WP-Safety

Extended CRM for Users Insights Security & Risk Analysis

wordpress.org/plugins/extended-crm-for-users-insights

Extends the CRM functionality of Users Insights - adds new management options to the user groups, user notes and custom user fields features

600 active installs v1.2.1 PHP + WP 4.4+ Updated Jul 17, 2025
crmuseruser-groupsuser-managementuser-meta
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Extended CRM for Users Insights Safe to Use in 2026?

Generally Safe

Score 100/100

Extended CRM for Users Insights has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8mo ago
Risk Assessment

The "extended-crm-for-users-insights" v1.2.1 plugin presents a concerning security posture due to significant unprotected entry points. While the static analysis shows no critical or high-severity code signals like dangerous functions, SQL injection risks are high due to 100% of SQL queries not using prepared statements. The plugin also exhibits a low rate of proper output escaping, with only 33% of outputs being safe. The presence of two AJAX handlers without authentication checks is a major concern, creating a broad attack surface that could be exploited by unauthenticated users. The absence of any recorded vulnerabilities in its history might suggest a lack of active targeting or prior patching, but it does not negate the immediate risks identified in the code. Overall, the plugin has a weak security foundation due to unprotected AJAX endpoints and insecure SQL practices, despite a clean vulnerability history.

Key Concerns

  • AJAX handlers without authentication checks
  • SQL queries without prepared statements
  • Low percentage of properly escaped output
Vulnerabilities
None known

Extended CRM for Users Insights Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Extended CRM for Users Insights Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
0 prepared
Unescaped Output
4
2 escaped
Nonce Checks
1
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

0% prepared1 total queries

Output Escaping

33% escaped6 total outputs
Attack Surface
2 unprotected

Extended CRM for Users Insights Attack Surface

Entry Points2
Unprotected2

AJAX Handlers 2

authwp_ajax_ecui_stick_noteincludes\notes\class-sticky-notes.php:21
authwp_ajax_ecui_unstick_noteincludes\notes\class-sticky-notes.php:22
WordPress Hooks 16
actionadmin_initextended-crm-users-insights.php:29
actionplugins_loadedextended-crm-users-insights.php:30
actionadmin_enqueue_scriptsextended-crm-users-insights.php:58
actionadmin_noticesextended-crm-users-insights.php:83
actionadmin_noticesextended-crm-users-insights.php:89
actionadmin_enqueue_scriptsincludes\custom-fields\class-custom-fields-keys.php:16
filterusin_cf_optionsincludes\custom-fields\class-custom-fields-keys.php:17
filterusin_user_list_optionsincludes\group-icons\class-group-icons.php:23
filterusin_group_colorsincludes\group-icons\class-group-icons.php:24
actionadmin_enqueue_scriptsincludes\group-icons\class-group-icons.php:28
filterusin_fieldsincludes\notes\class-note-fields.php:19
filterusin_db_mapincludes\notes\class-note-fields.php:20
filterusin_query_join_tableincludes\notes\class-note-fields.php:21
filterusin_user_list_optionsincludes\notes\class-sticky-notes.php:19
filterusin_notes_listincludes\notes\class-sticky-notes.php:20
filterthe_postsincludes\notes\class-sticky-notes.php:23
Maintenance & Trust

Extended CRM for Users Insights Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedJul 17, 2025
PHP min version
Downloads12K

Community Trust

Rating100/100
Number of ratings2
Active installs600
Alternatives

Extended CRM for Users Insights Alternatives

New User Approve

New User Approve

new-user-approve

A
86

WordPress user approval plugin to moderate registrations. Approve or deny real users and prevent fake signups to control who registers on site.

20K 9 CVEs
User Access Manager

User Access Manager

user-access-manager

A
98

With the "User Access Manager"-plugin you can manage the access to your posts, pages and files.

10K 4 CVEs
Delete Me

Delete Me

delete-me

A
92

Allow users with specific WordPress roles to delete themselves from the Your Profile page or anywhere Shortcodes can be used.

8K 1 CVE
User Import with meta – WP Ultimate CSV Importer Add-on

User Import with meta – WP Ultimate CSV Importer Add-on

import-users

A
100

Import and export WordPress and WooCommerce users with full user meta, custom fields, billing & shipping details, and membership data.

5K No CVEs
WP Approve User

WP Approve User

wp-approve-user

A
85

Adds action links to user table to approve or unapprove user registrations.

3K No CVEs
Developer Profile

Extended CRM for Users Insights Developer Profile

Deni

3 plugins · 670 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Extended CRM for Users Insights

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/extended-crm-for-users-insights/js/user-list.js/wp-content/plugins/extended-crm-for-users-insights/css/font-awesome.min.css/wp-content/plugins/extended-crm-for-users-insights/css/user-list.css/wp-content/plugins/extended-crm-for-users-insights/js/custom-fields.js/wp-content/plugins/extended-crm-for-users-insights/views/custom-fields/keys-select.html
Version Parameters
extended-crm-for-users-insights/js/user-list.js?ver=extended-crm-for-users-insights/css/font-awesome.min.css?ver=extended-crm-for-users-insights/css/user-list.css?ver=extended-crm-for-users-insights/js/custom-fields.js?ver=

HTML / DOM Fingerprints

Data Attributes
data-ecui-key-options
JS Globals
window.ECUI_VERSION
FAQ

Frequently Asked Questions about Extended CRM for Users Insights