WP-Safety

NgSurvey – Powerful, feature rich self-hosted surveys Security & Risk Analysis

wordpress.org/plugins/ngsurvey

Create rich and powerful surveys in minutes. conditional/skip logic, advanced reports, statistics and many more features out of the box.

10 active installs v1.2.2 PHP 7.2+ WP 4.9+ Updated Aug 13, 2024
feedback-formsformspollssurveysurveys
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is NgSurvey – Powerful, feature rich self-hosted surveys Safe to Use in 2026?

Generally Safe

Score 92/100

NgSurvey – Powerful, feature rich self-hosted surveys has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The plugin "ngsurvey" v1.2.2 exhibits a mixed security posture. On the positive side, it demonstrates good practices by consistently using prepared statements for SQL queries and incorporating a reasonable number of capability checks and nonce checks. The absence of known CVEs is also a strong indicator of past diligence. However, significant concerns arise from the static analysis. A substantial portion of the attack surface is unprotected, with 3 out of 4 entry points lacking authentication checks. Furthermore, the taint analysis reveals a high number of flows with unsanitized paths, indicating potential risks for vulnerabilities like cross-site scripting (XSS) or injection attacks, despite the lack of explicitly reported critical or high severity taint issues in the provided data.

The plugin's vulnerability history is clean, with no recorded CVEs. This absence of past vulnerabilities, coupled with the current lack of critical or high severity issues identified in the taint analysis, suggests that the plugin might have been developed with security in mind for certain areas. However, the static analysis findings, particularly the unprotected entry points and the numerous unsanitized taint flows, present a tangible risk that cannot be ignored. The presence of the `unserialize` function is another point of concern, as it can lead to deserialization vulnerabilities if not handled with extreme care and input validation.

In conclusion, while "ngsurvey" v1.2.2 benefits from a clean vulnerability history and secure SQL query practices, it suffers from a large unprotected attack surface and concerning taint analysis results. The unprotected AJAX handlers are a prime target for malicious actors. The high number of unsanitized taint flows, even without explicit critical severity ratings, warrants immediate investigation and remediation. The plugin's overall security can be significantly improved by addressing these identified weaknesses.

Key Concerns

  • Unprotected AJAX handlers
  • High number of unsanitized taint flows
  • Dangerous unserialize function present
  • Significant portion of outputs unescaped
Vulnerabilities
None known

NgSurvey – Powerful, feature rich self-hosted surveys Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

NgSurvey – Powerful, feature rich self-hosted surveys Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
164 prepared
Unescaped Output
243
536 escaped
Nonce Checks
5
Capability Checks
9
File Operations
3
External Requests
4
Bundled Libraries
2

Dangerous Functions Found

unserialize$preset->meta_value = unserialize( $preset->meta_value );admin\class-ngsurvey-admin.php:187

Bundled Libraries

DataTablesSelect2

SQL Query Safety

100% prepared164 total queries

Output Escaping

69% escaped779 total outputs
Data Flows
29 unsanitized

Data Flow Analysis

25 flows29 with unsanitized paths
display (admin\controllers\class-controller-pages.php:45)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

NgSurvey – Powerful, feature rich self-hosted surveys Attack Surface

Entry Points4
Unprotected3

AJAX Handlers 3

authwp_ajax_ngsa_ajax_handlerincludes\class-ngsurvey.php:157
authwp_ajax_ngsurvey_ajax_handlerincludes\class-ngsurvey.php:271
noprivwp_ajax_ngsurvey_ajax_handlerincludes\class-ngsurvey.php:272

