Does Knowledge Building have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Knowledge Building compatible with WordPress 4.3.34?

According to WordPress.org data, Knowledge Building 0.7.2 has been tested up to WordPress 4.3.34. Check the plugin's changelog for the latest compatibility information.

How often is Knowledge Building updated?

Knowledge Building was last updated on Aug 12, 2015. Frequent updates are generally a positive security signal.

What is Knowledge Building's security score?

Knowledge Building has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Knowledge Building Security & Risk Analysis

wordpress.org/plugins/knowledge-building

Use comment threads to facilitate meaningful knowledge building discussions. Comes with several knowledge type sets (eg. progressive inquiry, six hat …

10 active installs v0.7.2 PHP + WP 2.7+ Updated Aug 12, 2015

commentseducationknowledge-buildinglearningprogressive-inquiry

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Knowledge Building Safe to Use in 2026?

Generally Safe

Score 85/100

Knowledge Building has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago

Risk Assessment

The "knowledge-building" plugin v0.7.2 exhibits a significant security posture concern due to its unprotected attack surface. All six identified AJAX handlers lack authentication checks, meaning any unauthenticated user can potentially trigger these functions. This is a critical oversight that could lead to various exploits depending on the functionality of these handlers.

The static analysis also reveals a complete absence of proper output escaping for all identified outputs, and all SQL queries are executed without prepared statements. These two issues, combined with the lack of nonce checks and capability checks, create a highly vulnerable environment. The taint analysis, while limited in scope with only two flows analyzed, found both flows with unsanitized paths, indicating potential for injection vulnerabilities that could be exploited by malicious actors. Despite a clean vulnerability history, the current code analysis paints a concerning picture.

In conclusion, while the plugin has no recorded historical vulnerabilities, the current version's code presents substantial risks. The high number of unprotected entry points, coupled with the lack of fundamental security measures like output escaping and prepared statements, makes this plugin a prime target for exploitation. Remediation of these fundamental security flaws is strongly recommended before the plugin is widely deployed or used in a production environment.

Key Concerns

AJAX handlers without authentication checks
SQL queries without prepared statements
Output escaping not properly implemented
Nonce checks missing
Capability checks missing
Taint analysis shows unsanitized paths

Vulnerabilities

None known

Knowledge Building Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Knowledge Building Release Timeline

v0.7.2Current

v0.7.1

v0.7

v0.6.11

v0.6.10

v0.6.9

v0.6.8

v0.6.7

v0.6.6

v0.6.5

v0.6.3

v0.6.2

v0.6.1

v0.6

v0.5.8.1

v0.5.8

v0.5.7

v0.5.6

v0.5.5

v0.5.4

Code Analysis

Analyzed Mar 17, 2026

Knowledge Building Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared3 total queries

Output Escaping

0% escaped62 total outputs

Data Flows · Security

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

knbu_plugin_options (knowledge-building.php:122)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

6 unprotected

Knowledge Building Attack Surface

Entry Points6

Unprotected6

AJAX Handlers 6

noprivwp_ajax_knbu_new_replyknowledge-building.php:43

authwp_ajax_knbu_new_replyknowledge-building.php:44

noprivwp_ajax_knbu_save_node_positionknowledge-building.php:45

authwp_ajax_knbu_save_node_positionknowledge-building.php:46

authwp_ajax_knbu_provide_knbu_infoknowledge-building.php:47

noprivwp_ajax_knbu_provide_knbu_infoknowledge-building.php:48

WordPress Hooks 13

actioninitknowledge-building.php:32

actionwp_enqueue_scriptsknowledge-building.php:33

actioninitknowledge-building.php:35

actionwp_print_scriptsknowledge-building.php:36

actionwp_print_stylesknowledge-building.php:37

actioncomments_arrayknowledge-building.php:38

actioncomment_postknowledge-building.php:39

actionadmin_menuknowledge-building.php:40

actionadmin_initknowledge-building.php:41

filtercomments_templateknowledge-building.php:50

filtertemplate_includeknowledge-building.php:51

filtercomment_save_preknowledge-building.php:52

actionwpknowledge-building.php:463

Maintenance & Trust

Knowledge Building Maintenance & Trust

Maintenance Signals

WordPress version tested4.3.34

Last updatedAug 12, 2015

PHP min version

Downloads5K

Community Trust

Rating100/100

Number of ratings1

Active installs10

Alternatives

Knowledge Building Alternatives

Tutor LMS – eLearning and online course solution

tutor

A complete WordPress LMS plugin to create any eLearning website easily.

100K 69 CVEs

LearnPress – WordPress LMS Plugin for Create and Sell Online Courses

learnpress

A WordPress LMS Plugin to create WordPress Learning Management System. Turn your WordPress to LMS WordPress Website with Courses, Lessons, Quizzes &am …

80K 67 CVEs

LearnPress – Course Review

learnpress-course-review

LearnPress Course Review - An extension plugin for LearnPress.

30K 1 CVE

LearnPress – Course Wishlist

learnpress-wishlist

100

LearnPress Wishlist add wishlist feature to your LearnPress course in your site.

20K No CVEs

Uncanny Toolkit for LearnDash

uncanny-learndash-toolkit

Extend LearnDash with a variety of useful modules that make it even easier to build great learner experiences with LearnDash.

20K 7 CVEs

Developer Profile

Knowledge Building Developer Profile

Cynob IT Consultancy

11 plugins · 650 total installs

trust score

Avg Security Score

81/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Knowledge Building

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/knowledge-building/js/knbu-frontend.js/wp-content/plugins/knowledge-building/css/knbu-frontend.css/wp-content/plugins/knowledge-building/css/knbu-mapview.css

Script Paths

/wp-content/plugins/knowledge-building/js/knbu-frontend.js

Version Parameters

knowledge-building/js/knbu-frontend.js?ver=knowledge-building/css/knbu-frontend.css?ver=knowledge-building/css/knbu-mapview.css?ver=

HTML / DOM Fingerprints

CSS Classes

knbu-map-viewknbu-comment

HTML Comments

JS Globals

knbu_ajaxurlknbu_post_idknbu_current_user_idknbu_comment_dataknbu_node_position_data

REST Endpoints

/wp-json/knowledge-building/v1/settings/wp-json/knowledge-building/v1/comment/wp-json/knowledge-building/v1/node_position

Shortcode Output

[knowledge_building_map]

FAQ