[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f0TVC0x62WLu2uiWar1-2MleP0eqnVrFli3l7ZE7RwYo":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":78,"crawl_stats":38,"alternatives":86,"analysis":87,"fingerprints":617},"cf7-zendesk","WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms","1.1.6","CRM Perks","https:\u002F\u002Fprofiles.wordpress.org\u002Fcrmperks\u002F","\u003Cp>Contact Form 7 Zendesk Plugin sends form submissions from \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcontact-form-7\u002F\" rel=\"ugc\">Contact Form 7\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwpforms-lite\u002F\" rel=\"ugc\">WPforms\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Felementor\u002F\" rel=\"ugc\">Elementor Forms\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fninja-forms\u002F\" rel=\"ugc\">Ninja Forms\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fformidable\u002F\" rel=\"ugc\">Formidable Forms\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcontact-form-entries\u002F\" rel=\"ugc\">Contact Form Entries\u003C\u002Fa> and many other popular contact form plugins to zendesk when anyone submits a contact form. Learn more at \u003Ca href=\"https:\u002F\u002Fwww.crmperks.com\u002Fplugins\u002Fcontact-form-plugins\u002Fcontact-form-zendesk\u002F?utm_source=wordpress&utm_medium=directory&utm_campaign=zendesk_readme\" rel=\"nofollow ugc\">crmperks.com\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>How to Setup\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Go to “Zendesk Accounts” tab then add new account.\u003C\u002Fli>\n\u003Cli>Go to “Zendesk Feeds” tab then create new feed.\u003C\u002Fli>\n\u003Cli>Map required Zendesk fields to contact form fields.\u003C\u002Fli>\n\u003Cli>Send your test entry to Zendesk.\u003C\u002Fli>\n\u003Cli>Go to “Zendesk Logs” tab and verify, if entry was sent to Zendesk.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Connect Zendesk account\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Connect any contact form 7 to zendesk account by simply entering zendesk API key. Additionally , you can connect multiple zendesk accounts.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Map Zendesk ticket fields\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Map any contact form 7 form fields to zendsk ticket fields. Also you can map unlimited Zendesk ticket fields.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Filter contact form 7  submissions\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Filter contact form 7 submissions sent to zendesk based on user input. For example , sending only those entries to zendesk which contain work email address.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Manually send to Zendesk\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Send contact form 7 submissions to zendesk when someone submits a form. Later you can manually send contact form submissions to zendesk.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Zendesk logs\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>View a detailed log of each contact form 7 submission whether sent or not sent to Zendesk and easily resend contact form 7 submission to Zendesk.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Send Data As Zendesk ticket Notes\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Send one to many contact form 7 fields as zendesk ticket notes.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Zendesk Ticket Status and Priority\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Set zendesk ticket status and priority when posting contact form 7 submission to zendesk.\u003C\u002Fp>\n\u003Ch3>Why we built this plugin\u003C\u002Fh3>\n\u003Cp>Contact Form 7 and some other popular contact forms are good but you can not send contact form submissions to any crm including zendesk. You can send to any contact form(contact form 7) submissions to zendesk with this free plugin.