[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f8K42YS8T4l7-v29pDzB-80w3l9J0Z3y24AZy3MXdA4w":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":105,"crawl_stats":38,"alternatives":113,"analysis":135,"fingerprints":611},"cf7-zoho","WP Zoho for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms – CRM, Bigin","1.3.3","CRM Perks","https:\u002F\u002Fprofiles.wordpress.org\u002Fcrmperks\u002F","\u003Cp>Contact Form 7 Zoho Plugin sends form submissions from \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcontact-form-7\u002F\" rel=\"ugc\">Contact Form 7\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwpforms-lite\u002F\" rel=\"ugc\">WPforms\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Felementor\u002F\" rel=\"ugc\">Elementor Forms\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fninja-forms\u002F\" rel=\"ugc\">Ninja Forms\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fformidable\u002F\" rel=\"ugc\">Formidable Forms\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcontact-form-entries\u002F\" rel=\"ugc\">Contact Forms Entries  Plugin\u003C\u002Fa> and many other popular contact form plugins to Zoho CRM and Bigin when someone submits a form. Learn more at \u003Ca href=\"https:\u002F\u002Fwww.crmperks.com\u002Fplugins\u002Fcontact-form-plugins\u002Fcontact-form-zoho-plugin\u002F?utm_source=wordpress&utm_medium=directory&utm_campaign=zoho_readme\" rel=\"nofollow ugc\">crmperks.com\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>How to Setup\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Go to “Zoho Accounts” tab and add new account.\u003C\u002Fli>\n\u003Cli>Go to “Zoho Feeds” tab , create new feed.\u003C\u002Fli>\n\u003Cli>Map required Zoho fields to contact form 7 fields.\u003C\u002Fli>\n\u003Cli>Send your test entry to Zoho CRM.\u003C\u002Fli>\n\u003Cli>Go to “Zoho Logs” tab and verify, if entry was sent to Zoho CRM.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Connect Zoho CRM account\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Connect any contact form 7 to Zoho account by simply entering zoho API key. Easily connect multiple Zoho account to wordpress.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Map Zoho CRM fields\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Map any contact form 7 fields to any Zoho object(Contacts, Account, Lead, Order, Case) fields. No limitation on number of fields.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Filter contact form 7  submissions\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Send all or filter contact form 7 submissions sent to Zoho CRM based on user input.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Manually send to Zoho CRM\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Send contact form 7 submissions to Zoho CRM on form submission. You can manually send contact form 7 submissions to Zoho CRM.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Zoho logs\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>View a detailed log of each contact form 7 submission sent (or not sent) to Zoho CRM and easily resend contact form 7 submission to Zoho CRM.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Send Data As Zoho object Notes\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Send one to many contact form 7 fields as Zoho object(Contacts, Account, Lead, Order, Case) notes.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Create Or Update Contact in Zoho (Premium feature)\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>If an entry(Contacts, Account, Lead, Order, Case) already exists in Zoho CRM, update it otherwise create a new entry in Zoho CRM.\u003C\u002Fp>\n\u003Ch3>Why we built this plugin\u003C\u002Fh3>\n\u003Cp>Contact Form 7 and some other popular contact forms are good but you can not send contact form 7 submissions to any crm including Zoho CRM. You can send to any contact form(contact form 7) submissions to zoho CRM with this free plugin.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Premium Version Features.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin has a Premium version which comes with several additional benifits \u003Ca href=\"https:\u002F\u002Fwww.crmperks.com\u002Fplugins\u002Fcontact-form-plugins\u002Fcontact-form-zoho-plugin\u002F?utm_source=wordpress&utm_medium=directory&utm_campaign=zoho_readme\" rel=\"nofollow ugc\">Contact Form Zoho\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Custom fields of Zoho CRM.\u003C\u002Fli>\n\u003Cli>Phone fields of all Zoho Objects.\u003C\u002Fli>\n\u003Cli>Custom modules of Zoho CRM.\u003C\u002Fli>\n\u003Cli>Set Lead Source and Status in Zoho CRM.\u003C\u002Fli>\n\u003Cli>Zoho CRM attachments and tags.\u003C\u002Fli>\n\u003Cli>Assign object(Contact,Account etc) to Zoho Task.\n\u003C\u002Fli>\n\u003Cli>Zoho Object Layouts and approval mode.\n\u003C\u002Fli>\n\u003Cli>Create\u002FUpdate an account in Zoho CRM and assign it to any object(Contact,lead etc).\n\u003C\u002Fli>\n\u003Cli>Assign object(Contact,lead etc) Owner in Zoho CRM.\n\u003Cp>Add as Campaign member in Zoho.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>Google Analytics Parameters and Geolocation of a visitor who submitted the form.\u003C\u002Fli>\n\u003Cli>Lookup lead’s email and Phone Number using email and phone lookup apis.\u003C\u002Fli>\n\u003Cli>20+ premium addons\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fblockquote>\n\u003Ch3>Need Zoho Plugin for Woocommerce ?