Does Swiss Bitcoin Pay have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Swiss Bitcoin Pay compatible with WordPress 6.6.5?

According to WordPress.org data, Swiss Bitcoin Pay 1.0.0 has been tested up to WordPress 6.6.5. Check the plugin's changelog for the latest compatibility information.

How often is Swiss Bitcoin Pay updated?

Swiss Bitcoin Pay was last updated on Nov 1, 2024. Frequent updates are generally a positive security signal.

What is Swiss Bitcoin Pay's security score?

Swiss Bitcoin Pay has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Swiss Bitcoin Pay Security & Risk Analysis

wordpress.org/plugins/swiss-bitcoin-pay

Accept Bitcoin-Lightning payments in a few minutes

30 active installs v1.0.0 PHP + WP 4.7+ Updated Nov 1, 2024

bitcoinlightningpayments

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Swiss Bitcoin Pay Safe to Use in 2026?

Generally Safe

Score 92/100

Swiss Bitcoin Pay has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The swiss-bitcoin-pay plugin v1.0.0 exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and avoiding dangerous functions, file operations, and bundled libraries. Furthermore, there is no recorded vulnerability history, which is a strong indicator of past security diligence or a very new plugin.

However, significant concerns arise from the static analysis. The plugin exposes a single REST API route that lacks any permission callbacks, creating a direct and unprotected entry point into the application. Additionally, a concerning 60% of output is not properly escaped, potentially leading to cross-site scripting (XSS) vulnerabilities if user-controlled data is displayed without sanitization. The absence of nonce checks and capability checks on the identified entry point further exacerbates these risks, as it allows unauthorized actions.

In conclusion, while the absence of SQL injection risks and a clean vulnerability history are commendable, the unprotected REST API endpoint and unescaped output represent critical weaknesses that could be exploited. Immediate attention is required to secure the REST API route and ensure all output is properly escaped to mitigate XSS risks.

Key Concerns

Unprotected REST API route
Unescaped output detected (40% properly escaped)
No capability checks on entry points
No nonce checks on entry points

Vulnerabilities

None known

Swiss Bitcoin Pay Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Swiss Bitcoin Pay Release Timeline

v1.0.0Current

Code Analysis

Analyzed Mar 16, 2026

Swiss Bitcoin Pay Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

2 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

40% escaped5 total outputs

Attack Surface

1 unprotected

Swiss Bitcoin Pay Attack Surface

Entry Points1

Unprotected1

REST API Routes 1

GET/wp-json/swiss-bitcoin-pay/v1/payment_complete/(?P<wcOrderId>\d+)sbp.php:246

WordPress Hooks 6

actionplugins_loadedsbp.php:16

filterwoocommerce_payment_gatewayssbp.php:38

actionwoocommerce_blocks_payment_method_type_registrationsbp.php:136

actionrest_api_initsbp.php:245

actionwoocommerce_blocks_loadedsbp.php:255

actionbefore_woocommerce_initsbp.php:257

Maintenance & Trust

Swiss Bitcoin Pay Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5

Last updatedNov 1, 2024

PHP min version

Downloads781

Community Trust

Rating0/100

Number of ratings0

Active installs30

Alternatives

Swiss Bitcoin Pay Alternatives

Lightning Publisher for WordPress

lightning-publisher

Lightning Publisher for WordPress allows you to offer previews of your blog posts and require a Lightning Network payment to release the rest.

10 No CVEs

Bitnob – Accept Bitcoin Payments (On-chain & Lightning)

bitnob

Accept Bitcoin on your website via on chain or lightning right away. Powered by Bitnob. With an easy setup of our plugin, you can get up and running …

0 No CVEs

Rapaygo For WooCommerce

rapaygo-for-woocommerce

With rapaygo Payment Gateway for WooCommerce, you can start accepting Bitcoin payments on the Lightning Network in minutes on your Wordpress based sit …

0 No CVEs

elegro Crypto Payment

elegro-payment

Increase your customers base by accepting cryptocurrencies.

20K No CVEs

MyCryptoCheckout – Bitcoin, Ethereum, and 100+ altcoins for WooCommerce

mycryptocheckout

Cryptocurrency payment gateway for WooCommerce and Easy Digital Downloads. Accept 100+ coins: Bitcoin, Ethereum, BNB, Solana. Peer2Peer transactions.

8K 2 CVEs

Developer Profile

Swiss Bitcoin Pay Developer Profile

swissbitcoinpay

1 plugin · 30 total installs

trust score

Avg Security Score

92/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Swiss Bitcoin Pay

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/swiss-bitcoin-pay/assets/sbp.png

HTML / DOM Fingerprints

FAQ