Does CBX Bookmark & Favorite have any unpatched vulnerabilities?

No. All known vulnerabilities in CBX Bookmark & Favorite have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is CBX Bookmark & Favorite compatible with WordPress 6.9.4?

According to WordPress.org data, CBX Bookmark & Favorite 2.0.6 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is CBX Bookmark & Favorite updated?

CBX Bookmark & Favorite was last updated on Dec 8, 2025. Frequent updates are generally a positive security signal.

What is CBX Bookmark & Favorite's security score?

CBX Bookmark & Favorite has a WP-Safety security score of 89/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

CBX Bookmark & Favorite Security & Risk Analysis

wordpress.org/plugins/cbxwpbookmark

Bookmark and Favorite plugin for WordPress with category/list support.

1K active installs v2.0.6 PHP + WP 5.3+ Updated Dec 8, 2025

bookmarkcollectionfavoriteuser-bookmarkuser-collection

A · Safe

CVEs total6

Unpatched0

Last CVEJan 5, 2026

Plugin page Download

Safety Verdict

Is CBX Bookmark & Favorite Safe to Use in 2026?

Generally Safe

Score 89/100

CBX Bookmark & Favorite has a strong security track record. Known vulnerabilities have been patched promptly.

6 known CVEsLast CVE: Jan 5, 2026Updated 3mo ago

Risk Assessment

The cbxwpbookmark v2.0.6 plugin exhibits a mixed security posture. While it demonstrates good practices in SQL query preparation and output escaping, a significant concern arises from its large attack surface, particularly the 15 unprotected AJAX handlers. This lack of authorization checks on numerous entry points is a major weakness.

The taint analysis reveals one flow with an unsanitized path, indicating a potential for vulnerabilities, though it's classified as critical/high severity. The plugin's history is concerning, with 6 known CVEs, including one critical and five medium-severity vulnerabilities, predominantly involving missing authorization, XSS, and SQL injection. The fact that the last vulnerability was in 2026 is alarming and suggests a pattern of past security issues that could be indicative of ongoing development challenges or a lack of robust security auditing.

In conclusion, the plugin's strengths lie in its secure handling of SQL and output, but these are overshadowed by critical weaknesses in authorization for its AJAX endpoints and a history of significant vulnerabilities. The presence of unprotected AJAX handlers combined with past critical vulnerabilities points to a moderate to high risk.

Key Concerns

15 unprotected AJAX handlers
1 flow with unsanitized paths (critical/high severity)
History of 1 critical CVE
History of 5 medium CVEs
Large attack surface without auth checks

Vulnerabilities

CBX Bookmark & Favorite Security Vulnerabilities

CVEs by Year

1 CVE in 2021

2021

1 CVE in 2023

2023

2 CVEs in 2024

2024

1 CVE in 2025

2025

1 CVE in 2026

2026

Patched Has unpatched

Severity Breakdown

Critical

Medium

6 total CVEs

CVE-2025-13652medium · 6.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CBX Bookmark & Favorite <= 2.0.4 - Authenticated (Subscriber+) SQL Injection via `orderby` Parameter

Jan 5, 2026 Patched in 2.0.5 (1d)

CVE-2025-66101medium · 4.3Missing Authorization

CBX Bookmark & Favorite <= 2.0.1 - Missing Authorization

Nov 18, 2025 Patched in 2.0.2 (8d)

CVE-2024-32577medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CBX Bookmark & Favorite <= 1.7.21 - Authenticated (Contributor+) Stored Cross-Site Scripting

Apr 16, 2024 Patched in 1.7.22 (9d)

CVE-2024-32132critical · 9.1Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CBX Bookmark & Favorite <= 1.7.20 - Authenticated (Administrator+) SQL Injection

Apr 12, 2024 Patched in 1.7.21 (36d)

CVE-2023-51514medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CBX Bookmark & Favorite <= 1.7.13 - Authenticated (Contributor+) Stored Cross-Site Scripting

Dec 27, 2023 Patched in 1.7.14 (27d)

WF-420c29d6-e712-4891-a2f6-b18f4718b35d-cbxwpbookmarkmedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CBX Bookmark & Favorite <= 1.6.8 - Reflected Cross-Site Scripting

Aug 16, 2021 Patched in 1.6.9 (890d)

Code Analysis

Analyzed Mar 16, 2026

CBX Bookmark & Favorite Code Analysis

Dangerous Functions

Raw SQL Queries

125 prepared

Unescaped Output

1009 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2

SQL Query Safety

98% prepared128 total queries

Output Escaping

92% escaped1100 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

6 flows1 with unsanitized paths

add_category_std (includes\CBXWPBookmarkPublic.php:463)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

