WP-Safety

Church Data Connect for Church Community Builder Security & Risk Analysis

wordpress.org/plugins/ccbpress-core

Introducing the easiest way to display information from Church Community Builder (formerly Church Community Builder) on your church WordPress site.

100 active installs v1.5.1 PHP 5.3+ WP 4.3+ Updated Apr 14, 2025
ccbchmschurchchurch-community-builderpushpay
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Church Data Connect for Church Community Builder Safe to Use in 2026?

Generally Safe

Score 100/100

Church Data Connect for Church Community Builder has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11mo ago
Risk Assessment

The "ccbpress-core" v1.5.1 plugin exhibits a concerning security posture primarily due to a significantly exposed attack surface without proper authentication. All 11 identified REST API routes lack permission callbacks, meaning any unauthenticated user can potentially interact with these endpoints, leading to a high risk of unauthorized access or manipulation of plugin functionalities. While the plugin demonstrates good practices in SQL query handling (100% prepared statements) and has a clean vulnerability history with no recorded CVEs, these strengths are heavily overshadowed by the lack of authorization on its entry points. The absence of capability checks further exacerbates this issue, as there are no backend controls to verify user roles and permissions for these exposed routes. The static analysis also revealed a moderate concern with output escaping, where 22% of outputs are not properly escaped, potentially opening the door for cross-site scripting (XSS) vulnerabilities, although no critical or high severity taint flows were detected. The presence of only two nonce checks is also insufficient given the number of potential entry points. The plugin's strengths lie in its secure SQL practices and clean vulnerability record, but the significant lack of authentication and authorization on its REST API routes presents a critical weakness that demands immediate attention.

Key Concerns

  • All REST API routes lack permission callbacks
  • No capability checks on entry points
  • 22% of outputs are not properly escaped
  • Only 2 nonce checks for 11 entry points
Vulnerabilities
None known

Church Data Connect for Church Community Builder Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Church Data Connect for Church Community Builder Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
16 prepared
Unescaped Output
69
246 escaped
Nonce Checks
2
Capability Checks
0
File Operations
1
External Requests
7
Bundled Libraries
1

