[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$flDWggImbFtCbpQJNrDG-JK4uaFy6NrVKNWZjq-OU1Dk":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":48,"crawl_stats":37,"alternatives":56,"analysis":57,"fingerprints":524},"cf7-dynamics-crm","WP Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms","1.1.9","CRM Perks","https:\u002F\u002Fprofiles.wordpress.org\u002Fcrmperks\u002F","\u003Cp>Contact Form 7 Dynamics CRM Plugin sends form submissions from \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcontact-form-7\u002F\" rel=\"ugc\">Contact Form 7\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwpforms-lite\u002F\" rel=\"ugc\">WPforms\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Felementor\u002F\" rel=\"ugc\">Elementor Forms\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fninja-forms\u002F\" rel=\"ugc\">Ninja Forms\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fformidable\u002F\" rel=\"ugc\">Formidable Forms\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcontact-form-entries\u002F\" rel=\"ugc\">Contact Form Entries\u003C\u002Fa> and many other popular contact form plugins to Dynamics CRM. Learn more at \u003Ca href=\"https:\u002F\u002Fwww.crmperks.com\u002Fplugins\u002Fcontact-form-plugins\u002Fcontact-form-dynamics-plugin\u002F?utm_source=wordpress&utm_medium=directory&utm_campaign=dynamics_readme\" rel=\"nofollow ugc\">crmperks.com\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>How to Setup\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Go to “Dynamics CRM Accounts” tab and add new account.\u003C\u002Fli>\n\u003Cli>Go to “Dynamics CRM Feeds” tab , create new feed.\u003C\u002Fli>\n\u003Cli>Map required Dynamics CRM fields to contact form 7 fields.\u003C\u002Fli>\n\u003Cli>Send your test entry to Dynamics CRM.\u003C\u002Fli>\n\u003Cli>Go to “Dynamics CRM Logs” tab and verify, if entry was sent to Dynamics CRM.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Dynamics CRM On-premises\u003C\u002Fh3>\n\u003Cp>Contact Form 7 Dynamics CRM add-on only supports Microsoft Dynamics CRM Online.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Connect Microsoft Dynamics CRM account\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Connect any contact form 7 to Dynamics CRM\u002FDynamics 365 account by safe and secure Oauth 2.0. Additionally, you can connect multiple Dynamics 365 crm accounts\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Map Microsoft Dynamics CRM fields\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>In a feed, select Dynamics CRM Object then Map any contact form 7 fields to Dynamics CRM\u002FDynamics 365 object(Contacts, Account, Lead, Order, Case) fields.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Filter contact form 7  submissions\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Send all or filter contact form 7 submissions sent to Dynamics CRM\u002FDynamics 365 based on user input. For example , only send that entry to Dynamics CRM which contains work email address.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Manually send entries to Dynamics CRM\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Send contact form 7 submissions to Dynamics CRM\u002FDynamics 365 when someone submit a form. You can manually send contact form submissions to Dynamics CRM.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Dynamics CRM logs\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>View a detailed log of each contact form 7 submission whether sent or not sent to Dynamics CRM\u002FDynamics 365 and easily resend contact form 7 submission to Dynamics CRM.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Send Data As Dynamics CRM object Notes\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Send one to many contact form 7 fields as Dynamics CRM\u002FDynamics 365 object(Contacts, Account, Lead, Order, Case) notes.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Create Or Update Contact in Dynamics CRM\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>If an entry(Contacts, Account, Lead, Order, Case) already exists in Dynamics CRM\u002FDynamics 365 , update it otherwise create a new entry in Dynamics CRM.