Does click5 CRM add-on to Gravity Forms have any unpatched vulnerabilities?

No. All known vulnerabilities in click5 CRM add-on to Gravity Forms have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is click5 CRM add-on to Gravity Forms compatible with WordPress 6.3.8?

According to WordPress.org data, click5 CRM add-on to Gravity Forms 1.0.3 has been tested up to WordPress 6.3.8. Check the plugin's changelog for the latest compatibility information.

Is click5 CRM add-on to Gravity Forms compatible with PHP 7.0+?

click5 CRM add-on to Gravity Forms requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is click5 CRM add-on to Gravity Forms updated?

click5 CRM add-on to Gravity Forms was last updated on Sep 28, 2023. Frequent updates are generally a positive security signal.

What is click5 CRM add-on to Gravity Forms's security score?

click5 CRM add-on to Gravity Forms has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

click5 CRM add-on to Gravity Forms Security & Risk Analysis

wordpress.org/plugins/gf-add-on-by-click5

Seemingly integrate your Gravity Forms forms with click5 CRM.

0 active installs v1.0.3 PHP 7.0+ WP 5.3+ Updated Sep 28, 2023

click5contactcontact-formcrmform

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is click5 CRM add-on to Gravity Forms Safe to Use in 2026?

Generally Safe

Score 85/100

click5 CRM add-on to Gravity Forms has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago

Risk Assessment

The "gf-add-on-by-click5" plugin v1.0.3 exhibits a significant security concern due to its large, unprotected attack surface. All 9 identified REST API routes lack permission callbacks, meaning any unauthenticated user could potentially interact with these endpoints. While the code signals indicate no dangerous functions, raw SQL queries, or critical taint analysis issues, the absence of capability checks and nonce checks on these entry points is a major weakness. The presence of external HTTP requests without specific details about their purpose or sanitization adds another layer of potential risk, as does the fact that 63% of outputs are properly escaped, implying 37% are not. The plugin's vulnerability history is clean, which is positive, but it doesn't negate the present risks identified in the static analysis. The plugin would benefit greatly from implementing proper authentication and authorization checks on all its REST API endpoints to mitigate the risk of unauthorized access and potential exploitation.

Key Concerns

REST API routes without permission callbacks
Output escaping is not fully implemented
External HTTP request without context
No nonce checks on entry points

Vulnerabilities

None known

click5 CRM add-on to Gravity Forms Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

click5 CRM add-on to Gravity Forms Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

46 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

63% escaped73 total outputs

Attack Surface

9 unprotected

click5 CRM add-on to Gravity Forms Attack Surface

Entry Points9

Unprotected9

REST API Routes 9

POST/wp-json/click5_gf_addon/API/update_option_AJAXapi.php:362

POST/wp-json/click5_gf_addon/API/edit_const_option_AJAXapi.php:368

POST/wp-json/click5_gf_addon/API/reset_options_AJAXapi.php:374

GET/wp-json/click5_gf_addon/API/get_constants_AJAXapi.php:379

POST/wp-json/click5_gf_addon/API/get_pagination_logsapi.php:385

POST/wp-json/click5_gf_addon/API/reset_count_errorsapi.php:390

GET/wp-json/click5_gf_addon/API/get_notificationsapi.php:395

POST/wp-json/click5_gf_addon/API/post_notificationsapi.php:400

POST/wp-json/click5_gf_addon/API/post_remove_notificationapi.php:405

WordPress Hooks 10

actionrest_api_initapi.php:361

filterauto_update_plugingf-addon-by-click5.php:28

actionadmin_menugf-addon-by-click5.php:32

actionadmin_initgf-addon-by-click5.php:41

filterplugin_row_metagf-addon-by-click5.php:54

actionadmin_initgf-addon-by-click5.php:64

actionadmin_noticesgf-addon-by-click5.php:67

actionclick5_gf_default_optionsgf-addon-by-click5.php:100

actionadmin_enqueue_scriptsgf-addon-by-click5.php:434

actiongform_after_submissiongf-addon-by-click5.php:628

Maintenance & Trust

click5 CRM add-on to Gravity Forms Maintenance & Trust

Maintenance Signals

WordPress version tested6.3.8

Last updatedSep 28, 2023

PHP min version7.0

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

click5 CRM add-on to Gravity Forms Alternatives

AFI – The Easiest Integration Plugin

advanced-form-integration

Connect any WordPress form or event to 200+ apps — no code. Send leads, orders, and signups to your CRM, email, or sheets in minutes.

10K 8 CVEs

Lenix Leads Collector

lenix-elementor-leads-addon

Leads Collector, Collects forms entries from Elementor,Cf7,WPForms and more with export to CSV.

10K 1 CVE

Contact Form to Any API

contact-form-to-any-api

Send Contact Form 7 submissions to any API, Webhook or CRM - quick setup, flexible payloads, endpoints and authentication.

9K 4 CVEs

WP Zoho for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms – CRM, Bigin

cf7-zoho

Send Contact Form 7, WPforms, Elementor, Formidable, Ninja Forms and many other contact form submissions to zoho CRM and Bigin.

3K 5 CVEs

Zoho CRM Lead Magnet

zoho-crm-forms

Websites are one of the most important sources of leads for your business.

3K 1 unpatched

Developer Profile

click5 CRM add-on to Gravity Forms Developer Profile

click5

6 plugins · 7K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

375 days

View full developer profile

Detection Fingerprints

How We Detect click5 CRM add-on to Gravity Forms

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/gf-add-on-by-click5/click5-gf-admin.css/wp-content/plugins/gf-add-on-by-click5/click5-gf-admin.js/wp-content/plugins/gf-add-on-by-click5/click5-gf-public.css/wp-content/plugins/gf-add-on-by-click5/click5-gf-public.js

Script Paths

/wp-content/plugins/gf-add-on-by-click5/click5-gf-admin.js/wp-content/plugins/gf-add-on-by-click5/click5-gf-public.js

Version Parameters

gf-add-on-by-click5/click5-gf-admin.css?ver=gf-add-on-by-click5/click5-gf-admin.js?ver=gf-add-on-by-click5/click5-gf-public.css?ver=gf-add-on-by-click5/click5-gf-public.js?ver=

HTML / DOM Fingerprints

CSS Classes

click5_gf_headingclick5_gf_wrapper_content_settingscontent-leftcan-disabledisabledenable-pertab-headingsall-off-text+3 more

HTML Comments

Data Attributes

data-valueid="verification_token"id="user_identificator"id="click5_gf_addon_posting_url"id="click5_gf_addon_form_enable_id="phpFormData"+1 more

JS Globals

window.gf_global.gf_data.form.fieldswindow.gf_global.gf_data.form.idwindow.gf_global.gf_data.form.settings.disable_enqueue_scripts

FAQ