WP-Safety

CRM Connector Plus Security & Risk Analysis

wordpress.org/plugins/crm-connector-plus

WordPress to CRM/Helpdesk Integration.

0 active installs v0.1 PHP + WP 5.0+ Updated Feb 27, 2021
contact-form-7lead-captureleadswebform-to-leadwordpress-to-lead
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is CRM Connector Plus Safe to Use in 2026?

Generally Safe

Score 85/100

CRM Connector Plus has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago
Risk Assessment

The "crm-connector-plus" plugin v0.1 exhibits a significantly concerning security posture primarily due to its extensive unprotected attack surface. With 69 out of 70 entry points lacking authentication checks, and a complete absence of nonce and capability checks, the plugin is highly susceptible to unauthorized actions. The high number of flows with unsanitized paths, particularly the 17 identified as high severity in taint analysis, suggests potential for various injection-style vulnerabilities if these paths are accessible.

While the plugin demonstrates some good practices, such as a high percentage of SQL queries using prepared statements and a reasonable amount of output escaping, these strengths are heavily overshadowed by the critical security flaws in its entry point handling. The lack of any recorded vulnerability history is either a testament to the plugin's age or simply a lack of discovery, which cannot be relied upon as an indicator of current security. The presence of the "unserialize" dangerous function further compounds the risk, as it can lead to object injection vulnerabilities if controlled by an attacker.

In conclusion, "crm-connector-plus" v0.1 presents a high-risk profile. The overwhelming number of unprotected AJAX handlers and the identified high-severity taint flows create a fertile ground for exploitation. Until these critical authentication and sanitization issues are addressed, the plugin should be considered a significant security liability.

Key Concerns

  • 69 unprotected AJAX handlers
  • 0 nonce checks
  • 0 capability checks
  • 17 high severity taint flows
  • 10 dangerous functions (unserialize)
  • 55% output escaping
  • 30 flows with unsanitized paths
Vulnerabilities
None known

CRM Connector Plus Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

CRM Connector Plus Code Analysis

Dangerous Functions
10
Raw SQL Queries
42
158 prepared
Unescaped Output
123
152 escaped
Nonce Checks
0
Capability Checks
0
File Operations
2
External Requests
8
Bundled Libraries
0

Dangerous Functions Found

unserialize$crm_mapping = unserialize($form_details->crm_mapping);crm-connector-plus.php:159
unserialize$data_mapping = unserialize($form_details->data_mapping);crm-connector-plus.php:160
unserialize$crm_users = unserialize($form_details->crm_users);crm-connector-plus.php:171
unserialize$old_users = unserialize($form_details->old_users);crm-connector-plus.php:172
unserialize$get_field_value = unserialize($get_field_value);includes\DataBuckets.php:116
unserialize$get_field_value = unserialize($values);includes\DataBuckets.php:219
unserialize$get_field_value = unserialize($values);includes\DataBuckets.php:459
unserialize$get_caldera_config = unserialize($get_caldera_array);includes\MappingSection.php:282
unserialize$in_value = unserialize($value->option_value);includes\PluginTables.php:312
unserialize$in_value = unserialize($value->option_value);includes\PluginTables.php:374

SQL Query Safety

79% prepared200 total queries

Output Escaping

55% escaped275 total outputs
Data Flows
30 unsanitized

Data Flow Analysis

25 flows30 with unsanitized paths
defaultFormPRO (crm-connector-plus.php:209)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
69 unprotected

