Does Instant Crypto Payments have any unpatched vulnerabilities?

No. All known vulnerabilities in Instant Crypto Payments have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Instant Crypto Payments compatible with WordPress 6.9.4?

According to WordPress.org data, Instant Crypto Payments 1.3.8 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Instant Crypto Payments compatible with PHP 7.4+?

Instant Crypto Payments requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Instant Crypto Payments updated?

Instant Crypto Payments was last updated on Feb 8, 2026. Frequent updates are generally a positive security signal.

What is Instant Crypto Payments's security score?

Instant Crypto Payments has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Instant Crypto Payments Security & Risk Analysis

wordpress.org/plugins/icpay-payments

Accept crypto payments (ICP, Bitcoin, stablecoins) with Instant Crypto Payments. Charity, donations, paywall, tips, webhooks, sync, reports.

0 active installs v1.3.8 PHP 7.4+ WP 6.0+ Updated Feb 8, 2026

bitcoincryptodonationspaymentspaywall

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Instant Crypto Payments Safe to Use in 2026?

Generally Safe

Score 100/100

Instant Crypto Payments has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The 'icpay-payments' plugin v1.3.8 exhibits a generally good security posture based on the provided static analysis. The absence of dangerous functions, file operations, and critical or high severity taint flows indicates a strong adherence to secure coding practices. The plugin also demonstrates a commendable use of prepared statements for SQL queries (69%) and proper output escaping (84%). The lack of any recorded CVEs further bolsters confidence in its current security standing, suggesting a history of responsible development and patching.

However, there are areas for improvement. The presence of one REST API route without a permission callback represents a significant attack vector, as it is directly exposed and can be accessed without proper authentication. While the total number of entry points is relatively low, this single unprotected endpoint warrants immediate attention. The relatively low number of nonce and capability checks (5 and 4 respectively) across the identified entry points, especially given the plugin's purpose, could also indicate potential weaknesses if these checks are not consistently applied to all sensitive operations.

In conclusion, the 'icpay-payments' plugin v1.3.8 is strong in its general secure coding practices and has a clean vulnerability history. The primary concern is the single unprotected REST API endpoint, which introduces a tangible risk. Addressing this specific vulnerability and potentially increasing the rigor of authentication and authorization checks across other entry points would further enhance its security.

Key Concerns

Unprotected REST API route
SQL queries not using prepared statements (31%)
Outputs not properly escaped (16%)

Vulnerabilities

None known

Instant Crypto Payments Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Instant Crypto Payments Code Analysis

Dangerous Functions

Raw SQL Queries

20 prepared

Unescaped Output

136 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

69% prepared29 total queries

Output Escaping

84% escaped161 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

maybe_render_notices (admin\class-icpay-admin.php:400)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Instant Crypto Payments Attack Surface

Entry Points8

Unprotected1

REST API Routes 1

POST/wp-json/icpay-payments/v1/webhookincludes\class-icpay-webhook.php:10

Shortcodes 7

[icpay_tip_jar] public\class-icpay-frontend.php:8

[icpay_premium_content] public\class-icpay-frontend.php:9

[icpay_article_paywall] public\class-icpay-frontend.php:10

[icpay_coffee_shop] public\class-icpay-frontend.php:11

[icpay_donation_thermometer] public\class-icpay-frontend.php:12

[icpay_pay_button] public\class-icpay-frontend.php:13

[icpay_amount_input] public\class-icpay-frontend.php:14

WordPress Hooks 12

actionadmin_menuadmin\class-icpay-admin.php:6

actionadmin_initadmin\class-icpay-admin.php:7

actionadmin_post_icpay_sync_paymentsadmin\class-icpay-admin.php:8

actionadmin_post_icpay_clear_paymentsadmin\class-icpay-admin.php:9

actionadmin_enqueue_scriptsadmin\class-icpay-admin.php:10

actionadmin_noticesadmin\class-icpay-admin.php:11

actionenqueue_block_editor_assetsadmin\class-icpay-admin.php:12

actioninitadmin\class-icpay-admin.php:13

actionplugins_loadedicpay-payments.php:76

actionrest_api_initincludes\class-icpay-webhook.php:6

actionwidgets_initincludes\class-icpay-widget.php:7

actionwp_enqueue_scriptspublic\class-icpay-frontend.php:6

Maintenance & Trust

Instant Crypto Payments Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 8, 2026

PHP min version7.4

Downloads463

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Instant Crypto Payments Alternatives

elegro Crypto Payment

elegro-payment

Increase your customers base by accepting cryptocurrencies.

20K No CVEs

NOWPayments for WooCommerce – Crypto Payment Gateway

nowpayments-for-woocommerce

100

Accept Bitcoin, Ethereum, and 300+ cryptocurrencies in WooCommerce using the official NOWPayments crypto payment gateway.

3K No CVEs

Cryptocurrency Widgets For Elementor

cryptocurrency-widgets-for-elementor

Easily display cryptocurrency prices and generate customizable widgets for 250+ coins, including Bitcoin, Ethereum, and more in Elementor.

2K 1 CVE

BinancePay Checkout for WooCommerce

binance-pay

Binance Pay Checkout for WooCommerce.

1K No CVEs

Cryptocurrency Payment Gateway

cryptocurrency-payment-gateway

100

Digital Currency Payment Gateway for WooCommerce. Easily accept Bitcoin, Bitcoin Cash, Litecoin, Dogecoin, and more in your store.

500 No CVEs

Developer Profile

Instant Crypto Payments Developer Profile

icpay

2 plugins · 0 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Instant Crypto Payments

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/icpay-payments/assets/css/icpay-frontend.css/wp-content/plugins/icpay-payments/assets/js/icpay-frontend.min.js/wp-content/plugins/icpay-payments/assets/js/icpay-embed.min.js

Script Paths

/wp-content/plugins/icpay-payments/assets/js/icpay-frontend.min.js/wp-content/plugins/icpay-payments/assets/js/icpay-embed.min.js

Version Parameters

icpay-payments/assets/css/icpay-frontend.css?ver=icpay-payments/assets/js/icpay-frontend.min.js?ver=icpay-payments/assets/js/icpay-embed.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

icpay-widget-wrappericpay-button-wrappericpay-pay-button

HTML Comments

+1 more

Data Attributes

data-icpay-tab

JS Globals

ICPayFrontendicpay_frontend_params

Shortcode Output

[icpay_pay_button][icpay_tip_jar][icpay_paywall][icpay_ecommerce_widget]

FAQ