WP-Safety

id:CRM Contacts & Companies Security & Risk Analysis

wordpress.org/plugins/idcrm-contacts-companies

This is first free module from id:CRM to organize contacts and companies.

0 active installs v3.1.3 PHP 8.2+ WP 6.0.0+ Updated Oct 26, 2025
clientscompaniescontactscrmsales
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is id:CRM Contacts & Companies Safe to Use in 2026?

Generally Safe

Score 100/100

id:CRM Contacts & Companies has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5mo ago
Risk Assessment

The 'idcrm-contacts-companies' plugin v3.1.3 exhibits a generally good security posture based on the provided static analysis. The absence of any known CVEs and a clean vulnerability history are positive indicators. The plugin demonstrates strong adherence to secure coding practices, with a high percentage of SQL queries using prepared statements and a good proportion of outputs being properly escaped. Nonce and capability checks are present, suggesting an effort to protect against common WordPress vulnerabilities. However, the presence of 20 instances of the `unserialize` function is a significant concern. While no specific taint flows were flagged as critical or high severity, `unserialize` is inherently risky as it can lead to remote code execution if used with untrusted input. Furthermore, the plugin performs external HTTP requests, which could be a vector for supply chain attacks or data exfiltration if not handled carefully. The absence of any reported vulnerabilities might also be due to limited security auditing or a lack of public disclosure rather than a guarantee of perfect security. Overall, while the plugin has strengths in its implementation of common security checks, the heavy reliance on `unserialize` presents a notable risk that warrants further investigation and potential remediation.

Key Concerns

  • Dangerous function 'unserialize' used extensively
  • External HTTP requests performed
Vulnerabilities
None known

id:CRM Contacts & Companies Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

id:CRM Contacts & Companies Code Analysis

Dangerous Functions
20
Raw SQL Queries
1
7 prepared
Unescaped Output
153
565 escaped
Nonce Checks
36
Capability Checks
7
File Operations
3
External Requests
5
Bundled Libraries
1

Dangerous Functions Found

unserialize$idcrm_settings = unserialize( get_option( 'idcrm_settings' ) && !is_array(get_option( 'idcrm_settinincludes\admin\idcrm-admin-user-manage.php:67
unserialize$idcrm_settings = unserialize( get_option( 'idcrm_settings' ) && !is_array(get_option( 'idcrm_settinincludes\admin\idcrm-admin-user-manage.php:255
unserialize$idcrm_settings = unserialize( get_option( 'idcrm_settings' ) && !is_array(get_option( 'idcrm_settinincludes\admin\idcrm-admin-user-manage.php:283
unserialize$idcrm_likes = unserialize(get_post_meta($comment_id, 'idcrm_likes', true) ?: 'a:0:{}');includes\api\idcrm-api-comment.php:190
unserialize$idcrm_permissions = unserialize(get_user_meta($user_id, 'idcrm_permissions', true) ?: 'a:0:{}');includes\api\idcrm-api.php:147
unserialize$response = unserialize( $raw_response['body'] );includes\idcrm-settings.php:60
unserialize$res = unserialize( $request['body'] );includes\idcrm-settings.php:91
unserialize$response = unserialize( $raw_response['body'] );includes\idcrm-settings.php:130
unserialize$res = unserialize( $request['body'] );includes\idcrm-settings.php:161
unserialize//idcrm_settings = <?php echo json_encode(unserialize(get_option( 'idcrm_settings' ) ?: 'a:0:{}')); includes\idcrm-settings.php:274
unserialize$idcrm_settings = unserialize(get_option( 'idcrm_settings' ) ?: 'a:0:{}');includes\integrations\idcrm-integration-cf7.php:81
unserialize$idcrm_settings = unserialize( get_option( 'idcrm_settings' ) && !is_array(get_option( 'idcrm_settintemplates\crm.php:9
unserialize$idcrm_zadarma_call_events = $idcrm_zadarma_call_events ? unserialize($idcrm_zadarma_call_events) : templates\inc\add-user-zadarma.php:262
unserialize$idcrm_zadarma_unknown_calls = get_option( 'idcrm_zadarma_unknown_calls' ) ? unserialize( get_optiontemplates\inc\add-user-zadarma.php:264
unserialize$idcrm_zadarma_call_records = unserialize(get_post_meta($contact_item_id, 'idcrm_zadarma_call_recordtemplates\inc\add-user-zadarma.php:292
unserialize$idcrm_zadarma_call_events = $idcrm_zadarma_call_events ? unserialize($idcrm_zadarma_call_events) : templates\inc\add-user-zadarma.php:432
unserialize$idcrm_zadarma_unknown_calls = get_option( 'idcrm_zadarma_unknown_calls' ) ? unserialize(get_option(templates\inc\add-user-zadarma.php:434
unserialize$idcrm_zadarma_call_records = unserialize(get_post_meta($contact_id, 'idcrm_zadarma_call_records', ttemplates\inc\add-user-zadarma.php:462
unserialize$idcrm_permissions = unserialize(get_user_meta($user->ID, 'idcrm_permissions', true) ?: 'a:0:{}');templates\inc\check-user.php:8
unserialize$idcrm_likes = unserialize(get_post_meta($contact_event, 'idcrm_likes', true) ?: 'a:0:{}');templates\inc\comments-loop.php:414