\u003C\u002Fh3>\n\u003Cp>We have a Woocommerce connector for Zoho CRM, Books, Invoice, Inventory. \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwoo-zoho\u002F\" rel=\"ugc\">Woocommerce Zoho Integration\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Want to send data to other crm\u003C\u002Fh3>\n\u003Cp>We have Premium Extensions for 20+ CRMs.\u003Ca href=\"https:\u002F\u002Fwww.crmperks.com\u002Fplugin-category\u002Fcontact-form-plugins\u002F?utm_source=wordpress&utm_medium=directory&utm_campaign=zoho_readme\" rel=\"nofollow ugc\">View All CRM Extensions\u003C\u002Fa>\u003C\u002Fp>\n","Send Contact Form 7, WPforms, Elementor, Formidable, Ninja Forms and many other contact form submissions to zoho CRM and Bigin.",3000,89551,100,44,"2026-02-28T11:23:00.000Z","6.9.4","3.8","5.3",[20,21,22,23,24],"contact-form-7-zoho-crm","formidable-zoho-crm","ninja-forms-zoho-crm","wordpress-zoho-crm-plugin","wpforms-zoho","https:\u002F\u002Fwww.crmperks.com\u002Fplugins\u002Fcontact-form-plugins\u002Fcontact-form-zoho-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcf7-zoho.1.3.3.zip",90,5,0,"2025-06-16 00:00:00","2026-03-15T15:16:48.613Z",[33,49,65,80,94],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":48},"CVE-2025-49330","integration-for-contact-form-7-and-zoho-crm-bigin-unauthenticated-php-object-injection","Integration for Contact Form 7 and Zoho CRM, Bigin \u003C= 1.3.0 - Unauthenticated PHP Object Injection","The Integration for Contact Form 7 and Zoho CRM, Bigin plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.3.0 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.",null,"\u003C=1.3.0","1.3.1","critical",9.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Deserialization of Untrusted Data","2025-06-25 14:45:55",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F6f9152fe-0273-4af3-8dee-ecb96ec7479b?source=api-prod",10,{"id":50,"url_slug":51,"title":52,"description":53,"plugin_slug":4,"theme_slug":38,"affected_versions":54,"patched_in_version":55,"severity":56,"cvss_score":57,"cvss_vector":58,"vuln_type":59,"published_date":60,"updated_date":61,"references":62,"days_to_patch":64},"CVE-2023-2527","integration-for-contact-form-7-and-zoho-crm-bigin-authenticated-admin-sql-injection","Integration for Contact Form 7 and Zoho CRM, Bigin \u003C= 1.2.3 - Authenticated (Admin+) SQL Injection","The Integration for Contact Form 7 and Zoho CRM, Bigin plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in versions up to, and including, 1.2.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level access, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","\u003C=1.2.3","1.2.4","high",7.2,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:H\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","2023-05-22 00:00:00","2024-01-22 19:56:02",[63],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F0b4e6dae-f38c-4f5b-ae1d-cf998946c675?source=api-prod",246,{"id":66,"url_slug":67,"title":68,"description":69,"plugin_slug":4,"theme_slug":38,"affected_versions":70,"patched_in_version":71,"severity":72,"cvss_score":73,"cvss_vector":74,"vuln_type":75,"published_date":76,"updated_date":61,"references":77,"days_to_patch":79},"CVE-2023-25976","integration-for-contact-form-7-and-zoho-crm-bigin-cross-site-request-forgery-via-settingspage-function","Integration for Contact Form 7 and Zoho CRM, Bigin \u003C= 1.2.2 - Cross-Site Request Forgery via settings_page function","The Integration for Contact Form 7 and Zoho CRM, Bigin plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.2. This is due to missing or incorrect nonce validation on the 'settings_page' function. This makes it possible for unauthenticated attackers to modify plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","\u003C=1.2.2","1.2.3","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2023-02-22 00:00:00",[78],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F8bb330be-f12c-475c-97b6-745a1e6edb58?source=api-prod",335,{"id":81,"url_slug":82,"title":83,"description":84,"plugin_slug":4,"theme_slug":38,"affected_versions":85,"patched_in_version":86,"severity":72,"cvss_score":87,"cvss_vector":88,"vuln_type":89,"published_date":90,"updated_date":61,"references":91,"days_to_patch":93},"WF-cc1e9778-2860-4e3c-a2e4-28f10d585fed-cf7-zoho","crm-perks-various-plugins-various-versions-reflected-cross-site-scripting-21","CRM Perks - Various Plugins (Various Versions) - Reflected Cross-Site Scripting","Multiple CRM Perks plugins for WordPress are vulnerable to Reflected Cross-Site Scripting via the 'vx_debug' parameter in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","\u003C=1.1.8","1.1.9",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2021-08-26 00:00:00",[92],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fcc1e9778-2860-4e3c-a2e4-28f10d585fed?source=api-prod",880,{"id":95,"url_slug":96,"title":97,"description":98,"plugin_slug":4,"theme_slug":38,"affected_versions":99,"patched_in_version":100,"severity":72,"cvss_score":87,"cvss_vector":88,"vuln_type":89,"published_date":101,"updated_date":61,"references":102,"days_to_patch":104},"WF-c4a649b0-d5b2-4e4c-833c-01ecf12611a5-cf7-zoho","integration-for-contact-form-7-and-zoho-crm-bigin-cross-site-scripting","Integration for Contact Form 7 and Zoho CRM, Bigin \u003C= 1.1.7 - Cross-Site Scripting","The Integration for Contact Form 7 and Zoho CRM, Bigin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘start_date’ and ‘end_date’ parameters in versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","\u003C=1.1.7","1.1.8","2021-08-25 00:00:00",[103],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fc4a649b0-d5b2-4e4c-833c-01ecf12611a5?source=api-prod",881,{"slug":106,"display_name":7,"profile_url":8,"plugin_count":107,"total_installs":108,"avg_security_score":109,"avg_patch_time_days":110,"trust_score":111,"computed_at":112},"crmperks",32,104540,96,349,76,"2026-04-04T01:21:18.179Z",[114],{"slug":115,"name":116,"version":117,"author":118,"author_profile":119,"description":120,"short_description":121,"active_installs":122,"downloaded":123,"rating":13,"num_ratings":124,"last_updated":125,"tested_up_to":16,"requires_at_least":126,"requires_php":127,"tags":128,"homepage":133,"download_link":134,"security_score":13,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"integrate-any-form-with-zoho-crm","Integration for Zoho CRM and Zoho Bigin – Contact Form 7, WPForms, Elementor, Gravity Forms and More","1.0.15","Plugcrux","https:\u002F\u002Fprofiles.wordpress.org\u002Fplugcrux\u002F","\u003Cp>This plugin sends form submissions from Contact Form 7, WPForms, Elementor Forms, Gravity Forms, and Formidable Forms to Zoho CRM and Zoho Bigin.\u003C\u002Fp>\n\u003Cp>When a user submits a form, the plugin can create or update records—such as leads, contacts, or deals—in your Zoho CRM or Zoho Bigin account. This helps reduce manual data entry and keeps your CRM data consistent with your website forms.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Why Use This Plugin?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Stop copying form data manually into Zoho\u003C\u002Fli>\n\u003Cli>Instantly create Leads, Contacts, Deals, or Pipeline records from form submissions\u003C\u002Fli>\n\u003Cli>Works with the most popular WordPress form plugins\u003C\u002Fli>\n\u003Cli>Supports all major Zoho CRM modules and all Zoho Bigin modules including Pipelines\u003C\u002Fli>\n\u003Cli>No coding or API knowledge required\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Supported WordPress Form Plugins\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcontact-form-7\u002F\" rel=\"ugc\">Contact Form 7\u003C\u002Fa> — most popular free form plugin\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwpforms-lite\u002F\" rel=\"ugc\">WPForms\u003C\u002Fa> — beginner-friendly drag and drop forms\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Felementor\u002F\" rel=\"ugc\">Elementor Forms\u003C\u002Fa> — forms built inside Elementor page builder\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.gravityforms.com\u002F\" rel=\"nofollow ugc\">Gravity Forms\u003C\u002Fa> — advanced WordPress forms\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fformidable\u002F\" rel=\"ugc\">Formidable Forms\u003C\u002Fa> — powerful form builder with calculations\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Supported Zoho CRM Modules\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Send form data to any Zoho CRM module:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Leads — capture website leads directly into Zoho CRM\u003C\u002Fli>\n\u003Cli>Contacts — create or update contact records\u003C\u002Fli>\n\u003Cli>Accounts — sync company or organization data\u003C\u002Fli>\n\u003Cli>Deals\u002FPipelines — push deal information from forms\u003C\u002Fli>\n\u003Cli>Vendors, Campaigns, Price Books, Products\u003C\u002Fli>\n\u003Cli>Cases, Solutions\u003C\u002Fli>\n\u003Cli>Quotes, Sales Orders, Purchase Orders, Invoices\u003C\u002Fli>\n\u003Cli>Activities, Tasks, Events, Calls\u003C\u002Fli>\n\u003Cli>Projects, Notes, Attachments\u003C\u002Fli>\n\u003Cli>Custom Modules — sync data to any custom module you have created in Zoho CRM\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Supported Zoho Bigin Modules\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Send form data to any Zoho Bigin module:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Pipelines — create new pipeline records (deals) in Zoho Bigin directly from form submissions\u003C\u002Fli>\n\u003Cli>Contacts — add or update contact records in Bigin\u003C\u002Fli>\n\u003Cli>Companies — sync company data from forms\u003C\u002Fli>\n\u003Cli>Products — push product information\u003C\u002Fli>\n\u003Cli>Activities, Tasks, Events, Calls, Notes\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Zoho Bigin Pipelines:\u003C\u002Fstrong> If you use Zoho Bigin to manage your sales pipeline, this plugin lets you automatically add new pipeline entries whenever a form is submitted — perfect for lead capture forms, quote request forms, or any form that starts a sales process.