WP-Dogecoin Security & Risk Analysis

wordpress.org/plugins/wp-dogecoin

This plugin allows you to add your Dogecoin donation address to the bottom of your blog posts - automatically!

10 active installs v1.1 PHP + WP 3.0+ Updated Jan 29, 2014
bitcoincryptocurrencydogecoinlitecoin
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is WP-Dogecoin Safe to Use in 2026?

Generally Safe

Score 85/100

WP-Dogecoin has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 12yr ago
Risk Assessment

The static analysis of the "wp-dogecoin" plugin v1.1 reveals an exceptionally clean codebase from a structural standpoint. There are no identified AJAX handlers, REST API routes, shortcodes, or cron events, resulting in a zero attack surface. Furthermore, the code demonstrates excellent security practices by avoiding dangerous functions, file operations, and external HTTP requests. All SQL queries are performed using prepared statements, indicating a strong defense against SQL injection. The lack of any identified taint flows or vulnerability history further reinforces the impression of a secure and well-maintained plugin.

However, the analysis does highlight a significant concern: 100% of output is not properly escaped. This represents a critical weakness that could lead to Cross-Site Scripting (XSS) vulnerabilities if any dynamic data is displayed to users without proper sanitization. While the plugin exhibits strengths in preventing injection attacks and limiting its attack surface, the lack of output escaping is a fundamental security oversight that needs immediate attention.

In conclusion, "wp-dogecoin" v1.1 boasts a robust defense against common server-side vulnerabilities and has a clean historical record. Its minimal attack surface and secure database interactions are commendable. Nevertheless, the unescaped output presents a tangible risk that overshadows these strengths. Addressing this output escaping issue is paramount to improving the overall security posture of the plugin.

Key Concerns

  • Unescaped output detected
Vulnerabilities
None known

WP-Dogecoin Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

WP-Dogecoin Release Timeline

No version history available.
Code Analysis
Analyzed Apr 16, 2026

WP-Dogecoin Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
1
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

0% escaped1 total outputs
Attack Surface

WP-Dogecoin Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 4
filterthe_contentwp-dogecoin.php:15
actionwp_enqueue_scriptswp-dogecoin.php:32
actionadmin_menuwp-dogecoin.php:38
actionadmin_initwp-dogecoin.php:46
Maintenance & Trust

WP-Dogecoin Maintenance & Trust

Maintenance Signals

WordPress version tested3.7.41
Last updatedJan 29, 2014
PHP min version
Downloads5K

Community Trust

Rating100/100
Number of ratings1
Active installs10
Developer Profile

WP-Dogecoin Developer Profile

Mitch Canter

3 plugins · 40 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect WP-Dogecoin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-dogecoin/wp-dogecoin.css

HTML / DOM Fingerprints

CSS Classes
wpdc_boxwpdc_small
Shortcode Output
Donate Dogecoins: <strong>Whats This?Plugin written and supported by Mitch Canter. You can send donations to <strong>D5Lfoc5TXwopvLeMnJxBswV8iEY5t4dTuz</strong> if you like what you see!
FAQ

Frequently Asked Questions about WP-Dogecoin