CRM Connector Plus Attack Surface

Entry Points70
Unprotected69

AJAX Handlers 69

authwp_ajax_wpulb_form_settingscontrollers\defaultformsync\FormOptions.php:44
authwp_ajax_wpulb_form_log_optionscontrollers\defaultformsync\FormOptions.php:45
authwp_ajax_wpulb_get_configured_form_settingscontrollers\defaultformsync\FormOptions.php:46
authwp_ajax_wpulb_install_pluginscontrollers\installplugins\InstallPlugins.php:42
authwp_ajax_wpulb_activate_addoncontrollers\installplugins\InstallPlugins.php:43
authwp_ajax_wpulb_addon_listincludes\Admin.php:115
authwp_ajax_wpulb_document_readyincludes\Admin.php:117
authwp_ajax_wpulb_active_addonsincludes\Admin.php:118
authwp_ajax_wpulb_save_configurationincludes\Admin.php:120
authwp_ajax_wpulb_save_help_configurationincludes\Admin.php:121
authwp_ajax_wpulb_zohoauthincludes\Admin.php:123
authwp_ajax_wpulb_salesauthincludes\Admin.php:124
authwp_ajax_wpulb_zohosupport_authincludes\Admin.php:125
authwp_ajax_wpulb_get_active_addons_for_configincludes\Admin.php:127
authwp_ajax_wpulb_get_active_help_addons_for_configincludes\Admin.php:128
authwp_ajax_wpulb_get_configured_crmincludes\Admin.php:130
authwp_ajax_wpulb_get_configured_helpdeskincludes\Admin.php:131
authwp_ajax_wpulb_list_filtersincludes\Admin.php:133
authwp_ajax_wpulb_filter_detailsincludes\Admin.php:134
authwp_ajax_wpulb_get_callback_urlincludes\Admin.php:136
authwp_ajax_wpulb_check_woocommerce_activeincludes\Admin.php:137
authwp_ajax_wpulb_get_user_details_checkoutincludes\Admin.php:139
authwp_ajax_wpulb_available_databucket_formsincludes\DataBucketMigration.php:44
authwp_ajax_wpulb_migrate_existing_formsincludes\DataBucketMigration.php:45
authwp_ajax_wpulb_get_configured_migrationincludes\DataBucketMigration.php:46
authwp_ajax_wpulb_get_submitted_form_listincludes\DataBuckets.php:48
authwp_ajax_wpulb_get_submitted_form_detailsincludes\DataBuckets.php:49
authwp_ajax_wpulb_get_submitted_form_list_1includes\DataBuckets.php:51
authwp_ajax_wpulb_get_submitted_form_list_2includes\DataBuckets.php:52
authwp_ajax_wpulb_display_listsincludes\DataBuckets.php:54
authwp_ajax_wpulb_create_new_listincludes\DataBuckets.php:55
authwp_ajax_wpulb_save_or_update_listincludes\DataBuckets.php:56
authwp_ajax_wpulb_edit_listincludes\DataBuckets.php:57
authwp_ajax_wpulb_delete_listincludes\DataBuckets.php:58
authwp_ajax_wpulb_display_viewincludes\DataBuckets.php:59
authwp_ajax_wpulb_buynow_clickincludes\LicenseManager.php:41
authwp_ajax_wpulb_license_tabincludes\LicenseManager.php:42
authwp_ajax_wpulb_send_licensekeyincludes\LicenseManager.php:43
authwp_ajax_wpulb_verify_licenseincludes\LicenseManager.php:44
authwp_ajax_wpulb_installed_addonsincludes\LicenseManager.php:45
authwp_ajax_wpulb_send_billing_detailsincludes\LicenseManager.php:46
authwp_ajax_wpulb_get_licensekey_detailsincludes\LicenseManager.php:47
authwp_ajax_wpulb_licensekey_details_tabincludes\LicenseManager.php:48
authwp_ajax_wpulb_save_local_crm_fieldincludes\ManageFields.php:50
authwp_ajax_wpulb_change_statusincludes\ManageFields.php:51
authwp_ajax_wpulb_delete_fieldincludes\ManageFields.php:52
authwp_ajax_wpulb_get_local_crm_field_listincludes\ManageFields.php:53
authwp_ajax_wpulb_create_local_crm_custom_fieldincludes\ManageFields.php:54
authwp_ajax_wpulb_get_form_listincludes\ManageForms.php:66
authwp_ajax_wpulb_show_create_form_step1includes\ManageForms.php:69
authwp_ajax_wpulb_show_create_form_step2includes\ManageForms.php:73
authwp_ajax_wpulb_show_mapping_sectionincludes\ManageForms.php:77
authwp_ajax_wpulb_reorder_default_with_crmincludes\ManageForms.php:82
authwp_ajax_wpulb_default_form_settingsincludes\ManageForms.php:86
authwp_ajax_wpulb_edit_formincludes\ManageForms.php:91
authwp_ajax_wpulb_delete_formincludes\ManageForms.php:92
authwp_ajax_wpulb_save_groupincludes\ManageGroups.php:47
authwp_ajax_wpulb_list_groupincludes\ManageGroups.php:48
authwp_ajax_wpulb_get_groupincludes\ManageGroups.php:49
authwp_ajax_wpulb_delete_groupincludes\ManageGroups.php:50
authwp_ajax_wpulb_save_native_form_mappingincludes\MappingSection.php:52
authwp_ajax_wpulb_save_thirdparty_form_mappingincludes\MappingSection.php:53
authwp_ajax_wpulb_fetch_thirdparty_form_mappingincludes\MappingSection.php:54
authwp_ajax_wpulb_edit_form_sortingincludes\MappingSection.php:56
authwp_ajax_wpulb_edit_form_mappingincludes\MappingSection.php:57
authwp_ajax_wpulb_delete_crm_config_dataincludes\PluginTables.php:38
authwp_ajax_wpulb_delete_help_config_dataincludes\PluginTables.php:39
authwp_ajax_wpulb_get_schedule_statusincludes\Schedule.php:48
authwp_ajax_wpulb_get_schedule_configurationincludes\Schedule.php:49

