Crystal Ball Insights Security & Risk Analysis

wordpress.org/plugins/crystal-ball-insight

The Crystal Ball plugin helps you monitor & log all changes and activities on your WordPress site. It will send log data to the Crystal Ball Insig …

10 active installs v1.1.1 PHP + WP 4.4+ Updated Oct 9, 2024
crystal-ballcrystal-ball-insightsgoogle-ads-annotationsgoogle-analytics-annotationsgoogle-data-studio-annotations
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is Crystal Ball Insights Safe to Use in 2026?

Generally Safe

Score 92/100

Crystal Ball Insights has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The crystal-ball-insight v1.1.1 plugin exhibits a generally strong security posture with several good practices evident, such as the exclusive use of prepared statements for all SQL queries and a high percentage of properly escaped output. The lack of known vulnerabilities in its history is a positive indicator. However, the static analysis reveals a notable concern: one AJAX handler operates without proper authentication checks, representing a direct entry point that could be exploited if it handles user-supplied data insecurely. Additionally, a taint analysis flow with unsanitized paths, even if rated as high severity and not critical, warrants careful attention as it suggests a potential weakness in data sanitization that could be leveraged for various attacks if the specific flow is exploitable.

Key Concerns

  • AJAX handler without authentication
  • Taint flow with unsanitized paths (high severity)
Vulnerabilities
None known

Crystal Ball Insights Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Crystal Ball Insights Release Timeline

No version history available.
Code Analysis
Analyzed Apr 16, 2026

Crystal Ball Insights Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
24 prepared
Unescaped Output
6
193 escaped
Nonce Checks
2
Capability Checks
7
File Operations
1
External Requests
1
Bundled Libraries
0

SQL Query Safety

100% prepared24 total queries

Output Escaping

97% escaped199 total outputs
Data Flows · Security
1 unsanitized

Data Flow Analysis

5 flows1 with unsanitized paths
log_page_func (classes/class-cbi-admin-ui.php:25)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Crystal Ball Insights Attack Surface

