WP-Safety

Knowledge Base Security & Risk Analysis

wordpress.org/plugins/knowledgebase

Effortlessly build a comprehensive knowledge base for unlimited products on your WordPress site and elevate your customer support experience.

100 active installs v2.3.2 PHP 7.4+ WP 6.3+ Updated Nov 29, 2025
documentationfaqknowledge-baseknowledgebasesupport
96
A · Safe
CVEs total4
Unpatched0
Last CVEJul 17, 2025
Plugin page Download
Safety Verdict

Is Knowledge Base Safe to Use in 2026?

Generally Safe

Score 96/100

Knowledge Base has a strong security track record. Known vulnerabilities have been patched promptly.

4 known CVEsLast CVE: Jul 17, 2025Updated 4mo ago
Risk Assessment

The "knowledgebase" plugin v2.3.2 exhibits a generally good security posture, with several positive indicators. The absence of critical or high-severity vulnerabilities in its history, coupled with 100% of SQL queries utilizing prepared statements and a high percentage (85%) of properly escaped output, suggests a development team that is conscious of common web application security risks. Furthermore, the plugin has no currently unpatched vulnerabilities. The static analysis shows a moderate attack surface with all identified entry points (AJAX handlers, shortcodes) having apparent authentication or capability checks, and no direct file operations or external HTTP requests, which further contributes to its strength.

However, there are some areas that warrant attention. The presence of 4 medium-severity vulnerabilities in the past, specifically identified as Cross-Site Scripting (XSS), is a concern. While currently patched, this pattern indicates a potential for such vulnerabilities to be introduced if input sanitization and output escaping practices are not rigorously applied across all code paths. The relatively low number of nonce checks (2) across 7 entry points and only 5 capability checks could suggest that some authentication mechanisms might be less robust than ideal, although the static analysis does not explicitly highlight unprotected entry points. The fact that all 4 past vulnerabilities were medium severity and XSS related, even though none are currently unpatched, is the most significant indicator of a potential recurring risk if the codebase isn't meticulously reviewed for such flaws.

In conclusion, the "knowledgebase" plugin v2.3.2 demonstrates a solid foundation in security practices, particularly in database interaction and output handling. The absence of active unpatched vulnerabilities is commendable. Nevertheless, the historical prevalence of medium-severity XSS vulnerabilities necessitates a cautious approach, emphasizing continuous vigilance in code reviews and testing to prevent their re-emergence. The plugin's overall security is good, but the historical vulnerability pattern is a weakness that requires ongoing attention.

Key Concerns

  • 4 medium severity XSS vulnerabilities in history
  • Only 2 nonce checks for 7 entry points
  • Only 5 capability checks for 7 entry points
  • 85% output escaping is good but not 100%
Vulnerabilities
4

Knowledge Base Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
1 CVE in 2024
2024
2 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
4

4 total CVEs

CVE-2025-7431medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Knowledge Base <= 2.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Slug

Jul 17, 2025 Patched in 2.3.2 (1d)
CVE-2025-5533medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Knowledge Base <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jun 5, 2025 Patched in 2.3.1 (1d)
CVE-2024-51677medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Knowledge Base <= 2.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Nov 1, 2024 Patched in 2.2.1 (6d)
WF-997b028c-8131-4579-8157-caecf099d7ec-knowledgebasemedium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Knowledge Base <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block

Jan 3, 2023 Patched in 2.1.2 (385d)
Code Analysis
Analyzed Mar 16, 2026

Knowledge Base Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
7 prepared
Unescaped Output
35
205 escaped
Nonce Checks
2
Capability Checks
5
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

88% prepared8 total queries

Output Escaping

85% escaped240 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
save (includes\admin\settings\class-metabox-api.php:170)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Knowledge Base Attack Surface

Entry Points7
Unprotected0

AJAX Handlers 2

authwp_ajax_wz_tag_searchincludes\options-api.php:298
authwp_ajax_wzkb_clear_cacheincludes\util\class-cache.php:29

