WP-Safety

CBX Multi Criteria Rating & Review Security & Risk Analysis

wordpress.org/plugins/cbxmcratingreview

Multi Criteria Rating and Review for WordPress with Multi Forms, Question bank and more.

10 active installs v2.0.4 PHP + WP 5.3+ Updated Jul 2, 2025
business-reviewratingrating-feedbackreview
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is CBX Multi Criteria Rating & Review Safe to Use in 2026?

Generally Safe

Score 100/100

CBX Multi Criteria Rating & Review has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9mo ago
Risk Assessment

The "cbxmcratingreview" plugin v2.0.4 presents a mixed security posture. On the positive side, it has a clean vulnerability history with no recorded CVEs, indicating a potentially stable and well-maintained codebase. The plugin also demonstrates good practices in its use of prepared statements for SQL queries and proper output escaping, which are crucial for preventing common web vulnerabilities. However, the static analysis reveals significant concerns regarding its attack surface. A notable portion of its AJAX handlers lack proper authentication checks, creating an immediate risk of unauthorized actions. The presence of the `unserialize` function also warrants caution, as it can be a vector for remote code execution if not handled with extreme care and input validation. While taint analysis didn't highlight critical issues in this specific scan, the combination of insecure AJAX endpoints and the `unserialize` function remains a latent threat.

Overall, while the plugin avoids historical vulnerabilities and implements some good security practices, the identified weaknesses in its attack surface and the potential danger of `unserialize` introduce significant risks. The lack of authentication on AJAX endpoints is a primary concern that requires immediate attention. Strengthening access control on these entry points, alongside careful review of any data processed by `unserialize`, would greatly improve the plugin's security. The absence of file operations and external HTTP requests is a positive aspect, reducing potential attack vectors in those areas. The plugin's strengths lie in its database query security and output sanitization, but these are unfortunately overshadowed by the vulnerabilities in its direct interaction points.

Key Concerns

  • Unprotected AJAX handlers
  • Dangerous function: unserialize
  • Bundled library: Select2 (potential outdatedness)
Vulnerabilities
None known

CBX Multi Criteria Rating & Review Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

CBX Multi Criteria Rating & Review Code Analysis

Dangerous Functions
7
Raw SQL Queries
7
32 prepared
Unescaped Output
136
901 escaped
Nonce Checks
5
Capability Checks
15
File Operations
0
External Requests
0
Bundled Libraries
1

Dangerous Functions Found

unserializereturn unserialize( $this->attributes['custom_criteria'] );includes\Models\RatingReviewForm.php:51
unserializereturn unserialize( $this->attributes['custom_question'] );includes\Models\RatingReviewForm.php:64
unserializereturn unserialize( $this->attributes['extrafields'] );includes\Models\RatingReviewForm.php:77
unserializereturn unserialize( $this->attributes['extraparams'] );includes\Models\RatingReviewLog.php:67
unserializereturn unserialize( $this->attributes['attachment'] );includes\Models\RatingReviewLog.php:80
unserializereturn unserialize( $this->attributes['ratings'] );includes\Models\RatingReviewLog.php:106
unserializereturn unserialize( $this->attributes['questions'] );includes\Models\RatingReviewLog.php:119

Bundled Libraries

Select2

SQL Query Safety

82% prepared39 total queries

Output Escaping

87% escaped1037 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

4 flows1 with unsanitized paths
post_more_reviews_ajax_load (includes\CBXMCRatingReviewPublic.php:763)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
7 unprotected

CBX Multi Criteria Rating & Review Attack Surface

Entry Points15
Unprotected7

AJAX Handlers 7

authwp_ajax_cbxmcratingreview_review_rating_admin_editincludes\CBXMCRatingReview.php:146
authwp_ajax_cbxmcratingreview_review_rating_frontend_submitincludes\CBXMCRatingReview.php:201
authwp_ajax_cbxmcratingreview_post_more_reviewsincludes\CBXMCRatingReview.php:208
noprivwp_ajax_cbxmcratingreview_post_more_reviewsincludes\CBXMCRatingReview.php:209
authwp_ajax_cbxmcratingreview_post_filter_reviewsincludes\CBXMCRatingReview.php:215
noprivwp_ajax_cbxmcratingreview_post_filter_reviewsincludes\CBXMCRatingReview.php:216
authwp_ajax_cbxmcratingreview_review_deleteincludes\CBXMCRatingReview.php:229

