Does Gleap have any unpatched vulnerabilities?

No. All known vulnerabilities in Gleap have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Gleap compatible with WordPress 6.8.5?

According to WordPress.org data, Gleap 13.0.10 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is Gleap updated?

Gleap was last updated on Aug 26, 2025. Frequent updates are generally a positive security signal.

What is Gleap's security score?

Gleap has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Gleap Security & Risk Analysis

wordpress.org/plugins/gleap

All-in-one customer feedback tool for websites. Learn more at https://www.gleap.io

300 active installs v13.0.10 PHP + WP 5.0.0+ Updated Aug 26, 2025

bug-reportingbug-trackingfeedbacksupportuser-feedback

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Gleap Safe to Use in 2026?

Generally Safe

Score 100/100

Gleap has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7mo ago

Risk Assessment

The static analysis of Gleap v13.0.10 reveals a generally strong security posture. The absence of dangerous functions, reliance on prepared statements for all SQL queries, and proper output escaping are significant strengths. Furthermore, the plugin has no recorded vulnerabilities, which is a positive indicator. However, there are a few areas that warrant attention. The plugin makes one external HTTP request, which could be a vector for issues if not handled securely (though no specific issues are flagged in the provided data). Crucially, the complete lack of nonce checks and capability checks across all entry points is a significant concern. While the attack surface appears to be zero, this absence of authorization and integrity checks means that if any entry points were to be discovered or introduced in the future, they would be inherently unprotected.

Key Concerns

No nonce checks on entry points
No capability checks on entry points
Single external HTTP request (potential risk)

Vulnerabilities

None known

Gleap Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Gleap Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Attack Surface

Gleap Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 10

actionadmin_headadmin\class-gleap-admin.php:169

actionplugins_loadedincludes\class-gleap.php:142

actionadmin_enqueue_scriptsincludes\class-gleap.php:157

actionadmin_enqueue_scriptsincludes\class-gleap.php:158

actionadmin_initincludes\class-gleap.php:161

actioncarbon_fields_register_fieldsincludes\class-gleap.php:163

actionafter_setup_themeincludes\class-gleap.php:164

actionget_footerincludes\class-gleap.php:178

actionwp_enqueue_scriptsincludes\class-gleap.php:179

actiongleap_send_custom_eventpublic\class-gleap-public.php:57

Maintenance & Trust

Gleap Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedAug 26, 2025

PHP min version

Downloads10K

Community Trust

Rating100/100

Number of ratings8

Active installs300

Alternatives

Gleap Alternatives

Ybug Feedback Widget

ybug-feedback-widget

Collect visual feedback and bug reports with screenshots from your users. This plugin allows you to easily add Ybug Feedback Widget on your website.

200 No CVEs

Buglog

buglog

100

Bug Reporting Tool for Websites.

0 No CVEs

UserFeedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds

userfeedback-lite

Ultimate user feedback plugin to ask questions, surveys, polls, from your website in seconds

200K 7 CVEs

Marker.io – Visual Website Feedback

marker-io

Collect visual website feedback from colleagues and clients on your WordPress site.

4K 2 CVEs

FeedFocal

feedfocal

100

Collect user feedback with our easy to use survey tools! Create surveys in seconds.

2K 1 CVE

Developer Profile

Gleap Developer Profile

Lukas Böhler

1 plugin · 300 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Gleap

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/gleap/assets/css/gleap.css/wp-content/plugins/gleap/assets/js/gleap.js/wp-content/plugins/gleap/assets/js/gleap-init.js

Version Parameters

gleap/assets/css/gleap.css?ver=gleap/assets/js/gleap.js?ver=gleap/assets/js/gleap-init.js?ver=

HTML / DOM Fingerprints

CSS Classes

gleap-widgetgleap-feedback-buttongleap-chat-wrapper

HTML Comments

Data Attributes

data-gleap-tokendata-gleap-app-id

JS Globals

window.Gleapvar GleapInit

FAQ