Does thirdweb WP have any unpatched vulnerabilities?

No. All known vulnerabilities in thirdweb WP have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is thirdweb WP compatible with WordPress 6.4.0?

According to WordPress.org data, thirdweb WP 0.0.2 has been tested up to WordPress 6.4.0. Check the plugin's changelog for the latest compatibility information.

Is thirdweb WP compatible with PHP 7.4+?

thirdweb WP requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is thirdweb WP updated?

thirdweb WP was last updated on Feb 18, 2024. Frequent updates are generally a positive security signal.

What is thirdweb WP's security score?

thirdweb WP has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

thirdweb WP Security & Risk Analysis

wordpress.org/plugins/thirdweb-wp

A community WordPress plugin for thirdweb. Turn your WordPress website into Web3 instantly and easily with thirdweb. 🚀💻🧩

30 active installs v0.0.2 PHP 7.4+ WP 5.2+ Updated Feb 18, 2024

blokchaincryptonftthirdwebweb3

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is thirdweb WP Safe to Use in 2026?

Generally Safe

Score 85/100

thirdweb WP has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago

Risk Assessment

The thirdweb-wp plugin v0.0.2 demonstrates a generally strong security posture based on the provided static analysis. The code adheres to best practices by utilizing prepared statements for all SQL queries and properly escaping all identified output, which significantly reduces the risk of common injection vulnerabilities. The absence of dangerous functions, file operations, and successful taint analysis flows further contribute to its secure foundation. Furthermore, the plugin has no recorded vulnerability history, suggesting a consistent and responsible approach to security from its developers.

However, a notable area for improvement lies in the lack of explicit nonce checks across its entry points. While the analysis indicates a small attack surface with only one shortcode and no unprotected AJAX handlers or REST API routes, a missing nonce check on the shortcode could still present a potential CSRF (Cross-Site Request Forgery) vulnerability. The presence of an external HTTP request also warrants careful review to ensure it is not susceptible to man-in-the-middle attacks or data exfiltration if not properly secured. Overall, the plugin is well-built from a code hygiene perspective, but the missing nonce check and the single external HTTP request are minor concerns that could be addressed for complete robustness.

Key Concerns

Missing nonce check on entry points
External HTTP request without explicit security review

Vulnerabilities

None known

thirdweb WP Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

thirdweb WP Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

12 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped12 total outputs

Attack Surface

thirdweb WP Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[twcontractread] thirdweb.php:186

WordPress Hooks 3

actioninitthirdweb.php:189

actionadmin_menuthirdweb.php:190

actionadmin_initthirdweb.php:191

Maintenance & Trust

thirdweb WP Maintenance & Trust

Maintenance Signals

WordPress version tested6.4.0

Last updatedFeb 18, 2024

PHP min version7.4

Downloads898

Community Trust

Rating0/100

Number of ratings0

Active installs30

Alternatives

thirdweb WP Alternatives

Web3 Access

web3-access

100

Accept cryptocurrency payments via MetaMask or web3 browser wallets. Restrict content to NFT owners or crypto wallets that make a payment.

80 No CVEs

Web3 Crypto Payments by DePay for WooCommerce

depay-payments-for-woocommerce

Accept Web3 Crypto Payments. Supports various tokens, blockchains and wallets. MetaMask, Phantom, USDC, USDT, ETH, SOL, BSC, POL, xDAI…

1K 1 CVE

Opensea

opensea

The Opensea WordPress plugin allows you to embed any single NFT quickly and easily anywhere within your website.

200 1 CVE

EthPress – Web3 Login

ethpress

EthPress Web3 Login Wordpress Plugin adds the capability to connect with cryptocurrency wallets such as MetaMask or WalletConnect QR code.

100 No CVEs

Web3 – Crypto wallet Login & NFT token gating

web3-authentication

Users can sign up for your WordPress using their crypto wallets. Gate content based on NFTs owned. Web3 authentication plugin supports crypto wallets …

100 2 CVEs

Developer Profile

thirdweb WP Developer Profile

Waren Gonzaga

2 plugins · 30 total installs

trust score

Avg Security Score

93/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect thirdweb WP

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Script Paths

/wp-content/plugins/thirdweb-wp/assets/thirdweb.png

HTML / DOM Fingerprints

Data Attributes

default_contract_addressdefault_chainengine_access_tokenengine_api_endpoint

JS Globals

console.error

Shortcode Output

Error: No engine API endpoint found. Please set the engine API endpoint in the plugin settings.Error: No engine access token found. Please set the engine access token in the plugin settings.Error: No result found in the response.

FAQ