Does Estatik Mortgage Calculator have any unpatched vulnerabilities?

Yes — Estatik Mortgage Calculator currently has 4 unpatched vulnerabilities. We recommend switching to an alternative or applying any available workarounds.

Is Estatik Mortgage Calculator compatible with WordPress 6.7.5?

According to WordPress.org data, Estatik Mortgage Calculator 2.0.12 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

How often is Estatik Mortgage Calculator updated?

Estatik Mortgage Calculator was last updated on Dec 30, 2024. Frequent updates are generally a positive security signal.

What is Estatik Mortgage Calculator's security score?

Estatik Mortgage Calculator has a WP-Safety security score of 29/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Estatik Mortgage Calculator Security & Risk Analysis

wordpress.org/plugins/estatik-mortgage-calculator

Estatik Mortgage Calculator will allow your website visitors to estimate their mortgage payments. It is great-looking and informative!

1K active installs v2.0.12 PHP + WP 5.4+ Updated Dec 30, 2024

estatikestatik-mortgage-calculatormortgage-calculatorwordpress-mortgage-calculator

F · Critical Risk

CVEs total5

Unpatched4

Last CVEMay 16, 2025

Plugin page Download

Safety Verdict

Is Estatik Mortgage Calculator Safe to Use in 2026?

Critical Risk — Avoid

Score 29/100

Estatik Mortgage Calculator is critically unsafe with 5 known CVEs, 4 still unpatched. Avoid in production.

5 known CVEs 4 unpatched Last CVE: May 16, 2025Updated 1yr ago

Risk Assessment

The 'estatik-mortgage-calculator' plugin v2.0.12 exhibits a mixed security posture. While the static analysis reveals a good adherence to secure coding practices, such as the absence of dangerous functions, file operations, and external HTTP requests, and a high percentage of properly escaped output and prepared SQL statements, significant concerns arise from its vulnerability history. The plugin has a history of 5 known CVEs, with a concerning 4 of them remaining unpatched, including 3 high-severity vulnerabilities. The common vulnerability types, 'PHP Remote File Inclusion' and 'Cross-site Scripting', are particularly serious and can lead to significant compromise. The lack of capability checks on entry points and only one nonce check, despite having two shortcodes as entry points, is a potential weakness. The static analysis, while clean in terms of taint flows and direct vulnerabilities, does not mitigate the risks posed by past unpatched vulnerabilities, suggesting potential for undiscovered issues or a lack of effective patching by the developer.

Key Concerns

Unpatched High Severity CVEs (3)
Unpatched Medium Severity CVEs (1)
Vulnerability History (5 total CVEs)
Lack of Capability Checks
Insufficient Nonce Checks (1 total)

Vulnerabilities

Estatik Mortgage Calculator Security Vulnerabilities

CVEs by Year

2 CVEs in 2023 · unpatched

2023

3 CVEs in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

High

Medium

5 total CVEs

CVE-2025-48136high · 8.8Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Mortgage Calculator Estatik <= 2.0.12 - Authenticated (Contributor+) Local File Inclusion

May 16, 2025Unpatched

CVE-2025-26907high · 8.8Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Estatik Mortgage Calculator <= 2.0.12 - Authenticated (Contributor+) Local File Inclusion

Feb 23, 2025Unpatched

CVE-2024-9354medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Estatik Mortgage Calculator <= 2.0.11 - Reflected Cross-Site Scripting

Jan 6, 2025 Patched in 2.0.12 (1d)

CVE-2023-40601high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Mortgage Calculator Estatik <= 2.0.11 - Reflected Cross-Site Scripting

Aug 17, 2023Unpatched

CVE-2023-28490medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WordPress Mortgage Calculator Estatik <= 2.0.11 - Reflected Cross-Site Scripting

Mar 16, 2023Unpatched

Code Analysis

Analyzed Mar 16, 2026

Estatik Mortgage Calculator Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

213 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

96% escaped222 total outputs

Attack Surface

Estatik Mortgage Calculator Attack Surface

Entry Points2

Unprotected0

Shortcodes 2

[es_mortgage_calculator] estatik-calculator.php:77

[mortgage_calculator] estatik-calculator.php:78

WordPress Hooks 11

actionplugins_loadedestatik-calculator.php:41

actionadmin_menuestatik-calculator.php:58

filterplugin_action_linksestatik-calculator.php:75

actionemc-mortgage-calculator_page_access_blockincludes\admin\class-mortgage-calculator-widget.php:18

actionadmin_enqueue_scriptsincludes\admin\class-mortgage-calculator-widget.php:20

actionadmin_footer-widgets.phpincludes\admin\class-mortgage-calculator-widget.php:21

actionwidgets_initincludes\admin\class-mortgage-calculator-widget.php:311

actionadmin_enqueue_scriptsincludes\functions.php:22

actionemc_display_calculator_fieldincludes\functions.php:488

actionemc_display_calculator_buttonincludes\functions.php:498

actioninitincludes\functions.php:519

Maintenance & Trust

Estatik Mortgage Calculator Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedDec 30, 2024

PHP min version

Downloads43K

Community Trust

Rating92/100

Number of ratings5

Active installs1K

Alternatives

Estatik Mortgage Calculator Alternatives

Responsive Mortgage Calculator

responsive-mortgage-calculator

A simple responsive mortgage calculator widget and shortcode.

7K No CVEs

Mortgage Calculator

mortgage-calculator

It provides an easy to use mortgage calculator widget.

4K No CVEs

Mortgage Calculators WP

mortgage-calculators-wp

Mortgage Calculators WP provides users with a simple, elegant and responsive solution for users to calculate mortgage values.

3K 2 CVEs

Simple Mortgage Calculator

ct-mortgage-calculator

A straightforward and simple responsive mortgage calculator with a clean flat design.

1K No CVEs

Property Hive Mortgage Calculator

property-hive-mortgage-calculator

Quickly and easily add a mortgage calculator to your website

800 1 CVE

Developer Profile

Estatik Mortgage Calculator Developer Profile

Estatik

2 plugins · 11K total installs

trust score

Avg Security Score

27/100

Avg Patch Time

952 days

View full developer profile

Detection Fingerprints

How We Detect Estatik Mortgage Calculator

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/estatik-mortgage-calculator/js/calculator.js/wp-content/plugins/estatik-mortgage-calculator/css/calculator.css

Script Paths

/wp-content/plugins/estatik-mortgage-calculator/js/calculator.js

Version Parameters

estatik-mortgage-calculator/js/calculator.js?ver=estatik-mortgage-calculator/css/calculator.css?ver=

HTML / DOM Fingerprints

CSS Classes

emc-calculator-widget-formemc-calculator-formemc-calculator-result

Data Attributes

data-currency-symboldata-digits-colordata-color

JS Globals

emc_calculator

Shortcode Output

[es_mortgage_calculator][mortgage_calculator]

FAQ