Does CardCrafter – Data-Driven Card Grids have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is CardCrafter – Data-Driven Card Grids compatible with WordPress 6.7.5?

According to WordPress.org data, CardCrafter – Data-Driven Card Grids 1.14.2 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is CardCrafter – Data-Driven Card Grids compatible with PHP 7.4+?

CardCrafter – Data-Driven Card Grids requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is CardCrafter – Data-Driven Card Grids updated?

CardCrafter – Data-Driven Card Grids was last updated on Feb 11, 2026. Frequent updates are generally a positive security signal.

What is CardCrafter – Data-Driven Card Grids's security score?

CardCrafter – Data-Driven Card Grids has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

CardCrafter – Data-Driven Card Grids Security & Risk Analysis

wordpress.org/plugins/cardcrafter-data-grids

Transform JSON data and WordPress posts into beautiful card grids. Perfect for teams, products, portfolios, and blogs.

0 active installs v1.14.2 PHP 7.4+ WP 6.0+ Updated Feb 11, 2026

cardsdatagridjsonlayout

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is CardCrafter – Data-Driven Card Grids Safe to Use in 2026?

Generally Safe

Score 100/100

CardCrafter – Data-Driven Card Grids has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago

Risk Assessment

The "cardcrafter-data-grids" plugin v1.14.2 exhibits a generally good security posture with several strengths. Notably, all SQL queries are properly prepared, significantly mitigating the risk of SQL injection. The plugin also demonstrates a consistent use of nonces and capability checks for most of its entry points, which are crucial for preventing cross-site request forgery and unauthorized access. The absence of any known CVEs and past vulnerabilities further suggests a mature and well-maintained codebase.

However, a significant concern is the presence of one AJAX handler that lacks authentication checks. This creates a direct entry point for attackers to potentially trigger actions without proper authorization. While taint analysis did not reveal any critical or high-severity unsanitized paths, the unprotected AJAX endpoint remains a notable weakness. The moderate percentage of properly escaped output (67%) indicates a potential for stored or reflected cross-site scripting vulnerabilities, although the absence of known XSS CVEs is positive.

In conclusion, the plugin's strong foundation in secure coding practices like prepared statements and robust nonce/capability checks is commendable. Nonetheless, the single unprotected AJAX endpoint represents a clear and actionable security risk that should be addressed immediately. The moderate output escaping suggests an area for improvement to further harden the plugin against potential XSS attacks.

Key Concerns

AJAX handler without authentication check
Moderate output escaping (67% proper)

Vulnerabilities

None known

CardCrafter – Data-Driven Card Grids Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

CardCrafter – Data-Driven Card Grids Release Timeline

v1.14.2Current

v1.14.1

v1.14.0

v1.13.1

v1.13.0

v1.12.2

v1.12.1

v1.12.0

v1.11.0

v1.10.0

v1.9.0

v1.8.0

v1.6.0

v1.5.0

v1.4.1

v1.4.1-release

v1.4.0

v1.3.2

v1.3.2-hotfix

v1.3.1

Code Analysis

Analyzed Apr 16, 2026

CardCrafter – Data-Driven Card Grids Code Analysis

Dangerous Functions

Raw SQL Queries

6 prepared

Unescaped Output

124 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared6 total queries

Output Escaping

67% escaped186 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

5 flows

save_onboarding_progress (cardcrafter.php:2300)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

CardCrafter – Data-Driven Card Grids Attack Surface

Entry Points12

Unprotected1

AJAX Handlers 10

authwp_ajax_cc_dismiss_activation_noticecardcrafter.php:59

authwp_ajax_cardcrafter_proxy_fetchcardcrafter.php:65

noprivwp_ajax_cardcrafter_proxy_fetchcardcrafter.php:66

authwp_ajax_cardcrafter_wp_posts_previewcardcrafter.php:69

authwp_ajax_cc_subscribe_leadcardcrafter.php:78

noprivwp_ajax_cc_subscribe_leadcardcrafter.php:79

authwp_ajax_cc_save_onboarding_progresscardcrafter.php:82

authwp_ajax_cc_complete_first_cardcardcrafter.php:83

authwp_ajax_cardcrafter_check_licenseincludes/class-cardcrafter-license-manager.php:82

authwp_ajax_cardcrafter_activate_licenseincludes/class-cardcrafter-license-manager.php:83

