WP-Safety

Inbound Organizer Security & Risk Analysis

wordpress.org/plugins/inbound-organizer

Organize form submissions on a Kanban style board with 2 to 5 columns.

0 active installs v1.1.0 PHP 8.0+ WP 6.0+ Updated Nov 14, 2025
contact-formfluentformforminatorgravity-formsninja-forms
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Inbound Organizer Safe to Use in 2026?

Generally Safe

Score 100/100

Inbound Organizer has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago
Risk Assessment

The "inbound-organizer" plugin version 1.1.0 exhibits a significant security concern due to its extensive unprotected AJAX endpoints. While the plugin demonstrates good practices in other areas, such as a high percentage of prepared SQL statements and properly escaped output, the sheer number of unprotected AJAX handlers presents a large attack surface. This means that without proper authentication or capability checks, attackers could potentially trigger arbitrary actions within the WordPress site by crafting malicious requests to these endpoints. The presence of the `unserialize` function, although not directly flagged in taint analysis as critical or high, is a known risk factor when handling user-supplied data and should be approached with extreme caution, especially in conjunction with unprotected entry points. The plugin's clean vulnerability history is a positive indicator, suggesting a historically responsible development approach. However, the current static analysis reveals critical weaknesses that could be exploited regardless of past security performance.

Key Concerns

  • Unprotected AJAX handlers
  • Dangerous function: unserialize
  • Taint flow with unsanitized paths
Vulnerabilities
None known

Inbound Organizer Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Inbound Organizer Code Analysis

Dangerous Functions
3
Raw SQL Queries
2
22 prepared
Unescaped Output
9
168 escaped
Nonce Checks
9
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$form_data = unserialize( $submission->form_value );admin\supported-plugins\cfdb7.php:228
unserialize$fields = unserialize( $entry['form_value'] );admin\supported-plugins\cfdb7.php:298
unserialize$fields = unserialize( $meta['_fields'][0] );admin\supported-plugins\flamingo.php:335

SQL Query Safety

92% prepared24 total queries

Output Escaping

95% escaped177 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

4 flows3 with unsanitized paths
load_more_messages (admin\class-inbound-organizer-admin.php:625)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
9 unprotected

Inbound Organizer Attack Surface

Entry Points9
Unprotected9

AJAX Handlers 9

authwp_ajax_inbound-organizer_update_message_tracking_statusincludes\class-inbound-organizer.php:159
authwp_ajax_inbound-organizer_render_message_detailsincludes\class-inbound-organizer.php:162
authwp_ajax_inbound-organizer_trash_messageincludes\class-inbound-organizer.php:165
authwp_ajax_inbound-organizer_save_message_notesincludes\class-inbound-organizer.php:168
authwp_ajax_inbound-organizer_save_layoutincludes\class-inbound-organizer.php:171
authwp_ajax_inbound-organizer_load_more_messagesincludes\class-inbound-organizer.php:174
authwp_ajax_inbound-organizer_refresh_messagesincludes\class-inbound-organizer.php:177
authwp_ajax_inbound-organizer_update_message_colorincludes\class-inbound-organizer.php:180
authwp_ajax_inbound-organizer_add_messagesincludes\class-inbound-organizer.php:183
WordPress Hooks 15
filterflamingo_add_inboundadmin\class-inbound-organizer-plugins.php:502
actioncfdb7_after_save_dataadmin\class-inbound-organizer-plugins.php:506
actionfluentform/submission_insertedadmin\class-inbound-organizer-plugins.php:510
actiongform_after_submissionadmin\class-inbound-organizer-plugins.php:516
actionfrm_after_create_entryadmin\class-inbound-organizer-plugins.php:522
actionforminator_form_after_save_entryadmin\class-inbound-organizer-plugins.php:528
actionforminator_form_after_handle_submitadmin\class-inbound-organizer-plugins.php:534
actionninja_forms_after_submissionadmin\class-inbound-organizer-plugins.php:543
actioninitincludes\class-inbound-organizer.php:130
actionplugins_loadedincludes\class-inbound-organizer.php:146
actioninitincludes\class-inbound-organizer.php:149
actionadmin_enqueue_scriptsincludes\class-inbound-organizer.php:152
actionadmin_enqueue_scriptsincludes\class-inbound-organizer.php:153
actionadmin_menuincludes\class-inbound-organizer.php:156
actionadmin_initincludes\class-inbound-organizer.php:186
Maintenance & Trust

Inbound Organizer Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedNov 14, 2025
PHP min version8.0
Downloads518

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Inbound Organizer Alternatives

WP Contact Slider – Contact Form Slider Widget

WP Contact Slider – Contact Form Slider Widget

wp-contact-slider

A
99

Helps you to show slide out contact form to display CF7, Gravity forms, Ninja Forms, WP Forms, display random text/HTML and support some other forms.

10K 2 CVEs
Autopreenchimento de endereço em formulários

Autopreenchimento de endereço em formulários

cf7-cep-autofill

A
92

Preenchimento automático de campos de endereço baseado no CEP informado.

1K No CVEs
Proweblook Phone Validator

Proweblook Phone Validator

proweblook-phone-validator

A
92

With the Proweblook Phone Validator plugin you can easily verify if a phone number is really valid and callable (https://proweblook.com).

0 No CVEs
WPGContacts

WPGContacts

wpgcontacts

A
85

Send your Contact Form 7 data directly to your Google Contacts spreadsheet.

0 No CVEs
Gravity PDF

Gravity PDF

gravity-forms-pdf-extended

A
100

Automatically generate, email and download PDF documents from Gravity Forms entries

20K 1 CVE
Developer Profile

Inbound Organizer Developer Profile

robinlopulalan

4 plugins · 60 total installs

91
trust score
Avg Security Score
96/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Inbound Organizer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/inbound-organizer/admin/css/inbound-organizer-admin.css/wp-content/plugins/inbound-organizer/admin/js/inbound-organizer-admin.js
Script Paths
/wp-content/plugins/inbound-organizer/admin/js/inbound-organizer-admin.js
Version Parameters
inbound-organizer-admin.css?ver=inbound-organizer-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
inborg-grayinborg-redinborg-greeninborg-blueinborg-whiteinborg-brown
HTML Comments
<!-- If this file is called directly, abort. --><!-- The ID of this plugin. --><!-- The current version of this plugin. --><!-- The post type to store data about form submissions. -->+16 more
Data Attributes
data-plugin_namedata-versiondata-post_typedata-spam_statusdata-tracking_statusesdata-posts_per_page+2 more
FAQ

Frequently Asked Questions about Inbound Organizer