\u003C\u002Fp>\n\u003Ch3>Why we built this plugin\u003C\u002Fh3>\n\u003Cp>Contact Form 7 and some other popular contact forms are good but you can not send contact form submissions to any crm including Dynamics CRM. You can send to any contact form(contact form 7) submissions to dynamics with this free plugin.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Premium Version Features.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin has a Premium version which comes with several additional benifits \u003Ca href=\"https:\u002F\u002Fwww.crmperks.com\u002Fplugins\u002Fcontact-form-plugins\u002Fcontact-form-dynamics-plugin\u002F?utm_source=wordpress&utm_medium=directory&utm_campaign=dynamics_readme\" rel=\"nofollow ugc\">Contact Form Dynamics CRM\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Custom fields particularly Phone Number fields of Dynamics CRM.\u003C\u002Fli>\n\u003Cli>Dynamics CRM Custom entities.\u003C\u002Fli>\n\u003Cli>Assign object(Account,Contact etc) created by one feed to other feed object(Lead, Case) in Dynamics CRM.\u003C\u002Fli>\n\u003Cli>Add a lead to Campaign in Dynamics CRM.\u003C\u002Fli>\n\u003Cli>Assign Owner to contact, account, lead, case or order.\u003C\u002Fli>\n\u003Cli>Google Analytics Parameters and Geolocation of a visitor who submitted the form.\u003C\u002Fli>\n\u003Cli>Lookup lead’s email using email lookup apis.\u003C\u002Fli>\n\u003Cli>Verify lead’s phone number and get detailed information about phone number using phone lookup apis.\u003C\u002Fli>\n\u003Cli>20+ premium addons\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fblockquote>\n\u003Ch3>Want to send data to other crms\u003C\u002Fh3>\n\u003Cp>We have Premium Extensions for 20+ CRMs.\u003Ca href=\"https:\u002F\u002Fwww.crmperks.com\u002Fplugin-category\u002Fcontact-form-plugins\u002F?utm_source=wordpress&utm_medium=directory&utm_campaign=dynamics_readme\" rel=\"nofollow ugc\">View All CRM Extensions\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Need Woocommerce Dynamics CRM Plugin ?\u003C\u002Fh3>\n\u003Cp>We have Dynamics crm add-on for Woocommerce. \u003Ca href=\"https:\u002F\u002Fwww.crmperks.com\u002Fplugins\u002Fwoocommerce-plugins\u002Fwoocommerce-dynamics-plugin\u002F?utm_source=wordpress&utm_medium=directory&utm_campaign=Dynamics_CRM_readme\" rel=\"nofollow ugc\">Woocommerce Dynamics CRM\u003C\u002Fa>\u003C\u002Fp>\n","Send Contact Form 7, WPForms, Elementor, Ninja Forms, CRM Perks Forms and many other contact form submissions to dynamics crm Online.",300,9564,98,19,"2025-12-15T15:55:00.000Z","6.9.4","3.8","5.3",[20,21,22,23],"contact-form-7-dynamics-crm","elementor-forms-dynamics-crm","ninja-forms-dynamics-crm","wpforms-dynamics-crm-integration","https:\u002F\u002Fwww.crmperks.com\u002Fplugins\u002Fcontact-form-plugins\u002Fcontact-form-dynamics-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcf7-dynamics-crm.1.1.9.zip",99,1,0,"2025-01-27 00:00:00","2026-03-15T15:16:48.613Z",[32],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":39,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":29,"updated_date":44,"references":45,"days_to_patch":47},"CVE-2025-24708","wp-dynamics-crm-for-contact-form-7-wpforms-elementor-formidable-and-ninja-forms-reflected-cross-site-scripting","WP Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms \u003C= 1.1.6 - Reflected Cross-Site Scripting","The WP Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",null,"\u003C=1.1.6","1.1.7","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-02-03 