Shortcodes 5

[knowledgebase] includes\frontend\class-shortcodes.php:27
[kbsearch] includes\frontend\class-shortcodes.php:28
[kbbreadcrumb] includes\frontend\class-shortcodes.php:29
[kbalert] includes\frontend\class-shortcodes.php:30
[kb_related_articles] includes\frontend\class-shortcodes.php:31
WordPress Hooks 37
actionwp_initialize_siteincludes\admin\class-activator.php:29
filtermanage_edit-wzkb_category_columnsincludes\admin\class-admin-columns.php:30
filtermanage_edit-wzkb_category_sortable_columnsincludes\admin\class-admin-columns.php:31
filtermanage_edit-wzkb_tag_columnsincludes\admin\class-admin-columns.php:32
filtermanage_edit-wzkb_tag_sortable_columnsincludes\admin\class-admin-columns.php:33
filtermanage_wzkb_category_custom_columnincludes\admin\class-admin-columns.php:35
filtermanage_wzkb_tag_custom_columnincludes\admin\class-admin-columns.php:36
actionadmin_enqueue_scriptsincludes\admin\class-admin.php:84
actionadmin_noticesincludes\admin\class-admin.php:85
filterdashboard_glance_itemsincludes\admin\class-admin.php:86
filteradmin_headincludes\admin\class-admin.php:87
actionadmin_footerincludes\admin\class-admin.php:88
actionadmin_enqueue_scriptsincludes\admin\settings\class-metabox-api.php:103
actionadd_meta_boxesincludes\admin\settings\class-metabox-api.php:104
actionadmin_menuincludes\admin\settings\class-settings-api.php:179
actionadmin_initincludes\admin\settings\class-settings-api.php:180
filteradmin_footer_textincludes\admin\settings\class-settings-api.php:181
actionadmin_enqueue_scriptsincludes\admin\settings\class-settings-api.php:182
filteradmin_body_classincludes\admin\settings\class-settings-api.php:183
actionadmin_menuincludes\admin\settings\class-settings.php:145
actionadmin_headincludes\admin\settings\class-settings.php:146
filterplugin_row_metaincludes\admin\settings\class-settings.php:147
filteradmin_enqueue_scriptsincludes\admin\settings\class-settings.php:149
actioninitincludes\blocks\class-blocks.php:32
actioninitincludes\class-cpt.php:28
actioninitincludes\class-cpt.php:29
actioninitincludes\class-main.php:183
actionwidgets_initincludes\class-main.php:184
filterrequestincludes\frontend\class-feed.php:24
actioninitincludes\frontend\class-language-handler.php:28
actionwp_enqueue_scriptsincludes\frontend\class-styles-handler.php:27
filtertemplate_includeincludes\frontend\class-template-handler.php:20
filterget_block_templatesincludes\frontend\class-template-handler.php:22
filterpre_get_postsincludes\frontend\class-template-handler.php:36
filterdocument_title_partsincludes\frontend\class-template-handler.php:37
actionwidgets_initincludes\frontend\class-template-handler.php:38
actionplugins_loadedknowledgebase.php:88
Maintenance & Trust

Knowledge Base Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedNov 29, 2025
PHP min version7.4
Downloads14K

Community Trust

Rating100/100
Number of ratings2
Active installs100
Alternatives

Knowledge Base Alternatives

Easy Accordion FAQ and Knowledge Base Software for WordPress

Easy Accordion FAQ and Knowledge Base Software for WordPress

knowledge-center

A
100

Best WordPress Accordion FAQ & Knowledge Base plugin. Help users find answers fast with a responsive, easy-to-use knowledge base.

10 1 CVE
DearDocs – Documentation, Knowledge Base, Help Center & FAQs

DearDocs – Documentation, Knowledge Base, Help Center & FAQs

deardocs

A
100

Create a searchable Documentation site, Knowledge Base, or Help Center. Manage your support wiki and product docs with this powerful WordPress plugin.

0 No CVEs
BetterDocs – Knowledge Base Docs & FAQ Solution for Elementor & Block Editor

BetterDocs – Knowledge Base Docs & FAQ Solution for Elementor & Block Editor

betterdocs

A
86

A full-featured documentation plugin including AI writing assistance to create knowledge bases, docs, FAQs, wikis, and more with easy drag & drop UI.

40K 7 CVEs
Echo Knowledge Base – Documentation, FAQs, Chat & Smart Search

Echo Knowledge Base – Documentation, FAQs, Chat & Smart Search

echo-knowledge-base

A
98

A fully featured, easy-to-use documentation plugin with AI chat and search integration. Build beautiful knowledge bases, FAQs, docs, and wikis.

10K 1 CVE
EazyDocs – AI Powered Knowledge Base, Wiki, Documentation & FAQ Builder

EazyDocs – AI Powered Knowledge Base, Wiki, Documentation & FAQ Builder

eazydocs

A
91

Build professional knowledge bases with unlimited docs, drag-and-drop editor, live search, and SEO optimization.

2K 9 CVEs
Developer Profile

Knowledge Base Developer Profile

Ajay

31 plugins · 89K total installs

73
trust score
Avg Security Score
91/100
Avg Patch Time
825 days
View full developer profile
Detection Fingerprints

How We Detect Knowledge Base

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/knowledgebase/css/admin.min.css/wp-content/plugins/knowledgebase/css/admin.css/wp-content/plugins/knowledgebase/js/admin-scripts.min.js/wp-content/plugins/knowledgebase/js/admin-scripts.js
Script Paths
js/admin-scripts.min.jsjs/admin-scripts.js
Version Parameters
knowledgebase/css/admin.min.css?ver=knowledgebase/css/admin.css?ver=knowledgebase/js/admin-scripts.min.js?ver=knowledgebase/js/admin-scripts.js?ver=

HTML / DOM Fingerprints

CSS Classes
wzkb-article-count
JS Globals
wzkb_admin
FAQ

Frequently Asked Questions about Knowledge Base