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Premium Version Features.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Following features are available in pro version only. \u003Ca href=\"https:\u002F\u002Fwww.crmperks.com\u002Fplugins\u002Fcontact-form-plugins\u002Fcontact-form-zendesk\u002F?utm_source=wordpress&utm_medium=directory&utm_campaign=zendesk_readme\" rel=\"nofollow ugc\">Contact Form Zendesk Pro\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Zendesk tickets tags.\u003C\u002Fli>\n\u003Cli>Zendesk Custom field.\u003C\u002Fli>\n\u003Cli>Zendesk Phone Number field.\u003C\u002Fli>\n\u003Cli>Assign tickets to any user.\u003C\u002Fli>\n\u003Cli>Zendesk tickets attachments.\u003C\u002Fli>\n\u003Cli>Google Analytics Parameters and Geolocation of a visitor who submitted the form.\u003C\u002Fli>\n\u003Cli>Lookup lead’s email and phone number using email and phone lookup apis.\u003C\u002Fli>\n\u003Cli>20+ premium addons\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fblockquote>\n\u003Ch3>Want to send data to crm\u003C\u002Fh3>\n\u003Cp>We have Premium Extensions for 20+ CRMs.\u003Ca href=\"https:\u002F\u002Fwww.crmperks.com\u002Fplugin-category\u002Fcontact-form-plugins\u002F?utm_source=wordpress&utm_medium=directory&utm_campaign=zendesk_readme\" rel=\"nofollow ugc\">View All CRM Extensions\u003C\u002Fa>\u003C\u002Fp>\n","Send Contact Form 7, WPForms, Elementor, Ninja Forms, Contact Form Entries Plugin and many other contact form submissions to Zendesk.",500,13748,100,12,"2026-02-23T17:26:00.000Z","6.9.4","3.8","5.3",[20,21,22,23,24],"contact-form-7-zendesk","elementor-forms-zendesk","ninja-forms-zendesk","wpforms-zendesk","zendesk-form","https:\u002F\u002Fwww.crmperks.com\u002Fplugins\u002Fcontact-form-plugins\u002Fcontact-form-zendesk-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcf7-zendesk.1.1.6.zip",95,3,0,"2026-03-02 20:39:19","2026-03-15T15:16:48.613Z",[33,48,64],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":6,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":30,"updated_date":44,"references":45,"days_to_patch":47},"CVE-2026-2568","wp-zendesk-for-contact-form-7-wpforms-elementor-formidable-and-ninja-forms-unauthenticated-stored-cross-site-scripting","WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms \u003C= 1.1.5 - Unauthenticated Stored Cross-Site Scripting","The WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form submission data in all versions up to, and including, 1.1.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=1.1.5","high",7.2,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2026-03-03 09:24:12",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F27d26d1c-d027-4a22-af49-4d7684d36d40?source=api-prod",1,{"id":49,"url_slug":50,"title":51,"description":52,"plugin_slug":4,"theme_slug":38,"affected_versions":53,"patched_in_version":54,"severity":55,"cvss_score":56,"cvss_vector":57,"vuln_type":58,"published_date":59,"updated_date":60,"references":61,"days_to_patch":63},"CVE-2025-32269","wp-zendesk-for-contact-form-7-wpforms-elementor-formidable-and-ninja-forms-cross-site-request-forgery","WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms \u003C= 1.1.3 - Cross-Site Request Forgery","The WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.3. This is due to missing or incorrect nonce validation on the settings_page() function. This makes it possible for unauthenticated attackers to update plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","\u003C=1.1.3","1.1.4","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2025-04-04 00:00:00","2025-04-22 