Bundled Libraries

Select2

SQL Query Safety

88% prepared8 total queries

Output Escaping

79% escaped718 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

9 flows3 with unsanitized paths
<idcrm-admin-event-manage-filter> (includes\admin\idcrm-admin-event-manage-filter.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

id:CRM Contacts & Companies Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 110
actioninitidcrm-contacts.php:36
actioncomment_postincludes\actions\idcrm-action-comment.php:11
filterparse_comment_queryincludes\actions\idcrm-action-comment.php:12
actioninitincludes\actions\idcrm-action-language.php:13
actionadmin_menuincludes\actions\idcrm-action-menu.php:16
actionadmin_menuincludes\actions\idcrm-action-menu.php:17
actionparent_fileincludes\actions\idcrm-action-menu.php:18
filterauthenticateincludes\actions\idcrm-action-redirects.php:11
actionwp_headincludes\actions\idcrm-action-scripts-remover.php:25
actionwp_headincludes\actions\idcrm-action-scripts-remover.php:29
actionwp_print_scriptsincludes\actions\idcrm-action-scripts-remover.php:50
actionwp_print_stylesincludes\actions\idcrm-action-scripts-remover.php:71
actionidcrm_remove_scriptsincludes\actions\idcrm-action-scripts-remover.php:90
actionpre_get_postsincludes\actions\idcrm-action-search.php:33
filterposts_searchincludes\actions\idcrm-action-search.php:34
filterposts_whereincludes\actions\idcrm-action-search.php:35
filtermanage_contact_event_posts_columnsincludes\admin\idcrm-admin-event-manage-columns.php:11
filtermanage_contact_event_posts_columnsincludes\admin\idcrm-admin-event-manage-columns.php:12
filtermanage_contact_event_posts_columnsincludes\admin\idcrm-admin-event-manage-columns.php:13
filtermanage_contact_event_posts_columnsincludes\admin\idcrm-admin-event-manage-columns.php:14
filtermanage_edit-contact_event_sortable_columnsincludes\admin\idcrm-admin-event-manage-columns.php:15
filterthe_titleincludes\admin\idcrm-admin-event-manage-data.php:12
filtermanage_contact_event_posts_custom_columnincludes\admin\idcrm-admin-event-manage-data.php:13
filtermanage_contact_event_posts_custom_columnincludes\admin\idcrm-admin-event-manage-data.php:14
filtermanage_contact_event_posts_custom_columnincludes\admin\idcrm-admin-event-manage-data.php:15
actionrestrict_manage_postsincludes\admin\idcrm-admin-event-manage-filter.php:14
actionrestrict_manage_postsincludes\admin\idcrm-admin-event-manage-filter.php:15
actionrestrict_manage_postsincludes\admin\idcrm-admin-event-manage-filter.php:16
actionpre_get_postsincludes\admin\idcrm-admin-event-manage-query.php:13
filterparse_queryincludes\admin\idcrm-admin-event-manage-query.php:14
filterparse_queryincludes\admin\idcrm-admin-event-manage-query.php:15
filterparse_queryincludes\admin\idcrm-admin-event-manage-query.php:16
filterparse_queryincludes\admin\idcrm-admin-event-manage-query.php:17
filterparse_queryincludes\admin\idcrm-admin-event-manage-query.php:18
filterparse_queryincludes\admin\idcrm-admin-event-manage-query.php:19
actioncontact_events_add_form_fieldsincludes\admin\idcrm-admin-taxonomy-manage.php:12
actioncontact_events_edit_form_fieldsincludes\admin\idcrm-admin-taxonomy-manage.php:13
actionedited_contact_eventsincludes\admin\idcrm-admin-taxonomy-manage.php:14
actioncreate_contact_eventsincludes\admin\idcrm-admin-taxonomy-manage.php:15
filterget_avatar_urlincludes\admin\idcrm-admin-user-manage.php:128
filtermanage_user_contact_posts_columnsincludes\admin\idcrm-admin-user-manage.php:130
filtermanage_user_contact_posts_custom_columnincludes\admin\idcrm-admin-user-manage.php:131
actionadmin_enqueue_scriptsincludes\admin\idcrm-admin-user-manage.php:133
actionadmin_initincludes\admin\idcrm-admin-user-manage.php:150
actionadmin_menuincludes\admin\idcrm-cache-admin.php:14
actionadmin_initincludes\admin\idcrm-cache-admin.php:15
actionadmin_noticesincludes\admin\idcrm-cache-admin.php:16
actionadmin_noticesincludes\admin\idcrm-cache-admin.php:50
