Does CM Answers – Discussion Forum Plugin for WordPress Q&A have any unpatched vulnerabilities?

No. All known vulnerabilities in CM Answers – Discussion Forum Plugin for WordPress Q&A have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is CM Answers – Discussion Forum Plugin for WordPress Q&A compatible with WordPress 6.9.4?

According to WordPress.org data, CM Answers – Discussion Forum Plugin for WordPress Q&A 3.4.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is CM Answers – Discussion Forum Plugin for WordPress Q&A compatible with PHP 5.4+?

CM Answers – Discussion Forum Plugin for WordPress Q&A requires PHP 5.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

What is CM Answers – Discussion Forum Plugin for WordPress Q&A's security score?

CM Answers – Discussion Forum Plugin for WordPress Q&A has a WP-Safety security score of 97/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

CM Answers – Discussion Forum Plugin for WordPress Q&A Security & Risk Analysis

wordpress.org/plugins/cm-answers

Discussion Forum Plugin for WordPress Q&A. Build engaging community forums with voting, moderation, notifications, and AI integration.

300 active installs v3.4.0 PHP 5.4+ WP 5.4.0+ Updated Mar 12, 2026

community-forumdiscussion-forum-pluginforum-pluginqaquestions-and-answers

A · Safe

CVEs total3

Unpatched0

Last CVEApr 22, 2025

Plugin page Download

Safety Verdict

Is CM Answers – Discussion Forum Plugin for WordPress Q&A Safe to Use in 2026?

Generally Safe

Score 97/100

CM Answers – Discussion Forum Plugin for WordPress Q&A has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Apr 22, 2025Updated 22d ago

Risk Assessment

The "cm-answers" v3.4.0 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by using prepared statements for all SQL queries and has no known unpatched vulnerabilities. The absence of critical or high severity vulnerabilities in its history is also a good sign, as is the fact that it doesn't bundle external libraries, reducing the risk of outdated components. However, significant concerns arise from the static analysis. A considerable portion of AJAX handlers (3 out of 5) lack authentication checks, creating a substantial attack surface. Furthermore, a concerning 66% of output operations are not properly escaped, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities, especially when combined with unsanitized input paths identified in the taint analysis. The plugin's vulnerability history, while currently clean, has previously included medium severity issues like CSRF, missing authorization, and XSS, suggesting a pattern of these types of weaknesses, which could resurface if not diligently addressed in future development.

Key Concerns

Unprotected AJAX handlers
Poor output escaping percentage
Flows with unsanitized paths
Previous medium severity CVEs (3)

Vulnerabilities

CM Answers – Discussion Forum Plugin for WordPress Q&A Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

1 CVE in 2024

2024

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

3 total CVEs

CVE-2025-46246medium · 4.3Cross-Site Request Forgery (CSRF)

CM Answers <= 3.3.3 - Cross-Site Request Forgery

Apr 22, 2025 Patched in 3.3.4 (9d)

CVE-2024-54267medium · 4.3Missing Authorization

CM Answers <= 3.2.6 - Missing Authorization

Dec 10, 2024 Patched in 3.2.7 (9d)

CVE-2023-25992medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CM Answers <= 3.1.9 - Authenticated (Administrator+) Stored Cross-Site Scripting

Feb 23, 2023 Patched in 3.2.0 (334d)

Code Analysis

Analyzed Mar 16, 2026

CM Answers – Discussion Forum Plugin for WordPress Q&A Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

403

209 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

34% escaped612 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

5 flows3 with unsanitized paths

cminds_system_info_content (package\cminds-free.php:2727)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

