WP-Safety

CBX Petition Security & Risk Analysis

wordpress.org/plugins/cbxpetition

A plugin to create, manage petition and collect signatures for petition inside WordPress environment.

80 active installs v2.0.14 PHP + WP 5.3+ Updated Feb 4, 2026
activismcampaignchangepetitionsignature
98
A · Safe
CVEs total1
Unpatched0
Last CVEDec 27, 2022
Plugin page Download
Safety Verdict

Is CBX Petition Safe to Use in 2026?

Generally Safe

Score 98/100

CBX Petition has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Dec 27, 2022Updated 3mo ago
Risk Assessment

The "cbxpetition" plugin v2.0.14 exhibits a mixed security posture. While it demonstrates good practices like a high percentage of prepared SQL statements and proper output escaping, significant concerns arise from its attack surface and historical vulnerability patterns. A substantial number of AJAX handlers (15 out of 15) lack authentication checks, creating an immediate and significant risk of unauthorized actions. Taint analysis, though limited, identified flows with unsanitized paths, hinting at potential vulnerabilities that could be exploited. The plugin's history includes a critical SQL injection vulnerability, suggesting a past weakness in handling user-supplied data, and the fact that this was a critical vulnerability is a strong indicator of how sensitive data handling has been in the past. Although there are no currently unpatched vulnerabilities and the code generally follows secure coding principles in many areas, the unprotected AJAX endpoints and historical critical vulnerabilities necessitate caution. The presence of bundled libraries like Select2 and Guzzle also introduces a potential risk if they are outdated or have known vulnerabilities themselves.

Key Concerns

  • 15 AJAX handlers without auth checks
  • 2 flows with unsanitized paths
  • 1 critical CVE in history
  • Bundled libraries (Select2, Guzzle)
Vulnerabilities
1 published

CBX Petition Security Vulnerabilities

CVEs by Year

1 CVE in 2022
2022
Patched Has unpatched

Severity Breakdown

Critical
1

1 total CVE

CVE-2022-4383critical · 9.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CBX Petition for WordPress <= 1.0.3 - Unauthenticated SQL Injection

Dec 27, 2022 Patched in 2.0.0 (892d)
Version History

CBX Petition Release Timeline

v2.0.14Current
v2.0.13
v2.0.12
v2.0.11
v2.0.10
v2.0.9
v2.0.8
v2.0.7
v2.0.6
v2.0.5
v2.0.4
v2.0.3
v2.0.1
v2.0.0
v1.0.31 CVE
CVE-2022-4383
v1.0.21 CVE
CVE-2022-4383
v1.0.11 CVE
CVE-2022-4383
v1.0.01 CVE
CVE-2022-4383
Code Analysis
Analyzed Mar 16, 2026

CBX Petition Code Analysis

Dangerous Functions
0
Raw SQL Queries
4
47 prepared
Unescaped Output
177
768 escaped
Nonce Checks
14
Capability Checks
16
File Operations
0
External Requests
0
Bundled Libraries
2

Bundled Libraries

Select2Guzzle

SQL Query Safety

92% prepared51 total queries

Output Escaping

81% escaped945 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths
search_box (includes\PetitionSignListTable.php:635)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
15 unprotected

CBX Petition Attack Surface

Entry Points25
Unprotected15

AJAX Handlers 15

authwp_ajax_cbxpetition_settings_reset_loadincludes\CBXPetition.php:180
authwp_ajax_cbxpetition_settings_resetincludes\CBXPetition.php:181
authwp_ajax_petition_admin_photo_uploadincludes\CBXPetition.php:199
authwp_ajax_petition_admin_photo_deleteincludes\CBXPetition.php:200
authwp_ajax_petition_admin_photos_deleteincludes\CBXPetition.php:201
authwp_ajax_petition_admin_banner_uploadincludes\CBXPetition.php:203
authwp_ajax_petition_admin_banner_deleteincludes\CBXPetition.php:204
authwp_ajax_cbxpetition_sign_editincludes\CBXPetition.php:209
authwp_ajax_cbxpetition_sign_deleteincludes\CBXPetition.php:210
authwp_ajax_cbxpetition_permalink_cache_clearincludes\CBXPetition.php:228
authwp_ajax_cbxpetition_sign_submitincludes\CBXPetition.php:250
noprivwp_ajax_cbxpetition_sign_submitincludes\CBXPetition.php:251
authwp_ajax_cbxpetition_load_more_signsincludes\CBXPetition.php:253
noprivwp_ajax_cbxpetition_load_more_signsincludes\CBXPetition.php:254
authwp_ajax_cbxpetition_front_sign_deleteincludes\CBXPetition.php:257

