[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fQFkxVqtpIutK4Ez_ezj6Ys1T_sI-uMee3L9AxTKyyjw":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":37,"analysis":112,"fingerprints":218},"wp-tipbot","WP-TipBot","1.1.1","alordiel","https:\u002F\u002Fprofiles.wordpress.org\u002Falordiel\u002F","\u003Cp>As content author you’re spending hours and days creating great blog articles and pages for the community. And you have the right to ask for a tip. Even the smallest tip will count but whet it comes to transactions and bank taxes things get ugly. But not in the world of the blockchain and the cryptocurrency.\u003C\u002Fp>\n\u003Cp>Thanks to Wietse Wind and his \u003Ca href=\"https:\u002F\u002Fwww.xrptipbot.com\u002Fhowto\" rel=\"nofollow ugc\">XRP Tip Bot\u003C\u002Fa> you can send and recieve Ripple XRP tips – easily and fast. And now we have have created an easy way for you to integrate the XRP Tip Bot in WordPress as a widget in your sidebar or as shortcode on any page you would like.\u003C\u002Fp>\n\u003Cp>This plugin will give you the option to creat a XRP tip button with your own settings like ammount of the tip, and thank you message.\u003C\u002Fp>\n\u003Cp>A settings page has been added in version 1.1.0 where you can set the default values for your shortcode. Also saving the ‘network’ and ‘receiver’ values will open a new tab for your with the related balance for the selected account (see img.5).\u003C\u002Fp>\n\u003Cp>You can follow us on \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002FWpTipbot\" rel=\"nofollow ugc\">twitter\u003C\u002Fa> or check \u003Ca href=\"https:\u002F\u002Fwp-tipbot.com\" rel=\"nofollow ugc\">our website\u003C\u002Fa> for more information.\u003C\u002Fp>\n\u003Cp>PS: If you have a question or a request you can use the support forum for this plugin or send an issue in the plugin’s \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Falordiel\u002Fwp-tipbot\" rel=\"nofollow ugc\">github\u003C\u002Fa> page.\u003Cbr \u002F>\nPS2: If you really like your plugin you can support us with a tip on \u003Ca href=\"https:\u002F\u002Fwp-tipbot.com\" rel=\"nofollow ugc\">our site\u003C\u002Fa>.\u003C\u002Fp>\n","The WP-Tipbot is an easy to setup WordPress plugin to get XRP tips for your content. Displays the XRP TIP BOT button with a widget or shortcode.",10,1165,0,"2018-12-11T10:42:00.000Z","5.0.0","4.5","5.6",[19,20,21,22,23],"criptocurrency","tipbot","wptipbot","xrp","xrptipbot","https:\u002F\u002Fwp-tipbot.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-tipbot.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":33,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},3,1020,87,6,91,"2026-04-04T10:01:23.936Z",[38,61,80,96],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":48,"num_ratings":49,"last_updated":50,"tested_up_to":51,"requires_at_least":52,"requires_php":53,"tags":54,"homepage":58,"download_link":59,"security_score":48,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":60},"xumm-payments-for-woocommerce","Xaman for WooCommerce","1.0.2","xumm","https:\u002F\u002Fprofiles.wordpress.org\u002Fxumm\u002F","\u003Cp>Allow easy on ledger, non custodial XRP ledger payments, in XRP or IOU’s (issued currencies).\u003C\u002Fp>\n\u003Cp>XRP transactions are usually user initiated: open your wallet, enter the destination, amount, etc. and then you submit your transaction. In retail \u002F e-commerce (and many other) scenarios, by “reversing” this process, the payment flow will become less prone to mistakes and much more user friendly.\u003C\u002Fp>\n","Accept XRP, EUR, USD, BTC & ETH, using a single plugin with the greatest XRP ledger client (wallet): Xaman (formerly Xumm)!",20,3834,100,1,"","6.4.8","4.7","8.2",[55,56,57,22,42],"crypto","ledger","xaman","https:\u002F\u002Fgithub.com\u002FXRPL-Labs\u002Fxumm-for-woocommerce","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fxumm-payments-for-woocommerce.zip","2026-03-15T10:48:56.248Z",{"slug":62,"name":63,"version":64,"author":65,"author_profile":66,"description":67,"short_description":68,"active_installs":11,"downloaded":69,"rating":13,"num_ratings":13,"last_updated":70,"tested_up_to":71,"requires_at_least":72,"requires_php":73,"tags":74,"homepage":78,"download_link":79,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"bitvolo-trustless-crypto-payment-gateway","Bitvolo