WP-Safety

Apptivo Business Site Security & Risk Analysis

wordpress.org/plugins/apptivo-business-site

Create contact forms, newsletter signups, and customer testimonials, integrated with Apptivo.

30 active installs v5.4 PHP + WP 6.0+ Updated Jun 26, 2025
apptivocontact-formscrmjob-portaltestimonials
77
B · Generally Safe
CVEs total3
Unpatched1
Last CVEApr 2, 2025
Plugin page Download
Safety Verdict

Is Apptivo Business Site Safe to Use in 2026?

Mostly Safe

Score 77/100

Apptivo Business Site is generally safe to use. 3 past CVEs were resolved.

3 known CVEs 1 unpatched Last CVE: Apr 2, 2025Updated 10mo ago
Risk Assessment

The "apptivo-business-site" plugin version 5.4 exhibits a mixed security posture. On the positive side, it demonstrates strong adherence to secure coding practices regarding SQL queries and output escaping, with 100% of both using prepared statements and proper escaping, respectively. The plugin also incorporates a healthy number of nonce and capability checks. However, a significant concern arises from the presence of two AJAX handlers that lack authentication checks, creating a direct attack vector. Additionally, the taint analysis reveals that 11 out of 22 analyzed flows involve unsanitized paths, indicating a potential for vulnerabilities if these paths are exposed to user input without proper sanitization, even though no critical or high severity issues were identified in this analysis. The plugin's vulnerability history is also a major red flag, with three medium-severity CVEs, including one that remains unpatched. The types of historical vulnerabilities (Missing Authorization, CSRF, XSS) align with the identified risks in the code analysis, suggesting a pattern of insecure handling of user input and access control.

Key Concerns

  • Unprotected AJAX handlers
  • Flows with unsanitized paths
  • Unpatched CVEs
  • Medium severity CVE history
Vulnerabilities
3 published

Apptivo Business Site Security Vulnerabilities

CVEs by Year

1 CVE in 2022
2022
2 CVEs in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
3

3 total CVEs

CVE-2025-31909medium · 5.3Missing Authorization

Apptivo Business Site CRM <= 5.3 - Missing Authorization to Arbitrary Content Deletion

Apr 2, 2025 Patched in 5.4 (87d)
CVE-2024-13405medium · 4.3Cross-Site Request Forgery (CSRF)

Apptivo Business Site CRM <= 5.3 - Cross-Site Request Forgery to IP Address Block

Feb 18, 2025Unpatched
CVE-2022-44582medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Apptivo Business Site CRM <= 3.0.12 - Authenticated (Admin+) Stored Cross-Site Scripting

Nov 30, 2022 Patched in 3.0.14 (419d)
Version History

Apptivo Business Site Release Timeline

v5.4Current1 CVE
CVE-2024-13405
v5.32 CVEs
CVE-2025-31909 CVE-2024-13405
v5.22 CVEs
CVE-2025-31909 CVE-2024-13405
v5.12 CVEs
CVE-2025-31909 CVE-2024-13405
v5.02 CVEs
CVE-2025-31909 CVE-2024-13405
v4.0.32 CVEs
CVE-2025-31909 CVE-2024-13405
v4.0.12 CVEs
CVE-2025-31909 CVE-2024-13405
v4.0.02 CVEs
CVE-2025-31909 CVE-2024-13405
v3.0.152 CVEs
CVE-2025-31909 CVE-2024-13405
v3.0.142 CVEs
CVE-2025-31909 CVE-2024-13405
v3.0.133 CVEs
CVE-2022-44582 CVE-2025-31909 CVE-2024-13405
v2.0.143 CVEs
CVE-2022-44582 CVE-2025-31909 CVE-2024-13405
v2.0.133 CVEs
CVE-2022-44582 CVE-2025-31909 CVE-2024-13405
v2.0.123 CVEs
CVE-2022-44582 CVE-2025-31909 CVE-2024-13405
v2.0.113 CVEs
CVE-2022-44582 CVE-2025-31909 CVE-2024-13405
v2.0.93 CVEs
CVE-2022-44582 CVE-2025-31909 CVE-2024-13405
v2.0.83 CVEs
CVE-2022-44582 CVE-2025-31909 CVE-2024-13405
v2.0.73 CVEs
CVE-2022-44582 CVE-2025-31909 CVE-2024-13405
v2.0.63 CVEs
CVE-2022-44582 CVE-2025-31909 CVE-2024-13405
v2.0.03 CVEs
CVE-2022-44582 CVE-2025-31909 CVE-2024-13405
Code Analysis
Analyzed Mar 16, 2026

Apptivo Business Site Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
4
2378 escaped
Nonce Checks
9
Capability Checks
2
File Operations
4
External Requests
1
Bundled Libraries
0

Output Escaping

100% escaped2382 total outputs
Data Flows · Security
11 unsanitized

Data Flow Analysis

22 flows11 with unsanitized paths
<double-column-layout> (inc\cases\templates\double-column-layout.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Apptivo Business Site Attack Surface

