Does Cointopay — Crypto and Fiat Payments for WooCommerce have any unpatched vulnerabilities?

No. All known vulnerabilities in Cointopay — Crypto and Fiat Payments for WooCommerce have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Cointopay — Crypto and Fiat Payments for WooCommerce compatible with WordPress 6.9.4?

According to WordPress.org data, Cointopay — Crypto and Fiat Payments for WooCommerce 1.4.7 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

What is Cointopay — Crypto and Fiat Payments for WooCommerce's security score?

Cointopay — Crypto and Fiat Payments for WooCommerce has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Cointopay — Crypto and Fiat Payments for WooCommerce Security & Risk Analysis

wordpress.org/plugins/wc-cointopay-com

Crypto currency payment plugin for Wordpress WooCommerce, you can receive crypto currencies for your products and services as alternative e.g.

20 active installs v1.4.7 PHP + WP 3.8.1+ Updated Mar 12, 2026

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Cointopay — Crypto and Fiat Payments for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Cointopay — Crypto and Fiat Payments for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 23d ago

Risk Assessment

The 'wc-cointopay-com' plugin v1.4.7 exhibits a mixed security posture. A significant concern is the presence of two AJAX handlers that lack any authentication or capability checks. This creates a direct attack vector where any user, even an unauthenticated one, could potentially trigger these functions, leading to unauthorized actions or information disclosure depending on the functionality of these handlers. While the plugin demonstrates good practices in SQL query handling with 100% prepared statements and a high percentage of output escaping, the unprotected entry points represent a critical weakness.

The plugin's static analysis also reveals three external HTTP requests, which, without proper validation or sanitization, could introduce risks if the target URLs are controlled by an attacker or if the external service is compromised. The absence of any recorded CVEs and common vulnerability types is a positive indicator, suggesting a history of security awareness or a lack of past exploitable issues. However, this historical data should not overshadow the present risks identified in the code analysis.

In conclusion, the plugin has strengths in its database interaction and output handling. However, the unprotected AJAX endpoints present a substantial and immediate security risk that significantly outweighs these strengths. The lack of nonces and capability checks on these critical entry points requires immediate attention to secure the plugin against potential exploitation.

Key Concerns

Unprotected AJAX handlers
Missing nonce checks on AJAX
Missing capability checks on AJAX
External HTTP requests without clear sanitization
Unescaped output (15% of outputs)

Vulnerabilities

None known

Cointopay — Crypto and Fiat Payments for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Cointopay — Crypto and Fiat Payments for WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

34 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

85% escaped40 total outputs

Attack Surface

2 unprotected

Cointopay — Crypto and Fiat Payments for WooCommerce Attack Surface

Entry Points2

Unprotected2

AJAX Handlers 2

noprivwp_ajax_getCTPMerchantCoinsByAjaxhooks\get_merchant_coins.php:2

authwp_ajax_getCTPMerchantCoinsByAjaxhooks\get_merchant_coins.php:3

WordPress Hooks 12

actioninitclasses\wc_cointopay_gateway.php:30

actionwp_enqueue_scriptsclasses\wc_cointopay_gateway.php:33

actionwoocommerce_after_order_notesclasses\wc_cointopay_gateway.php:36

actionwoocommerce_checkout_processclasses\wc_cointopay_gateway.php:37

actionwoocommerce_after_order_notesclasses\wc_cointopay_gateway.php:38

actionwoocommerce_checkout_update_order_metaclasses\wc_cointopay_gateway.php:39

actionadmin_noticesclasses\wc_cointopay_gateway.php:50

actionadmin_noticesclasses\wc_cointopay_gateway.php:55

filterwoocommerce_payment_gatewayswc-cointopay.php:16

actionplugins_loadedwc-cointopay.php:22

actionwoocommerce_blocks_loadedwc-cointopay.php:35

actionwoocommerce_blocks_payment_method_type_registrationwc-cointopay.php:64

Maintenance & Trust

Cointopay — Crypto and Fiat Payments for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 12, 2026

PHP min version

Downloads3K

Community Trust

Rating100/100

Number of ratings2

Active installs20

Alternatives

Cointopay — Crypto and Fiat Payments for WooCommerce Alternatives

No alternatives data available yet.

Developer Profile

Cointopay — Crypto and Fiat Payments for WooCommerce Developer Profile

Cointopaydev

5 plugins · 70 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Cointopay — Crypto and Fiat Payments for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wc-cointopay-com/assets/images/crypto.png

HTML / DOM Fingerprints

FAQ