Does Keap Official Opt-in Forms have any unpatched vulnerabilities?

Yes — Keap Official Opt-in Forms currently has 2 unpatched vulnerabilities. We recommend switching to an alternative or applying any available workarounds.

Is Keap Official Opt-in Forms compatible with WordPress 6.7.5?

According to WordPress.org data, Keap Official Opt-in Forms 2.0.3 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is Keap Official Opt-in Forms compatible with PHP 8.0+?

Keap Official Opt-in Forms requires PHP 8.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Keap Official Opt-in Forms updated?

Keap Official Opt-in Forms was last updated on Mar 31, 2025. Frequent updates are generally a positive security signal.

What is Keap Official Opt-in Forms's security score?

Keap Official Opt-in Forms has a WP-Safety security score of 43/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Keap Official Opt-in Forms Security & Risk Analysis

wordpress.org/plugins/infusionsoft-official-opt-in-forms

Build your email subscriber list from visitors to your WordPress website with Keap's Official Opt-in Forms plugin.

1K active installs v2.0.3 PHP 8.0+ WP 6.0+ Updated Mar 31, 2025

infusionsoftkeapkeap-apikeap-wordpresswordpress-popup-plugin

D · High Risk

CVEs total4

Unpatched2

Last CVEFeb 17, 2025

Plugin page Download

Safety Verdict

Is Keap Official Opt-in Forms Safe to Use in 2026?

High Risk

Score 43/100

Keap Official Opt-in Forms carries significant security risk with 4 known CVEs, 2 still unpatched. Consider switching to a maintained alternative.

4 known CVEs 2 unpatched Last CVE: Feb 17, 2025Updated 1yr ago

Risk Assessment

The "infusionsoft-official-opt-in-forms" plugin v2.0.3 exhibits a mixed security posture. While it demonstrates good practices like a high percentage of prepared SQL statements and a significant number of nonce checks, several concerning areas are present. The presence of 32 AJAX handlers with 2 lacking authentication checks is a significant risk, potentially allowing unauthorized actions. Additionally, the taint analysis reveals 2 flows with unsanitized paths, which, while not classified as critical or high severity in this specific scan, represent a potential for path traversal vulnerabilities. The plugin's vulnerability history is a major red flag, with 4 known CVEs, including 1 critical and 3 medium severity. The fact that 2 CVEs remain unpatched is particularly alarming, indicating ongoing security risks. The recurring types of vulnerabilities (Path Traversal and XSS) suggest a pattern of insecure input handling that has not been fully remediated over time. In conclusion, the plugin has areas of robust security implementation but is severely undermined by unpatched critical vulnerabilities and exploitable attack surface elements.

Key Concerns

Unpatched Critical CVE
Unpatched Medium CVE
Unpatched Medium CVE
Unpatched Medium CVE
AJAX handlers without auth checks
Flows with unsanitized paths
SQL queries without prepared statements
Outputs with improper escaping

Vulnerabilities

Keap Official Opt-in Forms Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

2 CVEs in 2024 · unpatched

2024

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Critical

Medium

4 total CVEs

CVE-2024-13725critical · 9.8Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Keap Official Opt-in Forms <= 2.0.1 - Unauthenticated Limited Local File Inclusion

Feb 17, 2025 Patched in 2.0.2 (46d)

CVE-2024-47642medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Keap Official Opt-in Forms <= 2.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Sep 30, 2024Unpatched

CVE-2023-52192medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Keap Official Opt-in Forms <= 2.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jan 3, 2024Unpatched

CVE-2023-6941medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Keap Official Opt-in Forms <= 1.0.11 - Authenticated (Admin+) Stored Cross-Site Scripting

Dec 21, 2023 Patched in 1.0.12 (196d)

Code Analysis

Analyzed Mar 16, 2026

Keap Official Opt-in Forms Code Analysis

Dangerous Functions

Raw SQL Queries

13 prepared

Unescaped Output

117

427 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

TinyMCE

SQL Query Safety

76% prepared17 total queries

Output Escaping

78% escaped544 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

6 flows2 with unsanitized paths

generate_modal_warning (dashboard\dashboard.php:236)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Keap Official Opt-in Forms Attack Surface