Shortcodes 10

[cbxpetition] includes\CBXPetitionShortCodes.php:22
[cbxpetition_summary] includes\CBXPetitionShortCodes.php:24
[cbxpetition_signform] includes\CBXPetitionShortCodes.php:25
[cbxpetition_video] includes\CBXPetitionShortCodes.php:27
[cbxpetition_photos] includes\CBXPetitionShortCodes.php:28
[cbxpetition_letter] includes\CBXPetitionShortCodes.php:29
[cbxpetition_banner] includes\CBXPetitionShortCodes.php:30
[cbxpetition_signatures] includes\CBXPetitionShortCodes.php:31
[cbxpetition_stat] includes\CBXPetitionShortCodes.php:32
[cbxpetition_latest] includes\CBXPetitionShortCodes.php:35
WordPress Hooks 50
actionadmin_noticesincludes\CBXPetition.php:78
actioninitincludes\CBXPetition.php:158
actioninitincludes\CBXPetition.php:168
actionadmin_initincludes\CBXPetition.php:169
actionadmin_initincludes\CBXPetition.php:170
actionadmin_menuincludes\CBXPetition.php:173
filterset-screen-optionincludes\CBXPetition.php:174
actionadd_meta_boxesincludes\CBXPetition.php:178
actionsave_postincludes\CBXPetition.php:179
filtermanage_cbxpetition_posts_columnsincludes\CBXPetition.php:183
actionmanage_cbxpetition_posts_custom_columnincludes\CBXPetition.php:187
filtermanage_edit-cbxpetition_sortable_columnsincludes\CBXPetition.php:191
filterpost_row_actionsincludes\CBXPetition.php:192
actionadmin_enqueue_scriptsincludes\CBXPetition.php:195
actionadmin_enqueue_scriptsincludes\CBXPetition.php:196
filtermanage_cbxpetition_page_cbxpetitionsigns_columnsincludes\CBXPetition.php:208
actiondelete_userincludes\CBXPetition.php:212
actionplugins_loadedincludes\CBXPetition.php:216
actionadmin_noticesincludes\CBXPetition.php:217
filterplugin_row_metaincludes\CBXPetition.php:219
actionactivated_pluginincludes\CBXPetition.php:220
actioninitincludes\CBXPetition.php:221
actionafter_plugin_row_cbxpetitionproaddon/cbxpetitionproaddon.phpincludes\CBXPetition.php:222
actionadmin_initincludes\CBXPetition.php:229
actionadmin_initincludes\CBXPetition.php:232
filterthe_contentincludes\CBXPetition.php:242
filterquery_varsincludes\CBXPetition.php:245
actioninitincludes\CBXPetition.php:246
actiontemplate_redirectincludes\CBXPetition.php:247
actiontemplate_redirectincludes\CBXPetition.php:248
actionwp_enqueue_scriptsincludes\CBXPetition.php:259
actionwp_enqueue_scriptsincludes\CBXPetition.php:260
actionwidgets_initincludes\CBXPetition.php:263
actiontemplate_includeincludes\CBXPetition.php:266
actioncbxpetition_single_content_after_titleincludes\CBXPetition.php:268
actioncbxpetition_archive_loop_item_content_inside_startincludes\CBXPetition.php:269
actioncbxpetition_single_content_after_detailsincludes\CBXPetition.php:270
actioninitincludes\CBXPetition.php:281
actiondelete_postincludes\CBXPetitionAdmin.php:260
actioninitincludes\CBXPetitionAdmin.php:1549
actioncbxpetition_email_headerincludes\CBXPetitionEmails.php:62
actioncbxpetition_email_footerincludes\CBXPetitionEmails.php:63
actionphpmailer_initincludes\Emails\CBXPetitionEmail.php:246
filtercbxpetition_email_footer_textincludes\Emails\CBXPetitionEmail.php:247
filterwp_mail_fromincludes\Emails\CBXPetitionEmail.php:447
filterwp_mail_from_nameincludes\Emails\CBXPetitionEmail.php:448
filterwp_mail_content_typeincludes\Emails\CBXPetitionEmail.php:449
actioncbxpetition_sign_submit_after_insertincludes\Emails\CBXPetitionNewSignAdminAlertEmail.php:45
actioncbxpetition_sign_submit_after_insertincludes\Emails\CBXPetitionNewSignUserAlertEmail.php:47
actioncbxpetition_sign_approvedincludes\Emails\CBXPetitionSignApproveUserEmail.php:45
Maintenance & Trust

