Does SatoshiPay have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is SatoshiPay compatible with WordPress 5.2.24?

According to WordPress.org data, SatoshiPay 1.11 has been tested up to WordPress 5.2.24. Check the plugin's changelog for the latest compatibility information.

How often is SatoshiPay updated?

SatoshiPay was last updated on Jul 22, 2019. Frequent updates are generally a positive security signal.

What is SatoshiPay's security score?

SatoshiPay has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

SatoshiPay Security & Risk Analysis

wordpress.org/plugins/satoshipay

Adds SatoshiPay to your site, allowing you to charge small amounts for posts, images, audios, videos or downloads using micropayments.

10 active installs v1.11 PHP + WP 4.4.5+ Updated Jul 22, 2019

blockchainlumenmicropaymentspaypalstellar

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is SatoshiPay Safe to Use in 2026?

Generally Safe

Score 85/100

SatoshiPay has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago

Risk Assessment

The SatoshiPay v1.11 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices regarding SQL queries, exclusively using prepared statements, and shows a high percentage of properly escaped output. Furthermore, the plugin has no recorded historical vulnerabilities, suggesting a history of secure development or diligent patching by users. However, a significant concern arises from its attack surface, with all four identified AJAX handlers lacking authentication checks. This creates a direct pathway for unauthenticated users to interact with potentially sensitive plugin functionalities.

The taint analysis reveals one flow with an unsanitized path, which, while not flagged as critical or high severity, still represents a potential weakness. The absence of nonce checks on AJAX handlers is particularly worrying, as this is a standard WordPress security measure designed to prevent Cross-Site Request Forgery (CSRF) attacks. While the plugin avoids dangerous functions and file operations, the unprotected AJAX endpoints and the single unsanitized path flow present the most immediate risks.

In conclusion, while SatoshiPay v1.11 benefits from secure SQL handling and a clean vulnerability history, the presence of unprotected AJAX endpoints and an unsanitized path flow are significant security weaknesses. These aspects warrant immediate attention to mitigate potential exploitation.

Key Concerns

Unprotected AJAX handlers
Flow with unsanitized paths
Missing nonce checks on AJAX
Unescaped output (14% of total)

Vulnerabilities

None known

SatoshiPay Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

SatoshiPay Release Timeline

v2.0

v1.11Current

v1.9

v1.8

v1.7

v1.6

v1.5

v1.4

v1.3

v1.2

v1.1

v1.0

v0.10

v0.9

v0.8

v0.7.1

v0.7

v0.6.2

v0.6.1

v0.6

Code Analysis

Analyzed Mar 17, 2026

SatoshiPay Code Analysis

Dangerous Functions

Raw SQL Queries

11 prepared

Unescaped Output

6 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

TinyMCE

SQL Query Safety

100% prepared11 total queries

Output Escaping

86% escaped7 total outputs

Data Flows · Security

1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths

handleApiSection (src\SatoshiPay\SatoshiPayAdminPlugin.php:1048)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

