Does GradeBook have any unpatched vulnerabilities?

Yes — GradeBook currently has 2 unpatched vulnerabilities. We recommend switching to an alternative or applying any available workarounds.

Is GradeBook compatible with WordPress 6.9.4?

According to WordPress.org data, GradeBook 6.5.3 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is GradeBook compatible with PHP 7.4+?

GradeBook requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is GradeBook updated?

GradeBook was last updated on Mar 5, 2026. Frequent updates are generally a positive security signal.

What is GradeBook's security score?

GradeBook has a WP-Safety security score of 58/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

GradeBook Security & Risk Analysis

wordpress.org/plugins/an-gradebook

A gradebook plugin for educators to create, maintain, and share grades quickly and efficiently.

10 active installs v6.5.3 PHP 7.4+ WP 6.0+ Updated Mar 5, 2026

course-managementeducationgradebookgradesstudents

C · Use Caution

CVEs total2

Unpatched2

Last CVEJun 26, 2023

Plugin page Download

Safety Verdict

Is GradeBook Safe to Use in 2026?

Use With Caution

Score 58/100

GradeBook has 2 unpatched vulnerabilities. Evaluate alternatives or apply available mitigations.

2 known CVEs 2 unpatched Last CVE: Jun 26, 2023Updated 29d ago

Risk Assessment

The "an-gradebook" plugin v6.5.3 presents a mixed security posture. On the positive side, the code demonstrates good practices with a very high percentage of SQL queries using prepared statements and output being properly escaped. There are no detected critical or high severity taint flows, and no dangerous functions are used. The plugin also avoids external HTTP requests and doesn't bundle libraries, which can reduce attack vectors. However, several areas raise significant concerns. The presence of 4 REST API routes without permission callbacks constitutes a substantial attack surface that could be exploited by unauthenticated users. Furthermore, the complete absence of nonce checks on any entry points is a critical oversight that leaves the plugin vulnerable to Cross-Site Request Forgery (CSRF) attacks. The vulnerability history is also a major red flag, with 2 known CVEs, both of which are currently unpatched. The historical prevalence of SQL injection and Cross-Site Scripting (XSS) vulnerabilities, coupled with unpatched issues, suggests a pattern of security weaknesses that require immediate attention. While the static analysis shows good coding hygiene in some areas, the unpatched vulnerabilities and unprotected entry points create a significant risk.

Key Concerns

Unpatched CVEs (2 total)
REST API routes without permission callbacks (4)
No nonce checks on any entry points

Vulnerabilities

GradeBook Security Vulnerabilities

CVEs by Year

2 CVEs in 2023 · unpatched

2023

Patched Has unpatched

Severity Breakdown

High

Medium

2 total CVEs

CVE-2023-2636high · 8.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

AN_GradeBook <= 5.0.1 - Authenticated (Subscriber+) SQL Injection via 'id'

Jun 26, 2023Unpatched

CVE-2023-2709medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

AN_GradeBook <= 5.0.1 - Authenticated(Administrator+) Stored Cross-Site Scripting

Jun 19, 2023Unpatched

Code Analysis

Analyzed Mar 16, 2026

GradeBook Code Analysis

Dangerous Functions

Raw SQL Queries

74 prepared

Unescaped Output

160 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

97% prepared76 total queries

Output Escaping

99% escaped161 total outputs

Attack Surface

4 unprotected

GradeBook Attack Surface

Entry Points14

Unprotected4

REST API Routes 14

POST/wp-json/an-gradebook/v1/assignmentsrest-api\class-rest-assignments.php:9

GET/wp-json/an-gradebook/v1/assignments/(?P<id>\d+)rest-api\class-rest-assignments.php:15

PUT/wp-json/an-gradebook/v1/cellsrest-api\class-rest-cells.php:9

GET/wp-json/an-gradebook/v1/coursesrest-api\class-rest-courses.php:9

GET/wp-json/an-gradebook/v1/courses/(?P<id>\d+)rest-api\class-rest-courses.php:22