14:33:25",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fec9a771f-bd55-4b64-8bb8-a5f795a7ab5d?source=api-prod",8,{"slug":49,"display_name":7,"profile_url":8,"plugin_count":50,"total_installs":51,"avg_security_score":52,"avg_patch_time_days":53,"trust_score":54,"computed_at":55},"crmperks",32,104540,96,349,76,"2026-04-03T21:39:22.915Z",[],{"attackSurface":58,"codeSignals":219,"taintFlows":469,"riskAssessment":515,"analyzedAt":523},{"hooks":59,"ajaxHandlers":215,"restRoutes":216,"shortcodes":217,"cronEvents":218,"entryPointCount":28,"unprotectedCount":28},[60,66,71,75,79,83,88,92,96,100,104,107,111,116,120,124,128,132,136,141,144,147,150,154,158,162,165,169,173,177,181,185,189,192,195,198,203,207,210],{"type":61,"name":62,"callback":63,"file":64,"line":65},"action","plugins_loaded","setup_main","cf7-dynamics-crm.php",53,{"type":61,"name":67,"callback":68,"priority":69,"file":64,"line":70},"cfx_form_submitted","entry_created_crmperks",10,61,{"type":61,"name":72,"callback":73,"priority":69,"file":64,"line":74},"vxcf_entry_created","entry_created",62,{"type":61,"name":76,"callback":77,"priority":69,"file":64,"line":78},"vx_contact_created","entry_created_contacts",63,{"type":61,"name":80,"callback":81,"priority":69,"file":64,"line":82},"vx_callcenter_entry_created","entry_created_callcenter",64,{"type":84,"name":85,"callback":86,"priority":26,"file":64,"line":87},"filter","wpcf7_before_send_mail","create_entry_cf",66,{"type":61,"name":89,"callback":90,"priority":26,"file":64,"line":91},"frm_after_create_entry","create_entry_fd",68,{"type":61,"name":93,"callback":94,"priority":26,"file":64,"line":95},"ninja_forms_after_submission","create_entry_na",69,{"type":61,"name":97,"callback":98,"priority":26,"file":64,"line":99},"wpforms_process_entry_save","create_entry_wp",70,{"type":61,"name":101,"callback":102,"priority":26,"file":64,"line":103},"elementor_pro\u002Fforms\u002Fnew_record","create_entry_el",72,{"type":61,"name":105,"callback":105,"file":64,"line":106},"init",74,{"type":61,"name":108,"callback":109,"priority":69,"file":110,"line":69},"vx_cf_add_meta_box","add_meta_box","includes\\crmperks-cf.php",{"type":61,"name":112,"callback":113,"priority":69,"file":114,"line":115},"cfx_add_meta_box","add_meta_box_crmperks_form","includes\\plugin-pages.php",37,{"type":61,"name":117,"callback":118,"priority":69,"file":114,"line":119},"cfx_form_entry_updated","update_entry_crm_perks_forms",38,{"type":61,"name":121,"callback":122,"priority":69,"file":114,"line":123},"cfx_form_post_note_added","create_note_crm_perks_forms",39,{"type":61,"name":125,"callback":126,"priority":69,"file":114,"line":127},"cfx_form_pre_note_deleted","delete_note_crm_perks_forms",40,{"type":61,"name":129,"callback":130,"priority":69,"file":114,"line":131},"cfx_form_pre_trash_leads","trash_leads_crm_perks_forms",41,{"type":61,"name":133,"callback":134,"priority":69,"file":114,"line":135},"cfx_form_pre_restore_leads","restore_leads_crm_perks_forms",42,{"type":84,"name":137,"callback":138,"priority":139,"file":114,"line":140},"admin_menu","create_menu",31,45,{"type":84,"name":142,"callback":109,"priority":127,"file":114,"line":143},"vx_cf_meta_boxes_right",46,{"type":61,"name":145,"callback":145,"file":114,"line":146},"admin_notices",47,{"type":84,"name":148,"callback":148,"priority":69,"file":114,"line":149},"plugin_action_links",48,{"type":61,"name":151,"callback":152,"file":114,"line":153},"vxcf_entry_submit_btn","entry_checkbox",49,{"type":61,"name":155,"callback":156,"priority":69,"file":114,"line":157},"vx_cf7_post_note_added","create_note_e",51,{"type":61,"name":159,"callback":160,"priority":69,"file":114,"line":161},"vx_cf7_pre_note_deleted","delete_note_e",52,{"type":61,"name":163,"callback":164,"file":114,"line":65},"vx_cf7_pre_trash_leads","trash_leads_e",{"type":61,"name":166,"callback":167,"file":114,"line":168},"vx_cf7_pre_restore_leads","restore_leads_e",54,{"type":61,"name":170,"callback":171,"priority":69,"file":114,"line":172},"vx_cf7_entry_updated","update_entry_e",55,{"type":61,"name":174,"callback":175,"priority":69,"file":114,"line":176},"vx_contact_post_note_added","create_note_c",57,{"type":61,"name":178,"callback":179,"priority":69,"file":114,"line":180},"vx_contact_pre_note_deleted","delete_note_c",58,{"type":61,"name":182,"callback":183,"file":114,"line":184},"vx_contact_pre_trash_leads","trash_leads_c",59,{"type":61,"name":186,"callback":187,"file":114,"line":188},"vx_contact_pre_restore_leads","restore_leads_c",60,{"type":61,"name":190,"callback":191,"priority":69,"file":114,"line":70},"vx_contact_entry_updated","update_entry_c",{"type":84,"name":193,"callback":194,"priority":69,"file":114,"line