MaxiCharts Query Builder Add-on Security & Risk Analysis
wordpress.org/plugins/maxicharts-query-builder-add-onExtends MaxiCharts plugin adding the famous Query Builder js widget in order to filter gravity forms entries real time via front end.
Is MaxiCharts Query Builder Add-on Safe to Use in 2026?
Generally Safe
Score 85/100MaxiCharts Query Builder Add-on has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The 'maxicharts-query-builder-add-on' v1.2.2 plugin exhibits a concerning security posture due to its significant number of unprotected AJAX handlers. While the plugin demonstrates good practices by not using dangerous functions, performing 100% of SQL queries with prepared statements, and having no recorded vulnerability history, the lack of authentication on its entry points presents a substantial risk. The static analysis reveals that all four identified AJAX handlers lack authorization checks, making them direct targets for attackers. Although taint analysis found no critical or high severity issues and output escaping is moderately well-handled, the absence of capability checks and nonce checks on these handlers leaves them vulnerable to unauthorized data manipulation or execution. The vulnerability history being clean is a positive sign, suggesting a generally secure development process, but it doesn't negate the immediate risks posed by the exposed AJAX endpoints. The plugin's strengths lie in its SQL hygiene and lack of past vulnerabilities, but the weakness in securing its primary interaction points is a critical concern.
Key Concerns
- 4 unprotected AJAX handlers
- 0 nonce checks on AJAX handlers
- 0 capability checks on AJAX handlers
- 60% output escaping, some outputs unescaped
MaxiCharts Query Builder Add-on Security Vulnerabilities
MaxiCharts Query Builder Add-on Code Analysis
Bundled Libraries
Output Escaping
Data Flow Analysis
MaxiCharts Query Builder Add-on Attack Surface
AJAX Handlers 4
WordPress Hooks 3
Maintenance & Trust
MaxiCharts Query Builder Add-on Maintenance & Trust
Maintenance Signals
Community Trust
MaxiCharts Query Builder Add-on Alternatives
MaxiCharts Gravity View Add-on
maxicharts-gravity-view-add-on
Extends MaxiCharts plugin with feature to filter entries on Gravity View approval status. Requires installation of both [Maxicharts](https://wordpress …
Real Time Validation for Gravity Forms
real-time-validation-for-gravity-forms
Real Time Validation for Gravity Forms increases conversion rates of your Gravity Form using inline validation messages as user types in field.
Query Wrangler
query-wrangler
Query Wrangler provides an intuitive interface for creating complex WP queries as shortcodes and widgets. UI based on Drupal Views.
Contact Form Migrator from Gravity Forms to Formidable
formidable-gravity-forms-importer
Migrate your WordPress contact forms automatically from Gravity Forms to Formidable Forms.
Gravity Forms Business Hours by GravityView
gravity-forms-business-hours
Add a Business Hours field to Gravity Forms.
MaxiCharts Query Builder Add-on Developer Profile
14 plugins · 800 total installs
How We Detect MaxiCharts Query Builder Add-on
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/maxicharts-query-builder-add-on/assets/css/mc-query-builder.css/wp-content/plugins/maxicharts-query-builder-add-on/assets/js/mc-query-builder.js/wp-content/plugins/maxicharts-query-builder-add-on/assets/js/mc-query-builder.js/wp-content/plugins/maxicharts-query-builder-add-on/assets/css/mc-query-builder.css?ver=/wp-content/plugins/maxicharts-query-builder-add-on/assets/js/mc-query-builder.js?ver=HTML / DOM Fingerprints
mc-query-builder-wrapperdata-form-iddata-graph-typedata-includedata-excludedata-maxentriesdata-filter+2 moremc_query_builder_params/wp-json/maxicharts-query-builder-add-on/v1/get_form_fields[maxicharts_query_builder]