Shortcodes 1

[smack-web-form] crm-connector-plus.php:199
WordPress Hooks 8
actionplugins_loadedcrm-connector-plus.php:60
filtercron_schedulescrm-connector-plus.php:98
actionleads_builder_schedule_hookcrm-connector-plus.php:198
actionadmin_menuincludes\Admin.php:111
actionplugins_loadedincludes\Admin.php:112
actionadmin_enqueue_scriptsincludes\Admin.php:113
filterwidget_textincludes\Admin.php:141
actionwpcf7_before_send_mailincludes\Admin.php:144

Scheduled Events 1

leads_builder_schedule_hook
Maintenance & Trust

CRM Connector Plus Maintenance & Trust

Maintenance Signals

WordPress version tested5.6.17
Last updatedFeb 27, 2021
PHP min version
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

CRM Connector Plus Alternatives

Lead Form Data Collection to CRM

Lead Form Data Collection to CRM

wp-leads-builder-any-crm

A
96

Convert contact forms data into leads or contacts directly to one of your favourite CRM.

400 3 CVEs
Zoho CRM Lead Magnet

Zoho CRM Lead Magnet

zoho-crm-forms

C
67

Websites are one of the most important sources of leads for your business.

3K 1 unpatched
DoLeads Integrator

DoLeads Integrator

doleads-integrator

A
85

DoLeads Integrator plugin connects your wordpress website contact form with 'DoLeads' Leads Management System.

2K No CVEs
Happierleads – Identify your B2B website visitors even if they work remotely

Happierleads – Identify your B2B website visitors even if they work remotely

happierleads

A
85

Identify your B2B website visitors that work remotely Generate 3X more leads than your competition by using your existing web traffic

600 No CVEs
Wise Agent Lead Forms

Wise Agent Lead Forms

wiseagentleadform

A
100

Short Description: The Wise Agent WordPress plugin lets you easily add capture forms to any page on your WordPress site.

100 1 CVE
Developer Profile

CRM Connector Plus Developer Profile

Smackcoders Inc.,

20 plugins · 40K total installs

71
trust score
Avg Security Score
89/100
Avg Patch Time
958 days
View full developer profile
Detection Fingerprints

How We Detect CRM Connector Plus

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/crm-connector-plus/assets/css/bootstrap.min.css/wp-content/plugins/crm-connector-plus/assets/css/style.css/wp-content/plugins/crm-connector-plus/assets/js/bootstrap.min.js/wp-content/plugins/crm-connector-plus/assets/js/main.js/wp-content/plugins/crm-connector-plus/assets/js/popper.min.js/wp-content/plugins/crm-connector-plus/assets/js/sweetalert.min.js
Version Parameters
crm-connector-plus/assets/css/bootstrap.min.css?ver=crm-connector-plus/assets/css/style.css?ver=crm-connector-plus/assets/js/bootstrap.min.js?ver=crm-connector-plus/assets/js/main.js?ver=crm-connector-plus/assets/js/popper.min.js?ver=crm-connector-plus/assets/js/sweetalert.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
smack-web-formwpulb-form-wrapper
HTML Comments
CRM Connector Plus plugin file.If this file is called directly, abort.When plugin loadsLoad plugin functionalities when it is activated+5 more
Data Attributes
data-targetdata-toggle
JS Globals
window.WPULB_ACTIVE_CRM_ADDONwindow.WPULB_HELP_USER_SYNC_LEAD_OWNER_OLDwindow.WPULB_ACTIVE_HELPDESK_ADDONwindow.WPULB_CRM_USER_SYNC_LEAD_OWNER_OLDwindow.WPULB_ENABLE_CAPTCHAwindow.smack_web_form_nonce+1 more
Shortcode Output
<form class="smack-web-form" method="post">
FAQ

Frequently Asked Questions about CRM Connector Plus