Does CBX Poll have any unpatched vulnerabilities?

Yes — CBX Poll currently has 1 published unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is CBX Poll compatible with WordPress 6.9.4?

According to WordPress.org data, CBX Poll 2.0.4 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is CBX Poll updated?

CBX Poll was last updated on Feb 4, 2026. Frequent updates are generally a positive security signal.

What is CBX Poll's security score?

CBX Poll has a WP-Safety security score of 74/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

CBX Poll Security & Risk Analysis

wordpress.org/plugins/cbxpoll

CBX Poll - Complete Poll and Vote plugin for WordPress

60 active installs v2.0.4 PHP + WP 5.3+ Updated Feb 4, 2026

contestpollquizsurveyvote

B · Generally Safe

CVEs total1

Unpatched1

Last CVEMar 31, 2025

Plugin page Download

Safety Verdict

Is CBX Poll Safe to Use in 2026?

Mostly Safe

Score 74/100

CBX Poll is generally safe to use. 1 past CVE were resolved.

1 known CVE 1 unpatched Last CVE: Mar 31, 2025Updated 3mo ago

Risk Assessment

The cbxpoll plugin v2.0.4 exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices by consistently using prepared statements for all SQL queries and performing output escaping on a high percentage of outputs, indicating a strong defense against common injection vulnerabilities. The presence of nonce checks and capability checks on a majority of its AJAX handlers is also a positive sign.

However, significant concerns arise from the substantial attack surface exposed without proper authentication. With 8 out of 10 entry points lacking authorization checks, and a critical taint flow with an unsanitized path identified, there is a clear risk of unauthorized actions or data manipulation. This is exacerbated by a history of at least one critical unpatched CVE, which is a major red flag for immediate risk. The reliance on a bundled library like Select2 also warrants investigation for potential vulnerabilities if it's not kept up-to-date.

In conclusion, while the plugin shows strengths in core secure coding practices like SQL sanitization and output escaping, the numerous unprotected entry points and the existence of a critical unpatched vulnerability significantly elevate the risk. The plugin's security needs immediate attention, particularly concerning the unprotected AJAX handlers and the historical critical vulnerability.

Key Concerns

Unprotected AJAX handlers
Critical taint flow with unsanitized path
Unpatched critical CVE
Bundled library (Select2)

Vulnerabilities

1 published

CBX Poll Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Critical

1 total CVE

CVE-2025-31612critical · 9.8Deserialization of Untrusted Data

CBX Poll <= 1.2.7 - Unauthenticated PHP Object Injection

Mar 31, 2025Unpatched

Version History

CBX Poll Release Timeline

v2.0.4Current1 CVE

v2.0.31 CVE

v2.0.21 CVE

v2.0.11 CVE

v2.0.01 CVE

v1.2.71 CVE

v1.2.61 CVE

v1.2.51 CVE

v1.2.41 CVE

v1.2.31 CVE

v1.2.11 CVE

v1.2.01 CVE

v1.1.101 CVE

Code Analysis

Analyzed Apr 16, 2026

CBX Poll Code Analysis

Dangerous Functions

Raw SQL Queries

52 prepared

Unescaped Output

1022 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2

SQL Query Safety

100% prepared52 total queries

Output Escaping

94% escaped1086 total outputs

Data Flows · Security

1 unsanitized

Data Flow Analysis

6 flows1 with unsanitized paths

get_answer_template (includes/CBXPollAdmin.php:1503)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

8 unprotected

CBX Poll Attack Surface

Entry Points10

Unprotected8

AJAX Handlers 8

authwp_ajax_cbxpoll_get_answer_templateincludes/CBXPoll.php:213

authwp_ajax_cbxpoll_settings_reset_loadincludes/CBXPoll.php:244

authwp_ajax_cbxpoll_settings_resetincludes/CBXPoll.php:245

authwp_ajax_cbxpoll_permalink_cache_clearincludes/CBXPoll.php:248

authwp_ajax_cbxpoll_user_voteincludes/CBXPoll.php:285

noprivwp_ajax_cbxpoll_user_voteincludes/CBXPoll.php:286

authwp_ajax_cbxpoll_list_paginationincludes/CBXPoll.php:289

noprivwp_ajax_cbxpoll_list_paginationincludes/CBXPoll.php:290

Shortcodes 2

[cbxpoll] includes/CBXPollPublic.php:134

[cbxpolls] includes/CBXPollPublic.php:135

WordPress Hooks 43

actionadmin_noticesincludes/CBXPoll.php:101

actioninitincludes/CBXPoll.php:162

actioninitincludes/CBXPoll.php:190

actionadmin_enqueue_scriptsincludes/CBXPoll.php:194

actionadmin_enqueue_scriptsincludes/CBXPoll.php:195

actionadmin_initincludes/CBXPoll.php:198

actionadmin_menuincludes/CBXPoll.php:201

filtermanage_edit-cbxpoll_columnsincludes/CBXPoll.php:204

actionmanage_cbxpoll_posts_custom_columnincludes/CBXPoll.php:205

actionadd_meta_boxesincludes/CBXPoll.php:210

actionsave_postincludes/CBXPoll.php:211

actiondelete_userincludes/CBXPoll.php:217

actionplugins_loadedincludes/CBXPoll.php:221

actionadmin_noticesincludes/CBXPoll.php:222

filterplugin_row_metaincludes/CBXPoll.php:224

actionactivated_pluginincludes/CBXPoll.php:225

actioninitincludes/CBXPoll.php:226

actionafter_plugin_row_cbxpollproaddon/cbxpollproaddon.phpincludes/CBXPoll.php:227