Entry Points35

Unprotected2

AJAX Handlers 32

authwp_ajax_inf_dashboard_generate_warningdashboard\dashboard.php:48

authwp_ajax_inf_dashboard_execute_live_searchdashboard\dashboard.php:49

authwp_ajax_infusionsoft_reset_options_pageinfusionsoft.php:101

authwp_ajax_inf_infusionsoft_save_settingsinfusionsoft.php:104

authwp_ajax_infusionsoft_remove_optininfusionsoft.php:106

authwp_ajax_infusionsoft_duplicate_optininfusionsoft.php:107

authwp_ajax_infusionsoft_add_variantinfusionsoft.php:108

authwp_ajax_infusionsoft_toggle_optin_statusinfusionsoft.php:109

authwp_ajax_infusionsoft_pick_winner_optininfusionsoft.php:110

authwp_ajax_infusionsoft_display_previewinfusionsoft.php:111

authwp_ajax_infusionsoft_ab_test_actionsinfusionsoft.php:112

authwp_ajax_infusionsoft_get_premade_valuesinfusionsoft.php:114

authwp_ajax_infusionsoft_generate_template_filterinfusionsoft.php:115

authwp_ajax_infusionsoft_generate_premade_gridinfusionsoft.php:116

authwp_ajax_infusionsoft_home_tab_tablesinfusionsoft.php:120

authwp_ajax_infusionsoft_refresh_accounts_headerinfusionsoft.php:122

authwp_ajax_infusionsoft_authorize_accountinfusionsoft.php:126

authwp_ajax_infusionsoft_reset_accounts_tableinfusionsoft.php:128

authwp_ajax_infusionsoft_generate_mailing_listsinfusionsoft.php:130

authwp_ajax_infusionsoft_generate_new_account_fieldsinfusionsoft.php:132

authwp_ajax_infusionsoft_generate_accounts_listinfusionsoft.php:134

authwp_ajax_infusionsoft_generate_edit_account_pageinfusionsoft.php:136

authwp_ajax_infusionsoft_save_account_tabinfusionsoft.php:138

authwp_ajax_infusionsoft_get_stats_graph_ajaxinfusionsoft.php:142

authwp_ajax_infusionsoft_refresh_optins_stats_tableinfusionsoft.php:144

authwp_ajax_infusionsoft_reset_statsinfusionsoft.php:146

authwp_ajax_infusionsoft_clear_statsinfusionsoft.php:150

authwp_ajax_infusionsoft_clear_stats_single_optininfusionsoft.php:151

authwp_ajax_infusionsoft_handle_stats_addinginfusionsoft.php:156

noprivwp_ajax_infusionsoft_handle_stats_addinginfusionsoft.php:157

authwp_ajax_infusionsoft_subscribeinfusionsoft.php:159

noprivwp_ajax_infusionsoft_subscribeinfusionsoft.php:160

Shortcodes 3

[infusionsoft_on_click_intent] includes\infusionsoft_functions.php:15

[inf_infusionsoft_inline] infusionsoft.php:166

[inf_infusionsoft_locked] infusionsoft.php:167

WordPress Hooks 40

actionadmin_initdashboard\dashboard.php:50

actionadmin_enqueue_scriptsdashboard\dashboard.php:51

actionadmin_initdashboard\dashboard.php:52

actionadmin_initdashboard\dashboard.php:53

actionwp_enqueue_scriptsincludes\ext\infusionsoft_infusionbar\class.infusionsoft_infusionbar.php:6

actionadmin_initincludes\ext\infusionsoft_infusionbar\class.infusionsoft_infusionbar.php:7

actionadmin_menuinfusionsoft.php:59

actionplugins_loadedinfusionsoft.php:61

actionadmin_initinfusionsoft.php:63

filterinf_infusionsoft_import_sub_arrayinfusionsoft.php:65

filterinf_infusionsoft_import_arrayinfusionsoft.php:66

filterinf_infusionsoft_export_excludeinfusionsoft.php:67

filterinf_infusionsoft_save_button_classinfusionsoft.php:68

actioninf_infusionsoft_after_header_optionsinfusionsoft.php:71

actioninf_infusionsoft_after_main_optionsinfusionsoft.php:73

actionadmin_enqueue_scriptsinfusionsoft.php:94

actionwp_enqueue_scriptsinfusionsoft.php:96

actioninf_infusionsoft_after_save_buttoninfusionsoft.php:105

actionwidgets_initinfusionsoft.php:162

actionafter_setup_themeinfusionsoft.php:164

filterbody_classinfusionsoft.php:169

actionadmin_noticesinfusionsoft.php:173

actioninfusionsoft_stats_auto_refreshinfusionsoft.php:178

actionoptions_savedinfusionsoft.php:180

actionwp_headinfusionsoft.php:189

filtermce_external_pluginsinfusionsoft.php:371

filtermce_buttonsinfusionsoft.php:372

filteradmin_body_classinfusionsoft.php:1999

actionwp_headinfusionsoft.php:4209

actionwp_footerinfusionsoft.php:4224

filtercomment_post_redirectinfusionsoft.php:4229

actionwoocommerce_thankyouinfusionsoft.php:4234

actionwp_footerinfusionsoft.php:4243

filtercomment_post_redirectinfusionsoft.php:4248

actionwoocommerce_thankyouinfusionsoft.php:4253

filterthe_contentinfusionsoft.php:4262

actionwoocommerce_after_single_product_summaryinfusionsoft.php:4263

actionwp_headinfusionsoft.php:4272

filterthe_contentinfusionsoft.php:4284

filteradmin_footer_textinfusionsoft.php:4296

Scheduled Events 2

infusionsoft_lists_auto_refresh

infusionsoft_stats_auto_refresh

Maintenance & Trust

Keap Official Opt-in Forms Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedMar 31, 2025

PHP min version8.0

Downloads54K

Community Trust

Rating38/100

Number of ratings14

Active installs1K

Alternatives

Keap Official Opt-in Forms Alternatives

WP Gravity Forms Keap/Infusionsoft

gf-infusionsoft

Gravity Forms Keap/infusionsoft Add-on sends Gravity Forms entries to infusionsoft/Keap CRM.