4 unprotected

SatoshiPay Attack Surface

Entry Points4

Unprotected4

AJAX Handlers 4

authwp_ajax_set_product_pricesrc\SatoshiPay\Gutenberg\init.php:33

authwp_ajax_get_product_pricesrc\SatoshiPay\Gutenberg\init.php:36

authwp_ajax_upload_media_from_urlsrc\SatoshiPay\Gutenberg\init.php:39

authwp_ajax_create_donation_postsrc\SatoshiPay\Gutenberg\init.php:42

WordPress Hooks 27

actionplugins_loadedsatoshipay.php:102

actionplugins_loadedsatoshipay.php:104

filterblock_categoriessrc\SatoshiPay\Gutenberg\init.php:24

actionenqueue_block_assetssrc\SatoshiPay\Gutenberg\init.php:27

actionenqueue_block_editor_assetssrc\SatoshiPay\Gutenberg\init.php:30

actionadmin_enqueue_scriptssrc\SatoshiPay\SatoshiPayAdminPlugin.php:119

actionadmin_enqueue_scriptssrc\SatoshiPay\SatoshiPayAdminPlugin.php:120

actionadmin_noticessrc\SatoshiPay\SatoshiPayAdminPlugin.php:123

actionload-post.phpsrc\SatoshiPay\SatoshiPayAdminPlugin.php:130

actionpost updatedsrc\SatoshiPay\SatoshiPayAdminPlugin.php:133

actionsave_postsrc\SatoshiPay\SatoshiPayAdminPlugin.php:134

actionedit_attachmentsrc\SatoshiPay\SatoshiPayAdminPlugin.php:135

actionadd_meta_boxessrc\SatoshiPay\SatoshiPayAdminPlugin.php:136

actionadmin_menusrc\SatoshiPay\SatoshiPayAdminPlugin.php:139

actionadmin_initsrc\SatoshiPay\SatoshiPayAdminPlugin.php:140

actionadmin_headsrc\SatoshiPay\SatoshiPayAdminPlugin.php:141

actionget_postsrc\SatoshiPay\SatoshiPayAdminPlugin.php:143

actionbefore_delete_postsrc\SatoshiPay\SatoshiPayAdminPlugin.php:144

actionupdated_optionsrc\SatoshiPay\SatoshiPayAdminPlugin.php:146

filterwp_prepare_attachment_for_jssrc\SatoshiPay\SatoshiPayAdminPlugin.php:155

actioninitsrc\SatoshiPay\SatoshiPayAdminPlugin.php:157

filtermce_external_pluginssrc\SatoshiPay\SatoshiPayAdminPlugin.php:906

filtermce_buttonssrc\SatoshiPay\SatoshiPayAdminPlugin.php:907

filtermce_csssrc\SatoshiPay\SatoshiPayAdminPlugin.php:908

actiontemplate_redirectsrc\SatoshiPay\SatoshiPayPlugin.php:47

filterquery_varssrc\SatoshiPay\SatoshiPayPlugin.php:48

filterthe_contentsrc\SatoshiPay\SatoshiPayPlugin.php:66

Maintenance & Trust

SatoshiPay Maintenance & Trust

Maintenance Signals

WordPress version tested5.2.24

Last updatedJul 22, 2019

PHP min version

Downloads7K

Community Trust

Rating100/100

Number of ratings6

Active installs10

Alternatives

SatoshiPay Alternatives

StellarPress Federation

stellarpress-federation

Create your own readable address on the Stellar network by hosting your own Federation Server within WordPress. Attention: this requires a blog hosted …

10 No CVEs

Display Stellar Lumens Price

display-stellar-lumens-price

A sidebar widget plugin which displays the latest price of Stellar Lumens.

0 No CVEs

WooCommerce PayPal Payments

woocommerce-paypal-payments

100

PayPal's latest payment processing solution. Accept PayPal, Pay Later, credit/debit cards, alternative digital wallets and bank accounts.

800K 1 CVE

Redirection for Contact Form 7

wpcf7-redirect

Redirect to any page or URL, execute scripts after submission, save data to the database, and unlock additional submission actions for Contact Form 7.

200K 14 CVEs

Payment Plugins for PayPal WooCommerce

pymntpl-paypal-woocommerce

Developed exclusively between Payment Plugins and PayPal, PayPal for WooCommerce integrates with PayPal's newest API's.

90K 1 CVE

Developer Profile

SatoshiPay Developer Profile

satoshipay

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect SatoshiPay

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/satoshipay/assets/css/style_admin.css/wp-content/plugins/satoshipay/assets/js/script_admin.js/wp-content/plugins/satoshipay/assets/js/script_admin_migrator.js/wp-content/plugins/satoshipay/assets/js/script_post.js/wp-content/plugins/satoshipay/dist/blocks.style.build.css/wp-content/plugins/satoshipay/dist/editor.blocks.build.css/wp-content/plugins/satoshipay/dist/editor.blocks.build.js/wp-content/plugins/satoshipay/dist/blocks.build.js

Script Paths

/wp-content/plugins/satoshipay/assets/js/script_admin.js/wp-content/plugins/satoshipay/assets/js/script_admin_migrator.js/wp-content/plugins/satoshipay/assets/js/script_post.js/wp-content/plugins/satoshipay/dist/editor.blocks.build.js/wp-content/plugins/satoshipay/dist/blocks.build.js

Version Parameters

satoshipay/style.css?ver=satoshipay/script.js?ver=

HTML / DOM Fingerprints

CSS Classes

satoshipay-donate-buttonsatoshipay-content-wrapper

HTML Comments

+8 more

Data Attributes

data-satoshipay-client-urldata-satoshipay-publisher-urldata-satoshipay-product-service-urldata-satoshipay-use-browser-detectiondata-satoshipay-use-ad-blocker-detectiondata-satoshipay-default-max-product-price

JS Globals

satoshipay_ajax_object

REST Endpoints

/wp-json/satoshipay/v1/donation/wp-json/satoshipay/v1/product/wp-json/satoshipay/v1/purchase/wp-json/satoshipay/v1/media

Shortcode Output

[satoshipay_donate][satoshipay_content][satoshipay_products]

FAQ