20:45:46",[62],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F9364c4a3-c43c-43b4-a3e3-14269ca2b928?source=api-prod",19,{"id":65,"url_slug":66,"title":67,"description":68,"plugin_slug":4,"theme_slug":38,"affected_versions":69,"patched_in_version":70,"severity":55,"cvss_score":71,"cvss_vector":72,"vuln_type":43,"published_date":73,"updated_date":74,"references":75,"days_to_patch":77},"WF-cc1e9778-2860-4e3c-a2e4-28f10d585fed-cf7-zendesk","crm-perks-various-plugins-various-versions-reflected-cross-site-scripting-25","CRM Perks - Various Plugins (Various Versions) - Reflected Cross-Site Scripting","Multiple CRM Perks plugins for WordPress are vulnerable to Reflected Cross-Site Scripting via the 'vx_debug' parameter in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","\u003C=1.0.7","1.0.8",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","2021-08-26 00:00:00","2024-01-22 19:56:02",[76],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fcc1e9778-2860-4e3c-a2e4-28f10d585fed?source=api-prod",880,{"slug":79,"display_name":7,"profile_url":8,"plugin_count":80,"total_installs":81,"avg_security_score":82,"avg_patch_time_days":83,"trust_score":84,"computed_at":85},"crmperks",32,104540,96,349,76,"2026-04-03T19:59:04.486Z",[],{"attackSurface":88,"codeSignals":248,"taintFlows":457,"riskAssessment":600,"analyzedAt":616},{"hooks":89,"ajaxHandlers":244,"restRoutes":245,"shortcodes":246,"cronEvents":247,"entryPointCount":29,"unprotectedCount":29},[90,96,101,105,108,111,117,120,124,128,132,135,139,144,147,151,155,159,163,167,170,173,176,180,184,188,192,196,199,203,207,211,215,219,223,227,232,236,239],{"type":91,"name":92,"callback":93,"file":94,"line":95},"action","plugins_loaded","setup_main","cf7-zendesk.php",58,{"type":91,"name":97,"callback":98,"priority":99,"file":94,"line":100},"cfx_form_submitted","entry_created_crmperks",10,93,{"type":91,"name":102,"callback":103,"priority":99,"file":94,"line":104},"vxcf_entry_created","entry_created",94,{"type":91,"name":106,"callback":107,"priority":99,"file":94,"line":27},"vx_contact_created","entry_created_contacts",{"type":91,"name":109,"callback":110,"priority":99,"file":94,"line":82},"vx_callcenter_entry_created","entry_created_callcenter",{"type":112,"name":113,"callback":114,"priority":115,"file":94,"line":116},"filter","wpcf7_before_send_mail","create_entry_cf",99,98,{"type":91,"name":118,"callback":119,"priority":115,"file":94,"line":13},"frm_after_create_entry","create_entry_fd",{"type":91,"name":121,"callback":122,"priority":115,"file":94,"line":123},"ninja_forms_after_submission","create_entry_na",101,{"type":91,"name":125,"callback":126,"priority":115,"file":94,"line":127},"wpforms_process_entry_save","create_entry_wp",102,{"type":91,"name":129,"callback":130,"priority":115,"file":94,"line":131},"elementor_pro\u002Fforms\u002Fnew_record","create_entry_el",104,{"type":91,"name":133,"callback":133,"file":94,"line":134},"init",108,{"type":91,"name":136,"callback":137,"priority":99,"file":138,"line":99},"vx_cf_add_meta_box","add_meta_box","includes\\crmperks-cf.php",{"type":91,"name":140,"callback":141,"priority":99,"file":142,"line":143},"cfx_add_meta_box","add_meta_box_crmperks_form","includes\\plugin-pages.php",31,{"type":91,"name":145,"callback":146,"priority":99,"file":142,"line":80},"cfx_form_entry_updated","update_entry_crm_perks_forms",{"type":91,"name":148,"callback":149,"priority":99,"file":142,"line":150},"cfx_form_post_note_added","create_note_crm_perks_forms",33,{"type":91,"name":152,"callback":153,"priority":99,"file":142,"line":154},"cfx_form_pre_note_deleted","delete_note_crm_perks_forms",34,{"type":91,"name":156,"callback":157,"priority":99,"file":142,"line":158},"cfx_form_pre_trash_leads","trash_leads_crm_perks_forms",35,{"type":91,"name":160,"callback":161,"priority":99,"file":142,"line":162},"cfx_form_pre_restore_leads","restore_leads_crm_perks_forms",36,{"type":112,"name":164,"callback":165,"priority":95,"file":142,"line":166},"admin_menu","create_menu",48,{"type":112,"name":168,"callback":137,"priority":99,"file":142,"line":169},"vx_cf_meta_boxes_right",49,{"type":91,"name