actionadmin_noticesincludes\admin\idcrm-cache-admin.php:58
actionadmin_noticesincludes\admin\idcrm-cache-admin.php:66
actionadmin_noticesincludes\admin\idcrm-cache-admin.php:74
actioncomment_postincludes\admin\idcrm-wp-comment-manage.php:10
actionwp_enqueue_scriptsincludes\api\idcrm-api-comment.php:63
actionwp_enqueue_scriptsincludes\api\idcrm-api-company.php:42
actionwp_enqueue_scriptsincludes\api\idcrm-api-contact.php:99
actionpost_updatedincludes\api\idcrm-api-contact.php:102
actionupdated_post_metaincludes\api\idcrm-api-contact.php:104
actiondelete_userincludes\api\idcrm-api-contact.php:106
filterwp_get_attachment_urlincludes\api\idcrm-api-contact.php:108
actionuser_registerincludes\api\idcrm-api-contact.php:110
actionprofile_updateincludes\api\idcrm-api-contact.php:111
actionadmin_enqueue_scriptsincludes\api\idcrm-api-contact.php:113
actionwp_enqueue_scriptsincludes\api\idcrm-api-event.php:45
actionupdated_post_metaincludes\api\idcrm-api-event.php:48
actionwp_enqueue_scriptsincludes\api\idcrm-api-note.php:46
actionwp_enqueue_scriptsincludes\api\idcrm-api-schedule.php:33
actionwp_enqueue_scriptsincludes\api\idcrm-api-timeline.php:18
actionwp_enqueue_scriptsincludes\api\idcrm-api.php:41
actionsave_postincludes\cache\idcrm-cache.php:293
actiondelete_postincludes\cache\idcrm-cache.php:294
actionwp_insert_postincludes\cache\idcrm-cache.php:295
actionwp_update_nav_menuincludes\cache\idcrm-cache.php:296
actioninitincludes\idcrm-contacts-company-cpt.php:19
actionadd_meta_boxesincludes\idcrm-contacts-company-cpt.php:20
actionsave_postincludes\idcrm-contacts-company-cpt.php:21
actioninitincludes\idcrm-contacts-schedule-cpt.php:11
actionadd_meta_boxesincludes\idcrm-contacts-schedule-cpt.php:12
actionsave_postincludes\idcrm-contacts-schedule-cpt.php:13
filtertheme_page_templatesincludes\idcrm-contacts-template-loader.php:19
filtertemplate_includeincludes\idcrm-contacts-template-loader.php:21
filtertemplate_includeincludes\idcrm-contacts-template-loader.php:22
filtertemplate_includeincludes\idcrm-contacts-template-loader.php:23
filtertemplate_includeincludes\idcrm-contacts-template-loader.php:24
actionpre_get_postsincludes\idcrm-contacts-template-loader.php:154
actionpre_get_postsincludes\idcrm-contacts-template-loader.php:194
actioninitincludes\idcrm-contacts-user-cpt.php:14
actionadd_meta_boxesincludes\idcrm-contacts-user-cpt.php:15
actionsave_postincludes\idcrm-contacts-user-cpt.php:16
actionwp_trash_postincludes\idcrm-contacts-user-cpt.php:17
actionwoocommerce_edit_account_form_startincludes\idcrm-contacts-user-cpt.php:19
actionwoocommerce_save_account_detailsincludes\idcrm-contacts-user-cpt.php:20
actionwoocommerce_edit_account_form_tagincludes\idcrm-contacts-user-cpt.php:21
filtermanage_user_contact_posts_columnsincludes\idcrm-contacts-user-cpt.php:23
actionmanage_user_contact_posts_custom_columnincludes\idcrm-contacts-user-cpt.php:24
actionadmin_menuincludes\idcrm-settings.php:22
actionadmin_noticesincludes\idcrm-settings.php:198
actionwpcf7_before_send_mailincludes\integrations\idcrm-integration-cf7.php:18
actionwp_enqueue_scriptsincludes\integrations\idcrm-integration-datepicker.php:38
actionwp_enqueue_scriptsincludes\integrations\idcrm-integration-icons.php:20
actionwp_enqueue_scriptsincludes\integrations\idcrm-integration-scrollbar.php:18
actionwp_enqueue_scriptsincludes\integrations\idcrm-integration-toastr.php:19
actionwp_enqueue_scriptsincludes\integrations\idcrm-integration-waves.php:19
actionwp_enqueue_scriptsincludes\ui\idcrm-ui.php:43
actionwp_print_stylestemplates\crm.php:68
filtershow_admin_bartemplates\crm.php:70
actionwp_enqueue_scriptstemplates\inc\add-user.php:22
filterwp_dropdown_catstemplates\inc\header.php:34
filtershow_admin_bartemplates\inc\header.php:99
filtertiny_mce_pluginstemplates\inc\header.php:117
filterwp_resource_hintstemplates\inc\header.php:118
Maintenance & Trust

id:CRM Contacts & Companies Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedOct 26, 2025
PHP min version8.2
Downloads5K

