WP-Safety

GoUrl Bitcoin Payment Gateway & Paid Downloads & Membership Security & Risk Analysis

wordpress.org/plugins/gourl-bitcoin-payment-gateway-paid-downloads-membership

GoUrl Official Bitcoin/Altcoin Payment Gateway for Wordpress. Accept Bitcoin, Bitcoin Cash, Litecoin, Dash, Dogecoin, etc. Payments Online

900 active installs v1.6.6 PHP + WP 3.5+ Updated Apr 13, 2024
accept-bitcoinbitcoinbitcoin-paymentsbitcoin-woocommercebitcoin-wordpress-plugin
62
C · Use Caution
CVEs total2
Unpatched1
Last CVESep 5, 2025
Plugin page Download
Safety Verdict

Is GoUrl Bitcoin Payment Gateway & Paid Downloads & Membership Safe to Use in 2026?

Use With Caution

Score 62/100

GoUrl Bitcoin Payment Gateway & Paid Downloads & Membership has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

2 known CVEs 1 unpatched Last CVE: Sep 5, 2025Updated 1yr ago
Risk Assessment

The "gourl-bitcoin-payment-gateway-paid-downloads-membership" plugin exhibits a mixed security posture. While it boasts a seemingly small attack surface with zero unprotected entry points detected, and a significant portion of SQL queries utilize prepared statements, several concerning signals are present. The presence of the `unserialize` function, combined with a high number of unsanitized taint flows, particularly those marked with high severity, indicates a significant risk for object injection vulnerabilities. Furthermore, the plugin has a history of critical and medium vulnerabilities, including Cross-Site Scripting and Unrestricted File Uploads, with a currently unpatched critical vulnerability. This history suggests recurring weaknesses in input validation and sanitization. The relatively low percentage of properly escaped output further exacerbates the risk of XSS attacks. While the plugin has some positive security attributes, the identified code signals and historical vulnerability patterns point to significant areas of concern that require immediate attention.

Key Concerns

  • Unpatched critical CVE
  • High severity taint flows
  • Dangerous function: unserialize
  • Low output escaping percentage
  • Unsanitized paths in taint analysis
  • History of critical CVEs
Vulnerabilities
2

GoUrl Bitcoin Payment Gateway & Paid Downloads & Membership Security Vulnerabilities

CVEs by Year

1 CVE in 2018
2018
1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Critical
1
Medium
1

2 total CVEs

CVE-2025-48102medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

GoUrl Bitcoin Payment Gateway &amp; Paid Downloads &amp; Membership <= 1.6.6 - Authenticated (Administrator+) Stored Cross-Site Scripting

Sep 5, 2025Unpatched
CVE-2019-1010209critical · 9.8Unrestricted Upload of File with Dangerous Type

GoUrl Bitcoin Payment Gateway & Paid Downloads & Membership <= 1.4.13 - Arbitrary File Upload

Oct 31, 2018 Patched in 1.4.14 (1910d)
Code Analysis
Analyzed Mar 16, 2026

GoUrl Bitcoin Payment Gateway & Paid Downloads & Membership Code Analysis

Dangerous Functions
1
Raw SQL Queries
26
54 prepared
Unescaped Output
82
84 escaped
Nonce Checks
1
Capability Checks
18
File Operations
21
External Requests
5
Bundled Libraries
0

Dangerous Functions Found

unserialize$proxy_ips = (defined("PROXY_IPS")) ? unserialize(PROXY_IPS) : array(); // your server intincludes\cryptobox.class.php:1484

SQL Query Safety

68% prepared80 total queries

Output Escaping

51% escaped166 total outputs
Data Flows
17 unsanitized

Data Flow Analysis

17 flows17 with unsanitized paths
page_summary (gourl.php:416)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