300 3 CVEs

Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms

cf7-infusionsoft

100

Send Contact Form 7, WPForms, Elementor, Ninja Forms, Contact Form Entries Plugin and many other contact form submissions to infusionsoft/Keap.

200 1 CVE

Gravity Forms Keap Feed

systasis-gf-infusionsoft-feed

100

Sync form submissions between Gravity Forms and Keap

100 No CVEs

WP Keap/Infusionsoft WooCommerce Plugin

wp-infusionsoft-woocommerce

100

Keap/Infusionsoft WooCommerce Plugin allows you to quickly integrate WooCommerce Orders with Keap/Infusionsoft.

40 1 CVE

Slick Popup: Contact Form 7 Popup Plugin

slick-popup

A lightweight plugin that converts a Contact Form 7 form into a customizable pop-up form which is slick, beautiful and responsive to different screen …

2K 2 CVEs

Developer Profile

Keap Official Opt-in Forms Developer Profile

Keap

1 plugin · 1K total installs

trust score

Avg Security Score

43/100

Avg Patch Time

121 days

View full developer profile

Detection Fingerprints

How We Detect Keap Official Opt-in Forms

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/infusionsoft-official-opt-in-forms/dashboard/css/dashboard.css/wp-content/plugins/infusionsoft-official-opt-in-forms/dashboard/css/font-awesome.min.css/wp-content/plugins/infusionsoft-official-opt-in-forms/dashboard/js/dashboard.js/wp-content/plugins/infusionsoft-official-opt-in-forms/dashboard/js/form.js/wp-content/plugins/infusionsoft-official-opt-in-forms/dashboard/js/form_builder.js/wp-content/plugins/infusionsoft-official-opt-in-forms/dashboard/js/infusionsoft.js/wp-content/plugins/infusionsoft-official-opt-in-forms/dashboard/js/tinymce.js/wp-content/plugins/infusionsoft-official-opt-in-forms/includes/css/infusionsoft-forms.css+5 more

Script Paths

/wp-content/plugins/infusionsoft-official-opt-in-forms/dashboard/js/dashboard.js/wp-content/plugins/infusionsoft-official-opt-in-forms/dashboard/js/form.js/wp-content/plugins/infusionsoft-official-opt-in-forms/dashboard/js/form_builder.js/wp-content/plugins/infusionsoft-official-opt-in-forms/dashboard/js/infusionsoft.js/wp-content/plugins/infusionsoft-official-opt-in-forms/dashboard/js/tinymce.js/wp-content/plugins/infusionsoft-official-opt-in-forms/includes/js/infusionsoft-forms.js+2 more

Version Parameters

infusionsoft-official-opt-in-forms/dashboard/css/dashboard.css?ver=infusionsoft-official-opt-in-forms/dashboard/css/font-awesome.min.css?ver=infusionsoft-official-opt-in-forms/dashboard/js/dashboard.js?ver=infusionsoft-official-opt-in-forms/dashboard/js/form.js?ver=infusionsoft-official-opt-in-forms/dashboard/js/form_builder.js?ver=infusionsoft-official-opt-in-forms/dashboard/js/infusionsoft.js?ver=infusionsoft-official-opt-in-forms/dashboard/js/tinymce.js?ver=infusionsoft-official-opt-in-forms/includes/css/infusionsoft-forms.css?ver=infusionsoft-official-opt-in-forms/includes/css/infusionsoft-optin.css?ver=infusionsoft-official-opt-in-forms/includes/js/infusionsoft-forms.js?ver=infusionsoft-official-opt-in-forms/includes/js/infusionsoft-optin.js?ver=infusionsoft-official-opt-in-forms/optin-forms/css/style.css?ver=infusionsoft-official-opt-in-forms/optin-forms/js/script.js?ver=

HTML / DOM Fingerprints

CSS Classes

inf_infusionsoft_optionsinf_dashboard_contentinf_dashboard_sidebarinf_infusionsoft_dashboard_wrapperinf_optin_form_builderinfusionsoft_optin_forminfusionsoft-form-containerinfusionsoft-optin-form-wrapper+1 more

HTML Comments

Data Attributes

data-inf-iddata-infusionsoft-formdata-inf-optin-id

JS Globals

infusionsoft_optsinf_infusionsoft_varsInfusionsoftFormBuilderInfusionsoftOptinForm

REST Endpoints

/wp-json/infusionsoft/v1/settings/wp-json/infusionsoft/v1/optins/wp-json/infusionsoft/v1/accounts

Shortcode Output

[inf_infusionsoft_inline][inf_infusionsoft_locked]

FAQ