[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f5ZmSUK5pzyG6wmE0K1i5ZiytWq5ofy1oYcvexLr8seo":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":22,"download_link":23,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":36,"analysis":88,"fingerprints":174},"top-coin","Top Coin","1.0","Huy Kira","https:\u002F\u002Fprofiles.wordpress.org\u002Fhuykiradotnet\u002F","\u003Cp>Display the virtual currency, updated every minute\u003Cbr \u002F>\nPlugin uses api from coinmarketcap.com\u003Cbr \u002F>\nFor more history, see: https:\u002F\u002Fhuykira.net\u002Fshare-code\u002Fshare-plugin-bang-gia-tien-ao.html\u003C\u002Fp>\n\u003Ch3>Arbitrary section 1\u003C\u002Fh3>\n","Virtual currency rankings wordpress plugin",10,5550,100,1,"2017-12-11T01:27:00.000Z","4.9.29","3.3","",[20,21,4],"bitcoin-plugin","currency-rankings","https:\u002F\u002Fhuykira.net\u002Fshare-code\u002Fshare-plugin-bang-gia-tien-ao.html","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftop-coin.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":13,"avg_security_score":32,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"huykiradotnet",6,93,30,89,"2026-04-04T19:06:15.424Z",[37,57,73],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":25,"num_ratings":25,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":50,"tags":51,"homepage":55,"download_link":56,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"bitcartcc-for-woocommerce","Bitcart for WooCommerce","1.0.6","bitcart","https:\u002F\u002Fprofiles.wordpress.org\u002Fbitcartcc\u002F","\u003Cp>Bitcart is a free and open-source cryptocurrency payment processor which allows you to receive cryptocurrency payments directly, with no fees, transaction cost or a middleman.\u003C\u002Fp>\n\u003Cp>Bitcart is a non-custodial invoicing system which eliminates the involvement of a third-party. Payments with Bitcart go directly to your wallet, which increases the privacy and security. Your private keys are never uploaded to the server. There is no address re-use since each invoice generates a new address deriving from your xpubkey.\u003C\u002Fp>\n\u003Cp>You can run Bitcart as a self-hosted solution on your own server, or use a third-party host.\u003C\u002Fp>\n\u003Cp>The self-hosted solution allows you not only to attach an unlimited number of stores and use the Lightning Network but also become the payment processor for others.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Direct, peer-to-peer cryptocurrency payments\u003C\u002Fli>\n\u003Cli>No transaction fees (other than mining fees by crypto network itself)\u003C\u002Fli>\n\u003Cli>No processing fees\u003C\u002Fli>\n\u003Cli>No middleman\u003C\u002Fli>\n\u003Cli>No KYC\u003C\u002Fli>\n\u003Cli>User has complete control over private keys\u003C\u002Fli>\n\u003Cli>Enhanced privacy (no address re-use, no IP leaks to third parties)\u003C\u002Fli>\n\u003Cli>Enhanced security\u003C\u002Fli>\n\u003Cli>Self-hosted\u003C\u002Fli>\n\u003Cli>SegWit support\u003C\u002Fli>\n\u003Cli>Lightning Network support\u003C\u002Fli>\n\u003Cli>Altcoin support\u003C\u002Fli>\n\u003Cli>Attach unlimited stores, process payments for friends\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>1.0.0\u003C\u002Fh3>\n\u003Cp>Initial version\u003C\u002Fp>\n\u003Ch3>1.0.1\u003C\u002Fh3>\n\u003Cp>Fixes for latest Bitcart API updates\u003C\u002Fp>\n\u003Ch3>1.0.2\u003C\u002Fh3>\n\u003Cp>Fixes for Bitcart API updates\u003C\u002Fp>\n\u003Ch3>1.0.3\u003C\u002Fh3>\n\u003Cp>Compatibility with Bitcart v0.5.0.0\u003C\u002Fp>\n\u003Ch3>1.0.4\u003C\u002Fh3>\n\u003Cp>More fixes for invoice processing, clarify params\u003C\u002Fp>\n\u003Ch3>1.0.5\u003C\u002Fh3>\n\u003Cp>Fixes for stock level not increasing in case of expired invoices\u003C\u002Fp>\n\u003Ch3>1.0.6\u003C\u002Fh3>\n\u003Cp>Rename BitcartCC to Bitcart\u003C\u002Fp>\n","Bitcart is a free and open-source cryptocurrency payment processor which allows you to receive cryptocurrency payments directly, with no fees, transac …",20,2611,"2023-08-24T11:13:00.000Z","6.1.10","3.9","5.4",[52,41,53,20,54],"accept-bitcoin","bitcoin","cryptocurrency","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbitcart-for-woocommerce","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbitcartcc-for-woocommerce.zip",{"slug":58,"name":59,"version":6,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":11,"downloaded":64,"rating":13,"num_ratings":14,"last_updated":65,"tested_up_to":66,"requires_at_least":67,"requires_php":18,"tags":68,"homepage":71,"download_link":72,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"bitcoin-payments-for-wp-woocommerce","Bitcoin Payments for WP WooCommerce","WebPlanex","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebplanex\u002F","\u003Cp>Your online store must use WooCommerce platform (free wordpress plugin).\u003Cbr \u002F>\nOnce you installed and activated WooCommerce, you may install and activate Bitcoin Payments for WooCommerce.\u003C\u002Fp>\n\u003Ch4>Benefits\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Fully automatic operation\u003C\u002Fli>\n\u003Cli>Accept payments in bitcoins directly into your personal QT wallet.\u003C\u002Fli>\n\u003Cli>Electrum wallet payment option completely removes dependency on any third party service and middlemen.\u003C\u002Fli>\n\u003Cli>Accept payment in bitcoins for physical and digital downloadable products.\u003C\u002Fli>\n\u003Cli>Add bitcoin payments option to your existing online store with alternative main currency.\u003C\u002Fli>\n\u003Cli>Support for many currencies.\u003C\u002Fli>\n\u003Cli>Set main currency of your store in any currency or bitcoin.\u003C\u002Fli>\n\u003Cli>Automatic conversion to bitcoin via realtime exchange rate feed and calculations.\u003C\u002Fli>\n\u003Cli>Ability to set exchange rate calculation multiplier to compensate for any possible losses due to bank conversions and funds transfer fees.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Remove plugin\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Deactivate plugin through the ‘Plugins’ menu in WordPress\u003C\u002Fli>\n\u003Cli>Delete plugin through the ‘Plugins’ menu in WordPress\u003C\u002Fli>\n\u003C\u002Fol>\n","Bitcoin Payments for WooCommerce is a Wordpress plugin that allows to accept bitcoins at WooCommerce-powered online stores.",8210,"2015-03-03T09:19:00.000Z","4.0.38","3.0.1",[52,53,69,20,70],"bitcoin-payments","bitcoin-wordpress-plugin","http:\u002F\u002Fwww.webplanex.co.in\u002FPlugins\u002FBitcoinPayment\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbitcoin-payments-for-wp-woocommerce.zip",{"slug":74,"name":75,"version":76,"author":77,"author_profile":78,"description":79,"short_description":10,"active_installs":11,"downloaded":80,"rating":13,"num_ratings":14,"last_updated":81,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":82,"homepage":86,"download_link":87,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"easy-coin-table","Easy Coin Table","1.2","hoangthinhnd","https:\u002F\u002Fprofiles.wordpress.org\u002Fhoangthinhnd\u002F","\u003Cul>\n\u003Cli>Plugin using Coin market cap API https:\u002F\u002Fcoinmarketcap.com\u002Fapi\u002F\u003C\u002Fli>\n\u003Cli>\n\u003Cp>https:\u002F\u002Fcoinmarketcap.com\u002Fapi\u002Fterms\u002F\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Plugin using Information single curency in https:\u002F\u002Ftygiacoin.com\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>https:\u002F\u002Ftygiacoin.com\u002Ftien-ao\u002FBTC\u002Fbitcoin\u002F\u003C\u002Fli>\n\u003Cli>https:\u002F\u002Ftygiacoin.com\u002Ftin-tong-hop\u002Fplugin-bang-gia-tien-ao-wordpress-1030.html\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Arbitrary section 