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>How It Works\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Col>\n\u003Cli>A visitor submits a form on your WordPress site\u003C\u002Fli>\n\u003Cli>The plugin receives the submission instantly\u003C\u002Fli>\n\u003Cli>It maps each form field to the corresponding Zoho CRM or Bigin field\u003C\u002Fli>\n\u003Cli>It creates or updates the record in Zoho via the API\u003C\u002Fli>\n\u003Cli>The result is logged — success or failure — so you always know what happened\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cstrong>Key Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Real-time sync\u003C\u002Fstrong> — form submissions are sent to Zoho immediately\u003C\u002Fli>\n\u003Cli>\u003Cstrong>All major modules\u003C\u002Fstrong> — Leads, Contacts, Deals, Pipelines, and more\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Flexible field mapping\u003C\u002Fstrong> — map any form field to any Zoho field\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom values\u003C\u002Fstrong> — send fixed text or dynamic values to Zoho fields\u003C\u002Fli>\n\u003Cli>\u003Cstrong>System field mapping\u003C\u002Fstrong> — automatically send page URL, submission time, and more\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Duplicate handling\u003C\u002Fstrong> — choose to add, skip, or update existing records\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Primary key support\u003C\u002Fstrong> — match records by email, phone, or any unique field\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Conditional logic (filter criteria)\u003C\u002Fstrong> — only sync when specific conditions are met\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Picklist helper\u003C\u002Fstrong> — see allowed values for Zoho picklist fields and copy them with one click\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Notes field\u003C\u002Fstrong> — attach a note to every record created in Zoho\u003C\u002Fli>\n\u003Cli>\u003Cstrong>File attachments\u003C\u002Fstrong> — upload form file fields to Zoho record attachments\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Tag support\u003C\u002Fstrong> — add tags to Zoho records from form submissions\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Detailed logs\u003C\u002Fstrong> — view every submission with status, request data, and Zoho response\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Resync\u003C\u002Fstrong> — manually resync failed records from the Logs page\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Email notifications\u003C\u002Fstrong> — get notified when a record fails to sync\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multiple accounts\u003C\u002Fstrong> — connect more than one Zoho account\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enable or disable integrations\u003C\u002Fstrong> — pause any integration without deleting it\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Picklist Allowed Values Helper\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>When mapping a Zoho picklist field (such as Lead Source, Salutation, Status, or any dropdown field), an info icon appears next to the field. Click or hover to see all allowed values. Click any value to copy it — then paste it as a custom value in your field mapping. This prevents errors caused by sending values that Zoho does not accept.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Duplicate Record Handling\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Choose what happens when a matching record already exists in Zoho:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Add (ignore if exists)\u003C\u002Fstrong> — always create a new record\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Skip if exists\u003C\u002Fstrong> — do not create if a matching record is found (Pro)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Add or update\u003C\u002Fstrong> — create if new, update if exists (Pro)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Update only\u003C\u002Fstrong> — only update existing records, never create (Pro)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Filter Criteria (Conditional Logic)\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Control when form submissions are sent to Zoho. For example:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Only sync if the user selects “Yes” to a question\u003C\u002Fli>\n\u003Cli>Only send to Zoho if the form includes a valid email\u003C\u002Fli>\n\u003Cli>Filter by dropdown selection, checkbox value, or any field\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FZWZcZjgKJ-Q?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch3>Authentication\u003C\u002Fh3>\n\u003Cp>To connect your Zoho account:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Go to the \u003Cstrong>Accounts\u003C\u002Fstrong> page in the plugin.\u003C\u002Fli>\n\u003Cli>Click \u003Cstrong>Add Account\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>Enter an identifiable account name (for example, “Main Zoho CRM Account”).\u003C\u002Fli>\n\u003Cli>Select the appropriate data center (for example, \u003Ccode>zoho.com\u003C\u002Fcode>, \u003Ccode>zoho.eu\u003C\u002Fcode>, \u003Ccode>zoho.in\u003C\u002Fcode>).\u003C\u002Fli>\n\u003Cli>Click \u003Cstrong>Authenticate\u003C\u002Fstrong> to open the Zoho authorization page.\u003C\u002Fli>\n\u003Cli>Log in to Zoho and approve the requested permissions.\u003C\u002Fli>\n\u003Cli>After approval, you will be redirected back to WordPress and the account will appear on the Accounts page.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Add Integration\u003C\u002Fh3>\n\u003Cp>To create a new integration:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Go to the \u003Cstrong>Setup\u003C\u002Fstrong> page.\u003C\u002Fli>\n\u003Cli>Click \u003Cstrong>Add Integration\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>Enter an integration name (for example, “Contact Form 7 to Zoho Leads”).\u003C\u002Fli>\n\u003Cli>Select the form plugin (Contact Form 7, WPForms, Elementor, Gravity Forms, or Formidable).\u003C\u002Fli>\n\u003Cli>Choose the connected Zoho account.\u003C\u002Fli>\n\u003Cli>Select the Zoho module (for example, Leads, Contacts, Pipelines, Deals).