GET/wp-json/an-gradebook/v1/courses/(?P<id>\d+)/gradebookrest-api\class-rest-courses.php:35

GET/wp-json/an-gradebook/v1/courses/(?P<id>\d+)/exportrest-api\class-rest-courses.php:41

GET/wp-json/an-gradebook/v1/stats/assignment/(?P<amid>\d+)rest-api\class-rest-stats.php:9

GET/wp-json/an-gradebook/v1/stats/studentrest-api\class-rest-stats.php:15

GET/wp-json/an-gradebook/v1/student/coursesrest-api\class-rest-student-view.php:9

GET/wp-json/an-gradebook/v1/student/courses/(?P<id>\d+)/gradebookrest-api\class-rest-student-view.php:15

GET/wp-json/an-gradebook/v1/stats/student/merest-api\class-rest-student-view.php:21

POST/wp-json/an-gradebook/v1/studentsrest-api\class-rest-students.php:9

GET/wp-json/an-gradebook/v1/students/(?P<id>\d+)rest-api\class-rest-students.php:15

WordPress Hooks 6

actionplugins_loadedGradeBook.php:34

actionrest_api_initGradeBook.php:49

actionplugins_loadedGradeBook.php:54

actionadmin_menuGradeBook.php:67

actionadmin_enqueue_scriptsGradeBook.php:104

actiondelete_userGradeBook.php:121

Maintenance & Trust

GradeBook Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 5, 2026

PHP min version7.4

Downloads10K

Community Trust

Rating100/100

Number of ratings9

Active installs10

Alternatives

GradeBook Alternatives

Educare – Students & Result Management System

educare

No. 1 Academic Students & Result Management system for WordPress. Educare helps you effortlessly publish and manage student results online.

1K 3 CVEs

CGPA Calculator

cgpa-calculator

100

Simple, secure CGPA calculator for students to calculate academic performance instantly.

0 No CVEs

Student Feedback

studentsays-make-comment-or-feedback

100

StudentSays - Make comment or feedback plugin displayed the comment or feedback of the education organization by slides. This plugin will help any edu …

0 No CVEs

Tutor LMS – eLearning and online course solution

tutor

A complete WordPress LMS plugin to create any eLearning website easily.

100K 61 CVEs

LearnPress – WordPress LMS Plugin for Create and Sell Online Courses

learnpress

A WordPress LMS Plugin to create WordPress Learning Management System. Turn your WordPress to LMS WordPress Website with Courses, Lessons, Quizzes &am …

80K 64 CVEs

Developer Profile

GradeBook Developer Profile

Aori Nevo

1 plugin · 10 total installs

trust score

Avg Security Score

58/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect GradeBook

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/an-gradebook/build/index.js/wp-content/plugins/an-gradebook/build/index.css

Script Paths

/wp-content/plugins/an-gradebook/build/index.js

Version Parameters

/wp-content/plugins/an-gradebook/build/index.js?ver=/wp-content/plugins/an-gradebook/build/index.css?ver=

HTML / DOM Fingerprints

Data Attributes

id="an-gradebook-react-root"

JS Globals

anGradebookSettings

REST Endpoints

/wp-json/an-gradebook/v1/assignments/wp-json/an-gradebook/v1/assignments/(?P<id>\d+)/wp-json/an-gradebook/v1/courses/wp-json/an-gradebook/v1/courses/(?P<id>\d+)/wp-json/an-gradebook/v1/students/wp-json/an-gradebook/v1/students/(?P<id>\d+)/wp-json/an-gradebook/v1/cells/wp-json/an-gradebook/v1/cells/(?P<id>\d+)/wp-json/an-gradebook/v1/stats/wp-json/an-gradebook/v1/stats/(?P<id>\d+)/wp-json/an-gradebook/v1/student-view/wp-json/an-gradebook/v1/student-view/(?P<id>\d+)

FAQ