Intent Box Security & Risk Analysis

wordpress.org/plugins/intent-box

Convert your visitors with the right calls-to-action, at the right time.

0 active installs v1.0 PHP + WP 4.6+ Updated Oct 14, 2017
boxctaintentboxleadspopup
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is Intent Box Safe to Use in 2026?

Generally Safe

Score 85/100

Intent Box has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago
Risk Assessment

The "intent-box" plugin v1.0 exhibits a generally good security posture in several key areas. The absence of any recorded vulnerabilities, including CVEs, is a significant positive indicator. Furthermore, the plugin correctly utilizes prepared statements for all its SQL queries and has no file operations or external HTTP requests, which are common vectors for attacks. The static analysis shows a limited attack surface with no direct unprotected entry points found. However, there are notable areas of concern that detract from an otherwise positive assessment. A substantial portion of the output (71%) is not properly escaped, creating a potential risk of Cross-Site Scripting (XSS) vulnerabilities. Additionally, the complete lack of nonce checks and capability checks across all entry points is a critical oversight. While no taint flows were identified in the static analysis, the absence of these fundamental security measures means that even minor deviations in code or introduction of new functionalities could easily lead to serious vulnerabilities.

Key Concerns

  • Significant amount of unescaped output
  • Missing nonce checks on entry points
  • Missing capability checks on entry points
Vulnerabilities
None known

Intent Box Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Intent Box Release Timeline

v1.0Current
Code Analysis
Analyzed Mar 17, 2026

Intent Box Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
10
4 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

29% escaped14 total outputs
Attack Surface

Intent Box Attack Surface

Entry Points2
Unprotected0

Shortcodes 2

[intentbox] intent-box\intent-box.php:178
[intentbox] intent-box.php:178
WordPress Hooks 12
actioninitintent-box\intent-box.php:56
actionwp_headintent-box\intent-box.php:112
actionwp_footerintent-box\intent-box.php:114
actioninitintent-box\intent-box.php:116
actionadmin_menuintent-box\intent-box.php:125
actionadmin_initintent-box\intent-box.php:137
actioninitintent-box.php:56
actionwp_headintent-box.php:112
actionwp_footerintent-box.php:114
actioninitintent-box.php:116
actionadmin_menuintent-box.php:125
actionadmin_initintent-box.php:137
Maintenance & Trust

Intent Box Maintenance & Trust

Maintenance Signals

WordPress version tested4.7.33
Last updatedOct 14, 2017
PHP min version
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs0
Developer Profile

Intent Box Developer Profile

Intent Box

1 plugin · 0 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Intent Box

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

HTML Comments
// Rendered by Intent Box // http://wordpress.org/plugins/intent-box/// Rendered by Intent Box // http://wordpress.org/plugins/intent-box/
Data Attributes
id="header-scripts-input" name="intentbox_settings[header_scripts_input]"name="intentbox_settings[intentbox_credit]"
JS Globals
window.IntentBox
Shortcode Output
<script type="text/javascript"> IntentBox.show('<?php echo $a['code'] ?> ') </script>
FAQ

Frequently Asked Questions about Intent Box