trustless crypto payment gateway for WooCommerce","1.0","zwieciu","https:\u002F\u002Fprofiles.wordpress.org\u002Fzwieciu\u002F","\u003Cp>If you’re only accepting credit card payments, you’re likely paying fees of up to 5% of your revenue. Your customers must deal with high security risks associated with online credit card payments. It is clear that cryptocurrencies provide a solution to these issues. There is a variety of ways to accept cryptocurrency payments — most will work like credit card payment gateways: the customer sends a payment to the gateway and they make a payment to your account, with their commission deducted. Bitvolo is unique and works differently and according to the very idea of trustlessness the cryptocurrencies are base on: you don’t need to trust us in the transaction, the payment goes directly from the customer to your account.\u003C\u002Fp>\n\u003Cp>Key features:\u003Cbr \u002F>\n– Supported cryptocurrencies: IOTA, Stellar XLM, XRP, EOS, TELOS, WAX, tokens on the Stellar, EOS, WAX, TELOS networks and SEPA bank transfers\u003Cbr \u002F>\n– Trustless payments: You receive payments directly to your own address — they never go through our accounts\u003Cbr \u002F>\n– CHF 0.05 per transaction. No other fees for the seller or for the buyer\u003Cbr \u002F>\n– Your prices can be expressed in any fiat currency (USD\u002FEUR\u002FCHF\u002Fetc). We’ll automatically convert it into equivalent amount in given coin at the time of checkout\u003Cbr \u002F>\n– Forget about maintenance\u002Ftechnical issues: We operate our own blockchain\u002Ftangle nodes and take care of the maintenance\u002Ftechnical issues. You should be able to operate your web shop without having to worry about such problems\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cp>You’ll find the tutorial at \u003Ca href='https:\u002F\u002Fbitvolo.com\u002Fwoocommerce-trustless-crypto-payments' rel=\"nofollow ugc\">https:\u002F\u002Fbitvolo.com\u002Fwoocommerce-trustless-crypto-payments\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>In short: enable Bitvolo payments and specify your account ID and secret key which you’ll find in the Bitvolo backend\u003C\u002Fp>\n","This plugin integrates Bitvolo.com trustless cryptocurrency payments (IOTA \u002F Stellar XLM \u002F XRP \u002F EOS \u002F TELOS \u002F WAX) into WooCommerce checkout",4131,"2020-04-11T17:00:00.000Z","5.0.25","2.5","5.0",[55,75,76,77,22],"cryptocurrency","iota","xlm","https:\u002F\u002Fbitvolo.com\u002Fwoocommerce-trustless-crypto-payments\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbitvolo-trustless-crypto-payment-gateway.zip",{"slug":81,"name":82,"version":83,"author":84,"author_profile":85,"description":86,"short_description":87,"active_installs":11,"downloaded":88,"rating":13,"num_ratings":13,"last_updated":89,"tested_up_to":90,"requires_at_least":91,"requires_php":17,"tags":92,"homepage":94,"download_link":95,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"wc-gateway-payburner","Payburner Payment Gateway","1.0.4","payburner","https:\u002F\u002Fprofiles.wordpress.org\u002Fpayburner\u002F","\u003Cp>This gateway allows you to accept XRP payment on wc enabled wp sites using the Payburner service.  Payburner is an XRP wallet deployed as a browser extension.\u003C\u002Fp>\n\u003Cp>This WordPress plugin imports two javascript files from https:\u002F\u002Fwww.payburner.com in order to connect the page to the browser extension and to render and control the Payburner pay button.\u003C\u002Fp>\n\u003Cp>The source code for these two javascript files is located at:\u003C\u002Fp>\n\u003Cp>https:\u002F\u002Fgithub.com\u002Fpayburner\u002Fpayburner.js\u003Cbr \u002F>\nhttps:\u002F\u002Fgithub.com\u002Fpayburner\u002Fpaybutton.js\u003C\u002Fp>\n\u003Cp>payburner.js interacts solely with the payburner browser extension which can be found at https:\u002F\u002Fchrome.google.com\u002Fwebstore\u002Fdetail\u002Fpayburner-browser-extensi\u002Fghigcfhmoaokccllienfhdhdndkfhmop\u003C\u002Fp>\n\u003Cp>The browser extension itself is a what is called a non-custodial hot wallet.  The users maintain full control over the wallet and their funds.\u003C\u002Fp>\n\u003Cp>paybutton.js interacts with https:\u002F\u002Fgateway.payburner.com to manage the status of the payment on the payburner payment gateway.