Does Flirty Leads have any unpatched vulnerabilities?

No. All known vulnerabilities in Flirty Leads have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Flirty Leads compatible with WordPress 4.7.32?

According to WordPress.org data, Flirty Leads 3.0 has been tested up to WordPress 4.7.32. Check the plugin's changelog for the latest compatibility information.

How often is Flirty Leads updated?

Flirty Leads was last updated on Aug 11, 2020. Frequent updates are generally a positive security signal.

What is Flirty Leads's security score?

Flirty Leads has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Flirty Leads Security & Risk Analysis

wordpress.org/plugins/flirty-leads

Flirty Leads lets your site visitors respond your site images. Generate client lists, gain leads using your post/pages images.

10 active installs v3.0 PHP + WP 3.0+ Updated Aug 11, 2020

call-to-actiondirect-dashboard-media-editingemail-campaignslead-capturemailchimp-integration

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Flirty Leads Safe to Use in 2026?

Generally Safe

Score 85/100

Flirty Leads has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago

Risk Assessment

The plugin "flirty-leads" v3.0 demonstrates a strong security posture based on the provided static analysis. It has no reported vulnerabilities, indicating a history of stable and secure development or a lack of past scrutiny. The code shows excellent adherence to best practices, with all SQL queries utilizing prepared statements and all output being properly escaped. Notably, there are no identified dangerous functions, file operations, or external HTTP requests, further minimizing the attack surface. The presence of nonce checks on its AJAX handlers adds a layer of protection against common web attacks. However, a significant area of concern is the complete absence of capability checks for its two AJAX handlers. While nonces protect against CSRF, they do not verify user permissions. This means any authenticated user, regardless of their role, could potentially trigger these AJAX actions, which could lead to unintended consequences or privilege escalation if the actions themselves are sensitive. The lack of identified taint flows and dangerous functions is positive, but the absence of capability checks on entry points is a notable weakness.

Key Concerns

AJAX handlers without capability checks

Vulnerabilities

None known

Flirty Leads Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Flirty Leads Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

22 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped22 total outputs

Attack Surface

Flirty Leads Attack Surface

Entry Points2

Unprotected0

AJAX Handlers 2

authwp_ajax_flirtyleadsflirty-leads.php:654

noprivwp_ajax_flirtyleadsflirty-leads.php:655

WordPress Hooks 35

actionwp_enqueue_scriptsflirty-leads.php:45

filterthe_contentflirty-leads.php:291

filterattachment_fields_to_editflirty-leads.php:308

filterattachment_fields_to_saveflirty-leads.php:315

filterattachment_fields_to_editflirty-leads.php:329

filterattachment_fields_to_saveflirty-leads.php:336

filterattachment_fields_to_editflirty-leads.php:350

filterattachment_fields_to_saveflirty-leads.php:357

filterattachment_fields_to_editflirty-leads.php:373

filterattachment_fields_to_saveflirty-leads.php:380

filterattachment_fields_to_editflirty-leads.php:394

filterattachment_fields_to_saveflirty-leads.php:401

filterattachment_fields_to_editflirty-leads.php:416

filterattachment_fields_to_saveflirty-leads.php:423

filterattachment_fields_to_editflirty-leads.php:437

filterattachment_fields_to_saveflirty-leads.php:444

filterattachment_fields_to_editflirty-leads.php:458

filterattachment_fields_to_saveflirty-leads.php:465

filterattachment_fields_to_editflirty-leads.php:479

filterattachment_fields_to_saveflirty-leads.php:486

filterattachment_fields_to_editflirty-leads.php:499

filterattachment_fields_to_saveflirty-leads.php:506

filterattachment_fields_to_editflirty-leads.php:519

filterattachment_fields_to_saveflirty-leads.php:526

filterattachment_fields_to_editflirty-leads.php:540

filterattachment_fields_to_saveflirty-leads.php:548

filterattachment_fields_to_editflirty-leads.php:562

filterattachment_fields_to_saveflirty-leads.php:570

filterattachment_fields_to_editflirty-leads.php:584

filterattachment_fields_to_saveflirty-leads.php:592

filterattachment_fields_to_editflirty-leads.php:606

filterattachment_fields_to_saveflirty-leads.php:614

filterattachment_fields_to_editflirty-leads.php:628

filterattachment_fields_to_saveflirty-leads.php:636

filterget_the_excerptflirty-leads.php:650

Maintenance & Trust

Flirty Leads Maintenance & Trust

Maintenance Signals

WordPress version tested4.7.32

Last updatedAug 11, 2020

PHP min version

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Flirty Leads Alternatives

Want Flirty Leads

want-flirty-leads

100

Want Flirty Leads lets your site visitors respond your site images. Send custom responses to Lead Capture, gain leads using your post/pages images.

0 No CVEs

Icegram Engage – Popups, Optins, CTAs & lot more…

icegram

Create popups, opt-in forms, and call-to-action messages to capture leads and engage visitors on your WordPress site.

20K 18 CVEs

Connect Contact Form 7 and Mailchimp

contact-form-7-mailchimp-extension

Connect Contact Form 7 to Mailchimp. Automatically sync form submissions to your Mailchimp audiences with merge field mapping, double opt-in, and opt- …

50K 3 CVEs

Boxzilla – Pop-Ups for WordPress

boxzilla

100

Flexible pop-ups or slide-ins, showing up at just the right time.

20K No CVEs

Mobile Contact Bar

mobile-contact-bar

Allow your visitors to contact you via mobile phones, or access your site's pages instantly.

10K 1 CVE

Developer Profile

Flirty Leads Developer Profile

sageshilling

2 plugins · 10 total installs

trust score

Avg Security Score

93/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Flirty Leads

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/flirty-leads/css/style.css/wp-content/plugins/flirty-leads/js/flirty.ajax.js

Script Paths

/wp-content/plugins/flirty-leads/js/flirty.ajax.js

Version Parameters

flirty-leads/css/style.css?ver=flirty-leads/js/flirty.ajax.js?ver=

HTML / DOM Fingerprints

CSS Classes

elizabethneedsanapitem1

JS Globals

postdata

FAQ