Entry Points3
Unprotected1

AJAX Handlers 3

authwp_ajax_cbi_install_elementor_set_admin_notice_viewedclasses/class-cbi-admin-ui.php:282
authwp_ajax_cbi_reset_itemsclasses/class-cbi-settings.php:21
authwp_ajax_cbi_get_propertiesclasses/class-cbi-settings.php:22
WordPress Hooks 69
actionadmin_footerclasses/class-cbi-admin-ui.php:134
actionadmin_menuclasses/class-cbi-admin-ui.php:279
actionadmin_headclasses/class-cbi-admin-ui.php:280
actionadmin_noticesclasses/class-cbi-admin-ui.php:281
actioncbi/maintenance/clear_old_itemsclasses/class-cbi-api.php:11
actioncbi_admin_page_loadclasses/class-cbi-export.php:12
actioncbi_admin_page_loadclasses/class-cbi-export.php:13
filtercbi_record_actionsclasses/class-cbi-export.php:15
filteredit_cbi_logs_per_pageclasses/class-cbi-export.php:52
filtercbi_whitelist_optionsclasses/class-cbi-integration-woocommerce.php:13
filterwoocommerce_get_settings_pagesclasses/class-cbi-integration-woocommerce.php:14
actioninitclasses/class-cbi-integration-woocommerce.php:53
filterset-screen-optionclasses/class-cbi-log-list-table.php:164
actionwpmu_new_blogclasses/class-cbi-maintenance.php:98
actiondelete_blogclasses/class-cbi-maintenance.php:99
actioninitclasses/class-cbi-notifications.php:16
actioncbi_load_notification_handlersclasses/class-cbi-notifications.php:17
actioncbi_insert_logclasses/class-cbi-notifications.php:18
filterwp_privacy_personal_data_exportersclasses/class-cbi-privacy.php:13
actionadmin_initclasses/class-cbi-privacy.php:14
actioninitclasses/class-cbi-settings.php:14
actionadmin_menuclasses/class-cbi-settings.php:15
actionadmin_initclasses/class-cbi-settings.php:16
actionadmin_noticesclasses/class-cbi-settings.php:17
actionadmin_footerclasses/class-cbi-settings.php:18
actionplugins_loadedcrystal-ball-insight.php:108
actionadd_attachmenthooks/class-cbi-hook-attachments.php:31
actionedit_attachmenthooks/class-cbi-hook-attachments.php:32
actiondelete_attachmenthooks/class-cbi-hook-attachments.php:33
actionwp_insert_commenthooks/class-cbi-hook-comments.php:62
actionedit_commenthooks/class-cbi-hook-comments.php:63
actiontrash_commenthooks/class-cbi-hook-comments.php:64
actionuntrash_commenthooks/class-cbi-hook-comments.php:65
actionspam_commenthooks/class-cbi-hook-comments.php:66
actionunspam_commenthooks/class-cbi-hook-comments.php:67
actiondelete_commenthooks/class-cbi-hook-comments.php:68
actiontransition_comment_statushooks/class-cbi-hook-comments.php:69
action_core_updated_successfullyhooks/class-cbi-hook-core.php:25
actionexport_wphooks/class-cbi-hook-export.php:18
actionwp_update_nav_menuhooks/class-cbi-hook-menus.php:31
actionwp_create_nav_menuhooks/class-cbi-hook-menus.php:32
actiondelete_nav_menuhooks/class-cbi-hook-menus.php:33
actionupdated_optionhooks/class-cbi-hook-options.php:112
actionupdate_option_log_settingshooks/class-cbi-hook-options.php:113
actionactivated_pluginhooks/class-cbi-hook-plugins.php:123
actiondeactivated_pluginhooks/class-cbi-hook-plugins.php:124
filterwp_redirecthooks/class-cbi-hook-plugins.php:125
actionupgrader_process_completehooks/class-cbi-hook-plugins.php:127
actiontransition_post_statushooks/class-cbi-hook-posts.php:73
actiondelete_posthooks/class-cbi-hook-posts.php:74
actioncreated_termhooks/class-cbi-hook-taxonomies.php:36
actionedited_termhooks/class-cbi-hook-taxonomies.php:37
actiondelete_termhooks/class-cbi-hook-taxonomies.php:38
filterwp_redirecthooks/class-cbi-hook-themes.php:153
actionswitch_themehooks/class-cbi-hook-themes.php:154
actiondelete_site_transient_update_themeshooks/class-cbi-hook-themes.php:155
actionupgrader_process_completehooks/class-cbi-hook-themes.php:156
actioncustomize_savehooks/class-cbi-hook-themes.php:158
actionwp_loginhooks/class-cbi-hook-users.php:85
actionclear_auth_cookiehooks/class-cbi-hook-users.php:86
actiondelete_userhooks/class-cbi-hook-users.php:87
actionuser_registerhooks/class-cbi-hook-users.php:88
actionprofile_updatehooks/class-cbi-hook-users.php:89
filterwp_login_failedhooks/class-cbi-hook-users.php:90
filterwidget_update_callbackhooks/class-cbi-hook-widgets.php:45
filtersidebar_admin_setuphooks/class-cbi-hook-widgets.php:46
actioninitnotifications/abstract-class-cbi-notification-base.php:26
actioncbi_validate_optionsnotifications/abstract-class-cbi-notification-base.php:27
filterwp_mail_content_typenotifications/class-cbi-notification-email.php:42

Scheduled Events 1

cbi/maintenance/clear_old_items
Maintenance & Trust

Crystal Ball Insights Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedOct 9, 2024
PHP min version
Downloads983

Community Trust

Rating100/100
Number of ratings7
Active installs10
Alternatives

Crystal Ball Insights Alternatives

No alternatives data available yet.

Developer Profile

Crystal Ball Insights Developer Profile

crystalballinsight

1 plugin · 10 total installs

88
trust score
Avg Security Score
92/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Crystal Ball Insights

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/crystal-ball-insight/assets/css/settings.css/wp-content/plugins/crystal-ball-insight/assets/js/settings.js
Script Paths
/wp-content/plugins/crystal-ball-insight/assets/js/settings.js
Version Parameters
crystal-ball-insight/assets/css/settings.css?ver=crystal-ball-insight/assets/js/settings.js?ver=

HTML / DOM Fingerprints

CSS Classes
cbi-settings-field
Data Attributes
data-page="crystal-ball-settings"
JS Globals
cbi_settings
FAQ

Frequently Asked Questions about Crystal Ball Insights