Shortcodes 2

[cardcrafter-data-grids] cardcrafter.php:52

[cardcrafter] cardcrafter.php:53

WordPress Hooks 28

actionwp_enqueue_scriptscardcrafter.php:50

actionadmin_enqueue_scriptscardcrafter.php:51

actionadmin_menucardcrafter.php:54

actionadmin_initcardcrafter.php:57

actionadmin_noticescardcrafter.php:58

actioninitcardcrafter.php:62

actioncardcrafter_refresher_croncardcrafter.php:72

actionplugins_loadedcardcrafter.php:86

actionplugins_loadedcardcrafter.php:89

actionsave_postcardcrafter.php:2144

actiondelete_postcardcrafter.php:2145

actionwp_trash_postcardcrafter.php:2146

actionuntrash_postcardcrafter.php:2147

actionelementor/dynamic_tags/register_tagselementor/class-cardcrafter-dynamic-tags-manager.php:66

actionelementor/dynamic_tags/register_groupselementor/class-cardcrafter-dynamic-tags-manager.php:69

actionelementor/widgets/widgets_registeredelementor/class-cardcrafter-elementor-manager.php:60

actionelementor/elements/categories_registeredelementor/class-cardcrafter-elementor-manager.php:61

actionelementor/frontend/after_register_scriptselementor/class-cardcrafter-elementor-manager.php:62

actionelementor/frontend/after_register_styleselementor/class-cardcrafter-elementor-manager.php:63

actionelementor/editor/after_enqueue_scriptselementor/class-cardcrafter-elementor-manager.php:64

actionelementor/initelementor/class-cardcrafter-elementor-manager.php:67

actionadmin_noticeselementor/class-cardcrafter-elementor-manager.php:85

actionadmin_noticeselementor/class-cardcrafter-elementor-manager.php:91

filtercardcrafter_max_cards_per_pageincludes/class-cardcrafter-license-manager.php:86

filtercardcrafter_allowed_export_formatsincludes/class-cardcrafter-license-manager.php:87

filtercardcrafter_advanced_filtering_enabledincludes/class-cardcrafter-license-manager.php:88

filtercardcrafter_premium_templates_enabledincludes/class-cardcrafter-license-manager.php:89

actionadmin_enqueue_scriptsincludes/class-cardcrafter-license-manager.php:92

Scheduled Events 1

cardcrafter_refresher_cron

Maintenance & Trust

CardCrafter – Data-Driven Card Grids Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedFeb 11, 2026

PHP min version7.4

Downloads505

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

CardCrafter – Data-Driven Card Grids Alternatives

Cards Layout

cards-layout

100

A powerful, customizable Gutenberg block to create stunning card layouts, responsive grids, and carousels for your content.

300 No CVEs

Layout Grid Block

layout-grid

A Gutenberg container block to let you align items consistently across a global grid.

200K No CVEs

Schema

schema

100

Get the next generation of Schema Structured Data to enhance your WordPress site presentation in Google search results.

40K No CVEs

WP Blog Post Layouts

wp-blog-post-layouts

Versatile plugin specially designed to create beautiful posts layouts. Fully compatible with Gutenberg and Elementor. Comes with advanced features suc …

10K 1 CVE

Blog Filter Post Filtering

blog-filter

Blog Filter helps users display posts in filterable grid and masonry layouts. Organize content by categories or tags with customizable designs.

7K 3 CVEs

Developer Profile

CardCrafter – Data-Driven Card Grids Developer Profile

Fahad Murtaza

4 plugins · 10 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect CardCrafter – Data-Driven Card Grids

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/cardcrafter-data-grids/build/cardcrafter.css/wp-content/plugins/cardcrafter-data-grids/build/cardcrafter.js/wp-content/plugins/cardcrafter-data-grids/build/admin-script.js/wp-content/plugins/cardcrafter-data-grids/build/admin-style.css

Script Paths

/wp-content/plugins/cardcrafter-data-grids/build/cardcrafter.js/wp-content/plugins/cardcrafter-data-grids/build/admin-script.js

Version Parameters

cardcrafter-data-grids/build/cardcrafter.css?ver=cardcrafter-data-grids/build/cardcrafter.js?ver=cardcrafter-data-grids/build/admin-script.js?ver=cardcrafter-data-grids/build/admin-style.css?ver=

HTML / DOM Fingerprints

CSS Classes

cc-onboarding-overlaycc-onboarding-modalcc-onboarding-stepcc-onboarding-headercc-onboarding-iconcc-onboarding-contentcc-value-propscc-value-prop+27 more

HTML Comments

+4 more

Data Attributes

data-stepdata-demodata-source-typedata-source-iddata-columnsdata-layout+8 more

JS Globals

CardCrafterAdminCardCrafterFrontendcc_onboarding_optionscc_admin_ajax_urlcc_rest_url

REST Endpoints

/wp-json/cardcrafter/v1/settings/wp-json/cardcrafter/v1/save-settings/wp-json/cardcrafter/v1/data/(?P<type>[a-zA-Z]+)/(?P<id>[0-9]+)/wp-json/cardcrafter/v1/proxy/wp-json/cardcrafter/v1/posts-preview

Shortcode Output

[cardcrafter-data-grids][cardcrafter]

FAQ