Does CubeWP Wallet have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is CubeWP Wallet compatible with WordPress 6.9.4?

According to WordPress.org data, CubeWP Wallet 1.0.5 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is CubeWP Wallet compatible with PHP 7.4+?

CubeWP Wallet requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is CubeWP Wallet updated?

CubeWP Wallet was last updated on Dec 15, 2025. Frequent updates are generally a positive security signal.

What is CubeWP Wallet's security score?

CubeWP Wallet has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

CubeWP Wallet Security & Risk Analysis

wordpress.org/plugins/cubewp-wallet

A Digital wallet plugin for websites that allows customers to make payments using their stored funds.

100 active installs v1.0.5 PHP 7.4+ WP 5.0+ Updated Dec 15, 2025

e-commerceonline-transactionspaymentpayment-gatewaywallet

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is CubeWP Wallet Safe to Use in 2026?

Generally Safe

Score 100/100

CubeWP Wallet has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5mo ago

Risk Assessment

The cubewp-wallet v1.0.5 plugin demonstrates a generally strong security posture based on the provided static analysis. It exhibits good practices by avoiding dangerous functions, file operations, and external HTTP requests. The high percentage of properly escaped output (93%) and the presence of nonce checks (14) are positive indicators. Furthermore, the absence of any known vulnerabilities (CVEs) and critical or high-severity taint flows suggests a well-developed and maintained codebase.

However, there are a few areas that warrant attention. The plugin has a significant number of SQL queries (21), with a substantial portion (57%) not using prepared statements. While not explicitly identified as a vulnerability in the taint analysis, raw SQL queries can be a vector for SQL injection if not handled with extreme care, especially as the number increases.

In conclusion, cubewp-wallet v1.0.5 appears to be a secure plugin with a promising history and strong adherence to many security best practices. The primary concern lies in the handling of its SQL queries, where a greater reliance on prepared statements would further enhance its security. The lack of capability checks on the identified entry point (shortcode) is also a minor concern, though its impact depends on the functionality it provides.

Key Concerns

SQL queries without prepared statements
No capability checks on shortcode

Vulnerabilities

None known

CubeWP Wallet Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

CubeWP Wallet Release Timeline

v1.0.5Current

v1.0.4

v1.0.3

v1.0.2

v1.0.1

Code Analysis

Analyzed Mar 16, 2026

CubeWP Wallet Code Analysis

Dangerous Functions

Raw SQL Queries

9 prepared

Unescaped Output

161 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

43% prepared21 total queries

Output Escaping

93% escaped173 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

2 flows

cubewp_wallet_transactions_approve (cube\classes\class-cubewp-wallet-disputes.php:51)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

CubeWP Wallet Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[cubewp_wallet] cube\classes\class-cubewp-wallet-config.php:26

WordPress Hooks 25

filtercubewp/options/sectionscube\classes\class-cubewp-wallet-config.php:23

filtercubewp-submenucube\classes\class-cubewp-wallet-config.php:24

filteruser/dashboard/content/typescube\classes\class-cubewp-wallet-config.php:25

filtercwp/dashboard/single/tab/content/outputcube\classes\class-cubewp-wallet-config.php:27

actioncubewp_wallet_disputescube\classes\class-cubewp-wallet-disputes.php:18

filterfrontend/style/registercube\classes\class-cubewp-wallet-enqueue.php:19

filterfrontend/script/registercube\classes\class-cubewp-wallet-enqueue.php:20

filteradmin/script/registercube\classes\class-cubewp-wallet-enqueue.php:22

filteradmin/style/registercube\classes\class-cubewp-wallet-enqueue.php:23

filteradmin/script/enqueuecube\classes\class-cubewp-wallet-enqueue.php:25

filterget_frontend_script_datacube\classes\class-cubewp-wallet-enqueue.php:27

filtercubewp_get_admin_scriptcube\classes\class-cubewp-wallet-enqueue.php:28

actioninitcube\classes\class-cubewp-wallet-load.php:36

actioninitcube\classes\class-cubewp-wallet-load.php:37

actioninitcube\classes\class-cubewp-wallet-load.php:39

actioninitcube\classes\class-cubewp-wallet-load.php:41

actioninitcube\classes\class-cubewp-wallet-load.php:42

actioninitcube\classes\class-cubewp-wallet-load.php:43

actioninitcube\classes\class-cubewp-wallet-load.php:45

actioninitcube\classes\class-cubewp-wallet-load.php:46

actioncubewp_walletcube\classes\class-cubewp-wallet-transactions.php:18

filterwp_mail_content_typecube\classes\class-cubewp-wallet-withdrawals-processor.php:55

actioncubewp_wallet_withdrawalscube\classes\class-cubewp-wallet-withdrawals.php:18

actionadmin_noticescubewp-wallet.php:58

actioncubewp_loadedcubewp-wallet.php:105

Maintenance & Trust

CubeWP Wallet Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 15, 2025

PHP min version7.4

Downloads8K

Community Trust

Rating0/100

Number of ratings0

Active installs100

Alternatives

CubeWP Wallet Alternatives

Nexi XPay

cartasi-x-pay

XPay is the payment gateway provided by Nexi, a leading group in Italy with the goal of shaping the future of digital payments.

6K 1 CVE

Instamojo for WooCommerce

woo-instamojo

Sell & collect payments instantly for almost anything -- directly from your WordPress website.

5K No CVEs

Up2pay e-Transactions WooCommerce Payment Gateway

e-transactions-wc

100

This plugin is a Up2pay e-Transactions payment gateway for WooCommerce 4.x

4K No CVEs

HyperPay Payments

hyperpay-gateways

100

Payments Gateways provided by Gate2Play, to make you able to add Credit Card, Mada, STCpay and more payments method.

600 No CVEs

PAYDUNYA WOOCOMMERCE PAR

paydunya-woocommerce-payment-gateway

PAYDUNYA Woocommerce Payment Gateway allows you to accept payment on your Woocommerce store, PAYDUNYA supports Mobile Wallets Method Payment and Bank …

600 No CVEs

Developer Profile

CubeWP Wallet Developer Profile

Imran Tauqeer

3 plugins · 8K total installs

trust score

Avg Security Score

75/100

Avg Patch Time

5 days

View full developer profile

Detection Fingerprints

How We Detect CubeWP Wallet

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/cubewp-wallet/cube/assets/css/cubewp-wallet-admin.css/wp-content/plugins/cubewp-wallet/cube/assets/css/cubewp-wallet-user.css/wp-content/plugins/cubewp-wallet/cube/assets/js/cubewp-wallet-admin.js/wp-content/plugins/cubewp-wallet/cube/assets/js/cubewp-wallet-user.js

Script Paths

/wp-content/plugins/cubewp-wallet/cube/assets/js/cubewp-wallet-admin.js/wp-content/plugins/cubewp-wallet/cube/assets/js/cubewp-wallet-user.js

Version Parameters

cubewp-wallet/cube/assets/css/cubewp-wallet-admin.css?ver=cubewp-wallet/cube/assets/css/cubewp-wallet-user.css?ver=cubewp-wallet/cube/assets/js/cubewp-wallet-admin.js?ver=cubewp-wallet/cube/assets/js/cubewp-wallet-user.js?ver=

HTML / DOM Fingerprints

CSS Classes

cubewp-wallet-admincubewp-wallet-user

Data Attributes

data-cubewp-wallet-user-id

JS Globals

cubewp_wallet_admin_object

Shortcode Output

[cubewp_wallet]

FAQ