Shortcodes 8

[cbxmcratingreview_reviewform] includes\CBXMCRatingReviewPublic.php:68
[cbxmcratingreview_postavgrating] includes\CBXMCRatingReviewPublic.php:70
[cbxmcratingreview_postreviews] includes\CBXMCRatingReviewPublic.php:72
[cbxmcratingreview_userdashboard] includes\CBXMCRatingReviewPublic.php:75
[cbxmcratingreview_singlereview] includes\CBXMCRatingReviewPublic.php:76
[cbxmcratingreview_editreview] includes\CBXMCRatingReviewPublic.php:77
[cbxmcratingreviewmrposts] includes\CBXMCRatingReviewPublic.php:81
[cbxmcratingreviewlratings] includes\CBXMCRatingReviewPublic.php:82
WordPress Hooks 45
actionadmin_noticesincludes\CBXMCRatingReview.php:92
actioninitincludes\CBXMCRatingReview.php:119
actioninitincludes\CBXMCRatingReview.php:120
actioninitincludes\CBXMCRatingReview.php:121
actionrest_api_initincludes\CBXMCRatingReview.php:123
filterscript_loader_tagincludes\CBXMCRatingReview.php:124
actionadmin_initincludes\CBXMCRatingReview.php:138
actionadmin_initincludes\CBXMCRatingReview.php:139
actionadmin_menuincludes\CBXMCRatingReview.php:142
actionadmin_enqueue_scriptsincludes\CBXMCRatingReview.php:152
actionadmin_enqueue_scriptsincludes\CBXMCRatingReview.php:153
actioncbxmcratingreview_review_publishincludes\CBXMCRatingReview.php:157
actioncbxmcratingreview_review_unpublishincludes\CBXMCRatingReview.php:158
actioncbxmcratingreview_review_delete_afterincludes\CBXMCRatingReview.php:160
actioncbxmcratingreview_form_delete_afterincludes\CBXMCRatingReview.php:164
actiondelete_userincludes\CBXMCRatingReview.php:167
actionadmin_initincludes\CBXMCRatingReview.php:170
actionplugins_loadedincludes\CBXMCRatingReview.php:173
actionadmin_noticesincludes\CBXMCRatingReview.php:174
filterplugin_row_metaincludes\CBXMCRatingReview.php:176
actionafter_plugin_row_cbxmcratingreviewpro/cbxmcratingreviewpro.phpincludes\CBXMCRatingReview.php:177
actionactivated_pluginincludes\CBXMCRatingReview.php:182
actioninitincludes\CBXMCRatingReview.php:183
filterrobots_txtincludes\CBXMCRatingReview.php:185
actioninitincludes\CBXMCRatingReview.php:198
actionwidgets_initincludes\CBXMCRatingReview.php:222
actionwp_enqueue_scriptsincludes\CBXMCRatingReview.php:224
actionwp_enqueue_scriptsincludes\CBXMCRatingReview.php:225
actioncbxmcratingreview_review_update_without_statusincludes\CBXMCRatingReview.php:233
actioncbxmcratingreview_review_list_item_afterincludes\CBXMCRatingReview.php:238
actioncbxmcratingreview_review_list_item_toolbar_rightincludes\CBXMCRatingReview.php:243
filterthe_contentincludes\CBXMCRatingReview.php:248
actiondelete_postincludes\CBXMCRatingReviewAdmin.php:1073
actioninitincludes\CBXMCRatingReviewAdmin.php:1204
actioncbxmcratingreview_email_headerincludes\CBXMCRatingReviewEmails.php:27
actioncbxmcratingreview_email_footerincludes\CBXMCRatingReviewEmails.php:28
actioninitincludes\CBXMCRatingReviewMisc.php:88
actionphpmailer_initincludes\Emails\CBXMCRatingReviewEmail.php:233
filtercbxmcratingreview_email_footer_textincludes\Emails\CBXMCRatingReviewEmail.php:234
filterwp_mail_fromincludes\Emails\CBXMCRatingReviewEmail.php:664
filterwp_mail_from_nameincludes\Emails\CBXMCRatingReviewEmail.php:665
filterwp_mail_content_typeincludes\Emails\CBXMCRatingReviewEmail.php:666
actioncbxmcratingreview_review_publishincludes\Emails\CBXMCRatingReviewReviewAdminAlertEmail.php:39
actioncbxmcratingreview_review_status_changeincludes\Emails\CBXMCRatingReviewReviewStatusUpdateUserEmail.php:40
actioncbxmcratingreview_review_publishincludes\Emails\CBXMCRatingReviewReviewUserAlertEmail.php:41
Maintenance & Trust