":78},"vx_callcenter_entries_action","bulk_send_crm_callcenter",{"type":84,"name":196,"callback":197,"file":114,"line":82},"vx_callcenter_bulk_actions","add_bulk_send_crm_callcenter",{"type":84,"name":199,"callback":200,"priority":69,"file":201,"line":202},"plugin_row_meta","pro_link","wp\\crmperks-notices.php",17,{"type":84,"name":204,"callback":205,"priority":27,"file":201,"line":206},"admin_footer_text","admin_footer",25,{"type":61,"name":145,"callback":208,"file":201,"line":209},"install_forms_notice",27,{"type":84,"name":211,"callback":212,"priority":213,"file":201,"line":214},"plugins_api","forms_info",11,29,[],[],[],[],{"dangerousFunctions":220,"sqlUsage":221,"outputEscaping":243,"fileOperations":463,"externalRequests":463,"nonceChecks":202,"capabilityChecks":464,"bundledLibraries":465},[],{"prepared":206,"raw":47,"locations":222},[223,227,230,232,235,237,239,241],{"file":224,"line":225,"context":226},"includes\\data.php",292,"$wpdb->query() with variable interpolation",{"file":224,"line":228,"context":229},396,"$wpdb->get_results() with variable interpolation",{"file":224,"line":231,"context":229},488,{"file":224,"line":233,"context":234},517,"$wpdb->get_row() with variable interpolation",{"file":224,"line":236,"context":226},554,{"file":224,"line":238,"context":226},555,{"file":224,"line":240,"context":226},556,{"file":114,"line":242,"context":229},2048,{"escaped":244,"rawEcho":245,"locations":246},186,126,[247,251,253,255,257,259,261,262,264,266,269,270,271,273,275,278,280,282,284,287,289,291,293,295,297,299,301,303,305,306,307,309,311,313,315,318,319,321,322,324,325,327,329,331,333,335,337,339,341,343,345,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,364,366,368,370,372,374,376,377,379,381,383,385,387,389,391,393,395,397,399,401,403,406,407,409,411,413,416,417,419,421,422,424,425,426,427,429,431,433,435,436,437,438,439,441,443,445,447,448,450,451,452,453,454,455,456,457,458,459,461],{"file":248,"line":249,"context":250},"api\\api.php",680,"raw output",{"file":64,"line":252,"context":250},425,{"file":114,"line":254,"context":250},718,{"file":114,"line":256,"context":250},722,{"file":114,"line":258,"context":250},768,{"file":114,"line":260,"context":250},946,{"file":114,"line":260,"context":250},{"file":114,"line":263,"context":250},1288,{"file":114,"line":265,"context":250},1552,{"file":267,"line":268,"context":250},"templates\\accounts.php",92,{"file":267,"line":52,"context":250},{"file":267,"line":26,"context":250},{"file":267,"line":272,"context":250},103,{"file":267,"line":274,"context":250},108,{"file":276,"line":277,"context":250},"templates\\crm-entry-box.php",9,{"file":276,"line":279,"context":250},13,{"file":276,"line":281,"context":250},18,{"file":276,"line":283,"context":250},22,{"file":285,"line":286,"context":250},"templates\\feed-account.php",258,{"file":285,"line":288,"context":250},259,{"file":285,"line":290,"context":250},266,{"file":285,"line":292,"context":250},267,{"file":285,"line":294,"context":250},269,{"file":285,"line":296,"context":250},273,{"file":285,"line":298,"context":250},286,{"file":285,"line":300,"context":250},294,{"file":285,"line":302,"context":250},310,{"file":285,"line":304,"context":250},343,{"file":285,"line":304,"context":250},{"file":285,"line":304,"context":250},{"file":285,"line":308,"context":250},377,{"file":285,"line":310,"context":250},385,{"file":285,"line":312,"context":250},397,{"file":285,"line":314,"context":250},423,{"file":316,"line":317,"context":250},"templates\\feed-object.php",26,{"file":316,"line":317,"context":250},{"file":320,"line":209,"context":250},"templates\\feeds.php",{"file":320,"line":209,"context":250},{"file":320,"line":323,"context":250},35,{"file":320,"line":272,"context":250},{"file":320,"line":326,"context":250},104,{"file":320,"line":328,"context":250},105,{"file":320,"line":330,"context":250},106,{"file":320,"line":332,"context":250},109,{"file":320,"line":334,"context":250},120,{"file":320,"line":336,"context":250},121,{"file":320,"line":338,"context":250},122,{"file":320,"line":340,"context":250},131,{"file":320,"line":342,"context":250},138,{"file":320,"