WP-Safety

CM Custom Reports – Flexible reporting to track what matters most Security & Risk Analysis

wordpress.org/plugins/cm-custom-reports

Generate custom reports and get efficient analytics for your site with the custom reports plugin. Filter data and create tailored reports.

200 active installs v1.2.8 PHP 5.2.4+ WP 5.4.0+ Updated Feb 18, 2026
reportreportingreportsstatisticsuser-report
99
A · Safe
CVEs total1
Unpatched0
Last CVEMar 6, 2026
Plugin page Download
Safety Verdict

Is CM Custom Reports – Flexible reporting to track what matters most Safe to Use in 2026?

Generally Safe

Score 99/100

CM Custom Reports – Flexible reporting to track what matters most has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Mar 6, 2026Updated 1mo ago
Risk Assessment

The "cm-custom-reports" v1.2.8 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices regarding SQL queries, utilizing prepared statements exclusively, and implements a significant number of nonce checks. However, a substantial concern arises from the attack surface, with 4 out of 9 entry points lacking authentication checks, specifically within its AJAX handlers. Furthermore, the output escaping mechanism is only 46% effective, indicating a potential for cross-site scripting (XSS) vulnerabilities, especially given the plugin's past history of a medium severity XSS vulnerability. While there are no currently unpatched CVEs and no critical taint flows, the combination of unprotected entry points and insufficient output sanitization presents a notable risk. The plugin's historical vulnerability, though resolved, combined with the identified weaknesses, suggests that careful monitoring and potential mitigation efforts for the exposed AJAX handlers are warranted.

Key Concerns

  • 4 AJAX handlers without auth checks
  • Only 46% of outputs properly escaped
  • Medium severity vulnerability in history
  • 1 unsanitized path in taint analysis
Vulnerabilities
1

CM Custom Reports – Flexible reporting to track what matters most Security Vulnerabilities

CVEs by Year

1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2026-2431medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CM Custom Reports <= 1.2.7 - Reflected Cross-Site Scripting via 'date_from' and 'date_to' Parameters

Mar 6, 2026 Patched in 1.2.8 (1d)
Code Analysis
Analyzed Mar 16, 2026

CM Custom Reports – Flexible reporting to track what matters most Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
12 prepared
Unescaped Output
183
155 escaped
Nonce Checks
8
Capability Checks
1
File Operations
1
External Requests
6
Bundled Libraries
1

Bundled Libraries

jQuery

SQL Query Safety

100% prepared12 total queries

Output Escaping

46% escaped338 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

3 flows1 with unsanitized paths
cminds_system_info_content (package\cminds-free.php:2724)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

CM Custom Reports – Flexible reporting to track what matters most Attack Surface

Entry Points9
Unprotected4

AJAX Handlers 5

authwp_ajax_cm_custom_reports_gatewaybackend\cm-custom-reports-backend.php:46
authwp_ajax_cm-submit-uninstall-reasonpackage\cminds-free.php:147
authwp_ajax_cm-submit-registration-emailpackage\cminds-free.php:148
authwp_ajax_cm-submit-deregistrationpackage\cminds-free.php:149
authwp_ajax_cm-submit-registration-skippackage\cminds-free.php:150

