WP-Safety

Dynamics 365 Integration Security & Risk Analysis

wordpress.org/plugins/integration-dynamics

The easiest way to connect Dynamics 365 or Dynamics CRM with WordPress.

600 active installs v1.4 PHP 8.2+ WP 6.1+ Updated Dec 26, 2024
contact-formcrmdynamics-365dynamics-crmform
86
A · Safe
CVEs total6
Unpatched0
Last CVEJan 3, 2025
Plugin page Download
Safety Verdict

Is Dynamics 365 Integration Safe to Use in 2026?

Generally Safe

Score 86/100

Dynamics 365 Integration has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

6 known CVEsLast CVE: Jan 3, 2025Updated 1yr ago
Risk Assessment

The "integration-dynamics" plugin v1.4 exhibits a mixed security posture, with some good practices present alongside significant areas of concern. The plugin's static analysis reveals a large attack surface, with 18 out of 19 entry points lacking authentication checks. This is a critical weakness that could allow unauthorized users to trigger plugin functionality. Furthermore, the presence of the `unserialize` function is a red flag, as it can be exploited for Remote Code Execution if user-controlled data is passed to it without proper sanitization. While a significant portion of SQL queries use prepared statements and some nonce/capability checks are in place, the overwhelming number of unprotected AJAX handlers poses an immediate and severe risk.

The vulnerability history is also concerning, with a total of 6 known CVEs, including one critical vulnerability. The types of past vulnerabilities, such as Improper Neutralization of Special Elements Used in a Template Engine and Missing Authorization, align with the static analysis findings of unprotected entry points and potential code injection vectors. The fact that the last vulnerability was in 2025, even if it's marked as 'unpatched' (which is contradictory, but we'll assume it means it exists and may not be fixed in this version), indicates a recurring pattern of security weaknesses. The plugin shows strengths in its use of prepared statements for SQL and some output escaping, but these are overshadowed by the critical lack of authorization and the presence of dangerous functions.

Key Concerns

  • 18 unprotected AJAX handlers
  • Unsafe `unserialize` function used
  • 1 critical CVE in history
  • 5 medium CVEs in history
  • 50% of outputs not properly escaped
  • 2 unsanitized taint flows
Vulnerabilities
6 published

Dynamics 365 Integration Security Vulnerabilities

CVEs by Year

4 CVEs in 2023
2023
1 CVE in 2024
2024
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Critical
1
Medium
5

6 total CVEs

CVE-2024-12583critical · 9.9Improper Neutralization of Special Elements Used in a Template Engine

Dynamics 365 Integration <= 1.3.23 - Authenticated (Contributor+) Remote Code Execution and Arbitrary File Read via Twig Server-Side Template Injection

Jan 3, 2025 Patched in 1.3.24 (1d)
CVE-2024-34550medium · 5.3Insertion of Sensitive Information into Log File

Dynamics 365 Integration <= 1.3.17 - Unauthenticated Sensitive Information Exposure

May 7, 2024 Patched in 1.3.18 (9d)
CVE-2023-29422medium · 4.3Missing Authorization

Dynamics 365 Integration <= 1.3.13 - Missing Authorization via init

Apr 6, 2023 Patched in 1.3.14 (292d)
CVE-2023-28417medium · 5.4Missing Authorization

Dynamics 365 Integration <= 1.3.12 - Missing Authorization via wp_ajax_wpcrm_log & wp_ajax_wpcrm_log_verbosity

Mar 15, 2023 Patched in 1.3.13 (314d)
WF-98e0d103-2369-4c6a-93ae-6be2a1770bae-integration-dynamicsmedium · 4.3Cross-Site Request Forgery (CSRF)

Dynamics 365 Integration <= 1.3.12 - Cross-Site Request Forgery via wp_ajax_wpcrm_log_verbosity

Mar 14, 2023 Patched in 1.3.13 (315d)
WF-7945110e-2a9d-4e0e-b0e8-77c16694993b-integration-dynamicsmedium · 4.3Cross-Site Request Forgery (CSRF)

Dynamics 365 Integration <= 1.3.12 - Cross-Site Request Forgery via wp_ajax_wpcrm_log

