pack

Price ticker, table, cards, label widget for all cryptocurrencies using Coingecko API.

900 active installs v2.0.1 PHP 5.6+ WP 4.3.0+ Updated Jan 26, 2024

bitcoin-pricecoinmarketcapcryptocurrencytableticker

C · Use Caution

CVEs total3

Unpatched1

Last CVEMar 31, 2025

Plugin page Download

Safety Verdict

Is Cryptocurrency Widgets Pack Safe to Use in 2026?

Use With Caution

Score 53/100

Cryptocurrency Widgets Pack has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

3 known CVEs 1 unpatched Last CVE: Mar 31, 2025Updated 2yr ago

Risk Assessment

The cryptocurrency-widgets-pack plugin v2.0.1 presents a mixed security posture. While the plugin demonstrates good practices in areas like SQL query preparation (79% prepared) and output escaping (91%), significant concerns arise from its attack surface and vulnerability history. The presence of 4 unprotected AJAX handlers out of 5 total entry points is a major red flag, indicating a high risk of unauthorized actions. Furthermore, the taint analysis revealing 2 critical flows with unsanitized paths, even with a limited number of flows analyzed, points to potential vulnerabilities that could be exploited if they involve user-supplied input.

The plugin's vulnerability history is particularly alarming, with 3 known CVEs, including 2 critical ones, and one critical vulnerability remaining unpatched. The prevalence of Missing Authorization and SQL Injection as common vulnerability types, coupled with the recent critical vulnerability, suggests a recurring pattern of insecure coding practices. The fact that a critical vulnerability was patched very recently (2025-03-31) but another critical one persists indicates a need for more robust security testing and development processes. While strengths like proper output escaping exist, the unprotected entry points and historical critical vulnerabilities outweigh these positives, demanding immediate attention.

Key Concerns

Unprotected AJAX handlers
Critical taint flows with unsanitized paths
Unpatched critical CVE
2 critical CVEs in history
Missing authorization common vulnerability type
SQL Injection common vulnerability type
Bundled library: DataTables

Vulnerabilities

Cryptocurrency Widgets Pack Security Vulnerabilities

CVEs by Year

2 CVEs in 2022

2022

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Critical

Medium

3 total CVEs

CVE-2025-31539medium · 4.3Missing Authorization

Cryptocurrency Widgets Pack <= 2.0.1 - Missing Authorization

Mar 31, 2025Unpatched

CVE-2022-44588critical · 9.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Cryptocurrency Widgets Pack <= 1.8.1 - Unauthenticated SQL Injection

Dec 13, 2022 Patched in 2.0 (406d)

CVE-2022-4059critical · 9.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Cryptocurrency Widgets Pack <= 2.0 - Unauthenticated SQL Injection

Dec 9, 2022 Patched in 2.0 (410d)

Code Analysis

Analyzed Mar 16, 2026

Cryptocurrency Widgets Pack Code Analysis

Dangerous Functions

Raw SQL Queries

15 prepared

Unescaped Output

85 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

DataTables

SQL Query Safety

79% prepared19 total queries

Output Escaping

91% escaped93 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

table_data (cryptocurrency-widgets-pack.php:597)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