":171,"callback":171,"file":142,"line":172},"admin_notices",50,{"type":112,"name":174,"callback":174,"priority":99,"file":142,"line":175},"plugin_action_links",51,{"type":91,"name":177,"callback":178,"file":142,"line":179},"vxcf_entry_submit_btn","entry_checkbox",52,{"type":91,"name":181,"callback":182,"priority":99,"file":142,"line":183},"vx_cf7_post_note_added","create_note_e",54,{"type":91,"name":185,"callback":186,"priority":99,"file":142,"line":187},"vx_cf7_pre_note_deleted","delete_note_e",55,{"type":91,"name":189,"callback":190,"file":142,"line":191},"vx_cf7_pre_trash_leads","trash_leads_e",56,{"type":91,"name":193,"callback":194,"file":142,"line":195},"vx_cf7_pre_restore_leads","restore_leads_e",57,{"type":91,"name":197,"callback":198,"priority":99,"file":142,"line":95},"vx_cf7_entry_updated","update_entry_e",{"type":91,"name":200,"callback":201,"priority":99,"file":142,"line":202},"vx_contact_post_note_added","create_note_c",60,{"type":91,"name":204,"callback":205,"priority":99,"file":142,"line":206},"vx_contact_pre_note_deleted","delete_note_c",61,{"type":91,"name":208,"callback":209,"file":142,"line":210},"vx_contact_pre_trash_leads","trash_leads_c",62,{"type":91,"name":212,"callback":213,"file":142,"line":214},"vx_contact_pre_restore_leads","restore_leads_c",63,{"type":91,"name":216,"callback":217,"priority":99,"file":142,"line":218},"vx_contact_entry_updated","update_entry_c",64,{"type":112,"name":220,"callback":221,"priority":99,"file":142,"line":222},"vx_callcenter_entries_action","bulk_send_crm_callcenter",66,{"type":112,"name":224,"callback":225,"file":142,"line":226},"vx_callcenter_bulk_actions","add_bulk_send_crm_callcenter",67,{"type":112,"name":228,"callback":229,"priority":99,"file":230,"line":231},"plugin_row_meta","pro_link","wp\\crmperks-notices.php",16,{"type":112,"name":233,"callback":234,"priority":47,"file":230,"line":235},"admin_footer_text","admin_footer",24,{"type":91,"name":171,"callback":237,"file":230,"line":238},"install_forms_notice",26,{"type":112,"name":240,"callback":241,"priority":242,"file":230,"line":243},"plugins_api","forms_info",11,28,[],[],[],[],{"dangerousFunctions":249,"sqlUsage":250,"outputEscaping":274,"fileOperations":450,"externalRequests":450,"nonceChecks":451,"capabilityChecks":452,"bundledLibraries":453},[],{"prepared":251,"raw":252,"locations":253},25,8,[254,258,261,263,266,268,270,272],{"file":255,"line":256,"context":257},"includes\\data.php",292,"$wpdb->query() with variable interpolation",{"file":255,"line":259,"context":260},389,"$wpdb->get_results() with variable interpolation",{"file":255,"line":262,"context":260},481,{"file":255,"line":264,"context":265},510,"$wpdb->get_row() with variable interpolation",{"file":255,"line":267,"context":257},547,{"file":255,"line":269,"context":257},548,{"file":255,"line":271,"context":257},549,{"file":142,"line":273,"context":260},1915,{"escaped":275,"rawEcho":276,"locations":277},305,97,[278,282,284,286,288,290,292,294,295,297,299,302,303,304,306,307,310,312,314,317,319,321,323,325,327,329,331,334,335,336,337,338,339,340,341,343,345,347,349,351,353,356,357,358,359,360,361,362,364,365,366,367,369,370,372,374,375,377,379,381,383,385,387,389,391,393,395,397,399,401,403,405,407,409,411,413,415,418,420,422,424,426,428,430,431,432,434,436,438,440,442,443,444,445,446,447,449],{"file":279,"line":280,"context":281},"api\\api.php",445,"raw