Does Contractor Contact Form Website to Workflow Tool have any unpatched vulnerabilities?

No. All known vulnerabilities in Contractor Contact Form Website to Workflow Tool have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Contractor Contact Form Website to Workflow Tool compatible with WordPress 6.7.5?

According to WordPress.org data, Contractor Contact Form Website to Workflow Tool 4.5.0 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

What is Contractor Contact Form Website to Workflow Tool's security score?

Contractor Contact Form Website to Workflow Tool has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Contractor Contact Form Website to Workflow Tool Security & Risk Analysis

wordpress.org/plugins/contractor-contact-form-website-to-workflow-tool

This useful plugin is a website to workflow tool that allows contractors to drive leads directly from their own website form inquiries directly into t …

60 active installs v4.5.0 PHP + WP 3.0.1+ Updated Mar 19, 2025

customer-manager

A · Safe

CVEs total1

Unpatched0

Last CVESep 29, 2023

Plugin page Download

Safety Verdict

Is Contractor Contact Form Website to Workflow Tool Safe to Use in 2026?

Generally Safe

Score 92/100

Contractor Contact Form Website to Workflow Tool has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Sep 29, 2023Updated 1yr ago

Risk Assessment

The plugin "contractor-contact-form-website-to-workflow-tool" version 4.5.0 exhibits a generally good security posture with a strong emphasis on secure coding practices. The high percentage of prepared statements for SQL queries and the exceptional rate of output escaping (95%) are commendable. The limited attack surface, with no unprotected entry points, further bolsters its security.

However, there are areas for concern. The taint analysis reveals a high number of flows with unsanitized paths, specifically one classified as high severity. While the plugin has a history of a single medium-severity Cross-Site Scripting vulnerability, this new taint flow warrants careful investigation. The absence of capability checks on any entry points, while not directly exploitable due to the lack of unprotected entry points, represents a missed opportunity for robust access control.

Overall, the plugin is well-developed with good security hygiene. The primary risks stem from the identified unsanitized taint flows. The historical vulnerability, though patched and of medium severity, suggests that input sanitization should remain a focus. The lack of capability checks, while not an immediate critical flaw, is a weakness that could be exploited if the attack surface were to expand or authentication mechanisms were to fail.

Key Concerns

High severity unsanitized taint flow
Flows with unsanitized paths detected
No capability checks on entry points
History of medium severity XSS vulnerability

Vulnerabilities

Contractor Contact Form Website to Workflow Tool Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2023-44245medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Contractor Contact Form Website to Workflow Tool <= 4.0.0 - Reflected Cross-Site Scripting

Sep 29, 2023 Patched in 4.1.0 (116d)

Code Analysis

Analyzed Mar 16, 2026

Contractor Contact Form Website to Workflow Tool Code Analysis

Dangerous Functions

Raw SQL Queries

5 prepared

Unescaped Output

258 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2

SQL Query Safety

83% prepared6 total queries

Output Escaping

95% escaped272 total outputs

Data Flows

4 unsanitized

Data Flow Analysis

7 flows4 with unsanitized paths

show_form (class.customer.php:113)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Contractor Contact Form Website to Workflow Tool Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[jobprogress_customer_form_code] class.customer.php:26

WordPress Hooks 9

actionadmin_menuclass.customer.php:27

actionadmin_menuclass.form_settings.php:21

actionadmin_initclass.form_settings.php:22

actionadmin_enqueue_scriptsclass.jobprogress.php:20

actionwp_footerclass.jobprogress.php:21

actionadmin_menuclass.jobprogress.php:22

filtercron_schedulesclass.scheduler.php:19

actionjp_token_refresh_hookclass.scheduler.php:27

actionjb_customer_sync_hookclass.scheduler.php:28

Scheduled Events 2

jp_token_refresh_hook

jb_customer_sync_hook

Maintenance & Trust

Contractor Contact Form Website to Workflow Tool Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedMar 19, 2025

PHP min version

Downloads11K

Community Trust

Rating100/100

Number of ratings1

Active installs60

Alternatives

Contractor Contact Form Website to Workflow Tool Alternatives

Customer Manager for Woocommerce

customer-manager-for-woocommerce

It is a plugin which shows you a complete list of registered users with orders , guest users with orders and customers with zero orders.

40 No CVEs

Developer Profile

Contractor Contact Form Website to Workflow Tool Developer Profile

Leap LLC.

1 plugin · 60 total installs

trust score

Avg Security Score

92/100

Avg Patch Time

116 days

View full developer profile

Detection Fingerprints

How We Detect Contractor Contact Form Website to Workflow Tool

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/contractor-contact-form-website-to-workflow-tool/asset/css/style.css/wp-content/plugins/contractor-contact-form-website-to-workflow-tool/asset/js/scripts.js/wp-content/plugins/contractor-contact-form-website-to-workflow-tool/asset/js/jquery.validate.min.js/wp-content/plugins/contractor-contact-form-website-to-workflow-tool/asset/js/jquery.form.js

Script Paths

/wp-content/plugins/contractor-contact-form-website-to-workflow-tool/asset/js/scripts.js/wp-content/plugins/contractor-contact-form-website-to-workflow-tool/asset/js/jquery.validate.min.js/wp-content/plugins/contractor-contact-form-website-to-workflow-tool/asset/js/jquery.form.js

Version Parameters

contractor-contact-form-website-to-workflow-tool/asset/css/style.css?ver=contractor-contact-form-website-to-workflow-tool/asset/js/scripts.js?ver=contractor-contact-form-website-to-workflow-tool/asset/js/jquery.validate.min.js?ver=contractor-contact-form-website-to-workflow-tool/asset/js/jquery.form.js?ver=

HTML / DOM Fingerprints

CSS Classes

jp-contact-formjp-form-groupjp-form-controljp-btnjp-btn-primary

HTML Comments

Data Attributes

data-plugin-name="contractor-contact-form"data-plugin-version="4.5.0"

JS Globals

window.jpFormSettingsvar jp_submit_url

REST Endpoints

/wp-json/jp-contact-form/v1/submit

Shortcode Output

<form class="jp-contact-form" method="post"><div class="jp-form-group"><label for="jp-field-name">Name:</label><input type="text" id="jp-field-name" name="name" required>

FAQ