\u003C\u002Fli>\n\u003Cli>Map your form fields to the corresponding Zoho fields.\u003C\u002Fli>\n\u003Cli>Optionally set a duplicate handling rule and primary key field.\u003C\u002Fli>\n\u003Cli>Optionally add filter criteria to control when records are created.\u003C\u002Fli>\n\u003Cli>Click \u003Cstrong>Save Mapping\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Logs\u003C\u002Fh3>\n\u003Cp>The plugin provides a Logs section to monitor every form submission:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>View all submissions with their status (SUCCESS or RECORD_FAILED)\u003C\u002Fli>\n\u003Cli>See the full request sent to Zoho and the response received\u003C\u002Fli>\n\u003Cli>Filter logs by integration, status, and date range\u003C\u002Fli>\n\u003Cli>Resync failed records individually or in bulk\u003C\u002Fli>\n\u003Cli>Delete log entries when no longer needed\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Settings\u003C\u002Fh3>\n\u003Cp>Global settings available on the Settings page:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Delete data on uninstall\u003C\u002Fstrong> — remove all plugin data when the plugin is deleted\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Error email notification\u003C\u002Fstrong> — receive an email when a record fails to sync\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Notification emails\u003C\u002Fstrong> — comma-separated list of email addresses for error alerts\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Email subject\u003C\u002Fstrong> — customize the subject line for error notification emails\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Deactivation alert\u003C\u002Fstrong> — send a notification email when the plugin is deactivated\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Privacy and Data Handling\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Form submission data is sent from your WordPress site to Zoho CRM or Zoho Bigin via their official API.\u003C\u002Fli>\n\u003Cli>The plugin does not send data to any third-party service other than the Zoho services you configure.\u003C\u002Fli>\n\u003Cli>All communication with Zoho uses HTTPS.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Free and Paid Features\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Free version includes:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Connect up to 2 Zoho accounts\u003C\u002Fli>\n\u003Cli>Connect up to 2 forms\u003C\u002Fli>\n\u003Cli>Standard field mapping (General Fields)\u003C\u002Fli>\n\u003Cli>Custom value support\u003C\u002Fli>\n\u003Cli>System field mapping (page URL, submission time, and more)\u003C\u002Fli>\n\u003Cli>Note field support\u003C\u002Fli>\n\u003Cli>Add record action (ignore duplicates)\u003C\u002Fli>\n\u003Cli>Error log view\u003C\u002Fli>\n\u003Cli>Email notifications for failed records\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Pro version adds:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Unlimited Zoho account connections\u003C\u002Fli>\n\u003Cli>Unlimited form integrations\u003C\u002Fli>\n\u003Cli>Premium field mapping (Lead Source, Country, State, Phone, Industry, and more)\u003C\u002Fli>\n\u003Cli>Custom field mapping (map to any custom field in Zoho CRM)\u003C\u002Fli>\n\u003Cli>Custom module support (sync to custom modules in Zoho CRM)\u003C\u002Fli>\n\u003Cli>Advanced duplicate handling (skip, add or update, update only)\u003C\u002Fli>\n\u003Cli>Advanced log management and bulk resync\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Upgrade now: https:\u002F\u002Fintegrazo.com\u002Fproducts\u002Fintegrate-any-form-with-zoho-crm\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>If you need help or want to request a feature:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>https:\u002F\u002Fintegrazo.com\u002Fpages\u002Fcontact\u003C\u002Fli>\n\u003Cli>https:\u002F\u002Fintegrazo.com\u002Fpages\u002Frequest-feature\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Website: https:\u002F\u002Fintegrazo.com\u002F\u003Cbr \u002F>\nEmail: support@integrazo.com\u003C\u002Fp>\n\u003Ch3>Additional Notes\u003C\u002Fh3>\n\u003Cp>This plugin supports WordPress multisite installations and has been tested for compatibility with recent WordPress versions. It works with both Zoho CRM free and paid plans, and with all Zoho Bigin plans.\u003C\u002Fp>\n","Connect Zoho CRM and Zoho Bigin. Create Leads, Contacts, Accounts, Deals, and Pipelines from any form submission.",50,1661,3,"2026-03-10T06:45:00.000Z","5.2","7.0",[129,130,24,131,132],"contact-form-7-zoho","gravity-forms-zoho","zoho-bigin","zoho-crm","https:\u002F\u002Fintegrazo.com\u002Fproducts\u002Fintegrate-any-form-with-zoho-crm","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fintegrate-any-form-with-zoho-crm.1.0.15.zip",{"attackSurface":136,"codeSignals":299,"taintFlows":516,"riskAssessment":596,"analyzedAt":610},{"hooks":137,"ajaxHandlers":295,"restRoutes":296,"shortcodes":297,"cronEvents":298,"entryPointCount":29,"unprotectedCount":29},[138,144,147,151,155,159,164,168,172,176,180,183,187,192,196,200,204,208,212,218,221,224,227,231,235,238,242,246,250,254,258,262,266,270,274,278,283,288,290],{"type":139,"name":140,"callback":141,"file":142,"line":143},"action","plugins_loaded","setup_main","cf7-zoho.php",59,{"type":139,"name":145,"callback":146,"priority":48,"file":142,"line":13},"cfx_form_submitted","entry_created_crmperks",{