15 unprotected

CBX Bookmark & Favorite Attack Surface

Entry Points20

Unprotected15

AJAX Handlers 15

authwp_ajax_cbxwpbookmark_autocreate_pageincludes\CBXWPBookmark.php:199

authwp_ajax_cbxwpbookmark_settings_reset_loadincludes\CBXWPBookmark.php:209

authwp_ajax_cbxwpbookmark_settings_resetincludes\CBXWPBookmark.php:210

authwp_ajax_cbx_add_bookmark_categoryincludes\CBXWPBookmark.php:241

authwp_ajax_cbx_add_bookmark_category_stdincludes\CBXWPBookmark.php:242

authwp_ajax_cbx_edit_bookmark_categoryincludes\CBXWPBookmark.php:246

authwp_ajax_cbx_delete_bookmark_categoryincludes\CBXWPBookmark.php:250

authwp_ajax_cbx_update_bookmark_categoryincludes\CBXWPBookmark.php:254

authwp_ajax_cbx_delete_bookmark_postincludes\CBXWPBookmark.php:258

authwp_ajax_cbx_find_categoryincludes\CBXWPBookmark.php:262

authwp_ajax_cbx_add_bookmarkincludes\CBXWPBookmark.php:266

authwp_ajax_cbx_bookmark_loadmoreincludes\CBXWPBookmark.php:270

authwp_ajax_cbx_load_bookmarks_sublistincludes\CBXWPBookmark.php:286

noprivwp_ajax_cbx_load_bookmarks_sublistincludes\CBXWPBookmark.php:287

authwp_ajax_cbxwpbkmark_delete_all_bookmarks_by_userincludes\CBXWPBookmark.php:293

Shortcodes 5

[cbxwpbookmarkbtn] includes\CBXWPBookmarkShortcodes.php:71

[cbxwpbookmark] includes\CBXWPBookmarkShortcodes.php:75

[cbxwpbookmark-mycat] includes\CBXWPBookmarkShortcodes.php:79

[cbxwpbookmark-most] includes\CBXWPBookmarkShortcodes.php:82

[cbxwpbookmark_user_dashboard] includes\CBXWPBookmarkShortcodes.php:85

WordPress Hooks 57

actioninitincludes\CBXWPBookmark.php:142

actionrest_api_initincludes\CBXWPBookmark.php:143

filterscript_loader_tagincludes\CBXWPBookmark.php:145

actioncbxwpbookmark_on_activationincludes\CBXWPBookmark.php:148

actioncbxbookmark_category_deletedincludes\CBXWPBookmark.php:150

actionadmin_initincludes\CBXWPBookmark.php:167

actionadmin_menuincludes\CBXWPBookmark.php:170

actionadmin_enqueue_scriptsincludes\CBXWPBookmark.php:177

actionadmin_enqueue_scriptsincludes\CBXWPBookmark.php:178

actionadmin_initincludes\CBXWPBookmark.php:182

actionadmin_initincludes\CBXWPBookmark.php:183

filtercbxwpbookmark_setting_sectionsincludes\CBXWPBookmark.php:184

filterplugin_row_metaincludes\CBXWPBookmark.php:189

actionplugins_loadedincludes\CBXWPBookmark.php:191

actionadmin_noticesincludes\CBXWPBookmark.php:192

actionafter_plugin_row_cbxwpbookmarkaddon/cbxwpbookmarkaddon.phpincludes\CBXWPBookmark.php:193

filtermanage_cbx-bookmark_page_cbxwpbookmark_columnsincludes\CBXWPBookmark.php:202

filtermanage_cbx-bookmark_page_cbxwpbookmark-cats_columnsincludes\CBXWPBookmark.php:203

