WP-Safety

Calculator Builder – Create an Online Calculator Security & Risk Analysis

wordpress.org/plugins/calculator-builder

A powerful and user-friendly tool for building custom online calculators.

1K active installs v1.6.3 PHP 7.4+ WP 5.0+ Updated Dec 2, 2025
calculatecalculatorcalculator-makercalculator-builderonline-calculator
98
A · Safe
CVEs total1
Unpatched0
Last CVEFeb 14, 2025
Plugin page Download
Safety Verdict

Is Calculator Builder – Create an Online Calculator Safe to Use in 2026?

Generally Safe

Score 98/100

Calculator Builder – Create an Online Calculator has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Feb 14, 2025Updated 4mo ago
Risk Assessment

The "calculator-builder" plugin v1.6.3 presents a mixed security posture. While it demonstrates some good practices, such as a high percentage of properly escaped outputs and the use of prepared statements for most SQL queries, significant concerns remain. The presence of an unprotected AJAX handler creates a direct attack vector, and the use of `unserialize` is a notorious function for introducing deserialization vulnerabilities if not handled with extreme care and sanitization. The taint analysis revealing flows with unsanitized paths, particularly three classified as high severity, further exacerbates these risks. The plugin's vulnerability history, which includes a past high-severity "PHP Remote File Inclusion" vulnerability, suggests a pattern of potential security weaknesses that have required significant fixes in the past. While there are no currently unpatched CVEs, the historical pattern and the findings in the static analysis indicate that this plugin warrants careful monitoring and potentially more rigorous security auditing before widespread deployment.

Key Concerns

  • Unprotected AJAX handler
  • Use of unserialize function
  • High severity taint flows
  • Flows with unsanitized paths
  • Historical high severity RFI vulnerability
Vulnerabilities
1

Calculator Builder – Create an Online Calculator Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

High
1

1 total CVE

CVE-2025-26760high · 8.1Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Calculator Builder – Create an Online Calculator <= 1.6.2 - Unauthenticated Local File Inclusion

Feb 14, 2025 Patched in 1.6.3 (13d)
Code Analysis
Analyzed Mar 16, 2026

Calculator Builder – Create an Online Calculator Code Analysis

Dangerous Functions
1
Raw SQL Queries
11
20 prepared
Unescaped Output
8
129 escaped
Nonce Checks
4
Capability Checks
4
File Operations
1
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$settings['param'] = unserialize( $result->param );inc\class-calchub-db.php:172

SQL Query Safety

65% prepared31 total queries

Output Escaping

94% escaped137 total outputs
Data Flows
7 unsanitized

Data Flow Analysis

10 flows7 with unsanitized paths
import (inc\class-calchub-export-import.php:72)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Calculator Builder – Create an Online Calculator Attack Surface

Entry Points2
Unprotected1

AJAX Handlers 2

authwp_ajax_calchub_save_calcinc\class-calchub-db.php:21
authwp_ajax_calchub_hide_noticeinc\class-calchub-notices.php:20
WordPress Hooks 16
filterplugin_action_linksadmin\class-admin.php:28
filteradmin_footer_textadmin\class-admin.php:29
actionadmin_menuadmin\class-admin.php:30
actionadmin_enqueue_scriptsadmin\class-admin.php:31
actionplugins_loadedcalculator-builder.php:69
actionadmin_initcalculator-builder.php:71
actionadmin_initinc\class-calchub-db.php:22
actionadmin_initinc\class-calchub-export-import.php:20
actioncalchub_admin_info_noticesinc\class-calchub-notices.php:19
filtercalchub_admin_sub_menuinc\class-calchub-settings.php:18
filtercalchub_tab_menuinc\class-calchub-settings.php:19
filtercalchub_menu_fileinc\class-calchub-settings.php:20
actionadmin_initinc\class-calchub-settings.php:21
filterpre_update_optioninc\class-calchub-settings.php:24
actioninitpublic\class-public.php:22
actionwp_enqueue_scriptspublic\class-public.php:24
Maintenance & Trust

Calculator Builder – Create an Online Calculator Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 2, 2025
PHP min version7.4
Downloads33K

Community Trust

Rating94/100
Number of ratings18
Active installs1K
Alternatives

Calculator Builder – Create an Online Calculator Alternatives

Tiny Yardage Calculator

Tiny Yardage Calculator

tiny-yardage-calculator

A
100

Calculates yards of material needed to cover square feet to a given depth in inches. User enters dimensions, calculator returns results in cubic yards &hellip;

300 No CVEs
Price Calculator Block – Calculate Price Based on Quantity or Options

Price Calculator Block – Calculate Price Based on Quantity or Options

price-calculator

A
100

Create and display pricing calculator sliders on your website.

200 No CVEs
Zigaform – Price Calculator & Cost Estimation Form Builder Lite

Zigaform – Price Calculator & Cost Estimation Form Builder Lite

zigaform-calculator-cost-estimation-form-builder-lite

A
96

Create estimation forms using this powerful drag-and-drop estimation form builder, enabling you to build forms in just a few minutes.

200 3 CVEs
BMI Calculator by Calculator.iO

BMI Calculator by Calculator.iO

ci-bmi-calculator

A
92

The free Body Mass Index calculator, also known as BMI, computes and classifies BMI for children and adults using data obtained from WHO and CDC.

100 No CVEs
Cost Calculator & Cost Estimation

Cost Calculator & Cost Estimation

cost-calculator-cost-estimation

A
100

Cost Calculator & Cost Estimation helps you to build any type of estimation forms on a few easy steps.

100 No CVEs
Developer Profile

Calculator Builder – Create an Online Calculator Developer Profile

Wow-Company

25 plugins · 98K total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
236 days
View full developer profile
Detection Fingerprints

How We Detect Calculator Builder – Create an Online Calculator

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/calculator-builder/admin/css/admin.css/wp-content/plugins/calculator-builder/public/css/public.css/wp-content/plugins/calculator-builder/public/js/public.js/wp-content/plugins/calculator-builder/admin/js/admin.js
Script Paths
/wp-content/plugins/calculator-builder/admin/js/admin.js/wp-content/plugins/calculator-builder/public/js/public.js
Version Parameters
calculator-builder/admin/css/admin.css?ver=calculator-builder/public/css/public.css?ver=calculator-builder/public/js/public.js?ver=calculator-builder/admin/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
calchub_calculator_canvascalchub-form-calculator
HTML Comments
<!-- Calculator Builder Shortcode Start --><!-- Calculator Builder Shortcode End -->
Data Attributes
data-calchub-calculator
JS Globals
calchub_admin_datacalchub_public_data
REST Endpoints
/wp-json/calchub/v1/save-calculator/wp-json/calchub/v1/load-calculator/wp-json/calchub/v1/delete-calculator/wp-json/calchub/v1/calculators/wp-json/calchub/v1/calculate
Shortcode Output
<div class="calchub-form-calculator">
FAQ

Frequently Asked Questions about Calculator Builder – Create an Online Calculator