"type":139,"name":148,"callback":149,"priority":48,"file":142,"line":150},"vxcf_entry_created","entry_created",101,{"type":139,"name":152,"callback":153,"priority":48,"file":142,"line":154},"vx_contact_created","entry_created_contacts",102,{"type":139,"name":156,"callback":157,"priority":48,"file":142,"line":158},"vx_callcenter_entry_created","entry_created_callcenter",103,{"type":139,"name":160,"callback":161,"priority":162,"file":142,"line":163},"wpcf7_mail_sent","create_entry_cf",99,107,{"type":139,"name":165,"callback":166,"priority":162,"file":142,"line":167},"frm_after_create_entry","create_entry_fd",108,{"type":139,"name":169,"callback":170,"priority":162,"file":142,"line":171},"ninja_forms_after_submission","create_entry_na",109,{"type":139,"name":173,"callback":174,"priority":162,"file":142,"line":175},"wpforms_process_entry_save","create_entry_wp",110,{"type":139,"name":177,"callback":178,"priority":162,"file":142,"line":179},"elementor_pro\u002Fforms\u002Fnew_record","create_entry_el",112,{"type":139,"name":181,"callback":181,"file":142,"line":182},"init",116,{"type":139,"name":184,"callback":185,"priority":48,"file":186,"line":48},"vx_cf_add_meta_box","add_meta_box","includes\\crmperks-cf.php",{"type":139,"name":188,"callback":189,"priority":48,"file":190,"line":191},"cfx_add_meta_box","add_meta_box_crmperks_form","includes\\plugin-pages.php",35,{"type":139,"name":193,"callback":194,"priority":48,"file":190,"line":195},"cfx_form_entry_updated","update_entry_crm_perks_forms",36,{"type":139,"name":197,"callback":198,"priority":48,"file":190,"line":199},"cfx_form_post_note_added","create_note_crm_perks_forms",37,{"type":139,"name":201,"callback":202,"priority":48,"file":190,"line":203},"cfx_form_pre_note_deleted","delete_note_crm_perks_forms",38,{"type":139,"name":205,"callback":206,"priority":48,"file":190,"line":207},"cfx_form_pre_trash_leads","trash_leads_crm_perks_forms",39,{"type":139,"name":209,"callback":210,"priority":48,"file":190,"line":211},"cfx_form_pre_restore_leads","restore_leads_crm_perks_forms",40,{"type":213,"name":214,"callback":215,"priority":216,"file":190,"line":217},"filter","admin_menu","create_menu",31,52,{"type":213,"name":219,"callback":185,"priority":48,"file":190,"line":220},"vx_cf_meta_boxes_right",53,{"type":139,"name":222,"callback":222,"file":190,"line":223},"admin_notices",54,{"type":213,"name":225,"callback":225,"priority":48,"file":190,"line":226},"plugin_action_links",55,{"type":139,"name":228,"callback":229,"file":190,"line":230},"vxcf_entry_submit_btn","entry_checkbox",56,{"type":139,"name":232,"callback":233,"priority":48,"file":190,"line":234},"vx_cf7_post_note_added","create_note_e",58,{"type":139,"name":236,"callback":237,"priority":48,"file":190,"line":143},"vx_cf7_pre_note_deleted","delete_note_e",{"type":139,"name":239,"callback":240,"file":190,"line":241},"vx_cf7_pre_trash_leads","trash_leads_e",60,{"type":139,"name":243,"callback":244,"file":190,"line":245},"vx_cf7_pre_restore_leads","restore_leads_e",61,{"type":139,"name":247,"callback":248,"priority":48,"file":190,"line":249},"vx_cf7_entry_updated","update_entry_e",62,{"type":139,"name":251,"callback":252,"priority":48,"file":190,"line":253},"vx_contact_post_note_added","create_note_c",64,{"type":139,"name":255,"callback":256,"priority":48,"file":190,"line":257},"vx_contact_pre_note_deleted","delete_note_c",65,{"type":139,"name":259,"callback":260,"file":190,"line":261},"vx_contact_pre_trash_leads","trash_leads_c",66,{"type":139,"name":263,"callback":264,"file":190,"line":265},"vx_contact_pre_restore_leads","restore_leads_c",67,{"type":139,"name":267,"callback":268,"priority":48,"file":190,"line":269},"vx_contact_entry_updated","update_entry_c",68,{"type":213,"name":271,"callback":272,"priority":48,"file":190,"line":273},"vx_callcenter_entries_action","bulk_send_crm_callcenter",70,{"type":213,"name":275,"callback":276,"file":190,"line":277},"vx_callcenter_bulk_actions","add_bulk_send_crm_callcenter",71,{"type":213,"name":279,"callback":280,"priority":48,"file":281,"line":282},"plugin_row_meta","pro_link","wp\\crmperks-notices.php",16,{"type":213,"name":284,"callback":285,"priority":286,"file":281,"line":287},"admin_footer_text","admin_footer",1,30,{"type":139,"name":222,"callback":289,"file":281,"line":107},"install_forms_notice",{"type":213,"name":291,"callback":292,"priority":293,"file":281,"line":294},"plugins_api","forms_info",11,34,[],[],[],[],{"dangerousFunctions":300,"sqlUsage":305,"outputEscaping":328,"fileOperations":510,"externalRequests":510,"nonceChecks":352,"capabilityChecks":511,"bundledLibraries":512},[301],{"fn":302,"file":142,"line":303,"context":304},"unserialize",392,"$val=unserialize($val, array('allowed_classes' => false));",{"prepared":306,"raw":307,"locations":308},25,8,[309,313,315,317,320,322,324,326],{"file":310,"line":311,"context":312},"includes\\data.php",294,"$wpdb->query() with variable interpolation",{"file":310,"line":303,"context":314},"$wpdb->get_results() with variable interpolation",{"file":310,"line":316,"context":314},484,{"file":310,"line":318,"context":319},513,"$wpdb->get_row() with variable