Shortcodes 4

[cminds_free_registration] package\cminds-free.php:54
[cminds_free_guide] package\cminds-free.php:55
[cminds_upgrade_box] package\cminds-free.php:56
[cminds_free_activation] package\cminds-free.php:57
WordPress Hooks 26
filtercmcr_graph_optionsbackend\classes\modules\GraphModule.php:9
filtercmcr_loaded_reportsbackend\classes\ReportBase.php:29
actioncmcr_after_report_loadedbackend\classes\ReportBase.php:30
actionadmin_initbackend\cm-custom-reports-backend.php:38
actionadmin_enqueue_scriptsbackend\cm-custom-reports-backend.php:39
actionadmin_menubackend\cm-custom-reports-backend.php:40
filterCMCR_admin_settingsbackend\cm-custom-reports-backend.php:41
filtercmcr_report_name_filterbackend\reports\CommentsByTypeReport.php:11
filtercmcr_report_name_filterbackend\reports\PostsByAuthorReport.php:10
filtercmcr_report_name_filterbackend\reports\PostsByTypeReport.php:11
filtercmcr_report_name_filterbackend\reports\RegisteredUsersReport.php:10
filtercmcr_report_name_filterbackend\reports\TopAuthorsReport.php:10
actionactivated_pluginpackage\cminds-free.php:31
actionadmin_initpackage\cminds-free.php:33
actionadmin_menupackage\cminds-free.php:34
actionadmin_enqueue_scriptspackage\cminds-free.php:35
actionadmin_enqueue_scriptspackage\cminds-free.php:36
actioncminds_download_sysinfopackage\cminds-free.php:48
actioninitpackage\cminds-free.php:50
actioninitpackage\cminds-free.php:51
filterplugin_row_metapackage\cminds-free.php:59
actionwp_dashboard_setuppackage\cminds-free.php:62
actionadmin_footerpackage\cminds-free.php:157
filterwp_mail_content_typepackage\cminds-free.php:311
filterwp_mail_content_typepackage\cminds-free.php:2074
filterwp_mail_content_typepackage\cminds-free.php:2165
Maintenance & Trust

CM Custom Reports – Flexible reporting to track what matters most Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 18, 2026
PHP min version5.2.4
Downloads22K

Community Trust

Rating100/100
Number of ratings4
Active installs200
Alternatives

CM Custom Reports – Flexible reporting to track what matters most Alternatives

SlimStat Analytics

SlimStat Analytics

wp-slimstat

A
88

The leading web analytics plugin for WordPress

80K 23 CVEs
Sales Report for WooCommerce

Sales Report for WooCommerce

sales-report-for-woocommerce

A
100

Sales Report for WooCommerce generates daily, weekly and monthly sales report

1K No CVEs
REPORTiT – Advanced Reporting for WooCommerce

REPORTiT – Advanced Reporting for WooCommerce

ithemelandco-woo-report

A
98

Stop guessing. Grow your sales with powerful, easy-to-understand reports and analytics for WooCommerce.

800 2 CVEs
Advanced Reporting & Statistics for WooCommerce – Orders, Products & Customers Reporting

Advanced Reporting & Statistics for WooCommerce – Orders, Products & Customers Reporting

webd-woocommerce-advanced-reporting-statistics

A
96

A comprehensive WordPress Plugin for Advanced WooCommerce Reporting, Product Sales Report, Statistics, Analytics & Forecasting Tool for Orders, Pr &hellip;

400 2 CVEs
Smart Reporter For WooCommerce and WP eCommerce

Smart Reporter For WooCommerce and WP eCommerce

smart-reporter-for-wp-e-commerce

A
85

A phenomenal plugin that solves all your business related issues, from business analysis to reporting on your WooCommerce and WordPress eCommerce site &hellip;

300 No CVEs
Developer Profile

CM Custom Reports – Flexible reporting to track what matters most Developer Profile

CreativeMindsSolutions

19 plugins · 22K total installs

76
trust score
Avg Security Score
95/100
Avg Patch Time
546 days
View full developer profile
Detection Fingerprints

How We Detect CM Custom Reports – Flexible reporting to track what matters most

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/cm-custom-reports/shared/classes/Labels.php/wp-content/plugins/cm-custom-reports/backend/classes/Settings.php/wp-content/plugins/cm-custom-reports/shared/cm-custom-reports-shared.php/wp-content/plugins/cm-custom-reports/package/cminds-free.php/wp-content/plugins/cm-custom-reports/backend/cm-custom-reports-backend.php/wp-content/plugins/cm-custom-reports/backend/classes/modules/GraphModule.php

HTML / DOM Fingerprints

Data Attributes
data-cmcr-report-slug
JS Globals
CMCR_Graph_ModuleCM_Custom_Reports
FAQ

Frequently Asked Questions about CM Custom Reports – Flexible reporting to track what matters most