3 unprotected

CM Answers – Discussion Forum Plugin for WordPress Q&A Attack Surface

Entry Points9

Unprotected3

AJAX Handlers 5

authwp_ajax_cm-submit-uninstall-reasonpackage\cminds-free.php:147

authwp_ajax_cm-submit-registration-emailpackage\cminds-free.php:148

authwp_ajax_cm-submit-deregistrationpackage\cminds-free.php:149

authwp_ajax_cm-submit-registration-skippackage\cminds-free.php:150

authwp_ajax_cmf_save_wizard_optionswizard\wizard.php:21

Shortcodes 4

[cminds_free_registration] package\cminds-free.php:54

[cminds_free_guide] package\cminds-free.php:55

[cminds_upgrade_box] package\cminds-free.php:56

[cminds_free_activation] package\cminds-free.php:57

WordPress Hooks 19

actionactivated_pluginpackage\cminds-free.php:31

actionadmin_initpackage\cminds-free.php:33

actionadmin_menupackage\cminds-free.php:34

actionadmin_enqueue_scriptspackage\cminds-free.php:35

actionadmin_enqueue_scriptspackage\cminds-free.php:36

actioncminds_download_sysinfopackage\cminds-free.php:48

actioninitpackage\cminds-free.php:50

actioninitpackage\cminds-free.php:51

filterplugin_row_metapackage\cminds-free.php:59

actionwp_dashboard_setuppackage\cminds-free.php:62

actionadmin_footerpackage\cminds-free.php:157

filterwp_mail_content_typepackage\cminds-free.php:311

filterwp_mail_content_typepackage\cminds-free.php:2077

filterwp_mail_content_typepackage\cminds-free.php:2168

filtercma_questions_widget_numberviews\frontend\answer\widget\questions.php:41

actionadmin_menuwizard\wizard.php:20

actionadmin_enqueue_scriptswizard\wizard.php:22

actionactivated_pluginwizard\wizard.php:23

actionadmin_noticeswizard\wizard.php:24

Maintenance & Trust

CM Answers – Discussion Forum Plugin for WordPress Q&A Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 12, 2026

PHP min version5.4

Downloads144K

Community Trust

Rating76/100

Number of ratings86

Active installs300

Alternatives

CM Answers – Discussion Forum Plugin for WordPress Q&A Alternatives

Simple FAQ by LukasK

simple-faq-by-lukask

Simple plugin for FAQ (Q&A). Allows you to define HTML skeleton and adds FAQ post-like section to admin panel. You can add question and answer us …

0 No CVEs

wpForo Forum

wpforo

Number one WordPress forum plugin. Full-fledged forum solution with modern and responsive forum design. Community builder WordPress forum plugin.

20K 34 CVEs

Gateway AqayePardakht for Woocommerce

gateway-aqayepardakht-for-woocommerce

با نصب این پلاگین می توانید از خدمات درگاه آقای پرداخت برای پلاگین ووکامرس استفاده کنید!

4K No CVEs

AnsPress – Question and answer

anspress-question-answer

A free question and answer plugin for WordPress. Made with developers in mind, and highly customizable.

3K No CVEs

Discussion Board – WordPress Forum Plugin

wp-discussion-board

Discussion Board is a simple, effective way to add a forum or discussion board to your site, helping you build and engage an active community.

2K 3 CVEs

Developer Profile

CM Answers – Discussion Forum Plugin for WordPress Q&A Developer Profile

CreativeMindsSolutions

19 plugins · 22K total installs

trust score

Avg Security Score

95/100

Avg Patch Time

546 days

View full developer profile

Detection Fingerprints

How We Detect CM Answers – Discussion Forum Plugin for WordPress Q&A

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/cm-answers/css/cm-answers-frontend.css/wp-content/plugins/cm-answers/css/cm-answers-admin.css/wp-content/plugins/cm-answers/js/cm-answers-frontend.js/wp-content/plugins/cm-answers/js/cm-answers-admin.js/wp-content/plugins/cm-answers/js/cm-answers-editor-plugin.js/wp-content/plugins/cm-answers/js/cm-answers-editor-plugin.min.js

Script Paths

/wp-content/plugins/cm-answers/js/cm-answers-frontend.js/wp-content/plugins/cm-answers/js/cm-answers-admin.js/wp-content/plugins/cm-answers/js/cm-answers-editor-plugin.js/wp-content/plugins/cm-answers/js/cm-answers-editor-plugin.min.js

Version Parameters

cm-answers/css/cm-answers-frontend.css?ver=cm-answers/css/cm-answers-admin.css?ver=cm-answers/js/cm-answers-frontend.js?ver=cm-answers/js/cm-answers-admin.js?ver=cm-answers/js/cm-answers-editor-plugin.js?ver=

HTML / DOM Fingerprints

CSS Classes

cm-answers-frontendcm-answers-admincm-answers-editor

HTML Comments

Data Attributes

data-cm-answers-iddata-cm-answers-noncedata-cm-answers-slug

JS Globals

cmAnswersFrontendcmAnswersAdminCMANSWERS_AJAX_URL

REST Endpoints

/wp-json/cm-answers/v1/get_threads/wp-json/cm-answers/v1/submit_answer/wp-json/cm-answers/v1/vote_answer

Shortcode Output

[cm_answers_list][cm_answers_detail][cm_answers_form]

FAQ