\u003C\u002Fp>\n\u003Cp>On the back end, the php class class-payburner-api.php interacts with https:\u002F\u002Fgateway.payburner.com to check the payment status.\u003C\u002Fp>\n\u003Cp>The privacy policy of Payburner and its related sites, including https:\u002F\u002Fwww.payburner.com and https:\u002F\u002Fgateway.payburner.com can be found at: https:\u002F\u002Fwww.payburner.com\u002Fpayburner-privacy-policy.txt\u003C\u002Fp>\n","This is an XRP payment gateway for wc, using Payburner.",817,"2020-06-10T12:38:00.000Z","4.8.28","4.0",[93],"xrp-woocommerce-payment-gateway","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwc-gateway-payburner\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwc-gateway-payburner.1.0.4.zip",{"slug":97,"name":98,"version":99,"author":100,"author_profile":101,"description":102,"short_description":103,"active_installs":13,"downloaded":104,"rating":13,"num_ratings":13,"last_updated":105,"tested_up_to":106,"requires_at_least":107,"requires_php":108,"tags":109,"homepage":110,"download_link":111,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"wp-xrp-info","WP XRP Info","1.0.3","jetwes","https:\u002F\u002Fprofiles.wordpress.org\u002Fjetwes\u002F","\u003Cp>This plugin provides some shortcodes for simple displaying XRP accounts or transactions in WordPress\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cp>This plugins activates 3 shortcodes\u003Cbr \u002F>\n1. [xrp_account account=PLACE_THE_XRP_ACCOUNT_NUMBER proxy=no]\u003Cbr \u002F>\n1. [xrp_transactions account=PLACE_THE_XRP_ACCOUNT_NUMBER limit=HOW_MANY_TRANSACTIONS proxy=no]\u003Cbr \u002F>\n1. [xrp_qrcode account=PLACE_THE_XRP_ACCOUNT_NUMBER proxy=no]\u003C\u002Fp>\n\u003Cp>Just use the shortcodes on any place in your wordpress content.\u003Cbr \u002F>\nThe transactions are shown as a table with the class “wp_xrp_info” so you can easily adjust the output with css.\u003Cbr \u002F>\nReceived transaction of this account are in green – sent transactions in red.\u003C\u002Fp>\n\u003Ch3>Acknowledgments\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>A huge thank you to both \u003Ca href=\"https:\u002F\u002Fripple.com\u002F\" rel=\"nofollow ugc\">Ripple\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fxrpl-labs.com\u002F\" rel=\"nofollow ugc\">XRPL Labs\u003C\u002Fa> for being awesome.\u003C\u002Fli>\n\u003Cli>A huge thank you to \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fempatogen\" rel=\"nofollow ugc\">Jesper Wallin\u003C\u002Fa> for his WooCommerceXRP – which helped\u003C\u002Fli>\n\u003Cli>Thanks to \u003Cstrong>everyone\u003C\u002Fstrong> who tests new unreleased code to help us nail bugs.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Donate\u003C\u002Fh3>\n\u003Cp>If you like this plugin and wish to donate, feel free to send some XRP to r9JU6RToZGX78XFF9tdkqBogwBv7yEWcR.\u003C\u002Fp>\n","This plugin provides some shortcodes for simple displaying XRP accounts or transactions in Wordpress",1467,"2019-04-11T09:00:00.000Z","5.1.22","5.1","7.0",[22],"http:\u002F\u002Fgithub.com\u002Fjetwes\u002Fwp-xrp-info","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-xrp-info.zip",{"attackSurface":113,"codeSignals":137,"taintFlows":201,"riskAssessment":202,"analyzedAt":217},{"hooks":114,"ajaxHandlers":129,"restRoutes":130,"shortcodes":131,"cronEvents":136,"entryPointCount":49,"unprotectedCount":13},[115,120,125],{"type":116,"name":117,"callback":118,"file":119,"line":31},"action","admin_menu","ee_add_settings_page","functions\\settings.php",{"type":116,"name":121,"callback":122,"file":123,"line":124},"plugins_loaded","wp_tipbot_text_domain","wp-tipbot.php",24,{"type":116,"name":126,"callback":127,"file":123,"line":128},"widgets_init","register_xrptipbot_widget",31,[],[],[132],{"tag":4,"callback":133,"file":134,"line":135},"wp_tipbot_shortcode","functions\\shortcode.php",4,[],{"dangerousFunctions":138,"sqlUsage":145,"outputEscaping":147,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":200},[139,143],{"fn":140,"file":119,"line":141,"context":142},"unserialize",17,"$settings = (\t$settings != false) ? unserialize($settings) : [];",{"fn":140,"file":134,"line":144,"context":142},27,{"prepared":13,"raw":13,"locations":146},[],{"escaped":148,"rawEcho":149,"locations":150},33,25,[151,155,157,159,161,163,165,167,169,171,172,173,175,177,179,181,183,185,187,189,190,192,194,196,198],{"file":152,"line":153,"context":154},"classes\\class.widget.php",32,"raw output",{"file":152,"line":156,"context":154},36,{"file":152,"line":158,"context":154},43,{"file":152,"line":160,"context":154},44,{"file":152,"line":162,"context":154},45,{"file":152,"line":164,"context":154},46,{"file":152,"line":166,"context":154},48,{"file":152,"line":168,"context":154},49,{"file":152,"line":170,"context":154},56,{"file":152,"line":26,"context":154},{"file":152,"line":35,"context":154},{"file":152,"line":174,"context":154},97,{"file":152,"line":176,"context":154},103,{"file":152,"line":178,"context":154},113,{"file":152,"line":180,"context":154},119,{"file":152,"line":182,"context":154},125,{"file":119,"line":184,"context":154},60,{"file":119,"line":186,"context":154},98,{"file":119,"line":188,"context":154},129,{"file":119,"line":188,"context":154},{"file":119,"line":191,"context":154},161,{"file":119,"line":193,"context":154},178,{"file":119,"line":195,"context":154},183,{"file":119,"line":197,"context":154},186,{"file":119,"line":199,"context":154},187,[],[],{"summary":203,"deductions":204},"The wp-tipbot plugin, version 1.1.1, presents a mixed security posture. On the positive side, it boasts zero known CVEs and zero critical or high severity vulnerabilities in its history, suggesting a generally well-maintained codebase.  Furthermore, all detected SQL queries utilize prepared statements, and there are no file operations or external HTTP requests, significantly reducing common attack vectors. The static analysis also indicates a minimal attack surface with only one shortcode entry point and no unprotected AJAX handlers or REST API routes.\n\nHowever, the code analysis reveals some notable concerns. The presence of the `unserialize` function twice is a significant risk, as it can lead to deserialization vulnerabilities if an attacker can control the serialized data. Compounding this, the plugin lacks any nonce checks and capability checks, meaning that even if the entry points themselves require authentication, the underlying functions might be exploitable without proper validation. The output escaping is also a weakness, with 43% of outputs not properly escaped, which could lead to cross-site scripting (XSS) vulnerabilities. The absence of taint analysis results is also concerning, as it suggests that either the analysis tool couldn't process the code or that the plugin might have complex data flows that were not adequately scrutinized.\n\nIn conclusion, while the plugin has a clean vulnerability history and implements good practices like prepared statements for SQL, the identified risks related to `unserialize`, missing nonce\u002Fcapability checks, and insufficient output escaping are critical. These weaknesses, despite the limited attack surface, open the door to potentially severe security compromises if an attacker can leverage them.",[205,208,210,212,215],{"reason":206,"points":207},"Presence of unserialize function",15,{"reason":209,"points":11},"No nonce checks",{"reason":211,"points":11},"No capability checks",{"reason":213,"points":214},"Insufficient output escaping",5,{"reason":216,"points":214},"Taint analysis inconclusive\u002Fnot performed","2026-03-17T00:54:10.716Z",{"wat":219,"direct":226},{"assetPaths":220,"generatorPatterns":221,"scriptPaths":222,"versionParams":224},[],[],[223],"\u002Fwp-content\u002Fplugins\u002Fwp-tipbot\u002Fjs\u002Fwp-tipbot.js",[225],"\u002Fwp-content\u002Fplugins\u002Fwp-tipbot\u002Fjs\u002Fwp-tipbot.js?ver=",{"cssClasses":227,"htmlComments":229,"htmlAttributes":230,"restEndpoints":237,"jsGlobals":238,"shortcodeOutput":239},[228],"wp-tipbot-container",[],[231,232,233,234,235,236],"amount","size","to","network","label","labelpt",[],[],[240,241,242,243,242,244,242,245,242,246,247,248,249,250,251],"\u003Cdiv class='wp-tipbot-container'>","\u003Ca\n\t\t\tamount='","'","\t\t\tsize='","\t\t\tto='","\t\t\tnetwork='","\t\t\thref='https:\u002F\u002Fwww.xrptipbot.com'","\t\t\ttarget='_blank'","\t\t\t","\t\t\t>\u003C\u002Fa>","\u003C\u002Fdiv>","\u003Cscript async src='https:\u002F\u002Fwww.xrptipbot.com\u002Fstatic\u002Fdonate\u002Ftipper.js' charset='utf-8'>\u003C\u002Fscript>"]