Mar 13, 2023 Patched in 1.3.13 (316d)
Version History

Dynamics 365 Integration Release Timeline

v1.4Current
v1.3.24
v1.3.231 CVE
CVE-2024-12583
v1.3.221 CVE
CVE-2024-12583
v1.3.211 CVE
CVE-2024-12583
v1.3.201 CVE
CVE-2024-12583
Code Analysis
Analyzed Mar 16, 2026

Dynamics 365 Integration Code Analysis

Dangerous Functions
1
Raw SQL Queries
1
8 prepared
Unescaped Output
133
131 escaped
Nonce Checks
5
Capability Checks
4
File Operations
34
External Requests
1
Bundled Libraries
0

Dangerous Functions Found

unserialize$value = unserialize( $rawContents );src\PersistentStorage.php:53

SQL Query Safety

89% prepared9 total queries

Output Escaping

50% escaped264 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
processAjaxForm (src\Shortcode\Form.php:33)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
18 unprotected

Dynamics 365 Integration Attack Surface

Entry Points19
Unprotected18

AJAX Handlers 18

authwp_ajax_wpcrm_log_verbositycore.php:146
authwp_ajax_wpcrm_logcore.php:162
authwp_ajax_retrieve_entity_keyssrc\Admin\Metabox\DataBinding.php:23
noprivwp_ajax_retrieve_entity_keyssrc\Admin\Metabox\DataBinding.php:24
authwp_ajax_wpcrm_sw_resultsrc\Admin\Metabox\ShortcodeWizard.php:36
authwp_ajax_wpcrm_sw_fieldsrc\Admin\Metabox\ShortcodeWizard.php:37
authwp_ajax_msdyncrm_attachmentsrc\AnnotationPusher.php:16
noprivwp_ajax_msdyncrm_attachmentsrc\AnnotationPusher.php:17
authwp_ajax_msdyncrm_imagesrc\Image\AnnotationImage.php:34
noprivwp_ajax_msdyncrm_imagesrc\Image\AnnotationImage.php:35
authwp_ajax_msdyncrm_custom_imagesrc\Image\CustomImage.php:17
noprivwp_ajax_msdyncrm_custom_imagesrc\Image\CustomImage.php:18
authwp_ajax_retrieve_lookup_requestsrc\LookupDialog.php:35
authwp_ajax_search_lookup_requestsrc\LookupDialog.php:36
noprivwp_ajax_retrieve_lookup_requestsrc\LookupDialog.php:37
noprivwp_ajax_search_lookup_requestsrc\LookupDialog.php:38
authwp_ajax_wordpresscrm_ajax_formsrc\Shortcode\Form.php:26
noprivwp_ajax_wordpresscrm_ajax_formsrc\Shortcode\Form.php:27

Shortcodes 1

[msdyncrm_form] src\Shortcode\Form.php:24
WordPress Hooks 26
actionwordpresscrm_sw_registercore.php:12
actionwordpresscrm_sw_registercore.php:100
filterno_texturize_shortcodescore.php:208
filterpre_handle_404core.php:214
filteroption_msdyncrm_optionscore.php:238
filterpre_update_option_msdyncrm_optionscore.php:250
actionadmin_noticescore.php:269
actionadmin_noticesintegration-dynamics.php:32
actionadmin_noticesintegration-dynamics.php:89
actionadmin_noticesintegration-dynamics.php:110
actionadd_meta_boxessrc\Admin\Metabox\DataBinding.php:20
actionsave_postsrc\Admin\Metabox\DataBinding.php:21
actionadd_meta_boxessrc\Admin\Metabox\ShortcodeWizard.php:25
actionadmin_enqueue_scriptssrc\Admin\Metabox\ShortcodeWizard.php:26
actionadmin_menusrc\Admin.php:51
actionadmin_noticessrc\Admin.php:53
filterwordpresscrm_view_entitiessrc\FetchXML.php:166
filterwordpresscrm_view_entitiessrc\FetchXML.php:252
filterwordpresscrm_view_entitiessrc\FetchXML.php:261
actionwp_enqueue_scriptssrc\FrontendScripts.php:30
actionwp_print_scriptssrc\FrontendScripts.php:31
actionafter_setup_themesrc\Plugin.php:159
filterplugin_action_linkssrc\Plugin.php:249
actionwordpresscrm_after_form_endsrc\Shortcode\Form\FormInstance.php:414
actionwp_footersrc\Shortcode\Form\FormInstance.php:421
filterwordpresscrm_view_images_booleansrc\Shortcode\View.php:34
Maintenance & Trust