GoUrl Bitcoin Payment Gateway & Paid Downloads & Membership Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 108
actionadmin_noticesgourl.php:169
actionadmin_noticesgourl.php:170
actionadmin_menugourl.php:171
actioninitgourl.php:172
actionadmin_headgourl.php:173
filterplugin_row_metagourl.php:174
actionadmin_enqueue_scriptsgourl.php:176
actionadmin_footer_textgourl.php:178
actioninitgourl.php:182
actionwpgourl.php:183
actionwp_enqueue_scriptsgourl.php:184
actionparse_requestgourl.php:195
filterv_forcelogin_whitelistgourl.php:199
filterautoptimize_filter_js_excludegourl.php:203
filterthe_contentgourl.php:2916
filterthe_content_rssgourl.php:2917
filterthe_content_feedgourl.php:2918
filterwp_titlegourl.php:2919
filterwp_title_rssgourl.php:2920
filterthe_titlegourl.php:2921
filterthe_title_rssgourl.php:2922
filterthe_titlegourl.php:2923
filterthe_title_rssgourl.php:2924
filterwp_titlegourl.php:2925
filterwp_title_rssgourl.php:2926
filterthe_titlegourl.php:2927
filterthe_title_rssgourl.php:2928
filterget_comment_author_linkgourl.php:2929
filtercomment_textgourl.php:2930
filterpost_comments_linkgourl.php:2931
filtercomment_reply_linkgourl.php:2932
filtercomments_opengourl.php:2933
actiondo_feedgourl.php:2934
actiondo_feed_rdfgourl.php:2935
actiondo_feed_rssgourl.php:2936
actiondo_feed_rss2gourl.php:2937
actiondo_feed_atomgourl.php:2938
filterthe_contentgourl.php:3183
filterthe_content_rssgourl.php:3184
filterthe_content_feedgourl.php:3185
filterwp_titlegourl.php:3190
filterwp_title_rssgourl.php:3191
filterthe_titlegourl.php:3193
filterthe_title_rssgourl.php:3194
filterthe_titlegourl.php:3198
filterthe_title_rssgourl.php:3199
filterwp_titlegourl.php:3203
filterwp_title_rssgourl.php:3204
filterthe_titlegourl.php:3206
filterthe_title_rssgourl.php:3207
filterget_comment_author_linkgourl.php:3211
filtercomment_textgourl.php:3213
filterpost_comments_linkgourl.php:3218
filtercomment_reply_linkgourl.php:3219
filtercomments_opengourl.php:3224
actiondo_feedgourl.php:3227
actiondo_feed_rdfgourl.php:3228
actiondo_feed_rssgourl.php:3229
actiondo_feed_rss2gourl.php:3230
actiondo_feed_atomgourl.php:3231
filterthe_contentgourl.php:3741
filterthe_content_rssgourl.php:3742
filterthe_content_feedgourl.php:3743
filterwp_titlegourl.php:3744
filterwp_title_rssgourl.php:3745
filterthe_titlegourl.php:3746
filterthe_title_rssgourl.php:3747
filterget_comment_author_linkgourl.php:3748
filtercomment_textgourl.php:3749
filterpost_comments_linkgourl.php:3750
filtercomment_reply_linkgourl.php:3751
filtercomments_opengourl.php:3752
actiondo_feedgourl.php:3753
actiondo_feed_rdfgourl.php:3754
actiondo_feed_rssgourl.php:3755
actiondo_feed_rss2gourl.php:3756
actiondo_feed_atomgourl.php:3757
filterthe_contentgourl.php:4054
filterthe_content_rssgourl.php:4055
filterthe_content_feedgourl.php:4056
filterwp_titlegourl.php:4063
filterwp_title_rssgourl.php:4064
filterwp_titlegourl.php:4068
filterwp_title_rssgourl.php:4069
filterthe_titlegourl.php:4072
filterthe_title_rssgourl.php:4073
filterthe_titlegourl.php:4077
filterthe_title_rssgourl.php:4078
filterwp_titlegourl.php:4084
filterwp_title_rssgourl.php:4085
filterwp_titlegourl.php:4089
filterwp_title_rssgourl.php:4090
filterthe_titlegourl.php:4093
filterthe_title_rssgourl.php:4094
filterget_comment_author_linkgourl.php:4098
filtercomment_textgourl.php:4100
filterpost_comments_linkgourl.php:4105
filtercomment_reply_linkgourl.php:4106
filtercomments_opengourl.php:4111
actiondo_feedgourl.php:4114
actiondo_feed_rdfgourl.php:4115
actiondo_feed_rssgourl.php:4116
actiondo_feed_rss2gourl.php:4117
actiondo_feed_atomgourl.php:4118
actionshow_user_profilegourl_wordpress.php:67
actionedit_user_profilegourl_wordpress.php:68
filterplugin_action_linksgourl_wordpress.php:69
actionplugins_loadedgourl_wordpress.php:70
Maintenance & Trust

