[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fPbQ1ZP-xtbweJIdoXRDzYIG7JfeQKyQuJiKF0NgF8_Q":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":18,"download_link":20,"security_score":13,"vuln_count":21,"unpatched_count":21,"last_vuln_date":22,"fetched_at":23,"vulnerabilities":24,"developer":25,"crawl_stats":22,"alternatives":32,"analysis":33,"fingerprints":136},"wc-cointopay-com","Cointopay — Crypto and Fiat Payments for WooCommerce","1.4.7","Cointopaydev","https:\u002F\u002Fprofiles.wordpress.org\u002Fcointopay\u002F","\u003Cp>Crypto currency payment plugin for WordPress WooCommerce, you can receive crypto currencies for your products and services as alternative e.g. Bitcoin, Litecoin, Ethereum, Ripple. Cointopay receives the currencies into your account on \u003Ca href=\"https:\u002F\u002Fcointopay.com\" rel=\"nofollow ugc\">Cointopay.com\u003C\u002Fa>. Optional: we payout to bank in 50 global fiat currencies worldwide e.g. to EUR or USD without volatility risk for you.\u003C\u002Fp>\n\u003Cp>\u003Cem>There are three prerequisites to get started:\u003C\u002Fem>\u003Cbr \u002F>\n1. Please create an account on Cointopay.com, note down MerchantID and SecurityCode. Here is a complete list \u003Ca href=\"https:\u002F\u002Ftinyurl.com\u002Fujfk7qy\" rel=\"nofollow ugc\">https:\u002F\u002Ftinyurl.com\u002Fujfk7qy\u003C\u002Fa>\u003Cbr \u002F>\n2. Install the Curl PHP Extension on your server\u003Cbr \u002F>\n3. Install JSON Encode on your server\u003C\u002Fp>\n\u003Ch3>About Cointopay.com\u003C\u002Fh3>\n\u003Cp>We are an international crypto currency payment processor, meaning that we accept payments from your customers and make the funds available to you (incl. in form of fiat currency like euro). The direct integration with WordPress Woocommerce provides you with a seamless payment experience while underlying dealing with diverse and complex blockchain technologies like Bitcoin, Ethereum, Neo, Dash, Ripple and many more. P.S. If you want your own crypto currency to become available in this plugin, we can provide that for you as well, Cointopay has been a technological payment incubator since 2014!\u003C\u002Fp>\n\u003Ch3>FOR DEVELOPERS AND SALES REPS\u003C\u002Fh3>\n\u003Cp>PLEASE NOTE OUR AFFILIATE PROGRAM, YOU RECEIVE 0.5% OF ALL YOUR REFERRALS!\u003Cbr \u002F>\nCreate an account on Cointopay.com and send your prospects the following link: https:\u002F\u002Fcointopay.com\u002F?r=[yourmerchantid], you will receive mails when payments come into your account.\u003C\u002Fp>\n","Crypto currency payment plugin for Wordpress WooCommerce, you can receive crypto currencies for your products and services as alternative e.g.",20,2989,100,2,"2026-03-12T16:11:00.000Z","6.9.4","3.8.1","",[],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwc-cointopay-com.zip",0,null,"2026-03-15T15:16:48.613Z",[],{"slug":26,"display_name":7,"profile_url":8,"plugin_count":27,"total_installs":28,"avg_security_score":13,"avg_patch_time_days":29,"trust_score":30,"computed_at":31},"cointopay",5,70,30,94,"2026-04-05T14:46:48.007Z",[],{"attackSurface":34,"codeSignals":97,"taintFlows":119,"riskAssessment":120,"analyzedAt":135},{"hooks":35,"ajaxHandlers":86,"restRoutes":94,"shortcodes":95,"cronEvents":96,"entryPointCount":14,"unprotectedCount":14},[36,41,45,49,53,57,61,65,68,74,78,82],{"type":37,"name":38,"callback":39,"file":40,"line":29},"action","init","check_cointopay_response","classes\\wc_cointopay_gateway.php",{"type":37,"name":42,"callback":43,"file":40,"line":44},"wp_enqueue_scripts","Cointopay_Crypto_Gateway_admin_js",33,{"type":37,"name":46,"callback":47,"file":40,"line":48},"woocommerce_after_order_notes","cointopay_crypto_select_checkout_field",36,{"type":37,"name":50,"callback":51,"file":40,"line":52},"woocommerce_checkout_process","cointopay_crypto_process_custom_payment",37,{"type":37,"name":46,"callback":54,"priority":55,"file":40,"line":56},"cointopay_crypto_checkout_hidden_field",10,38