actioncbxwpbookmark_plugin_resetincludes\CBXWPBookmark.php:211

actionactivated_pluginincludes\CBXWPBookmark.php:213

actioninitincludes\CBXWPBookmark.php:214

actionwp_enqueue_scriptsincludes\CBXWPBookmark.php:228

actionwp_enqueue_scriptsincludes\CBXWPBookmark.php:229

filterthe_contentincludes\CBXWPBookmark.php:233

filterthe_excerptincludes\CBXWPBookmark.php:234

filterthe_contentincludes\CBXWPBookmark.php:236

filterbody_classincludes\CBXWPBookmark.php:238

actionwidgets_initincludes\CBXWPBookmark.php:273

actioninitincludes\CBXWPBookmark.php:275

actionvc_before_initincludes\CBXWPBookmark.php:280

filterbbp_template_before_single_forumincludes\CBXWPBookmark.php:300

filterbbp_template_after_single_forumincludes\CBXWPBookmark.php:301

actionbbp_template_before_single_topicincludes\CBXWPBookmark.php:302

actionbbp_template_after_single_topicincludes\CBXWPBookmark.php:303

filtercbxwpbookmark_user_dashboard_menusincludes\CBXWPBookmark.php:306

filtercbxwpbookmark_user_dashboard_menusincludes\CBXWPBookmark.php:307

filtercbxwpbookmark_user_dashboard_menusincludes\CBXWPBookmark.php:308

actiondelete_postincludes\CBXWPBookmarkAdmin.php:170

actioninitincludes\CBXWPBookmarkAdmin.php:839

filterblock_categories_allincludes\CBXWPBookmarkBlocks.php:60

filterblock_categoriesincludes\CBXWPBookmarkBlocks.php:62

actioninitincludes\CBXWPBookmarkBlocks.php:65

actionenqueue_block_editor_assetsincludes\CBXWPBookmarkBlocks.php:66

actionelementor/widgets/registerincludes\CBXWPBookmarkPublic.php:1415

actionelementor/elements/categories_registeredincludes\CBXWPBookmarkPublic.php:1417

actionelementor/editor/before_enqueue_scriptsincludes\CBXWPBookmarkPublic.php:1418

actioninitincludes\CBXWPBookmarkShortcodes.php:63

actioncustomize_registerincludes\Customizer\CBXWPBookmarkCustomizer.php:58

actioncustomize_controls_print_stylesincludes\Customizer\CBXWPBookmarkCustomizer.php:61

actioncustomize_controls_print_scriptsincludes\Customizer\CBXWPBookmarkCustomizer.php:62

actionwp_enqueue_scriptsincludes\Customizer\CBXWPBookmarkCustomizer.php:63

actionsave_postincludes\Widgets\Classic\Most\CBXWPBookmarkMostWidget.php:45

actiondeleted_postincludes\Widgets\Classic\Most\CBXWPBookmarkMostWidget.php:46

actioninitincludes\Widgets\Vc\CBXWPBookmarkBtnVCWidget.php:19

actioninitincludes\Widgets\Vc\CBXWPBookmarkCategoryVCWidget.php:19

actioninitincludes\Widgets\Vc\CBXWPBookmarkMostVCWidget.php:21

actioninitincludes\Widgets\Vc\CBXWPBookmarkMyBookmarkVCWidget.php:21

Maintenance & Trust

CBX Bookmark & Favorite Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 8, 2025

PHP min version

Downloads85K

Community Trust

Rating92/100

Number of ratings49

Active installs1K

Alternatives

CBX Bookmark & Favorite Alternatives

Favorites

favorites

Favorites for any post type. Easily add favoriting/liking, wishlists, or any other similar functionality using the developer-friendly API.

10K 1 unpatched

Slickstream: Engagement and Conversions

slick-engagement

Use Slickstream to upgrade your site search. Get beautiful as-you-type search, relevant content recommendations, user favorites and more!

2K 2 CVEs

Admin Bookmarks

my-admin-bookmarks

100

Bookmark your favorite posts, pages or custom post types within the WordPress admin

500 No CVEs

Favorite Post

favorite-post

This is a simple yet another favorite post plugin.

70 No CVEs

DBWD Bookmark Page

dbwd-bookmark-page

Adds a "Bookmark this Page" button to your header WITHOUT editing your theme - Firefox and IE tested.

30 No CVEs

Developer Profile

CBX Bookmark & Favorite Developer Profile

Sabuj Kundu

9 plugins · 3K total installs

trust score

Avg Security Score

96/100

Avg Patch Time

204 days

View full developer profile

Detection Fingerprints

How We Detect CBX Bookmark & Favorite

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/cbxwpbookmark/assets/css/frontend.css/wp-content/plugins/cbxwpbookmark/assets/css/main.css/wp-content/plugins/cbxwpbookmark/assets/css/style.css/wp-content/plugins/cbxwpbookmark/assets/js/frontend.js/wp-content/plugins/cbxwpbookmark/assets/js/main.js/wp-content/plugins/cbxwpbookmark/assets/js/public.js

Script Paths

/wp-content/plugins/cbxwpbookmark/assets/js/frontend.js/wp-content/plugins/cbxwpbookmark/assets/js/main.js/wp-content/plugins/cbxwpbookmark/assets/js/public.js

Version Parameters

cbxwpbookmark/assets/css/frontend.css?ver=cbxwpbookmark/assets/css/main.css?ver=cbxwpbookmark/assets/css/style.css?ver=cbxwpbookmark/assets/js/frontend.js?ver=cbxwpbookmark/assets/js/main.js?ver=cbxwpbookmark/assets/js/public.js?ver=

HTML / DOM Fingerprints

CSS Classes

cbx-bookmark-containercbx-bookmark-btncbx-bookmark-itemcbx-bookmark-list

Data Attributes

data-cbx-bookmark

JS Globals

cbx_bookmark_ajax_object

REST Endpoints

/wp-json/cbxwpbookmark/v1/bookmark

FAQ