WP-Safety

WooMinecraft-WP Security & Risk Analysis

wordpress.org/plugins/woominecraft

A FREE Minecraft Donation plugin which works in conjunction with my WooMinecraft java plugin for Minecraft to provide a self-hosted donation platform.

60 active installs v1.4.5 PHP 7.4+ WP 4.4.2+ Updated Apr 2, 2022
donationsminecraftwoocommerce
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is WooMinecraft-WP Safe to Use in 2026?

Generally Safe

Score 85/100

WooMinecraft-WP has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago
Risk Assessment

The "woominecraft" plugin v1.4.5 exhibits a mixed security posture. On the positive side, it demonstrates good practices regarding SQL queries, utilizing prepared statements exclusively. It also shows a relatively high percentage of properly escaped outputs, minimizing the risk of certain cross-site scripting (XSS) vulnerabilities. The absence of known CVEs and any recorded vulnerability history suggests a generally stable codebase in the past. However, significant concerns arise from the static analysis. The presence of a single AJAX handler without authentication checks presents a clear attack vector. The taint analysis, while limited in scope, identified one flow with an unsanitized path, which could potentially lead to vulnerabilities depending on its context and the data processed. The lack of nonce checks on the exposed AJAX endpoint is also a notable oversight. While the overall attack surface is small, the critical weakness of an unprotected AJAX entry point, combined with the unsanitized path flow, elevates the risk. In conclusion, while the plugin benefits from secure SQL handling and good output escaping, the unprotected AJAX endpoint and the identified unsanitized path flow are serious vulnerabilities that need immediate attention. The clean vulnerability history is positive, but it doesn't negate the immediate risks present in the current codebase.

Key Concerns

  • AJAX handler without auth checks
  • Flow with unsanitized paths
  • No nonce checks
  • Less than 100% output escaping
Vulnerabilities
None known

WooMinecraft-WP Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

WooMinecraft-WP Release Timeline

v1.4.5Current
v1.4.4
v1.4.3
v1.4.2
v1.3.0
v1.2
v1.1.1
v1.1
v1.0.8
v1.0.7
v1.0.6
v1.0.5
v1.0.4
v1.0.3
v1.0.2
v1.0.1
vtesting
Code Analysis
Analyzed Mar 17, 2026

WooMinecraft-WP Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
4 prepared
Unescaped Output
8
45 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared4 total queries

Output Escaping

85% escaped53 total outputs
Data Flows · Security
1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths
<order-manager> (includes\order-manager.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

WooMinecraft-WP Attack Surface

Entry Points1
Unprotected1

AJAX Handlers 1

authwp_ajax_wmc_resend_donationsincludes\woocommerce-admin.php:24
WordPress Hooks 22
actiontemplate_redirectincludes\helpers.php:15
filterwoocommerce_get_wp_query_argsincludes\helpers.php:16
actionsave_postincludes\order-cache-controller.php:13
actionwoocommerce_checkout_update_order_metaincludes\order-manager.php:16
actionwoocommerce_before_checkout_billing_formincludes\order-manager.php:17
actionwoocommerce_thankyouincludes\order-manager.php:18
actionwoocommerce_checkout_processincludes\order-manager.php:19
actionrest_api_initincludes\rest-api.php:21
actionwoocommerce_admin_order_data_after_shipping_addressincludes\woocommerce-admin.php:16
actionadmin_enqueue_scriptsincludes\woocommerce-admin.php:17
actionwoocommerce_product_options_general_product_dataincludes\woocommerce-admin.php:18
actionwoocommerce_process_product_meta_simpleincludes\woocommerce-admin.php:19
actionwoocommerce_product_after_variable_attributesincludes\woocommerce-admin.php:21
actionwoocommerce_update_product_variationincludes\woocommerce-admin.php:22
actionadmin_initincludes\woocommerce-admin.php:26
filterwoocommerce_get_settings_generalincludes\woocommerce-admin.php:28
actionwoocommerce_admin_field_wmc_serversincludes\woocommerce-admin.php:29
actionwoocommerce_settings_save_generalincludes\woocommerce-admin.php:30
filtermanage_shop_order_posts_columnsincludes\woocommerce-admin.php:32
actionmanage_shop_order_posts_custom_columnincludes\woocommerce-admin.php:33
filtermanage_edit-shop_order_sortable_columnsincludes\woocommerce-admin.php:34
actionpre_get_postsincludes\woocommerce-admin.php:35
Maintenance & Trust

WooMinecraft-WP Maintenance & Trust

Maintenance Signals

WordPress version tested5.8.13
Last updatedApr 2, 2022
PHP min version7.4
Downloads15K

Community Trust

Rating80/100
Number of ratings10
Active installs60
Alternatives

WooMinecraft-WP Alternatives

Potent Donations for WooCommerce

Potent Donations for WooCommerce

donations-for-woocommerce

A
92

Easily accept donations of varying amounts through your WooCommerce store.

2K 1 CVE
WPC Order Tip for WooCommerce

WPC Order Tip for WooCommerce

wpc-order-tip

A
100

WPC Order Tip is a plugin that enables customers to add extra amounts to their order as a tip or donation to the seller or specified recipients.

1K No CVEs
StoreLink for Minecraft by MrDino

StoreLink for Minecraft by MrDino

storelinkformc

A
100

Connect your WooCommerce store with a Minecraft server. Deliver in-game items when an order is completed, using a secure and customizable REST API.

20 No CVEs
Simple checkout page donations/tips for WooCommerce

Simple checkout page donations/tips for WooCommerce

simple-checkout-page-donationstips-for-woocommerce

A
100

This plugin lets you add custom tips for display in the checkout page. These tips are optional for the customer to add to the cart fee.

10 No CVEs
Donation Amount Tracker

Donation Amount Tracker

donation-amount-tracker

A
92

Track and display donation amounts from WooCommerce orders with customizable progress bars and displays for fundraising campaigns.

0 No CVEs
Developer Profile

WooMinecraft-WP Developer Profile

Jay Wood

2 plugins · 70 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect WooMinecraft-WP

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/woominecraft/assets/css/admin-style.css/wp-content/plugins/woominecraft/assets/js/admin-script.js/wp-content/plugins/woominecraft/assets/css/woocommerce-admin-style.css/wp-content/plugins/woominecraft/assets/js/woocommerce-admin-script.js
Script Paths
/wp-content/plugins/woominecraft/assets/js/admin-script.js/wp-content/plugins/woominecraft/assets/js/woocommerce-admin-script.js
Version Parameters
woominecraft/assets/css/admin-style.css?ver=woominecraft/assets/js/admin-script.js?ver=woominecraft/assets/css/woocommerce-admin-style.css?ver=woominecraft/assets/js/woocommerce-admin-script.js?ver=

HTML / DOM Fingerprints

CSS Classes
wmc-orders-deliveredwmc-player-namewmc-servers-section
HTML Comments
<!-- Ni Hijan -->
Data Attributes
data-servers-options
JS Globals
WooMinecraftAdminWooMinecraftWooCommerceAdmin
REST Endpoints
/wp-json/woominecraft/v1/send_command/wp-json/woominecraft/v1/get_servers
FAQ

Frequently Asked Questions about WooMinecraft-WP