Does EthereumICO have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is EthereumICO compatible with WordPress 6.7.5?

According to WordPress.org data, EthereumICO 2.4.7 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is EthereumICO compatible with PHP 5.6+?

EthereumICO requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is EthereumICO updated?

EthereumICO was last updated on Jan 28, 2025. Frequent updates are generally a positive security signal.

What is EthereumICO's security score?

EthereumICO has a WP-Safety security score of 91/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

EthereumICO Security & Risk Analysis

wordpress.org/plugins/ethereumico

Sell your Ethereum ERC20 ICO tokens from your WordPress site. BSC BEP20 and Polygon (MATIC) tokens also supported.

30 active installs v2.4.7 PHP 5.6+ WP 3.7+ Updated Jan 28, 2025

cryptocurrencyerc20ethereumicoinitial-coin-offering

A · Safe

CVEs total1

Unpatched0

Last CVEJan 29, 2025

Plugin page Download

Safety Verdict

Is EthereumICO Safe to Use in 2026?

Generally Safe

Score 91/100

EthereumICO has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Jan 29, 2025Updated 1yr ago

Risk Assessment

The ethereumico plugin v2.4.7 exhibits a generally good security posture with several positive indicators. The absence of critical or high-severity taint flows and raw SQL queries is commendable. Furthermore, the plugin demonstrates a strong adherence to output escaping, with a high percentage of outputs being properly escaped, and it utilizes nonce and capability checks, which are essential for secure WordPress development. The limited attack surface through shortcodes without direct vulnerabilities is also a positive sign.

However, there are areas for improvement. The presence of a past medium-severity Cross-Site Scripting (XSS) vulnerability, though currently patched, suggests potential weaknesses in input sanitization that could re-emerge. The vulnerability history indicates a single medium-severity XSS, which, while addressed, warrants ongoing vigilance for similar issues. The use of bundled libraries like Freemius v1.0 and Guzzle also introduces a dependency on the security of these external components, requiring them to be kept up-to-date.

In conclusion, ethereumico v2.4.7 presents a relatively secure foundation with good practices in place. The primary concern stems from its past XSS vulnerability, which highlights the need for continued rigorous code review and testing to prevent future occurrences. While the current version appears free of immediate critical threats based on the provided data, maintaining up-to-date bundled libraries and a proactive approach to security will be crucial for long-term safety.

Key Concerns

Past medium-severity XSS vulnerability
Bundled Freemius v1.0 library potentially outdated
Bundled Guzzle library potentially outdated

Vulnerabilities

1 published

EthereumICO Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2024-12921medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

EthereumICO <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via ethereum-ico Shortcode

Jan 29, 2025 Patched in 2.4.7 (1d)

Version History

EthereumICO Release Timeline

v2.4.7Current

v2.4.61 CVE

CVE-2024-12921

v2.4.51 CVE

CVE-2024-12921

v2.4.41 CVE

CVE-2024-12921

Code Analysis

Analyzed Mar 16, 2026

EthereumICO Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

193 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Freemius1.0Guzzle

Output Escaping

72% escaped267 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

2 flows

ETHEREUM_ICO_options_page (ethereum-ico.admin.php:5)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