Bundled Libraries

jQuery

SQL Query Safety

100% prepared16 total queries

Output Escaping

78% escaped315 total outputs
Attack Surface
11 unprotected

Church Data Connect for Church Community Builder Attack Surface

Entry Points11
Unprotected11

REST API Routes 11

POST/wp-json/ccbpress/v1/admin/reschedule_cron_jobsincludes\admin\admin-rest-api.php:39
POST/wp-json/ccbpress/v1/admin/purge_image_cacheincludes\admin\admin-rest-api.php:49
POST/wp-json/ccbpress/v1/admin/purge_transient_cacheincludes\admin\admin-rest-api.php:59
POST/wp-json/ccbpress/v1/admin/check_api_servicesincludes\admin\admin-rest-api.php:69
POST/wp-json/ccbpress/v1/admin/reset_importincludes\admin\admin-rest-api.php:79
POST/wp-json/ccbpress/v1/admin/start_importincludes\admin\admin-rest-api.php:89
POST/wp-json/ccbpress/v1/admin/last_importincludes\admin\admin-rest-api.php:99
POST/wp-json/ccbpress/v1/admin/import_statusincludes\admin\admin-rest-api.php:109
POST/wp-json/ccbpress/v1/admin/groupsincludes\admin\admin-rest-api.php:119
POST/wp-json/ccbpress/v1/admin/group/(?P<id>\d+)includes\admin\admin-rest-api.php:129
POST/wp-json/ccbpress/v1/admin/is-form-active/(?P<id>\d+)includes\admin\admin-rest-api.php:139
WordPress Hooks 57
actionplugins_loadedccbpress-core.php:201
actionccbpress_maintenanceccbpress-core.php:204
actionadmin_noticesccbpress-core.php:208
actionadmin_noticesccbpress-core.php:212
actionplugins_loadedincludes\admin\admin-dashboard.php:8
actionwp_dashboard_setupincludes\admin\admin-dashboard.php:22
filterccbpress_settings_page_tabsincludes\admin\admin-page-tabs.php:22
filterccbpress_settings_page_tabsincludes\admin\admin-page-tabs.php:23
filterccbpress_settings_page_actionsincludes\admin\admin-page-tabs.php:24
filterccbpress_tools_page_tabsincludes\admin\admin-page-tabs.php:25
actionadmin_menuincludes\admin\admin-pages.php:27
actionadmin_headincludes\admin\admin-pages.php:28
actionrest_api_initincludes\admin\admin-rest-api.php:27
actionadmin_enqueue_scriptsincludes\admin\admin-scripts.php:25
actionadmin_enqueue_scriptsincludes\admin\admin-styles.php:7
actionadmin_initincludes\admin\settings\settings-ccb.php:8
filterccbpress_settings_help_tabsincludes\admin\settings\settings-ccb.php:9
actionadmin_initincludes\admin\settings\settings-ccbpress.php:8
actionadmin_initincludes\admin\settings\settings-import.php:27
actionadmin_initincludes\admin\settings\settings-licenses.php:8
actionadmin_initincludes\admin\tools\class-ccbpress-tools-cron.php:27
actionadmin_initincludes\admin\tools\tools-cache.php:27
filterccbpress_ccb_servicesincludes\ccb-services.php:22
filterccbpress_ccb_servicesincludes\class-ccbpress-addon.php:94
filterccbpress_import_jobsincludes\class-ccbpress-addon.php:95
filterccbpress_uninstall_settingsincludes\class-ccbpress-addon.php:96
filterccbpress_enable_beaconincludes\class-ccbpress-addon.php:98
actionccbpress_after_get_group_profile_from_idincludes\class-ccbpress-connection.php:134
actionccbpress_after_get_individual_profile_from_idincludes\class-ccbpress-connection.php:135
actionenqueue_block_assetsincludes\class-ccbpress-core-blocks.php:29
actionenqueue_block_editor_assetsincludes\class-ccbpress-core-blocks.php:30
filterblock_categories_allincludes\class-ccbpress-core-blocks.php:33
filterblock_categoriesincludes\class-ccbpress-core-blocks.php:35
actioncustomize_registerincludes\class-ccbpress-customizer.php:27
filterccbpress_license_keysincludes\class-ccbpress-licenses.php:125
actionadmin_initincludes\class-ccbpress-licenses.php:128
actionadmin_initincludes\class-ccbpress-licenses.php:131
actionadmin_initincludes\class-ccbpress-licenses.php:134
filterccbpress_settings_page_tabsincludes\class-ccbpress-options.php:38
filterccbpress_settings_page_actionsincludes\class-ccbpress-options.php:39
filterccbpress_tools_page_tabsincludes\class-ccbpress-options.php:40
actionccbpress_transient_cache_cleanupincludes\class-ccbpress-transients.php:48
actionccbpress_importincludes\import.php:27
actionccbpress_import_job_queuedincludes\import.php:28
actionccbpress_import_jobs_dispatchedincludes\import.php:29
actionccbpress_background_get_completeincludes\import.php:30
actionccbpress_maintenanceincludes\import.php:31
actionccbpress_schedule_getincludes\schedule-get.php:5
actionwp_enqueue_scriptsincludes\styles.php:9
actioncustomize_controls_enqueue_scriptsincludes\styles.php:10
actionplugins_loadedincludes\upgrades.php:18
actionwidgets_initincludes\widgets\widget-group-info.php:408
actionwidgets_initincludes\widgets\widget-login.php:122
actionwidgets_initincludes\widgets\widget-online-giving.php:113
actioninitsrc\group-info\index.php:29
actioninitsrc\login\index.php:29
actioninitsrc\online-giving\index.php:29

Scheduled Events 4

ccbpress_maintenance
ccbpress_import
ccbpress_transient_cache_cleanup
ccbpress_import
Maintenance & Trust

Church Data Connect for Church Community Builder Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedApr 14, 2025
PHP min version5.3
Downloads16K

Community Trust

Rating0/100
Number of ratings0
Active installs100
Alternatives

Church Data Connect for Church Community Builder Alternatives

Spiritual Gifts Test

Spiritual Gifts Test

spiritual-gifts-test

A
100

Spiritual Gifts and S.H.A.P.E. Test to help church attendees find their place of service in the local church and other service organizations.

