WP-Safety

NFT Maker Security & Risk Analysis

wordpress.org/plugins/tatum

DEPRECATED / NOT MAINTAINED: Please be aware that we have stopped the development of this WordPress plugin and recommend to use our API or SDK directl …

100 active installs v2.0.37 PHP 7.0+ WP 5.5+ Updated Mar 18, 2024
bscceloerc721ethereumnft
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is NFT Maker Safe to Use in 2026?

Generally Safe

Score 85/100

NFT Maker has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago
Risk Assessment

The 'tatum' plugin v2.0.37 exhibits a generally strong security posture based on the provided static analysis. The complete absence of identified attack surface points and critical taint flows is a significant positive. Furthermore, the plugin has no recorded vulnerability history, suggesting a history of stable and secure development. However, there are notable areas for improvement. The fact that 100% of SQL queries are not using prepared statements is a serious concern and represents a significant risk of SQL injection vulnerabilities. Additionally, the complete lack of output escaping on all identified outputs means that any data processed by these outputs could be vulnerable to cross-site scripting (XSS) attacks. While the plugin has nonce and capability checks, their limited number in relation to potential data handling processes could be a weakness if more complex interactions exist that were not captured by the static analysis.

Key Concerns

  • SQL queries not using prepared statements
  • No output escaping for identified outputs
Vulnerabilities
None known

NFT Maker Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

NFT Maker Release Timeline

v2.0.38
v2.0.37Current
v2.0.36
v2.0.35
v2.0.31
v2.0.30
v2.0.29
v2.0.28
v2.0.27
v2.0.26
v2.0.25
v2.0.24
v2.0.23
v2.0.21
v2.0.20
v2.0.19
v2.0.18
v2.0.16
v2.0.13
v2.0.12
Code Analysis
Analyzed Mar 16, 2026

NFT Maker Code Analysis

Dangerous Functions
0
Raw SQL Queries
3
0 prepared
Unescaped Output
5
0 escaped
Nonce Checks
1
Capability Checks
3
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

0% prepared3 total queries

Output Escaping

0% escaped5 total outputs
Attack Surface

NFT Maker Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 18
actionadmin_noticesinc\base\others\fallback-php-version.php:24
actionadmin_noticesinc\base\others\fallback-rest-api.php:29
actionadmin_noticesinc\base\others\fallback-wp-version.php:28
actionwidgets_initinc\Core.php:35
actionrest_api_initinc\Core.php:44
actionadmin_enqueue_scriptsinc\Core.php:45
actionwp_enqueue_scriptsinc\Core.php:46
actionadmin_menuinc\Core.php:47
actionin_plugin_update_message-tatum/index.phpinc\Core.php:48
actionadmin_headinc\Core.php:52
actionwoocommerce_product_data_tabsinc\Core.php:53
actionwoocommerce_product_data_panelsinc\Core.php:54
actionwoocommerce_update_productinc\Core.php:55
actionwoocommerce_order_status_processinginc\Core.php:56
actionwoocommerce_checkout_update_order_metainc\Core.php:57
actionwoocommerce_checkout_processinc\Core.php:58
actionwoocommerce_before_checkout_billing_forminc\Core.php:59
actionwoocommerce_thankyou_order_received_textinc\Core.php:60
Maintenance & Trust

NFT Maker Maintenance & Trust

Maintenance Signals

WordPress version tested5.8.13
Last updatedMar 18, 2024
PHP min version7.0
Downloads24K

Community Trust

Rating80/100
Number of ratings5
Active installs100
Alternatives

NFT Maker Alternatives

Enefti NFT Marketplace Core lite

Enefti NFT Marketplace Core lite

enefti-nft-marketplace-core-lite

A
85

Enefti NFT Marketplace Core lite is a starting point for NFT Marketplaces based on Wordpress. Creating NFTs was never so easy.

10 No CVEs
WPSmartContracts

WPSmartContracts

wp-smart-contracts

B
74

WP Smart Contracts: The first WordPress plugin bringing blockchain technology to your fingertips since 2019.

200 1 unpatched
EthPress – Web3 Login

EthPress – Web3 Login

ethpress

A
92

EthPress Web3 Login Wordpress Plugin adds the capability to connect with cryptocurrency wallets such as MetaMask or WalletConnect QR code.

100 No CVEs
Web3 – Crypto wallet Login & NFT token gating

Web3 – Crypto wallet Login & NFT token gating

web3-authentication

B
81

Users can sign up for your WordPress using their crypto wallets. Gate content based on NFTs owned. Web3 authentication plugin supports crypto wallets …

100 2 CVEs
Cryptocurrency Product for WooCommerce

Cryptocurrency Product for WooCommerce

cryptocurrency-product-for-woocommerce

A
100

Cryptocurrency Ethereum Crypto WordPress Plugin for WooCommerce enables customers to buy Ether, Bitcoin or any ERC20 or NFT (ERC721) token.

60 No CVEs
Developer Profile

NFT Maker Developer Profile

lukaskotol

1 plugin · 100 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect NFT Maker

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/tatum/inc/../public/css/widget.css/wp-content/plugins/tatum/inc/../public/js/widget.js/wp-content/plugins/tatum/inc/../public/css/admin.css/wp-content/plugins/tatum/inc/../public/js/admin.js
Script Paths
/wp-content/plugins/tatum/inc/../public/js/widget.js/wp-content/plugins/tatum/inc/../public/js/admin.js
Version Parameters
tatum/widget.css?ver=tatum/widget.js?ver=tatum/admin.css?ver=tatum/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
tatum-blockchain-address-checkout-fieldtatum-blockchain-address-checkout-field-wrapper
Data Attributes
data-tatum-widget
JS Globals
TATUM
REST Endpoints
/wp-json/tatum/v1/address/wp-json/tatum/v1/save-address/wp-json/tatum/v1/blockchain/wp-json/tatum/v1/collection/wp-json/tatum/v1/token
FAQ

Frequently Asked Questions about NFT Maker