line":344,"context":250},152,{"file":346,"line":140,"context":250},"templates\\fields-mapping.php",{"file":346,"line":140,"context":250},{"file":346,"line":161,"context":250},{"file":346,"line":172,"context":250},{"file":346,"line":184,"context":250},{"file":346,"line":184,"context":250},{"file":346,"line":70,"context":250},{"file":346,"line":70,"context":250},{"file":346,"line":87,"context":250},{"file":346,"line":87,"context":250},{"file":346,"line":99,"context":250},{"file":346,"line":99,"context":250},{"file":346,"line":268,"context":250},{"file":346,"line":268,"context":250},{"file":346,"line":268,"context":250},{"file":346,"line":330,"context":250},{"file":346,"line":363,"context":250},107,{"file":346,"line":365,"context":250},112,{"file":346,"line":367,"context":250},140,{"file":346,"line":369,"context":250},141,{"file":346,"line":371,"context":250},142,{"file":346,"line":373,"context":250},144,{"file":346,"line":375,"context":250},156,{"file":346,"line":375,"context":250},{"file":346,"line":378,"context":250},172,{"file":346,"line":380,"context":250},175,{"file":346,"line":382,"context":250},210,{"file":346,"line":384,"context":250},224,{"file":346,"line":386,"context":250},305,{"file":346,"line":388,"context":250},316,{"file":346,"line":390,"context":250},322,{"file":346,"line":392,"context":250},367,{"file":346,"line":394,"context":250},376,{"file":346,"line":396,"context":250},434,{"file":346,"line":398,"context":250},444,{"file":346,"line":400,"context":250},469,{"file":346,"line":402,"context":250},502,{"file":404,"line":405,"context":250},"templates\\log.php",30,{"file":404,"line":103,"context":250},{"file":404,"line":408,"context":250},101,{"file":404,"line":410,"context":250},130,{"file":404,"line":412,"context":250},134,{"file":414,"line":415,"context":250},"templates\\logs.php",202,{"file":414,"line":382,"context":250},{"file":414,"line":418,"context":250},244,{"file":414,"line":420,"context":250},256,{"file":414,"line":292,"context":250},{"file":414,"line":423,"context":250},288,{"file":414,"line":302,"context":250},{"file":414,"line":302,"context":250},{"file":414,"line":390,"context":250},{"file":414,"line":428,"context":250},416,{"file":414,"line":430,"context":250},427,{"file":414,"line":432,"context":250},452,{"file":434,"line":139,"context":250},"templates\\setting.php",{"file":434,"line":123,"context":250},{"file":434,"line":123,"context":250},{"file":434,"line":123,"context":250},{"file":434,"line":153,"context":250},{"file":434,"line":440,"context":250},71,{"file":434,"line":442,"context":250},88,{"file":434,"line":444,"context":250},116,{"file":446,"line":153,"context":250},"templates\\settings-table.php",{"file":446,"line":153,"context":250},{"file":446,"line":449,"context":250},50,{"file":446,"line":449,"context":250},{"file":446,"line":449,"context":250},{"file":446,"line":157,"context":250},{"file":446,"line":161,"context":250},{"file":446,"line":180,"context":250},{"file":446,"line":74,"context":250},{"file":201,"line":74,"context":250},{"file":201,"line":74,"context":250},{"file":201,"line":74,"context":250},{"file":201,"line":460,"context":250},124,{"file":201,"line":462,"context":250},125,2,24,[466],{"name":467,"version":37,"knownCves":468},"Select2",[],[470,489,502],{"entryPoint":471,"graph":472,"unsanitizedCount":28,"severity":488},"setup_plugin (includes\\plugin-pages.php:552)",{"nodes":473,"edges":485},[474,479],{"id":475,"type":476,"label":477,"file":114,"line":478},"n0","source","$_REQUEST",578,{"id":480,"type":481,"label":482,"file":114,"line":483,"wp_function":484},"n1","sink","wp_redirect() [Open Redirect]",599,"wp_redirect",[486],{"from":475,"to":480,"sanitized":487},true,"low",{"entryPoint":490,"graph":491,"unsanitizedCount":28,"severity":488},"settings_page (includes\\plugin-pages.php:1560)",{"nodes":492,"edges":500},[493,496],{"id":475,"type":476,"label":494,"file":114,"line":495},"$_POST",1596,{"id":480,"type":481,"label":497,"file":114,"line":498,"wp_function":499},"update_option() [Settings