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

id:CRM Contacts & Companies Alternatives

CRM Salesforce LearnDash Integration

CRM Salesforce LearnDash Integration

crm-salesforce-learndash-integration

A
85

New yet simple salesforce experience

10 No CVEs
WP Gravity Forms Salesforce

WP Gravity Forms Salesforce

gf-salesforce-crmperks

A
96

Gravity Forms Salesforce Add-on sends Gravity forms entries to salesforce CRM.

1K 3 CVEs
Object Sync for Salesforce

Object Sync for Salesforce

object-sync-for-salesforce

A
100

Object Sync for Salesforce maps and syncs data between Salesforce objects and WordPress objects.

500 No CVEs
Object Data Sync for Salesforce Integration with WP, Woo, Gravity, WPForms, Ninja, CF7 & more

Object Data Sync for Salesforce Integration with WP, Woo, Gravity, WPForms, Ninja, CF7 & more

object-data-sync-for-salesforce

A
100

Automate data sync with our Salesforce Integration plugin. Supports integrations with WooCommerce, Gravity, Ninja, CF7, WPForms, Event Calendar & more

200 No CVEs
Surbma | SalesAutopilot Shortcode

Surbma | SalesAutopilot Shortcode

surbma-salesautopilot-shortcode

B
71

A simple shortcode to include SalesAutopilot forms into WordPress.

100 1 unpatched
Developer Profile

id:CRM Contacts & Companies Developer Profile

idresult

1 plugin · 0 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect id:CRM Contacts & Companies

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/idcrm-contacts-companies/admin/css/admin-user.css/wp-content/plugins/idcrm-contacts-companies/assets/css/quill.snow.css/wp-content/plugins/idcrm-contacts-companies/assets/libs/bootstrap-material-datetimepicker/css/bootstrap-material-datetimepicker.css/wp-content/plugins/idcrm-contacts-companies/admin/js/admin-user.js/wp-content/plugins/idcrm-contacts-companies/admin/js/admin-user-manage.js/wp-content/plugins/idcrm-contacts-companies/assets/libs/moment/moment.js/wp-content/plugins/idcrm-contacts-companies/assets/libs/moment/locale//wp-content/plugins/idcrm-contacts-companies/assets/js/quill.js+1 more
Script Paths
/wp-content/plugins/idcrm-contacts-companies/admin/js/admin-user.js/wp-content/plugins/idcrm-contacts-companies/admin/js/admin-user-manage.js/wp-content/plugins/idcrm-contacts-companies/assets/libs/moment/moment.js/wp-content/plugins/idcrm-contacts-companies/assets/libs/moment/locale//wp-content/plugins/idcrm-contacts-companies/assets/js/quill.js/wp-content/plugins/idcrm-contacts-companies/assets/libs/bootstrap-material-datetimepicker/js/bootstrap-material-date
Version Parameters
/wp-content/plugins/idcrm-contacts-companies/admin/css/admin-user.css?ver=/wp-content/plugins/idcrm-contacts-companies/assets/css/quill.snow.css?ver=/wp-content/plugins/idcrm-contacts-companies/assets/libs/bootstrap-material-datetimepicker/css/bootstrap-material-datetimepicker.css?ver=/wp-content/plugins/idcrm-contacts-companies/admin/js/admin-user.js?ver=/wp-content/plugins/idcrm-contacts-companies/admin/js/admin-user-manage.js?ver=/wp-content/plugins/idcrm-contacts-companies/assets/libs/moment/moment.js?ver=/wp-content/plugins/idcrm-contacts-companies/assets/libs/moment/locale//wp-content/plugins/idcrm-contacts-companies/assets/js/quill.js?ver=/wp-content/plugins/idcrm-contacts-companies/assets/libs/bootstrap-material-datetimepicker/js/bootstrap-material-date?ver=

HTML / DOM Fingerprints

CSS Classes
idcrm-admin-settings
Data Attributes
data-nonce="idcrm-admin-settings"
JS Globals
idcrm_settingsidcrm_admin_data
FAQ

Frequently Asked Questions about id:CRM Contacts & Companies