4 unprotected

Cryptocurrency Widgets Pack Attack Surface

Entry Points5

Unprotected4

AJAX Handlers 4

authwp_ajax_mcwp_tablecryptocurrency-widgets-pack.php:62

noprivwp_ajax_mcwp_tablecryptocurrency-widgets-pack.php:63

authwp_ajax_mcwp_noticeincludes\display.php:24

authwp_ajax_mcwp_top_noticeincludes\display.php:34

Shortcodes 1

[cryptopack] cryptocurrency-widgets-pack.php:60

WordPress Hooks 16

actionadmin_enqueue_scriptscryptocurrency-widgets-pack.php:58

actionwp_enqueue_scriptscryptocurrency-widgets-pack.php:59

actionwp_footercryptocurrency-widgets-pack.php:61

actioninitcryptocurrency-widgets-pack.php:345

actionadmin_initcryptocurrency-widgets-pack.php:346

actionadmin_menucryptocurrency-widgets-pack.php:347

actionadd_meta_boxescryptocurrency-widgets-pack.php:348

actionsave_postcryptocurrency-widgets-pack.php:349

filtermanage_mcwp_posts_columnscryptocurrency-widgets-pack.php:351

actionmanage_mcwp_posts_custom_columncryptocurrency-widgets-pack.php:352

actionadmin_initincludes\display.php:12

filterplugin_action_linksincludes\display.php:16

filterplugin_row_metaincludes\display.php:17

actionadmin_noticesincludes\display.php:33

actionadmin_action_mcwp_duplicate_post_as_draftincludes\duplicate.php:97

filterpost_row_actionsincludes\duplicate.php:109

Maintenance & Trust

Cryptocurrency Widgets Pack Maintenance & Trust

Maintenance Signals

WordPress version tested6.4.8

Last updatedJan 26, 2024

PHP min version5.6

Downloads43K

Community Trust

Rating96/100

Number of ratings28

Active installs900

Alternatives

Cryptocurrency Widgets Pack Alternatives

Cryptocurrency Widgets – Price Ticker & Coins List

cryptocurrency-price-ticker-widget

Display cryptocurrency price ticker widget, coins live price list, table, labels & coin marketcap via shortcodes.

8K 4 CVEs

Cryptocurrency Price Widget

cryptocurrency-price-widget

Gives you a customizable Cryptocurrency Price Widget for website with ⚡live real-time price update and flexible settings.

200 1 CVE

Cryptocurrency Widgets From Coinlib

cryptocurrency-widgets-from-coinlib

Full free cryptocurrency widget pack from Coinlib (https://coinlib.io).

40 No CVEs

Crypto Price Table

crypto-price-table

Customizable Cryptocurrency Price Table with real-time price update, marketcap and flexible settings.

10 No CVEs

Crypto Price Widgets – Live Cryptocurrency Prices by CoinLore

crypto-price-ticker-coinlore

100

Crypto Price Widgets by CoinLore allows you to display live cryptocurrency prices, market capitalization, and coin data directly on your WordPress web …

0 No CVEs

Developer Profile

Cryptocurrency Widgets Pack Developer Profile

Blocksera

2 plugins · 41K total installs

trust score

Avg Security Score

60/100

Avg Patch Time

307 days

View full developer profile

Detection Fingerprints

How We Detect Cryptocurrency Widgets Pack

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/cryptocurrency-widgets-pack/assets/admin/css/style.css/wp-content/plugins/cryptocurrency-widgets-pack/assets/admin/css/selectize.default.css/wp-content/plugins/cryptocurrency-widgets-pack/assets/admin/js/es5.js/wp-content/plugins/cryptocurrency-widgets-pack/assets/admin/js/autosize.min.js/wp-content/plugins/cryptocurrency-widgets-pack/assets/admin/js/selectize.min.js/wp-content/plugins/cryptocurrency-widgets-pack/assets/admin/js/common.js/wp-content/plugins/cryptocurrency-widgets-pack/assets/public/css/style.css/wp-content/plugins/cryptocurrency-widgets-pack/assets/public/css/datatable-style.css+3 more

Version Parameters

cryptocurrency-widgets-pack/assets/admin/css/style.css?ver=cryptocurrency-widgets-pack/assets/admin/css/selectize.default.css?ver=cryptocurrency-widgets-pack/assets/admin/js/es5.js?ver=cryptocurrency-widgets-pack/assets/admin/js/autosize.min.js?ver=cryptocurrency-widgets-pack/assets/admin/js/selectize.min.js?ver=cryptocurrency-widgets-pack/assets/admin/js/common.js?ver=cryptocurrency-widgets-pack/assets/public/css/style.css?ver=cryptocurrency-widgets-pack/assets/public/css/datatable-style.css?ver=cryptocurrency-widgets-pack/assets/public/js/jquery.dataTables.min.js?ver=cryptocurrency-widgets-pack/assets/public/js/dataTables.responsive.min.js?ver=cryptocurrency-widgets-pack/assets/public/js/common.js?ver=

HTML / DOM Fingerprints

CSS Classes

mcwp-crypto-widget

HTML Comments

Data Attributes

data-cryptopack-iddata-coinsdata-speeddata-currency

JS Globals

mcwpajax

REST Endpoints

/wp-json/mcwp/v1/data

Shortcode Output

[cryptopack]

FAQ