CBX Multi Criteria Rating & Review Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedJul 2, 2025
PHP min version
Downloads2K

Community Trust

Rating80/100
Number of ratings1
Active installs10
Alternatives

CBX Multi Criteria Rating & Review Alternatives

CBX 5 Star Rating & Review

CBX 5 Star Rating & Review

cbxscratingreview

A
85

Single Criteria Rating and Review for WordPress and more.

10 No CVEs
Site Reviews

Site Reviews

site-reviews

A
96

Site Reviews is a complete review management solution that integrates with WooCommerce and SureCart and works similarly to reviews on Amazon, Tripadvi …

70K 13 CVEs
Better Business Reviews – Trustpilot WordPress Plugin

Better Business Reviews – Trustpilot WordPress Plugin

better-business-reviews

A
99

Better Business Reviews allows you to display your business reviews from a Trustpilot profile.

3K 1 CVE
Smart Showcase for Google Reviews

Smart Showcase for Google Reviews

smart-showcase-for-google-reviews

A
100

Smart Showcase for Google Reviews is a WordPress plugin that lets businesses display Google customer reviews on their websites easily.

90 No CVEs
Automatic Update Google Business Profile Reviews

Automatic Update Google Business Profile Reviews

automatic-update-google-business-profile-reviews

A
100

This Plugins gets average rating from your company\'s Google My Business entry. You can display the rating on your wordpress website.

30 No CVEs
Developer Profile

CBX Multi Criteria Rating & Review Developer Profile

Sabuj Kundu

9 plugins · 3K total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
204 days
View full developer profile
Detection Fingerprints

How We Detect CBX Multi Criteria Rating & Review

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/cbxmcratingreview/assets/css/backend.css/wp-content/plugins/cbxmcratingreview/assets/css/frontend.css/wp-content/plugins/cbxmcratingreview/assets/js/backend.js/wp-content/plugins/cbxmcratingreview/assets/js/frontend.js
Script Paths
/wp-content/plugins/cbxmcratingreview/assets/js/backend.js/wp-content/plugins/cbxmcratingreview/assets/js/frontend.js
Version Parameters
cbxmcratingreview/assets/css/backend.css?ver=cbxmcratingreview/assets/css/frontend.css?ver=cbxmcratingreview/assets/js/backend.js?ver=cbxmcratingreview/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
cbx-rating-review-wrappercbx-rating-review-summarycbx-rating-review-criteriacbx-rating-review-itemcbx-rating-review-starscbx-rating-review-bar-wrappercbx-rating-review-barcbx-rating-review-score
Data Attributes
data-cbx-rating-review
JS Globals
cbx_rating_review_frontend_params
REST Endpoints
/wp-json/cbxratingreview/v1/submit/wp-json/cbxratingreview/v1/get_reviews
FAQ

Frequently Asked Questions about CBX Multi Criteria Rating & Review