output",{"file":94,"line":283,"context":281},485,{"file":94,"line":285,"context":281},490,{"file":94,"line":287,"context":281},511,{"file":142,"line":289,"context":281},641,{"file":142,"line":291,"context":281},691,{"file":142,"line":293,"context":281},876,{"file":142,"line":293,"context":281},{"file":142,"line":296,"context":281},1200,{"file":142,"line":298,"context":281},1466,{"file":300,"line":301,"context":281},"templates\\accounts.php",92,{"file":300,"line":82,"context":281},{"file":300,"line":115,"context":281},{"file":300,"line":305,"context":281},103,{"file":300,"line":134,"context":281},{"file":308,"line":309,"context":281},"templates\\crm-entry-box.php",9,{"file":308,"line":311,"context":281},18,{"file":308,"line":313,"context":281},22,{"file":315,"line":316,"context":281},"templates\\feed-account.php",252,{"file":315,"line":318,"context":281},260,{"file":315,"line":320,"context":281},261,{"file":315,"line":322,"context":281},280,{"file":315,"line":324,"context":281},337,{"file":315,"line":326,"context":281},379,{"file":315,"line":328,"context":281},411,{"file":330,"line":238,"context":281},"templates\\feed-object.php",{"file":332,"line":333,"context":281},"templates\\feeds.php",27,{"file":332,"line":333,"context":281},{"file":332,"line":158,"context":281},{"file":332,"line":276,"context":281},{"file":332,"line":116,"context":281},{"file":332,"line":115,"context":281},{"file":332,"line":13,"context":281},{"file":332,"line":305,"context":281},{"file":332,"line":342,"context":281},114,{"file":332,"line":344,"context":281},115,{"file":332,"line":346,"context":281},116,{"file":332,"line":348,"context":281},125,{"file":332,"line":350,"context":281},132,{"file":332,"line":352,"context":281},146,{"file":354,"line":355,"context":281},"templates\\fields-mapping.php",46,{"file":354,"line":202,"context":281},{"file":354,"line":202,"context":281},{"file":354,"line":210,"context":281},{"file":354,"line":210,"context":281},{"file":354,"line":226,"context":281},{"file":354,"line":226,"context":281},{"file":354,"line":363,"context":281},72,{"file":354,"line":363,"context":281},{"file":354,"line":104,"context":281},{"file":354,"line":134,"context":281},{"file":354,"line":368,"context":281},110,{"file":354,"line":346,"context":281},{"file":354,"line":371,"context":281},144,{"file":354,"line":373,"context":281},145,{"file":354,"line":352,"context":281},{"file":354,"line":376,"context":281},147,{"file":354,"line":378,"context":281},179,{"file":354,"line":380,"context":281},184,{"file":354,"line":382,"context":281},227,{"file":354,"line":384,"context":281},241,{"file":354,"line":386,"context":281},322,{"file":354,"line":388,"context":281},333,{"file":354,"line":390,"context":281},339,{"file":354,"line":392,"context":281},384,{"file":354,"line":394,"context":281},468,{"file":354,"line":396,"context":281},478,{"file":354,"line":398,"context":281},553,{"file":354,"line":400,"context":281},586,{"file":354,"line":402,"context":281},619,{"file":354,"line":404,"context":281},631,{"file":354,"line":406,"context":281},655,{"file":354,"line":408,"context":281},667,{"file":354,"line":410,"context":281},678,{"file":354,"line":412,"context":281},690,{"file":414,"line":123,"context":281},"templates\\log.php",{"file":416,"line":417,"context":281},"templates\\logs.php",197,{"file":416,"line":419,"context":281},205,{"file":416,"line":421,"context":281},231,{"file":416,"line":423,"context":281},239,{"file":416,"line":425,"context":281},251,{"file":416,"line":427,"context":281},262,{"file":416,"line":429,"context":281},287,{"file":416,"line":275,"context":281},{"file":416,"line":275,"context":281},{"file":416,"line":433,"context":281},419,{"file":416,"line":435,"context":281},422,{"file":416,"line":437,"context":281},463,{"file":416,"line":439,"context":281},469,{"file":441,"line":172,"context":281},"templates\\settings-table.php",{"file":441,"line":175,"context":281},{"file":441,"line":210,"context":281},{"file":230,"line":206,"context":281},{"file":230,"line":206,"context":281},{"file":230,"line":206,"context":281},{"file":230,"line":448,"context":281},124,{"file":230,"line":348,"context":281},2,17,23,[454],{"name":455,"version":38,"knownCves":456},"Select2",[],[458,477,489,513,530],{"entryPoint":459,"graph":460,"unsanitizedCount":29,"severity":476},"settings_page (includes\\plugin-pages.php:1474)",{"nodes":461,"edges":473},[462,467],{"id":463,"type":464,"label":465,"file":142,"line":466},"n0","source","$_POST",1512,{"id":468,"type":469,"label":470,"file":142,"line":471,"wp_function":472},"n1","sink","update_option() [Settings Manipulation]",1515,"update_option",[474],{"from":463,"to":468,"sanitized":475},true,"low",{"entryPoint":478,"graph":479,"unsanitizedCount":29,"severity":476},"\u003Ccrm-entry-box> (templates\\crm-entry-box.php:0)",{"nodes":480,"edges":487},[481,484],{"id":463,"type":464,"label":482,"file":308,"line":483},"$_REQUEST['vx_debug']",13,{"id":468,"type":469,"label":485,"file":308,"line":483,"wp_function":486},"echo() [XSS]","echo",[488],{"from":463,"to":468,"sanitized":475},{"entryPoint":490,"graph":491,"unsanitizedCount":29,"severity":476},"\u003Clogs> (templates\\logs.php:0)",{"nodes":492,"edges":509},[493,496,497,501,503,507],{"id":463,"type":464,"label":494,"file":416,"line":495},"$_REQUEST['entry_id']",224,{"id":468,"type":469,"label":485,"file":416,"line":495,"wp_function":486},{"id":498,"type":464,"label":499,"file":416,"line":500},"n2","$_REQUEST['start_date']",267,{"id":502,"type":469,"label":485,"file":416,"line":500,"wp_function":486},"n3",{"id":504,"type":464,"label":505,"file":416,"line":506},"n4","$_REQUEST['end_date']",268,{"id":508,"type":469,"label":485,"file":416,"line":506,"wp_function":486},"n5",[510,511,512],{"from":463,"to":468,"sanitized":475},{"from":498,"to":502,"sanitized":475},{"from":504,"to":508,"sanitized":475},{"entryPoint":514,"graph":515,"unsanitizedCount":47,"severity":40},"list_page (includes\\plugin-pages.php:954)",{"nodes":516,"edges":526},[517,519,522],{"id":463,"type":464,"label":465,"file":142,"line":518},970,{"id":468,"type":520,"label":521,"file":142,"line":518},"transform","→ delete_feed()",{"id":498,"type":469,"label":523,"file":255,"line":524,"wp_function":525},"query() [SQLi]",302,"query",[527,529],{"from":463,"to":468,"sanitized":528},false,{"from":468,"to":498,"sanitized":528},{"entryPoint":531,"graph":532,"unsanitizedCount":309,"severity":40},"\u003Cplugin-pages> (includes\\plugin-pages.php:0)",{"nodes":533,"edges":586},[534,535,536,537,538,539,541,544,549,553,556,558,562,565,569,572,575,577,580,583],{"id":463,"type":464,"label":465,"file":142,"line":466},{"id":468,"type":469,"label":470,"file":142,"line":471,"wp_function":472},{"id":498,"type":464,"label":465,"file":142,"line":518},{"id":502,"type":520,"label":521,"file":142,"line":518},{"id":504,"type":469,"label":523,"file":255,"line":524,"wp_function":525},{"id":508,"type":464,"label":465,"file":142,"line":540},1042,{"id":542,"type":520,"label":543,"file":142,"line":540},"n6","→ get_log_by_id()",{"id":545,"type":469,"label":546,"file":255,"line":547,"wp_function":548},"n7","get_row() [SQLi]",410,"get_row",{"id":550,"type":464,"label":551,"file":142,"line":552},"n8","$_POST (x4)",1062,{"id":554,"type":520,"label":555,"file":142,"line":552},"n9","→ screen_msg()",{"id":557,"type":469,"label":485,"file":94,"line":287,"wp_function":486},"n10",{"id":559,"type":464,"label":560,"file":142,"line":561},"n11","$_POST (x3)",1255,{"id":563,"type":520,"label":564,"file":142,"line":561},"n12","→ get_feed()",{"id":566,"type":469,"label":567,"file":255,"line":259,"wp_function":568},"n13","get_results() [SQLi]","get_results",{"id":570,"type":464,"label":465,"file":142,"line":571},"n14",1320,{"id":573,"type":520,"label":574,"file":142,"line":571},"n15","→ get_field_mapping()",{"id":576,"type":469,"label":485,"file":142,"line":296,"wp_function":486},"n16",{"id":578,"type":464,"label":465,"file":142,"line":579},"n17",1716,{"id":581,"type":520,"label":582,"file":142,"line":579},"n18","→ get_form_fields()",{"id":584,"type":469,"label":567,"file":94,"line":585,"wp_function":568},"n19",708,[587,588,589,590,591,592,593,594,595,596,597,598,599],{"from":463,"to":468,"sanitized":475},{"from":498,"to":502,"sanitized":528},{"from":502,"to":504,"sanitized":528},{"from":508,"to":542,"sanitized":528},{"from":542,"to":545,"sanitized":475},{"from":550,"to":554,"sanitized":528},{"from":554,"to":557,"sanitized":528},{"from":559,"to":563,"sanitized":528},{"from":563,"to":566,"sanitized":528},{"from":570,"to":573,"sanitized":528},{"from":573,"to":576,"sanitized":528},{"from":578,"to":581,"sanitized":528},{"from":581,"to":584,"sanitized":475},{"summary":601,"deductions":602},"The 'cf7-zendesk' plugin v1.1.6 exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices by implementing a significant number of nonce checks (17) and capability checks (23), suggesting an effort to secure its functionalities.  The absence of an exposed attack surface in terms of AJAX handlers, REST API routes, shortcodes, and cron events is also a strong positive indicator.  However, the presence of two flows with unsanitized paths in the taint analysis, classified as high severity, indicates potential vulnerabilities that could allow for unauthorized data manipulation or code execution if exploited.\n\nThe vulnerability history reveals a pattern of past issues, including Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF), which are common and potentially severe vulnerabilities. While there are currently no unpatched CVEs, the existence of three past CVEs, including one high-severity vulnerability, warrants attention. This history suggests a tendency for vulnerabilities to arise, particularly concerning input sanitization and authorization.  The last reported vulnerability in 2026 is concerning if this data is from the present; otherwise, it indicates a recent history of issues.\n\nIn conclusion, while the plugin has strengths in its limited attack surface and implementation of security checks, the high-severity taint flows and the history of XSS and CSRF vulnerabilities are significant concerns. Developers should prioritize addressing the identified unsanitized paths and maintaining vigilance regarding input validation to prevent future security incidents. The absence of directly exploitable entry points is a strength, but the underlying code quality, as indicated by taint analysis and historical CVEs, requires ongoing scrutiny.",[603,605,608,611,614],{"reason":604,"points":14},"High severity taint flows with unsanitized paths",{"reason":606,"points":607},"Past high severity vulnerability",15,{"reason":609,"points":610},"Past medium severity vulnerabilities",6,{"reason":612,"points":613},"Unescaped output identified",4,{"reason":615,"points":28},"External HTTP requests","2026-03-16T19:40:08.926Z",{"wat":618,"direct":637},{"assetPaths":619,"generatorPatterns":627,"scriptPaths":628,"versionParams":629},[620,621,622,623,624,625,626],"\u002Fwp-content\u002Fplugins\u002Fcf7-zendesk\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fcf7-zendesk\u002Fjs\u002Fmain.js","\u002Fwp-content\u002Fplugins\u002Fcf7-zendesk\u002Fcss\u002Fselect2.min.css","\u002Fwp-content\u002Fplugins\u002Fcf7-zendesk\u002Fjs\u002Fselect2.min.js","\u002Fwp-content\u002Fplugins\u002Fcf7-zendesk\u002Fjs\u002FintlTelInput.min.js","\u002Fwp-content\u002Fplugins\u002Fcf7-zendesk\u002Fcss\u002FintlTelInput.css","\u002Fwp-content\u002Fplugins\u002Fcf7-zendesk\u002Fjs\u002Fphone-number.js",[],[621,623,624,626],[630,631,632,633,634,635,636],"cf7-zendesk\u002Fcss\u002Fstyle.css?ver=","cf7-zendesk\u002Fjs\u002Fmain.js?ver=","cf7-zendesk\u002Fcss\u002Fselect2.min.css?ver=","cf7-zendesk\u002Fjs\u002Fselect2.min.js?ver=","cf7-zendesk\u002Fjs\u002FintlTelInput.min.js?ver=","cf7-zendesk\u002Fcss\u002FintlTelInput.css?ver=","cf7-zendesk\u002Fjs\u002Fphone-number.js?ver=",{"cssClasses":638,"htmlComments":640,"htmlAttributes":641,"restEndpoints":644,"jsGlobals":645,"shortcodeOutput":649},[639],"vxcf_form_fields",[],[642,643],"data-crm-id=\"vxcf_zendesk\"","data-crm-type=\"vxcf_zendesk\"",[],[646,647,648],"vxcf_zendesk_obj","vxcf_phone_number_obj","vxcf_select2_obj",[]]