Integration for Freshsales – Contact Form 7, WPForms, Elementor, Gravity Forms and More Security & Risk Analysis

wordpress.org/plugins/crm-integration-freshworks-any-form

Connect Contact Form 7, WPForms, Elementor Forms, Gravity Forms, and more form submissions with Freshsales CRM.

20 active installs v1.0.14 PHP 7.4+ WP 6.0+ Updated Mar 10, 2026
contact-form-7elementor-formsfreshsalesfreshworkswpforms
97
A · Safe
CVEs total1
Unpatched0
Last CVEJun 5, 2026
Safety Verdict

Is Integration for Freshsales – Contact Form 7, WPForms, Elementor, Gravity Forms and More Safe to Use in 2026?

Generally Safe

Score 97/100

Integration for Freshsales – Contact Form 7, WPForms, Elementor, Gravity Forms and More has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Jun 5, 2026Updated 4mo ago
Risk Assessment

The plugin 'crm-integration-freshworks-anyform' exhibits a generally strong security posture, particularly in its handling of SQL queries and output escaping, with nearly all queries using prepared statements and almost all outputs being properly escaped. The absence of known vulnerabilities in its history is also a positive indicator. However, the static analysis reveals some areas for improvement. The presence of 7 flows with unsanitized paths, including 3 of high severity, is a notable concern and suggests potential injection vulnerabilities. While the plugin has a small attack surface and all identified entry points have authentication checks, these unsanitized flows could still be exploited if they lead to exploitable code execution or data leakage through other means. The plugin's reliance on external HTTP requests also warrants attention for potential risks related to insecure communication or reliance on vulnerable external services.

Key Concerns

  • High severity taint flows with unsanitized paths
  • Flows with unsanitized paths
  • External HTTP requests
Vulnerabilities
1 published

Integration for Freshsales – Contact Form 7, WPForms, Elementor, Gravity Forms and More Security Vulnerabilities

CVEs by Year

1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

High
1

1 total CVE

CVE-2026-8901high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Integration for Freshsales <= 1.0.15 - Unauthenticated Stored Cross-Site Scripting via Form Submission Data

Jun 5, 2026 Patched in 1.0.16 (1d)
Version History

Integration for Freshsales – Contact Form 7, WPForms, Elementor, Gravity Forms and More Release Timeline

v1.0.14Current1 CVE
v1.0.131 CVE
v1.0.121 CVE
v1.0.111 CVE
v1.0.101 CVE
v1.0.91 CVE
v1.0.81 CVE
v1.0.71 CVE
v1.0.61 CVE
v1.0.51 CVE
v1.0.41 CVE
v1.0.31 CVE
v1.0.21 CVE
v1.0.11 CVE
v1.0.01 CVE
Code Analysis
Analyzed Apr 16, 2026

Integration for Freshsales – Contact Form 7, WPForms, Elementor, Gravity Forms and More Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
33 prepared
Unescaped Output
5
383 escaped
Nonce Checks
18
Capability Checks
0
File Operations
0
External Requests
10
Bundled Libraries
0

SQL Query Safety

100% prepared33 total queries

Output Escaping

99% escaped388 total outputs
Data Flows · Security
7 unsanitized

Data Flow Analysis

10 flows7 with unsanitized paths
integrazo_fwcrm_form_handle_request (src/product/fw-setup-action.php:10)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Integration for Freshsales – Contact Form 7, WPForms, Elementor, Gravity Forms and More Attack Surface

Entry Points4
Unprotected0

AJAX Handlers 4

authwp_ajax_integrazo_fwcrm_form_review_actionincludes/function/review.php:50
authwp_ajax_integrazo_fwcrm_form_errorlog_show_actionsrc/product/fw-errorlog-action.php:213
authwp_ajax_integrazo_fwcrm_form_handle_requestsrc/product/fw-setup-action.php:124
authwp_ajax_integrazo_fwcrm_form_integration_statussrc/product/fw-setup-action.php:160
WordPress Hooks 16
actionadmin_menuincludes/admin/admin.php:10
actionadmin_enqueue_scriptsincludes/admin/admin.php:27
actionadmin_post_integrazo_fwcrm_form_process_requestincludes/function/common-actions.php:40
actionadmin_noticesincludes/function/review.php:8
actionwpcf7_mail_sentsrc/forms/submit-action.php:14
actionwpforms_process_completesrc/forms/submit-action.php:17
actiongform_after_submissionsrc/forms/submit-action.php:20
actionfrm_after_create_entrysrc/forms/submit-action.php:26
actionelementor_pro/forms/new_recordsrc/forms/submit-action.php:30
actionadmin_post_integrazo_fwcrm_form_account_authenticatesrc/product/fw-account-action.php:111
actionadmin_initsrc/product/fw-account-action.php:148
actionadmin_initsrc/product/fw-errorlog-action.php:27
actionadmin_initsrc/product/fw-errorlog-action.php:55
actionadmin_initsrc/product/fw-errorlog-action.php:139
actionadmin_post_integrazo_fwcrm_form_delete_data_confirmsrc/product/fw-settings-action.php:45
actionadmin_initsrc/product/fw-setup-action.php:127
Maintenance & Trust

Integration for Freshsales – Contact Form 7, WPForms, Elementor, Gravity Forms and More Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 10, 2026
PHP min version7.4
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs20
Developer Profile

Integration for Freshsales – Contact Form 7, WPForms, Elementor, Gravity Forms and More Developer Profile

Plugcrux

10 plugins · 160 total installs

99
trust score
Avg Security Score
99/100
Avg Patch Time
1 days
View full developer profile
Detection Fingerprints

How We Detect Integration for Freshsales – Contact Form 7, WPForms, Elementor, Gravity Forms and More

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

FAQ

Frequently Asked Questions about Integration for Freshsales – Contact Form 7, WPForms, Elementor, Gravity Forms and More