PLUGIN SECURITY
Is Cmb2 safe?
Known vulnerabilities, PHP compatibility and safer alternatives for the Cmb2 WordPress plugin — checked against WP Clinic's local security database.
Plugin details
- Slug:
cmb2 - Requires PHP: 7.4+
- Max supported PHP (analyzed): 8.4
Known vulnerabilities
- CMB2 [cmb2] < 2.11.0 [CVE-2024-1792, CMB2 <= 2.10.1 - Authenticated (Contributor+) PHP Object Injection, WordPress CMB2 Plugin <= 2.10.1 is vulnerable to PHP Object Injection]
Vulnerabilities are matched against the exact installed version when it's known. Always keep the plugin updated to the latest release.
Safer / more established alternatives
- WPForms – AI Form Builder for WordPress – Contact Forms, Payment Forms, Survey Form, Quiz & More — 5000000+ active installs
- Advanced Custom Fields (ACF®) — 2000000+ active installs — max PHP 8.4
- Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder — 700000+ active installs — max PHP <8.0
- Forminator Forms – Contact Form, Payment Form & Custom Form Builder — 600000+ active installs
- Ninja Forms – The Contact Form Builder That Grows With You — 600000+ active installs
Check your own WordPress site
Run a free passive scan now, or create a free account and install the WP Clinic plugin for a deep scan of your whole hosting account and AI-assisted repair.