EthereumICO Attack Surface

Entry Points12

Unprotected0

Shortcodes 12

[ethereum-ico] ethereum-ico.php:183

[ethereum-ico-input-currency] ethereum-ico.php:213

[ethereum-ico-limit] ethereum-ico.php:235

[ethereum-ico-buy-button] ethereum-ico.php:257

[ethereum-ico-currency-list] ethereum-ico.php:303

[ethereum-ico-input] ethereum-ico.php:341

[ethereum-ico-progress] ethereum-ico.php:631

[ethereum-ico-progress-value] ethereum-ico.php:673

[ethereum-ico-progress-percent] ethereum-ico.php:718

[ethereum-ico-balance] ethereum-ico.php:760

[ethereum-ico-referral] ethereum-ico.php:818

[ethereum-ico-purchases] ethereum-ico.php:882

WordPress Hooks 21

filterinitethereum-ico.php:92

actionwp_enqueue_scriptsethereum-ico.php:925

actionwp_enqueue_scriptsethereum-ico.php:1429

filteradmin_menuethereum-ico.php:1450

filterplugin_action_linksethereum-ico.php:1466

filterethereum_ico_get_save_optionssettings\advanced_blockchain.php:13

filterethereum_ico_print_optionssettings\advanced_blockchain.php:26

filterethereum_ico_settings_tabssettings\api_keys.php:4

filterethereum_ico_get_save_optionssettings\api_keys.php:11

filterethereum_ico_print_optionssettings\api_keys.php:23

filterethereum_ico_settings_tabssettings\blockchain.php:3

filterethereum_ico_get_save_optionssettings\blockchain.php:14

filterethereum_ico_print_optionssettings\blockchain.php:36

filterethereum_ico_print_optionssettings\blockchain.php:113

filterethereum_ico_print_optionssettings\blockchain.php:196

filterethereum_ico_settings_tabssettings\ico.php:3

filterethereum_ico_get_save_optionssettings\ico.php:14

filterethereum_ico_print_optionssettings\ico.php:37

filterethereum_ico_settings_tabssettings\widget.php:3

filterethereum_ico_get_save_optionssettings\widget.php:14

filterethereum_ico_print_optionssettings\widget.php:37

Maintenance & Trust

EthereumICO Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedJan 28, 2025

PHP min version5.6

Downloads22K

Community Trust

Rating84/100

Number of ratings5

Active installs30

Alternatives

EthereumICO Alternatives

Ether and ERC20 tokens WooCommerce Payment Gateway

ether-and-erc20-tokens-woocommerce-payment-gateway

Ether and ERC20 tokens WooCommerce Payment Gateway enables customers to pay with Ether or any ERC20, ERC777 or ERC223 tokens on your WooCommerce store …

20 No CVEs

Ethereum Wallet

ethereum-wallet

100

The user friendly NFT and ERC20 tokens Ethereum Wallet with BSC and Polygon support for your WordPress site and WooCommerce store.

20 No CVEs

NOWPayments for WooCommerce – Crypto Payment Gateway

nowpayments-for-woocommerce

100

Accept Bitcoin, Ethereum, and 300+ cryptocurrencies in WooCommerce using the official NOWPayments crypto payment gateway.

3K No CVEs

Crypto Price Widgets – CryptoWP

cryptowp

100

A lightweight plugin to show the latest Bitcoin, Ethereum, and other cryptocurrency widgets on your website.

700 No CVEs

Cryptocurrency Donation Box – Bitcoin & Crypto Donations

cryptocurrency-donation-box

Accept crypto payments and donations on your WordPress site easily with this free cryptocurrency donation box plugin

600 1 unpatched

Developer Profile

EthereumICO Developer Profile

ethereumicoio

7 plugins · 280 total installs

trust score

Avg Security Score

94/100

Avg Patch Time

1 days

View full developer profile

Detection Fingerprints

How We Detect EthereumICO

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/ethereumico/css/metamask-fox-icon.css/wp-content/plugins/ethereumico/css/main.css/wp-content/plugins/ethereumico/css/font-awesome.min.css

Script Paths

/wp-content/plugins/ethereumico/js/web3.min.js/wp-content/plugins/ethereumico/js/ethereum-ico.js

Version Parameters

ethereumico/css/metamask-fox-icon.css?ver=ethereumico/css/main.css?ver=ethereumico/css/font-awesome.min.css?ver=ethereumico/js/web3.min.js?ver=ethereumico/js/ethereum-ico.js?ver=

HTML / DOM Fingerprints

CSS Classes

ethereum-ico-shortcodeethereum-ico-gaslimitethereum-ico-buy-button-containerethereum-ico-buy-buttonethereum-ico-coin-listethereum-ico-rate-token-containerethereum-ico-rate-token-valueethereum-ico-rate+3 more

Data Attributes

data-buybuttontextdata-minimumdata-maximumdata-stepdata-placeholderdata-gaslimit+6 more

JS Globals

web3ethereumico

Shortcode Output

<div class="container-fluid ethereum-ico-shortcode"><h2 class="ethereum-ico-gaslimit"><div class="ethereum-ico-buy-button-container"><button class="btn btn-primary ethereum-ico-buy-button">

FAQ

EthereumICO Security & Risk Analysis

Is EthereumICO Safe to Use in 2026?

Generally Safe

Key Concerns

EthereumICO Security Vulnerabilities

CVEs by Year

Severity Breakdown

EthereumICO Release Timeline

EthereumICO Code Analysis

Bundled Libraries

Output Escaping

Data Flow Analysis

EthereumICO Attack Surface

Shortcodes 12

EthereumICO Maintenance & Trust

Maintenance Signals

Community Trust

EthereumICO Alternatives

Ether and ERC20 tokens WooCommerce Payment Gateway

Ethereum Wallet

NOWPayments for WooCommerce – Crypto Payment Gateway

Crypto Price Widgets – CryptoWP

Cryptocurrency Donation Box – Bitcoin & Crypto Donations

EthereumICO Developer Profile

How We Detect EthereumICO

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about EthereumICO