Entry Points4
Unprotected2

AJAX Handlers 4

authwp_ajax_apptivo_business_contactusapptivo-businesssite-plugin.php:400
noprivwp_ajax_apptivo_business_contactusapptivo-businesssite-plugin.php:401
authwp_ajax_apptivo_business_newsletterapptivo-businesssite-plugin.php:413
noprivwp_ajax_apptivo_business_newsletterapptivo-businesssite-plugin.php:414
WordPress Hooks 32
actionadmin_enqueue_scriptsapptivo-businesssite-plugin.php:57
filtermce_buttonsapptivo-businesssite-plugin.php:68
filterwp_default_editorapptivo-businesssite-plugin.php:70
actionadmin_print_scriptsapptivo-businesssite-plugin.php:72
actionadmin_print_stylesapptivo-businesssite-plugin.php:73
actioninitapptivo-businesssite-plugin.php:90
filterwidget_textapptivo-businesssite-plugin.php:92
filtermce_external_pluginsapptivo-businesssite-plugin.php:106
filtermce_buttonsapptivo-businesssite-plugin.php:107
actionadmin_initapptivo-businesssite-plugin.php:203
actionadmin_enqueue_scriptsapptivo-businesssite-plugin.php:236
actionabsp_autopagesapptivo-businesssite-plugin.php:382
actionwp_footerapptivo-businesssite-plugin.php:384
actionwp_footerinc\cases\templates\double-column-layout.php:97
actionwp_footerinc\cases\templates\single-column-layout1.php:97
actionadmin_noticesinc\config.php:63
actionadmin_noticesinc\config.php:90
actionwp_footerinc\contact-forms\templates\double-column-layout1-us-phone.php:203
actionwp_enqueue_scriptsinc\contact-forms\templates\double-column-layout1-us-phone.php:207
actionwp_footerinc\contact-forms\templates\double-column-layout1.php:191
actionwp_enqueue_scriptsinc\contact-forms\templates\double-column-layout1.php:195
actionwp_footerinc\contact-forms\templates\single-column-layout1-placeholder.php:187
actionwp_enqueue_scriptsinc\contact-forms\templates\single-column-layout1-placeholder.php:191
actionwp_footerinc\contact-forms\templates\single-column-layout1-us-phone.php:180
actionwp_enqueue_scriptsinc\contact-forms\templates\single-column-layout1-us-phone.php:184
actionwp_footerinc\contact-forms\templates\single-column-layout1.php:189
actionwp_enqueue_scriptsinc\contact-forms\templates\single-column-layout1.php:193
actionwp_footerinc\contact-forms\templates\single-column-layout2-us-phone.php:181
actionwp_enqueue_scriptsinc\contact-forms\templates\single-column-layout2-us-phone.php:185
actionwp_footerinc\contact-forms\templates\single-column-layout2.php:180
actionwp_enqueue_scriptsinc\contact-forms\templates\single-column-layout2.php:184
actiontemplate_redirectinc\define.php:1881
Maintenance & Trust

Apptivo Business Site Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedJun 26, 2025
PHP min version
Downloads17K

Community Trust

Rating20/100
Number of ratings1
Active installs30
Alternatives

Apptivo Business Site Alternatives

Lead Sync – WPForms to Jetpack CRM

Lead Sync – WPForms to Jetpack CRM

sync-wpforms-jetcrm

A
100

Seamlessly sync WPForms submissions to Jetpack CRM. Automate lead capture with smart field mapping, retry logic, and per-form controls.

30 No CVEs
Juridic-OS Connector

Juridic-OS Connector

juridic-os-connector

A
92

El plugin oficial de Juridic-OS para integración de formularios de contacto con sistemas de gestión legal.

0 No CVEs
Flamingo

Flamingo

flamingo

A
100

A trustworthy message storage plugin for Contact Form 7.

800K 1 CVE
HubSpot All-In-One Marketing – Forms, Popups, Live Chat

HubSpot All-In-One Marketing – Forms, Popups, Live Chat

leadin

A
95

The CRM, Sales, and Marketing WordPress plugin to grow your business better. Capture and engage web visitors with free live chat, forms, CRM, email ma &hellip;

200K 3 CVEs
Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More

Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More

reviews-feed

A
99

No API key required. Display Yelp and Google reviews for any business in a clean, customizable feed on your site.

100K 2 CVEs
Developer Profile

Apptivo Business Site Developer Profile

Apptivo

3 plugins · 50 total installs

70
trust score
Avg Security Score
87/100
Avg Patch Time
253 days
View full developer profile
Detection Fingerprints

How We Detect Apptivo Business Site

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/apptivo-business-site/assets/css/apptivo-business.css/wp-content/plugins/apptivo-business-site/assets/js/apptivo-business-plugin.js/wp-content/plugins/apptivo-business-site/assets/js/editor_plugin.js
Script Paths
assets/js/editor_plugin.jsassets/js/apptivo-business-plugin.js
Version Parameters
apptivo-business-site/assets/css/apptivo-business.css?ver=apptivo-business-site/assets/js/apptivo-business-plugin.js?ver=

HTML / DOM Fingerprints

CSS Classes
apptivo-business-plugin-wrapapptivo-content
Data Attributes
data-apptivo-iddata-apptivo-type
JS Globals
AWP_PLUGIN_BASEURL
Shortcode Output
[apptivo_testimonials][apptivo_jobs][apptivo_contactform][apptivo_newsletter]
FAQ

Frequently Asked Questions about Apptivo Business Site