actioninitincludes/CBXPoll.php:234

filterblock_categories_allincludes/CBXPoll.php:236

filterblock_categoriesincludes/CBXPoll.php:238

actionenqueue_block_editor_assetsincludes/CBXPoll.php:241

actionadmin_initincludes/CBXPoll.php:250

actiontemplate_redirectincludes/CBXPoll.php:264

filtercbxpoll_display_optionsincludes/CBXPoll.php:268

actionwp_enqueue_scriptsincludes/CBXPoll.php:270

actionwp_enqueue_scriptsincludes/CBXPoll.php:271

actioninitincludes/CBXPoll.php:275

filterthe_contentincludes/CBXPoll.php:280

filterthe_excerptincludes/CBXPoll.php:281

actionwidgets_initincludes/CBXPoll.php:292

actioninitincludes/CBXPoll.php:295

actionbefore_delete_postincludes/CBXPollAdmin.php:465

actioncbxpoll_email_headerincludes/CBXPollEmails.php:68

actioncbxpoll_email_footerincludes/CBXPollEmails.php:69

actionelementor/widgets/registerincludes/CBXPollPublic.php:893

actionelementor/elements/categories_registeredincludes/CBXPollPublic.php:894

actionelementor/editor/before_enqueue_scriptsincludes/CBXPollPublic.php:895

actionphpmailer_initincludes/Emails/CBXPollEmail.php:246

filtercbxpoll_email_footer_textincludes/Emails/CBXPollEmail.php:247

filterwp_mail_fromincludes/Emails/CBXPollEmail.php:447

filterwp_mail_from_nameincludes/Emails/CBXPollEmail.php:448

filterwp_mail_content_typeincludes/Emails/CBXPollEmail.php:449

Maintenance & Trust

CBX Poll Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 4, 2026

PHP min version

Downloads13K

Community Trust

Rating94/100

Number of ratings3

Active installs60

Alternatives

CBX Poll Alternatives

Polls, Surveys, Contests and Quizzes for Pages

polls-surveys-contests-and-quizzes-for-pages

Embed polls, surveys, contests and quizzes into your WordPress site and get valuable feedback from your customers.

90 No CVEs

Poll And Survey plugin

poll-and-survey

This poll and survey plugin allows you to run any customized survey, poll or vote in your website. It could help you to get visitors/users openions ea …

10 No CVEs

Crowdsignal Dashboard – Polls, Surveys & more

polldaddy

Manage your Crowdsignal polls, surveys, quizzes, and ratings directly from the WordPress dashboard.

100K 9 CVEs

Democracy Poll

democracy-poll

WordPress polls plugin with multiple-choice, custom answers, cache compatibility, widgets, and shortcodes.

7K 1 unpatched

Quiz, Poll & Survey Maker by Opinion Stage

social-polls-by-opinionstage

Boost engagement and capture leads with interactive quizzes, polls, and surveys. Built for marketers, publishers, and businesses

7K 7 CVEs

Developer Profile

CBX Poll Developer Profile

Sabuj Kundu

10 plugins · 3K total installs

trust score

Avg Security Score

93/100

Avg Patch Time

204 days

View full developer profile

Detection Fingerprints

How We Detect CBX Poll

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/cbxpoll/assets/css/cbx-poll.css/wp-content/plugins/cbxpoll/assets/js/cbx-poll.js/wp-content/plugins/cbxpoll/assets/js/cbx-poll-vote.js

Script Paths

/wp-content/plugins/cbxpoll/assets/js/cbx-poll.js/wp-content/plugins/cbxpoll/assets/js/cbx-poll-vote.js

Version Parameters

cbxpoll/assets/css/cbx-poll.css?ver=cbxpoll/assets/js/cbx-poll.js?ver=cbxpoll/assets/js/cbx-poll-vote.js?ver=

HTML / DOM Fingerprints

CSS Classes

cbx-poll-wrappercbx-poll-itemcbx-poll-results

HTML Comments

Data Attributes

data-poll-iddata-poll-options

JS Globals

cbxPollData

REST Endpoints

/wp-json/cbxpoll/v1/vote

Shortcode Output

[cbx_poll id=""cbx_poll_display_results

FAQ

CBX Poll Security & Risk Analysis

Is CBX Poll Safe to Use in 2026?

Mostly Safe

Key Concerns

CBX Poll Security Vulnerabilities

CVEs by Year

Severity Breakdown

CBX Poll Release Timeline

CBX Poll Code Analysis

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

CBX Poll Attack Surface

AJAX Handlers 8

Shortcodes 2

CBX Poll Maintenance & Trust

Maintenance Signals

Community Trust

CBX Poll Alternatives

Polls, Surveys, Contests and Quizzes for Pages

Poll And Survey plugin

Crowdsignal Dashboard – Polls, Surveys & more

Democracy Poll

Quiz, Poll & Survey Maker by Opinion Stage

CBX Poll Developer Profile

How We Detect CBX Poll

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about CBX Poll