CBX Petition Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 4, 2026
PHP min version
Downloads4K

Community Trust

Rating0/100
Number of ratings0
Active installs80
Alternatives

CBX Petition Alternatives

Louder petition

Louder petition

louder-petition

A
85

A widget/plugin that uses the Louder.org.uk Developer's API to access a petition details and form from a Louder campaign

10 No CVEs
SpeakOut! Email Petitions

SpeakOut! Email Petitions

speakout

A
87

SpeakOut! Email Petitions makes it easy to add petitions to your website and rally your community to Speak Out about a cause by using direct action.

3K 5 CVEs
Civist – Petitions and Fundraising

Civist – Petitions and Fundraising

civist

A
100

With Civist you create petitions directly in WordPress, raise funds and build strong supporter networks.

1K No CVEs
Petitioner

Petitioner

petitioner

A
99

Create, target, and track high-impact petitions with Petitioner: automate delivery to decision-makers, manage approvals, and export rich submission da &hellip;

100 1 CVE
Enable Media Replace

Enable Media Replace

enable-media-replace

A
92

Easily replace any attached image/file by simply uploading a new file in the Media Library edit view - a real time saver!

600K 7 CVEs
Developer Profile

CBX Petition Developer Profile

Sabuj Kundu

10 plugins · 3K total installs

74
trust score
Avg Security Score
93/100
Avg Patch Time
204 days
View full developer profile
Detection Fingerprints

How We Detect CBX Petition

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/cbxpetition/assets/css/cbx-petition-public.css/wp-content/plugins/cbxpetition/assets/css/cbx-petition-admin.css/wp-content/plugins/cbxpetition/assets/js/cbx-petition-public.js/wp-content/plugins/cbxpetition/assets/js/cbx-petition-admin.js/wp-content/plugins/cbxpetition/assets/js/jquery.validate.min.js/wp-content/plugins/cbxpetition/assets/js/cbx-petition.js
Script Paths
/wp-content/plugins/cbxpetition/assets/js/cbx-petition-public.js/wp-content/plugins/cbxpetition/assets/js/jquery.validate.min.js/wp-content/plugins/cbxpetition/assets/js/cbx-petition.js/wp-content/plugins/cbxpetition/assets/js/cbx-petition-admin.js
Version Parameters
cbxpetition/assets/css/cbx-petition-public.css?ver=cbxpetition/assets/css/cbx-petition-admin.css?ver=cbxpetition/assets/js/cbx-petition-public.js?ver=cbxpetition/assets/js/jquery.validate.min.js?ver=cbxpetition/assets/js/cbx-petition.js?ver=cbxpetition/assets/js/cbx-petition-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
cbx-petition-formcbx-petition-listcbx-petition-singlecbx-petition-admin
Data Attributes
data-cbx-petition-id
JS Globals
cbxpetition_ajax_object
REST Endpoints
/wp-json/cbxpetition/v1/petition
Shortcode Output
[cbx_petition][cbx_petition_list][cbx_petition_single]
FAQ

Frequently Asked Questions about CBX Petition