GoUrl Bitcoin Payment Gateway & Paid Downloads & Membership Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5
Last updatedApr 13, 2024
PHP min version
Downloads300K

Community Trust

Rating80/100
Number of ratings77
Active installs900
Alternatives

GoUrl Bitcoin Payment Gateway & Paid Downloads & Membership Alternatives

Bitcoin Payments – Blockonomics

Bitcoin Payments – Blockonomics

blockonomics-bitcoin-payments

A
99

Accept Bitcoin/USDT payments on your WooCommerce website. Crypto payments go directly to your wallet.

3K 2 CVEs
Acceptcoin

Acceptcoin

accept-coin

A
100

Acceptcoin is an innovative integrated payment gateway for accepting cryptocurrencies as payment for the purchase of goods and services on the seller& &hellip;

0 No CVEs
GoUrl WooCommerce – Bitcoin Altcoin Payment Gateway Addon

GoUrl WooCommerce – Bitcoin Altcoin Payment Gateway Addon

gourl-woocommerce-bitcoin-altcoin-payment-gateway-addon

A
85

Provides Bitcoin/Altcoin Payment Gateway for WooCommerce 2.1+ or higher. White Label Product. Accept Bitcoin, Bitcoin Cash, Bitcoin SV, Litecoin, Dash &hellip;

700 No CVEs
Speed Bitcoin and Stablecoin Payments for WooCommerce

Speed Bitcoin and Stablecoin Payments for WooCommerce

speed-accept-bitcoin-payments

A
100

Start accepting bitcoin or stablecoin payments instantly on your platform using Speed, without exchange rate volatility risk.

80 No CVEs
Bitcoin Payments for WP WooCommerce

Bitcoin Payments for WP WooCommerce

bitcoin-payments-for-wp-woocommerce

A
85

Bitcoin Payments for WooCommerce is a Wordpress plugin that allows to accept bitcoins at WooCommerce-powered online stores.

10 No CVEs
Developer Profile

GoUrl Bitcoin Payment Gateway & Paid Downloads & Membership Developer Profile

gourl

11 plugins · 2K total installs

67
trust score
Avg Security Score
83/100
Avg Patch Time
1910 days
View full developer profile
Detection Fingerprints

How We Detect GoUrl Bitcoin Payment Gateway & Paid Downloads & Membership

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/gourl-bitcoin-payment-gateway-paid-downloads-membership/js/gourl.js/wp-content/plugins/gourl-bitcoin-payment-gateway-paid-downloads-membership/css/gourl.css
Script Paths
/wp-content/plugins/gourl-bitcoin-payment-gateway-paid-downloads-membership/js/gourl.js
Version Parameters
/wp-content/plugins/gourl-bitcoin-payment-gateway-paid-downloads-membership/js/gourl.js?ver=/wp-content/plugins/gourl-bitcoin-payment-gateway-paid-downloads-membership/css/gourl.css?ver=

HTML / DOM Fingerprints

CSS Classes
gourl-boxgourl-formgourl-membership-boxgourl-membership-formgourl-membership-logingourl-membership-login-formgourl-membership-registergourl-membership-register-form+12 more
HTML Comments
<!-- start_cryptopayment_box --><!-- end_cryptopayment_box -->
Data Attributes
data-gourl-hashdata-gourl-payment-iddata-gourl-payment-amountdata-gourl-payment-currencydata-gourl-payment-coindata-gourl-user-id+2 more
JS Globals
window.gourl_paramswindow.gourl_vars
Shortcode Output
[gourl-download[gourl-product[gourl-lock[gourl-membership
FAQ

Frequently Asked Questions about GoUrl Bitcoin Payment Gateway & Paid Downloads & Membership