Manipulation]",1599,"update_option",[501],{"from":475,"to":480,"sanitized":487},{"entryPoint":503,"graph":504,"unsanitizedCount":28,"severity":488},"\u003Cplugin-pages> (includes\\plugin-pages.php:0)",{"nodes":505,"edges":512},[506,507,508,510],{"id":475,"type":476,"label":477,"file":114,"line":478},{"id":480,"type":481,"label":482,"file":114,"line":483,"wp_function":484},{"id":509,"type":476,"label":494,"file":114,"line":495},"n2",{"id":511,"type":481,"label":497,"file":114,"line":498,"wp_function":499},"n3",[513,514],{"from":475,"to":480,"sanitized":487},{"from":509,"to":511,"sanitized":487},{"summary":516,"deductions":517},"The \"cf7-dynamics-crm\" plugin, version 1.1.9, exhibits a generally positive security posture based on the static analysis. The absence of entry points like AJAX handlers, REST API routes, and shortcodes significantly limits the potential attack surface. Furthermore, the plugin demonstrates good practices by utilizing prepared statements for a high percentage of its SQL queries and implementing a substantial number of nonce and capability checks. The taint analysis also shows no critical or high-severity unsanitized flows, which is a strong indicator of secure coding for data handling.\n\nHowever, there are some areas that warrant attention. The static analysis indicates that only 60% of output is properly escaped, leaving a potential for Cross-Site Scripting (XSS) vulnerabilities. While no critical or high severity issues were found in taint analysis, the historical vulnerability data shows one medium severity XSS vulnerability, last patched in early 2025. This suggests that while current code might be more robust, there's a pattern of past vulnerabilities related to output sanitization, reinforcing the concern around the 60% proper escaping rate.\n\nIn conclusion, the plugin has several strengths, particularly its limited attack surface and good data handling practices. The main areas of concern are the moderate rate of proper output escaping and the past occurrence of an XSS vulnerability. Continuous vigilance in output sanitization and prompt patching of any future vulnerabilities are crucial for maintaining a secure state. The absence of unpatched CVEs is a good sign, but the historical context should not be ignored.",[518,521],{"reason":519,"points":520},"60% of output properly escaped",7,{"reason":522,"points":69},"Past medium severity XSS vulnerability","2026-03-16T19:57:27.090Z",{"wat":525,"direct":543},{"assetPaths":526,"generatorPatterns":533,"scriptPaths":535,"versionParams":536},[527,528,529,530,531,532],"\u002Fwp-content\u002Fplugins\u002Fcf7-dynamics-crm\u002Fjs\u002Fmain.js","\u002Fwp-content\u002Fplugins\u002Fcf7-dynamics-crm\u002Fcss\u002Fmain.css","\u002Fwp-content\u002Fplugins\u002Fcf7-dynamics-crm\u002Fjs\u002Fadmin.js","\u002Fwp-content\u002Fplugins\u002Fcf7-dynamics-crm\u002Fcss\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Fcf7-dynamics-crm\u002Fjs\u002Fcf7-dynamics-crm.js","\u002Fwp-content\u002Fplugins\u002Fcf7-dynamics-crm\u002Fjs\u002Fselect2.js",[534],"WP Contact Form Dynamics CRM",[527,529,531,532],[537,538,539,540,541,542],"cf7-dynamics-crm\u002Fjs\u002Fmain.js?ver=","cf7-dynamics-crm\u002Fcss\u002Fmain.css?ver=","cf7-dynamics-crm\u002Fjs\u002Fadmin.js?ver=","cf7-dynamics-crm\u002Fcss\u002Fadmin.css?ver=","cf7-dynamics-crm\u002Fjs\u002Fcf7-dynamics-crm.js?ver=","cf7-dynamics-crm\u002Fjs\u002Fselect2.js?ver=",{"cssClasses":544,"htmlComments":550,"htmlAttributes":555,"restEndpoints":561,"jsGlobals":564,"shortcodeOutput":568},[545,546,547,548,549],"vxcf-dynamics-settings","crmperks-notice","crmperks-field","vxcf-dynamics-pro-notice","vxcf-dynamics-upgrade-notice",[551,552,553,554],"\u003C!-- CRM Perks -->","\u003C!-- contact form dynamics -->","\u003C!-- END CRM Perks -->","\u003C!-- vxcf-dynamics-notice -->",[556,557,558,559,560],"data-crmperks-plugin-version","data-plugin-slug","data-plugin-name","data-plugin-uri","data-plugin-author-uri",[562,563],"\u002Fwp-json\u002Fvxcf-dynamics\u002Fv1\u002Fsettings","\u002Fwp-json\u002Fvxcf-dynamics\u002Fv1\u002Fsave-settings",[565,566,567],"vxcf_dynamics","vxcf_dynamics_data","vxcf_dynamics_admin",[569,570],"[cf7_dynamics_settings]","[cf7_dynamics_test_connection]"]