interpolation",{"file":310,"line":321,"context":312},550,{"file":310,"line":323,"context":312},551,{"file":310,"line":325,"context":312},552,{"file":190,"line":327,"context":314},1958,{"escaped":329,"rawEcho":154,"locations":330},332,[331,335,337,339,341,344,345,346,347,348,351,353,355,358,360,362,364,366,368,370,372,375,378,379,380,382,383,384,385,387,389,390,392,394,396,398,401,403,404,405,406,407,408,410,411,413,415,416,417,419,421,423,425,427,429,431,433,435,437,439,441,443,445,447,449,451,453,455,458,460,462,464,466,467,469,471,472,474,476,478,480,482,483,484,486,487,488,490,491,492,493,494,496,498,500,502,503,504,505,506,507,509],{"file":332,"line":333,"context":334},"api\\api.php",683,"raw output",{"file":190,"line":336,"context":334},684,{"file":190,"line":338,"context":334},734,{"file":190,"line":340,"context":334},1489,{"file":342,"line":343,"context":334},"templates\\accounts.php",92,{"file":342,"line":109,"context":334},{"file":342,"line":162,"context":334},{"file":342,"line":158,"context":334},{"file":342,"line":167,"context":334},{"file":349,"line":350,"context":334},"templates\\crm-entry-box.php",9,{"file":349,"line":352,"context":334},18,{"file":349,"line":354,"context":334},22,{"file":356,"line":357,"context":334},"templates\\feed-account.php",258,{"file":356,"line":359,"context":334},266,{"file":356,"line":361,"context":334},267,{"file":356,"line":363,"context":334},286,{"file":356,"line":365,"context":334},343,{"file":356,"line":367,"context":334},385,{"file":356,"line":369,"context":334},397,{"file":356,"line":371,"context":334},423,{"file":373,"line":374,"context":334},"templates\\feed-object.php",26,{"file":376,"line":377,"context":334},"templates\\feeds.php",27,{"file":376,"line":377,"context":334},{"file":376,"line":191,"context":334},{"file":376,"line":381,"context":334},98,{"file":376,"line":162,"context":334},{"file":376,"line":13,"context":334},{"file":376,"line":150,"context":334},{"file":376,"line":386,"context":334},104,{"file":376,"line":388,"context":334},115,{"file":376,"line":182,"context":334},{"file":376,"line":391,"context":334},117,{"file":376,"line":393,"context":334},126,{"file":376,"line":395,"context":334},133,{"file":376,"line":397,"context":334},147,{"file":399,"line":400,"context":334},"templates\\fields-mapping.php",43,{"file":399,"line":402,"context":334},57,{"file":399,"line":402,"context":334},{"file":399,"line":143,"context":334},{"file":399,"line":143,"context":334},{"file":399,"line":253,"context":334},{"file":399,"line":253,"context":334},{"file":399,"line":409,"context":334},69,{"file":399,"line":409,"context":334},{"file":399,"line":412,"context":334},91,{"file":399,"line":414,"context":334},105,{"file":399,"line":163,"context":334},{"file":399,"line":179,"context":334},{"file":399,"line":418,"context":334},141,{"file":399,"line":420,"context":334},142,{"file":399,"line":422,"context":334},143,{"file":399,"line":424,"context":334},144,{"file":399,"line":426,"context":334},174,{"file":399,"line":428,"context":334},178,{"file":399,"line":430,"context":334},224,{"file":399,"line":432,"context":334},238,{"file":399,"line":434,"context":334},319,{"file":399,"line":436,"context":334},330,{"file":399,"line":438,"context":334},336,{"file":399,"line":440,"context":334},381,{"file":399,"line":442,"context":334},447,{"file":399,"line":444,"context":334},457,{"file":399,"line":446,"context":334},498,{"file":399,"line":448,"context":334},533,{"file":399,"line":450,"context":334},534,{"file":399,"line":452,"context":334},537,{"file":454,"line":150,"context":334},"templates\\log.php",{"file":456,"line":457,"context":334},"templates\\logs.php",202,{"file":456,"line":459,"context":334},210,{"file":456,"line":461,"context":334},236,{"file":456,"line":463,"context":334},244,{"file":456,"line":465,"context":334},256,{"file":456,"line":361,"context":334},{"file":456,"line":468,"context":334},292,{"file":456,"line":470,"context":334},310,{"file":456,"line":470,"context":334},{"file":456,"line":473,"context":334},424,{"file":456,"line":475,"context":334},427,{"file":456,"line":477,"context":334},468,{"file":456,"line":479,"context":334},474,{"file":481,"line":191,"context":334},"templates\\setting.php",{"file":481,"line":230,"context":334},{"file":481,"line":27,"context":334},{"file":481,"line":485,"context":334},106,{"file":481,"line":485,"context":334},{"file":481,"line":485,"context":334},{"file":481,"line":489,"context":334},122,{"file":481,"line":395,"context":334},{"file":481,"line":418,"context":334},{"file":481,"line":422,"context":334},{"file":481,"line":397,"context":334},{"file":481,"line":495,"context":334},159,{"file":481,"line":497,"context":334},169,{"file":499,"line":122,"context":334},"templates\\settings-table.php",{"file":499,"line":501,"context":334},51,{"file":499,"line":249,"context":334},{"file":281,"line":253,"context":334},{"file":281,"line":150,"context":334},{"file":281,"line":150,"context":334},{"file":281,"line":150,"context":334},{"file":281,"line":508,"context":334},158,{"file":281,"line":495,"context":334},2,24,[513],{"name":514,"version":38,"knownCves":515},"Select2",[],[517,536,549,562,574],{"entryPoint":518,"graph":519,"unsanitizedCount":29,"severity":535},"setup_plugin (includes\\plugin-pages.php:499)",{"nodes":520,"edges":532},[521,526],{"id":522,"type":523,"label":524,"file":190,"line":525},"n0","source","$_REQUEST",511,{"id":527,"type":528,"label":529,"file":190,"line":530,"wp_function":531},"n1","sink","wp_redirect() [Open Redirect]",554,"wp_redirect",[533],{"from":522,"to":527,"sanitized":534},true,"low",{"entryPoint":537,"graph":538,"unsanitizedCount":29,"severity":535},"settings_page (includes\\plugin-pages.php:1497)",{"nodes":539,"edges":547},[540,543],{"id":522,"type":523,"label":541,"file":190,"line":542},"$_POST",1535,{"id":527,"type":528,"label":544,"file":190,"line":545,"wp_function":546},"update_option() [Settings