1\u003C\u002Fh3>\n",4056,"2019-09-23T02:45:00.000Z",[20,83,84,85],"coin-table","crypto-table","cryto-compare","https:\u002F\u002Ftygiacoin.com\u002Ftin-tong-hop\u002Fshare-plugin-bang-gia-tien-ao.html","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasy-coin-table.zip",{"attackSurface":89,"codeSignals":115,"taintFlows":161,"riskAssessment":162,"analyzedAt":173},{"hooks":90,"ajaxHandlers":106,"restRoutes":107,"shortcodes":108,"cronEvents":114,"entryPointCount":14,"unprotectedCount":25},[91,97,101],{"type":92,"name":93,"callback":94,"file":95,"line":96},"action","wp_enqueue_scripts","bhk_styles","bitcoin-plugin.php",24,{"type":92,"name":98,"callback":99,"file":95,"line":100},"admin_menu","bhk_add_menu",37,{"type":92,"name":102,"callback":103,"file":104,"line":105},"widgets_init","anonymous","includes\\widget.php",67,[],[],[109],{"tag":110,"callback":111,"file":112,"line":113},"topcoin","create_shortcode_bhk","includes\\shortcode.php",34,[],{"dangerousFunctions":116,"sqlUsage":120,"outputEscaping":122,"fileOperations":159,"externalRequests":25,"nonceChecks":25,"capabilityChecks":25,"bundledLibraries":160},[117],{"fn":118,"file":104,"line":105,"context":119},"create_function","add_action('widgets_init', create_function('', 'return register_widget(\"BHK_plugin_widget\");'));",{"prepared":25,"raw":25,"locations":121},[],{"escaped":25,"rawEcho":123,"locations":124},21,[125,127,128,129,131,132,134,136,138,140,141,143,145,147,149,151,152,153,155,157,158],{"file":112,"line":45,"context":126},"raw output",{"file":112,"line":123,"context":126},{"file":112,"line":123,"context":126},{"file":112,"line":130,"context":126},22,{"file":112,"line":96,"context":126},{"file":104,"line":133,"context":126},14,{"file":104,"line":135,"context":126},15,{"file":104,"line":137,"context":126},31,{"file":104,"line":139,"context":126},32,{"file":104,"line":139,"context":126},{"file":104,"line":142,"context":126},33,{"file":104,"line":144,"context":126},35,{"file":104,"line":146,"context":126},44,{"file":104,"line":148,"context":126},58,{"file":104,"line":150,"context":126},59,{"file":104,"line":150,"context":126},{"file":104,"line":150,"context":126},{"file":104,"line":154,"context":126},62,{"file":104,"line":156,"context":126},63,{"file":104,"line":156,"context":126},{"file":104,"line":156,"context":126},2,[],[],{"summary":163,"deductions":164},"The 'top-coin' plugin v1.0 exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and has a seemingly small attack surface with no recorded vulnerabilities or known CVEs.  The absence of external HTTP requests and bundled libraries also reduces potential risks. However, significant concerns arise from the static analysis. The plugin lacks any nonce or capability checks, meaning that even though there are no unprotected entry points identified, any action triggered by its single shortcode is essentially unauthenticated and unprivileged, posing a risk for unauthorized actions if the shortcode functionality allows for it.\n\nFurthermore, the presence of the `create_function` dangerous function is a critical red flag, as it can be exploited for remote code execution if user-supplied data influences its execution. The most concerning finding is that 100% of the output from the plugin is not properly escaped. This opens the door to Cross-Site Scripting (XSS) vulnerabilities, where malicious scripts could be injected into the website through the plugin's output, impacting users who interact with those outputs. Given the lack of vulnerability history, it's difficult to ascertain if these issues have been exploited previously, but the current state of the code presents clear and present dangers.",[165,167,169,171],{"reason":166,"points":135},"Dangerous function create_function used",{"reason":168,"points":135},"All output unescaped (XSS risk)",{"reason":170,"points":11},"No nonce checks",{"reason":172,"points":11},"No capability checks","2026-03-17T00:17:24.977Z",{"wat":175,"direct":181},{"assetPaths":176,"generatorPatterns":178,"scriptPaths":179,"versionParams":180},[177],"\u002Fwp-content\u002Fplugins\u002Ftop-coin\u002Fcss\u002Fbhk_style.css",[],[],[],{"cssClasses":182,"htmlComments":187,"htmlAttributes":188,"restEndpoints":193,"jsGlobals":194,"shortcodeOutput":195},[183,184,185,186],"bhk-content-coin","bhk-table-coin","wp-heading-inline","info-plugin",[],[189,190,191,192],"id=\"col-container\"","class=\"wp-clearfix\"","id=\"col-left\"","id=\"col-right\"",[],[],[196,197],"[topcoin num=\"5\"]","[topcoin num=\"10\"]"]