Does click5 CRM add-on to Ninja Forms have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is click5 CRM add-on to Ninja Forms compatible with WordPress 6.3.8?

According to WordPress.org data, click5 CRM add-on to Ninja Forms 1.0.1 has been tested up to WordPress 6.3.8. Check the plugin's changelog for the latest compatibility information.

Is click5 CRM add-on to Ninja Forms compatible with PHP 7.0+?

click5 CRM add-on to Ninja Forms requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is click5 CRM add-on to Ninja Forms updated?

click5 CRM add-on to Ninja Forms was last updated on Sep 28, 2023. Frequent updates are generally a positive security signal.

What is click5 CRM add-on to Ninja Forms's security score?

click5 CRM add-on to Ninja Forms has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

click5 CRM add-on to Ninja Forms Security & Risk Analysis

wordpress.org/plugins/click5-crm-add-on-to-ninja-forms

Seemingly integrate your Ninja forms with click5 CRM.

0 active installs v1.0.1 PHP 7.0+ WP 5.3+ Updated Sep 28, 2023

click5contactcontact-formcrmform

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is click5 CRM add-on to Ninja Forms Safe to Use in 2026?

Generally Safe

Score 85/100

click5 CRM add-on to Ninja Forms has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago

Risk Assessment

This plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices regarding SQL queries, exclusively using prepared statements, and a very high percentage of properly escaped output, minimizing risks of SQL injection and cross-site scripting (XSS) from output. The absence of dangerous functions, file operations, and known vulnerabilities in its history are also strong indicators of a generally well-developed plugin.

However, significant concerns arise from the identified attack surface. The plugin exposes 9 REST API routes with no permission callbacks, meaning any user, regardless of their role or authentication status, can potentially interact with these endpoints. This presents a substantial risk, as these endpoints could be leveraged for various attacks if they perform sensitive actions or expose private data. The complete lack of nonce checks on AJAX handlers, while there are no AJAX handlers in this specific version, still indicates a potential future oversight if AJAX functionality is added. The single external HTTP request also warrants careful scrutiny for potential vulnerabilities.

Overall, while the plugin's internal code quality regarding SQL and output escaping is commendable, the exposed REST API endpoints without proper authorization are a critical security weakness. The absence of historical vulnerabilities is a positive sign, but it cannot compensate for the current, exploitable attack surface. Users should be highly cautious with this plugin until the REST API endpoints are secured with appropriate permission checks.

Key Concerns

Unprotected REST API routes
External HTTP request
No nonce checks on AJAX handlers
Only one capability check

Vulnerabilities

None known

click5 CRM add-on to Ninja Forms Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

click5 CRM add-on to Ninja Forms Release Timeline

v1.0.1Current

v1.0.0

Code Analysis

Analyzed Apr 16, 2026

click5 CRM add-on to Ninja Forms Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

111 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

99% escaped112 total outputs

Attack Surface

9 unprotected

click5 CRM add-on to Ninja Forms Attack Surface

Entry Points9

Unprotected9

REST API Routes 9

POST/wp-json/click5_ninja_addon/API/update_option_AJAXapi.php:305

POST/wp-json/click5_ninja_addon/API/edit_const_option_AJAXapi.php:311

POST/wp-json/click5_ninja_addon/API/reset_options_AJAXapi.php:317

GET/wp-json/click5_ninja_addon/API/get_constants_AJAXapi.php:322

POST/wp-json/click5_ninja_addon/API/get_pagination_logsapi.php:328

POST/wp-json/click5_ninja_addon/API/reset_count_errorsapi.php:333

GET/wp-json/click5_ninja_addon/API/get_notificationsapi.php:338

POST/wp-json/click5_ninja_addon/API/post_notificationsapi.php:343

POST/wp-json/click5_ninja_addon/API/post_remove_notificationapi.php:348

WordPress Hooks 10

actionrest_api_initapi.php:304

filterauto_update_pluginninja-addon-by-click5.php:28

actionadmin_menuninja-addon-by-click5.php:32

actionadmin_initninja-addon-by-click5.php:41

filterplugin_row_metaninja-addon-by-click5.php:55

actionadmin_initninja-addon-by-click5.php:65

actionadmin_noticesninja-addon-by-click5.php:68

actionclick5_ninja_default_optionsninja-addon-by-click5.php:101

actionadmin_enqueue_scriptsninja-addon-by-click5.php:416

actionninja_forms_after_submissionninja-addon-by-click5.php:599

Maintenance & Trust

click5 CRM add-on to Ninja Forms Maintenance & Trust

Maintenance Signals

WordPress version tested6.3.8

Last updatedSep 28, 2023

PHP min version7.0

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

click5 CRM add-on to Ninja Forms Alternatives

click5 CRM add-on to Gravity Forms

gf-add-on-by-click5

Seemingly integrate your Gravity Forms forms with click5 CRM.

0 No CVEs

click5 CRM add-on to WPForms

wpf-add-on-by-click5

Seemingly integrate your WPForms forms with click5 CRM.

0 No CVEs

AFI – The Easiest Integration Plugin

advanced-form-integration

Connect any WordPress form or event to 200+ apps — no code. Send leads, orders, and signups to your CRM, email, or sheets in minutes.

10K 9 CVEs

Lenix Leads Collector

lenix-elementor-leads-addon

Leads Collector, Collects forms entries from Elementor,Cf7,WPForms and more with export to CSV.

10K 1 CVE

Contact Form to Any API

contact-form-to-any-api

Send Contact Form 7 submissions to any API, Webhook or CRM - quick setup, flexible payloads, endpoints and authentication.

9K 1 unpatched

Developer Profile

click5 CRM add-on to Ninja Forms Developer Profile

click5

8 plugins · 7K total installs

trust score

Avg Security Score

83/100

Avg Patch Time

375 days

View full developer profile

Detection Fingerprints

How We Detect click5 CRM add-on to Ninja Forms

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/click5-crm-add-on-to-ninja-forms/js/script.js/wp-content/plugins/click5-crm-add-on-to-ninja-forms/css/style.css

Script Paths

/wp-content/plugins/click5-crm-add-on-to-ninja-forms/js/script.js

Version Parameters

click5-crm-add-on-to-ninja-forms/js/script.js?ver=click5-crm-add-on-to-ninja-forms/css/style.css?ver=

HTML / DOM Fingerprints

CSS Classes

click5_ninja_headingclick5_ninja_wrapper_content_settingsclick5_ninja_addon_posting_url

HTML Comments

+2 more

Data Attributes

id="click5_ninja_addon_posting_url"id="verification_token"id="user_identificator"data-value

JS Globals

var click5_ninja_addon_posting_urlvar click5_ninja_authentication_tokenvar click5_ninja_addon_form_enable

FAQ