Shortcodes 1

[ngsurvey] includes\class-ngsurvey.php:149
WordPress Hooks 42
actionplugins_loadedincludes\class-ngsurvey.php:116
actioninitincludes\class-ngsurvey.php:120
actioninitincludes\class-ngsurvey.php:121
actioninitincludes\class-ngsurvey.php:124
actionafter_switch_themeincludes\class-ngsurvey.php:125
actionswitch_themeincludes\class-ngsurvey.php:128
actionadmin_menuincludes\class-ngsurvey.php:131
actionmanage_ngsurvey_posts_custom_columnincludes\class-ngsurvey.php:134
filtermanage_ngsurvey_posts_columnsincludes\class-ngsurvey.php:137
filterpost_row_actionsincludes\class-ngsurvey.php:140
filterquery_varsincludes\class-ngsurvey.php:143
filterpost_updated_messagesincludes\class-ngsurvey.php:146
actiondraft_ngsurveyincludes\class-ngsurvey.php:152
actionpublish_ngsurveyincludes\class-ngsurvey.php:153
actionafter_delete_postincludes\class-ngsurvey.php:154
actionadmin_enqueue_scriptsincludes\class-ngsurvey.php:165
actionadmin_enqueue_scriptsincludes\class-ngsurvey.php:166
actionupgrader_process_completeincludes\class-ngsurvey.php:170
filterpre_set_site_transient_update_pluginsincludes\class-ngsurvey.php:173
filterplugins_apiincludes\class-ngsurvey.php:174
filterextra_plugin_headersincludes\class-ngsurvey.php:177
actionadd_meta_boxesincludes\class-ngsurvey.php:245
actionsave_postincludes\class-ngsurvey.php:246
actionsave_postincludes\class-ngsurvey.php:247
actionwp_restore_post_revisionincludes\class-ngsurvey.php:248
filter_wp_post_revision_fieldsincludes\class-ngsurvey.php:249
filter_wp_post_revision_field_my_metaincludes\class-ngsurvey.php:250
actionwp_enqueue_scriptsincludes\class-ngsurvey.php:264
actionwp_enqueue_scriptsincludes\class-ngsurvey.php:265
filterthe_contentincludes\class-ngsurvey.php:268
filterngsurvey_fetch_question_typesincludes\class-ngsurvey.php:297
actionngsurvey_save_question_formincludes\class-ngsurvey.php:300
actionngsurvey_copy_questionincludes\class-ngsurvey.php:303
actionngsurvey_custom_form_actionincludes\class-ngsurvey.php:306
filterngsurvey_response_formincludes\class-ngsurvey.php:309
filterngsurvey_fetch_question_formincludes\class-ngsurvey.php:312
filterngsurvey_conditional_rulesincludes\class-ngsurvey.php:315
filterngsurvey_survey_resultsincludes\class-ngsurvey.php:318
filterngsurvey_consolidated_reportincludes\class-ngsurvey.php:321
filterngsurvey_validate_responseincludes\class-ngsurvey.php:324
filterngsurvey_filter_user_responsesincludes\class-ngsurvey.php:327
filterupload_dirincludes\init\class-ngsurvey-activator.php:209
Maintenance & Trust

NgSurvey – Powerful, feature rich self-hosted surveys Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5
Last updatedAug 13, 2024
PHP min version7.2
Downloads6K

Community Trust

Rating100/100
Number of ratings1
Active installs10
Alternatives

NgSurvey – Powerful, feature rich self-hosted surveys Alternatives

Crowdsignal Forms

Crowdsignal Forms

crowdsignal-forms

B
78

The Crowdsignal Forms plugin allows you to create and manage polls right from within the block editor.

100K 1 unpatched
NativeForms – Contact, NPS, Payment, Feedback, Newsletter Forms

NativeForms – Contact, NPS, Payment, Feedback, Newsletter Forms

nativeforms

A
85

Build forms, surveys & polls for WordPress. Add forms to your website in few minutes and start getting more from your visitors.

40 No CVEs
Dynamic Surveys

Dynamic Surveys

dynamic-surveys

A
92

Create and manage simple surveys with real-time results display using beautiful pie charts.

0 No CVEs
SH Advance Polls

SH Advance Polls

sh-advance-polls

A
100

You can create polls and surveys for your audience and observe the full analytics in the admin panel.

0 No CVEs
Crowdsignal Dashboard – Polls, Surveys & more

Crowdsignal Dashboard – Polls, Surveys & more

polldaddy

A
96

Manage your Crowdsignal polls, surveys, quizzes, and ratings directly from the WordPress dashboard.

100K 9 CVEs
Developer Profile

NgSurvey – Powerful, feature rich self-hosted surveys Developer Profile

NgIdeas

1 plugin · 10 total installs

88
trust score
Avg Security Score
92/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect NgSurvey – Powerful, feature rich self-hosted surveys

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/ngsurvey/assets/vendor/sweetalert2/sweetalert2-theme.css/wp-content/plugins/ngsurvey/assets/vendor/datetimepicker/datetimepicker.css/wp-content/plugins/ngsurvey/assets/vendor/select2/select2.css/wp-content/plugins/ngsurvey/assets/vendor/leaflet/leaflet.css/wp-content/plugins/ngsurvey/assets/vendor/markercluster/MarkerCluster.css/wp-content/plugins/ngsurvey/assets/vendor/markercluster/MarkerCluster.Default.css/wp-content/plugins/ngsurvey/assets/vendor/querybuilder/query-builder.default.css/wp-content/plugins/ngsurvey/assets/vendor/datatables/datatables.min.css+16 more
Version Parameters
?ver=1.2.2

HTML / DOM Fingerprints

CSS Classes
ngsurvey-adminngsurvey-admin-wrapper
Data Attributes
data-ngsurvey-id
JS Globals
NgSurveyAdmin
REST Endpoints
/wp-json/ngsurvey/
FAQ

Frequently Asked Questions about NgSurvey – Powerful, feature rich self-hosted surveys