40 No CVEs
RockPress

RockPress

ft-rockpress

A
99

Introducing the easiest way to display information from Rock RMS on your church WordPress site.

10 1 CVE
Church Content – Sermons, Events and More

Church Content – Sermons, Events and More

church-theme-content

A
99

Provides an interface for managing sermons, events, people and locations. A compatible theme is required for presenting content from these church-cent &hellip;

4K 1 CVE
Advanced Sermons

Advanced Sermons

advanced-sermons

A
96

Elevate your church's digital outreach with audio/video sermons, organized speakers, and series management.

1K 5 CVEs
Church Admin

Church Admin

church-admin

A
87

Organise and communicate church life, with associated Android and iOS app for your congregation.

1K 26 CVEs
Developer Profile

Church Data Connect for Church Community Builder Developer Profile

FireTree Design

3 plugins · 310 total installs

100
trust score
Avg Security Score
100/100
Avg Patch Time
1 days
View full developer profile
Detection Fingerprints

How We Detect Church Data Connect for Church Community Builder

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/ccbpress-core/assets/css/admin.css/wp-content/plugins/ccbpress-core/assets/css/admin-settings.css/wp-content/plugins/ccbpress-core/assets/css/ccbpress-core.css/wp-content/plugins/ccbpress-core/assets/css/ccbpress-core-widgets.css/wp-content/plugins/ccbpress-core/assets/js/ccbpress-core.js/wp-content/plugins/ccbpress-core/assets/js/ccbpress-core-admin.js/wp-content/plugins/ccbpress-core/assets/js/ccbpress-core-admin-settings.js/wp-content/plugins/ccbpress-core/assets/js/ccbpress-core-widgets.js
Script Paths
/wp-content/plugins/ccbpress-core/assets/js/ccbpress-core.js/wp-content/plugins/ccbpress-core/assets/js/ccbpress-core-admin.js/wp-content/plugins/ccbpress-core/assets/js/ccbpress-core-admin-settings.js/wp-content/plugins/ccbpress-core/assets/js/ccbpress-core-widgets.js
Version Parameters
/wp-content/plugins/ccbpress-core/assets/css/admin.css?ver=/wp-content/plugins/ccbpress-core/assets/css/admin-settings.css?ver=/wp-content/plugins/ccbpress-core/assets/css/ccbpress-core.css?ver=/wp-content/plugins/ccbpress-core/assets/css/ccbpress-core-widgets.css?ver=/wp-content/plugins/ccbpress-core/assets/js/ccbpress-core.js?ver=/wp-content/plugins/ccbpress-core/assets/js/ccbpress-core-admin.js?ver=/wp-content/plugins/ccbpress-core/assets/js/ccbpress-core-admin-settings.js?ver=/wp-content/plugins/ccbpress-core/assets/js/ccbpress-core-widgets.js?ver=

HTML / DOM Fingerprints

CSS Classes
ccbpress-widgetccbpress-widget-loginccbpress-widget-online-givingccbpress-widget-group-infoccbpress-core-admin-page-wrapper
Data Attributes
data-ccbpress-iddata-ccbpress-type
JS Globals
ccbpress_core_params
REST Endpoints
/wp-json/ccbpress-core/v1/settings/wp-json/ccbpress-core/v1/import/wp-json/ccbpress-core/v1/tools
FAQ

Frequently Asked Questions about Church Data Connect for Church Community Builder