Manipulation]",1538,"update_option",[548],{"from":522,"to":527,"sanitized":534},{"entryPoint":550,"graph":551,"unsanitizedCount":29,"severity":535},"\u003Cplugin-pages> (includes\\plugin-pages.php:0)",{"nodes":552,"edges":559},[553,554,555,557],{"id":522,"type":523,"label":524,"file":190,"line":525},{"id":527,"type":528,"label":529,"file":190,"line":530,"wp_function":531},{"id":556,"type":523,"label":541,"file":190,"line":542},"n2",{"id":558,"type":528,"label":544,"file":190,"line":545,"wp_function":546},"n3",[560,561],{"from":522,"to":527,"sanitized":534},{"from":556,"to":558,"sanitized":534},{"entryPoint":563,"graph":564,"unsanitizedCount":29,"severity":535},"\u003Ccrm-entry-box> (templates\\crm-entry-box.php:0)",{"nodes":565,"edges":572},[566,569],{"id":522,"type":523,"label":567,"file":349,"line":568},"$_REQUEST['vx_debug']",13,{"id":527,"type":528,"label":570,"file":349,"line":568,"wp_function":571},"echo() [XSS]","echo",[573],{"from":522,"to":527,"sanitized":534},{"entryPoint":575,"graph":576,"unsanitizedCount":29,"severity":535},"\u003Clogs> (templates\\logs.php:0)",{"nodes":577,"edges":592},[578,581,582,585,586,590],{"id":522,"type":523,"label":579,"file":456,"line":580},"$_REQUEST['entry_id']",229,{"id":527,"type":528,"label":570,"file":456,"line":580,"wp_function":571},{"id":556,"type":523,"label":583,"file":456,"line":584},"$_REQUEST['start_date']",272,{"id":558,"type":528,"label":570,"file":456,"line":584,"wp_function":571},{"id":587,"type":523,"label":588,"file":456,"line":589},"n4","$_REQUEST['end_date']",273,{"id":591,"type":528,"label":570,"file":456,"line":589,"wp_function":571},"n5",[593,594,595],{"from":522,"to":527,"sanitized":534},{"from":556,"to":558,"sanitized":534},{"from":587,"to":591,"sanitized":534},{"summary":597,"deductions":598},"The 'cf7-zoho' plugin version 1.3.3 presents a mixed security posture. While the static analysis indicates a very small attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events that lack authentication or permission checks, there are concerning signals within the code itself. The presence of the `unserialize` function, a known source of deserialization vulnerabilities, without explicit checks for untrusted input is a significant red flag. Although no critical or high severity taint flows were found, this function's usage could potentially be exploited if data intended for serialization is manipulated by an attacker.  Furthermore, while a majority of SQL queries use prepared statements and a good percentage of output is properly escaped, the remaining portions suggest potential for SQL injection and cross-site scripting vulnerabilities if not handled carefully in all cases.\n\nThe plugin's vulnerability history is a major concern, with five known CVEs recorded, including one critical, one high, and three medium. The types of past vulnerabilities (Deserialization of Untrusted Data, SQL Injection, CSRF, XSS) align with the types of weaknesses that could be introduced by the identified code signals. The fact that the last vulnerability was dated in the near future (2025-06-16) suggests a pattern of past security flaws, even if none are currently marked as unpatched. This history indicates a need for diligent review and patching of any future discovered vulnerabilities.\n\nIn conclusion, while the plugin has a small attack surface and shows some good practices like the use of prepared statements and nonces, the presence of `unserialize` and a history of serious vulnerabilities necessitate caution. The code signals and historical data suggest potential for significant security issues if not addressed proactively. Continued vigilance and code auditing are recommended.",[599,602,605,607],{"reason":600,"points":601},"Presence of dangerous function: unserialize",15,{"reason":603,"points":604},"Known CVEs: 5 total (1 critical, 1 high, 3 medium)",20,{"reason":606,"points":28},"SQL queries not using prepared statements (24%)",{"reason":608,"points":609},"Output escaping not properly handled (24%)",4,"2026-03-16T18:21:04.319Z",{"wat":612,"direct":629},{"assetPaths":613,"generatorPatterns":620,"scriptPaths":621,"versionParams":622},[614,615,616,617,618,619],"\u002Fwp-content\u002Fplugins\u002Fcf7-zoho\u002Fassets\u002Fcss\u002Fmain.css","\u002Fwp-content\u002Fplugins\u002Fcf7-zoho\u002Fassets\u002Fjs\u002Fmain.js","\u002Fwp-content\u002Fplugins\u002Fcf7-zoho\u002Fassets\u002Fjs\u002Fvendor\u002Fjquery.validate.min.js","\u002Fwp-content\u002Fplugins\u002Fcf7-zoho\u002Fassets\u002Fjs\u002Fvendor\u002Fsweetalert.min.js","\u002Fwp-content\u002Fplugins\u002Fcf7-zoho\u002Fadmin\u002Fassets\u002Fcss\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Fcf7-zoho\u002Fadmin\u002Fassets\u002Fjs\u002Fadmin.js",[],[615,616,617,619],[623,624,625,626,627,628],"cf7-zoho\u002Fassets\u002Fcss\u002Fmain.css?ver=","cf7-zoho\u002Fassets\u002Fjs\u002Fmain.js?ver=","cf7-zoho\u002Fassets\u002Fjs\u002Fvendor\u002Fjquery.validate.min.js?ver=","cf7-zoho\u002Fassets\u002Fjs\u002Fvendor\u002Fsweetalert.min.js?ver=","cf7-zoho\u002Fadmin\u002Fassets\u002Fcss\u002Fadmin.css?ver=","cf7-zoho\u002Fadmin\u002Fassets\u002Fjs\u002Fadmin.js?ver=",{"cssClasses":630,"htmlComments":632,"htmlAttributes":633,"restEndpoints":636,"jsGlobals":637,"shortcodeOutput":639},[631],"cf7-zoho-admin-wrap",[],[634,635],"data-crmperks-plugin-id","data-crmperks-slug",[],[638],"vxcf_zoho_data",[]]