,{"type":37,"name":58,"callback":59,"file":40,"line":60},"woocommerce_checkout_update_order_meta","cointopay_crypto_select_checkout_update_order_meta",39,{"type":37,"name":62,"callback":63,"file":40,"line":64},"admin_notices","apikey_missingmessage",50,{"type":37,"name":62,"callback":66,"file":40,"line":67},"secret_missingmessage",55,{"type":69,"name":70,"callback":71,"file":72,"line":73},"filter","woocommerce_payment_gateways","wc_cointopay_gateway_class","wc-cointopay.php",16,{"type":37,"name":75,"callback":76,"file":72,"line":77},"plugins_loaded","woocommerce_cointopay_init",22,{"type":37,"name":79,"callback":80,"file":72,"line":81},"woocommerce_blocks_loaded","woocommerce_gateway_cointopay_woocommerce_block_support",35,{"type":37,"name":83,"callback":84,"file":72,"line":85},"woocommerce_blocks_payment_method_type_registration","closure",64,[87,92],{"action":88,"nopriv":89,"callback":88,"hasNonce":90,"hasCapCheck":90,"file":91,"line":14},"getCTPMerchantCoinsByAjax",true,false,"hooks\\get_merchant_coins.php",{"action":88,"nopriv":90,"callback":88,"hasNonce":90,"hasCapCheck":90,"file":91,"line":93},3,[],[],[],{"dangerousFunctions":98,"sqlUsage":99,"outputEscaping":101,"fileOperations":21,"externalRequests":93,"nonceChecks":21,"capabilityChecks":21,"bundledLibraries":118},[],{"prepared":21,"raw":21,"locations":100},[],{"escaped":102,"rawEcho":103,"locations":104},34,6,[105,108,110,112,114,116],{"file":40,"line":106,"context":107},220,"raw output",{"file":40,"line":109,"context":107},246,{"file":40,"line":111,"context":107},301,{"file":40,"line":113,"context":107},316,{"file":40,"line":115,"context":107},400,{"file":91,"line":117,"context":107},17,[],[],{"summary":121,"deductions":122},"The 'wc-cointopay-com' plugin v1.4.7 exhibits a mixed security posture.  A significant concern is the presence of two AJAX handlers that lack any authentication or capability checks. This creates a direct attack vector where any user, even an unauthenticated one, could potentially trigger these functions, leading to unauthorized actions or information disclosure depending on the functionality of these handlers.  While the plugin demonstrates good practices in SQL query handling with 100% prepared statements and a high percentage of output escaping, the unprotected entry points represent a critical weakness.\n\nThe plugin's static analysis also reveals three external HTTP requests, which, without proper validation or sanitization, could introduce risks if the target URLs are controlled by an attacker or if the external service is compromised.  The absence of any recorded CVEs and common vulnerability types is a positive indicator, suggesting a history of security awareness or a lack of past exploitable issues. However, this historical data should not overshadow the present risks identified in the code analysis.\n\nIn conclusion, the plugin has strengths in its database interaction and output handling. However, the unprotected AJAX endpoints present a substantial and immediate security risk that significantly outweighs these strengths. The lack of nonces and capability checks on these critical entry points requires immediate attention to secure the plugin against potential exploitation.",[123,126,128,130,132],{"reason":124,"points":125},"Unprotected AJAX handlers",15,{"reason":127,"points":55},"Missing nonce checks on AJAX",{"reason":129,"points":55},"Missing capability checks on AJAX",{"reason":131,"points":27},"External HTTP requests without clear sanitization",{"reason":133,"points":134},"Unescaped output (15% of outputs)",4,"2026-03-16T23:08:15.344Z",{"wat":137,"direct":143},{"assetPaths":138,"generatorPatterns":140,"scriptPaths":141,"versionParams":142},[139],"\u002Fwp-content\u002Fplugins\u002Fwc-cointopay-com\u002Fassets\u002Fimages\u002Fcrypto.png",[],[],[],{"cssClasses":144,"htmlComments":145,"htmlAttributes":146,"restEndpoints":147,"jsGlobals":148,"shortcodeOutput":149},[],[],[],[],[],[]]