Dynamics 365 Integration Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedDec 26, 2024
PHP min version8.2
Downloads56K

Community Trust

Rating94/100
Number of ratings13
Active installs600
Alternatives

Dynamics 365 Integration Alternatives

WP Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms

WP Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms

cf7-dynamics-crm

A
99

Send Contact Form 7, WPForms, Elementor, Ninja Forms, CRM Perks Forms and many other contact form submissions to dynamics crm Online.

300 1 CVE
Dataverse Integration

Dataverse Integration

integration-cds

A
98

The easiest way to integrate WordPress with Dynamics 365, Dataverse, Power Apps, or Dynamics CRM.

100 1 CVE
Integrate Dynamics 365 CRM

Integrate Dynamics 365 CRM

integrate-dynamics-365-crm

A
98

Sync form data to create leads, contacts in Dynamics 365. Bi-directional sync WooCommerce orders, products, refunds with Dynamics 365 CRM & Busine &hellip;

80 2 CVEs
AFI – The Easiest Integration Plugin

AFI – The Easiest Integration Plugin

advanced-form-integration

A
95

Connect any WordPress form or event to 200+ apps — no code. Send leads, orders, and signups to your CRM, email, or sheets in minutes.

10K 9 CVEs
Lenix Leads Collector

Lenix Leads Collector

lenix-elementor-leads-addon

A
98

Leads Collector, Collects forms entries from Elementor,Cf7,WPForms and more with export to CSV.

10K 1 CVE
Developer Profile

Dynamics 365 Integration Developer Profile

alexacrm

2 plugins · 700 total installs

73
trust score
Avg Security Score
92/100
Avg Patch Time
178 days
View full developer profile
Detection Fingerprints

How We Detect Dynamics 365 Integration

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/integration-dynamics/assets/css/custom-editor-style.css/wp-content/plugins/integration-dynamics/assets/css/metabox.css/wp-content/plugins/integration-dynamics/assets/js/admin/custom-editor-style.js/wp-content/plugins/integration-dynamics/assets/js/admin/metabox.js/wp-content/plugins/integration-dynamics/assets/js/admin/metabox-wizard.js/wp-content/plugins/integration-dynamics/assets/js/admin/metabox-wizard-field.js/wp-content/plugins/integration-dynamics/assets/js/admin/metabox-wizard-result.js/wp-content/plugins/integration-dynamics/assets/js/metabox.js
Script Paths
/wp-content/plugins/integration-dynamics/assets/js/admin/metabox-wizard.js/wp-content/plugins/integration-dynamics/assets/js/admin/metabox-wizard-field.js/wp-content/plugins/integration-dynamics/assets/js/admin/metabox-wizard-result.js
Version Parameters
integration-dynamics/assets/css/custom-editor-style.css?ver=integration-dynamics/assets/css/metabox.css?ver=integration-dynamics/assets/js/admin/custom-editor-style.js?ver=integration-dynamics/assets/js/admin/metabox.js?ver=integration-dynamics/assets/js/admin/metabox-wizard.js?ver=integration-dynamics/assets/js/admin/metabox-wizard-field.js?ver=integration-dynamics/assets/js/admin/metabox-wizard-result.js?ver=integration-dynamics/assets/js/metabox.js?ver=

HTML / DOM Fingerprints

CSS Classes
wpcrm_metabox_wizard_loaderwpcrm_metabox_wizard_errorwpcrm_metabox_wizard_error_message
HTML Comments
<!-- Metabox Wizard Start --><!-- Metabox Wizard End --><!-- Shortcode Wizard for the WordPress Post edit screen -->
JS Globals
wpcrm_sw_params
REST Endpoints
/wp-json/wpcrm-sw/v1/results/wp-json/wpcrm-sw/v1/fields
FAQ

Frequently Asked Questions about Dynamics 365 Integration