WP-Safety

Project Cost Calculator Security & Risk Analysis

wordpress.org/plugins/project-cost-calculator

Best Project Cost Calculator For WordPress Agencies ★★★★★ WordPress project cost calculator is a free plugin that displays an estimate of what your p …

100 active installs v1.0.0 PHP 7.0+ WP 4.0+ Updated Jan 3, 2024
cost-calculatorcost-estimatorform-builderprice-calculatorquote-generator
63
C · Use Caution
CVEs total1
Unpatched1
Last CVEAug 11, 2025
Plugin page Download
Safety Verdict

Is Project Cost Calculator Safe to Use in 2026?

Use With Caution

Score 63/100

Project Cost Calculator has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Aug 11, 2025Updated 2yr ago
Risk Assessment

The "project-cost-calculator" plugin v1.0.0 exhibits a concerning security posture, primarily due to a significant number of unprotected entry points. With 12 out of 13 identified entry points lacking authentication checks, the plugin presents a broad attack surface. While the static analysis shows good practices in output escaping and limited use of dangerous functions, the absence of capability checks on AJAX handlers is a critical oversight. The presence of one unsanitized path in the taint analysis, although not rated as critical or high, warrants attention as it could potentially lead to unintended behavior or data exposure.

The vulnerability history, featuring a medium severity CVE from August 2025 marked as unpatched, reinforces the concerns about the plugin's security. The common vulnerability type of 'Missing Authorization' is directly reflected in the static analysis findings. The plugin's strength lies in its proper handling of SQL queries (43% prepared) and the high rate of output escaping (97%). However, the unpatched CVE and the multitude of unprotected AJAX endpoints severely undermine these strengths, suggesting a need for immediate remediation to address authorization flaws and the outstanding vulnerability.

Key Concerns

  • Unprotected AJAX handlers
  • Unpatched medium CVE
  • No capability checks on AJAX
  • Taint flow with unsanitized path
  • Bundled library (DataTables)
Vulnerabilities
1

Project Cost Calculator Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-52775medium · 4.3Missing Authorization

Project Cost Calculator <= 1.0.0 - Missing Authorization

Aug 11, 2025Unpatched
Code Analysis
Analyzed Mar 16, 2026

Project Cost Calculator Code Analysis

Dangerous Functions
0
Raw SQL Queries
4
3 prepared
Unescaped Output
20
698 escaped
Nonce Checks
1
Capability Checks
0
File Operations
0
External Requests
1
Bundled Libraries
1

Bundled Libraries

DataTables

SQL Query Safety

43% prepared7 total queries

Output Escaping

97% escaped718 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

3 flows1 with unsanitized paths
<class-project_rate_calculator-admin> (admin\class-project_rate_calculator-admin.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
12 unprotected

Project Cost Calculator Attack Surface

Entry Points13
Unprotected12

AJAX Handlers 12

authwp_ajax_pro_rate_cal_submit_calculatorincludes\class-project_rate_calculator.php:220
authwp_ajax_delete_rate_calculator_formincludes\class-project_rate_calculator.php:221
authwp_ajax_get_pro_rate_cal_form_module_settingsincludes\class-project_rate_calculator.php:222
authwp_ajax_submit_form_stateincludes\class-project_rate_calculator.php:223
authwp_ajax_pro_rate_cal_get_form_categoriesincludes\class-project_rate_calculator.php:224
authwp_ajax_submit_pro_rate_cal_field_catincludes\class-project_rate_calculator.php:228
authwp_ajax_submit_pro_rate_cal_custom_formincludes\class-project_rate_calculator.php:246
noprivwp_ajax_submit_pro_rate_cal_custom_formincludes\class-project_rate_calculator.php:247
noprivwp_ajax_pro_rate_cal_submit_quatationincludes\class-project_rate_calculator.php:249
authwp_ajax_pro_rate_cal_submit_quatationincludes\class-project_rate_calculator.php:250
noprivwp_ajax_pro_rate_cal_submit_quatation_to_userincludes\class-project_rate_calculator.php:251
authwp_ajax_pro_rate_cal_submit_quatation_to_userincludes\class-project_rate_calculator.php:252

Shortcodes 1

[rate-calculator-form] public\class-project_rate_calculator-public.php:59
WordPress Hooks 10
actioninitincludes\class-project_rate_calculator.php:79
actionplugins_loadedincludes\class-project_rate_calculator.php:204
actionadmin_enqueue_scriptsincludes\class-project_rate_calculator.php:218
actionadmin_enqueue_scriptsincludes\class-project_rate_calculator.php:219
filterget_pro_rate_cal_form_setting_fieldsincludes\class-project_rate_calculator.php:225
filtermce_buttonsincludes\class-project_rate_calculator.php:226
actionadmin_menuincludes\class-project_rate_calculator.php:229
actionwp_enqueue_scriptsincludes\class-project_rate_calculator.php:244
actionwp_enqueue_scriptsincludes\class-project_rate_calculator.php:245
actionpro_rate_cal_zapier_trigger_webhookincludes\class-project_rate_calculator.php:248
Maintenance & Trust

Project Cost Calculator Maintenance & Trust

Maintenance Signals

WordPress version tested6.4.8
Last updatedJan 3, 2024
PHP min version7.0
Downloads4K

Community Trust

Rating100/100
Number of ratings2
Active installs100
Alternatives

Project Cost Calculator Alternatives

Cost Calculator Builder

Cost Calculator Builder

cost-calculator-builder

B
82

WP Cost Calculator is a simple and powerful tool that lets you create price estimation forms. Easily give your clients information about your services &hellip;

30K 14 CVEs
Stylish Cost Calculator – Quote Generator, Lead Gen & Price Estimator

Stylish Cost Calculator – Quote Generator, Lead Gen & Price Estimator

stylish-cost-calculator

B
72

Cost calculator for WordPress: 🌟 Engage visitors and boost conversions with interactive calculations, lead capture, and payment integrations.

2K 1 unpatched
ConvertCalculator: Build Cost, Price, Quotation, ROI Interactive Calculators

ConvertCalculator: Build Cost, Price, Quotation, ROI Interactive Calculators

convertcalculator

A
99

Easily build calculators for your landing pages and web applications with Convert_'s intuitive calculator builder.

900 2 CVEs
PriceWise Calculator Pro – Extra Product Options for WooCommerce

PriceWise Calculator Pro – Extra Product Options for WooCommerce

pricewise-calculator-pro

A
100

A free WooCommerce price calculator plugin. Customers enter their measurements or quantities, and the price updates on the spot.

0 No CVEs
WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More

WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More

wpforms-lite

A
90

The best WordPress contact form plugin. Drag & Drop form builder to create beautiful contact forms, payment forms, & other custom forms.

6.0M 13 CVEs
Developer Profile

Project Cost Calculator Developer Profile

Ronik@UnlimitedWP

3 plugins · 2K total installs

64
trust score
Avg Security Score
79/100
Avg Patch Time
315 days
View full developer profile
Detection Fingerprints

How We Detect Project Cost Calculator

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

FAQ

Frequently Asked Questions about Project Cost Calculator