Does Lead Captor have any unpatched vulnerabilities?

No. All known vulnerabilities in Lead Captor have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Lead Captor compatible with WordPress 4.8.28?

According to WordPress.org data, Lead Captor 1.1.1 has been tested up to WordPress 4.8.28. Check the plugin's changelog for the latest compatibility information.

How often is Lead Captor updated?

Lead Captor was last updated on Sep 15, 2017. Frequent updates are generally a positive security signal.

What is Lead Captor's security score?

Lead Captor has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Lead Captor Security & Risk Analysis

wordpress.org/plugins/lead-captor

Attractive popup forms on exit intent to convert visitors into subscribers.

10 active installs v1.1.1 PHP + WP 3.0.1+ Updated Sep 15, 2017

exit-intentlead-captureoptinpopup-formssubscribe-forms

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Lead Captor Safe to Use in 2026?

Generally Safe

Score 85/100

Lead Captor has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago

Risk Assessment

The lead-captor v1.1.1 plugin exhibits a mixed security posture. On the positive side, it shows strong adherence to secure coding practices regarding SQL queries, utilizing prepared statements exclusively, and boasts a high percentage of properly escaped output. Furthermore, the absence of known vulnerabilities (CVEs) and critical taint analysis findings suggests a generally well-maintained codebase. However, a significant concern arises from the plugin's attack surface. With 4 AJAX handlers identified, all of which lack authentication checks, there's a substantial risk of unauthorized execution of potentially sensitive operations if these handlers are accessible to unauthenticated users. The presence of nonce checks and capability checks on only 2 of the 4 AJAX handlers further exacerbates this, indicating potential gaps in securing these entry points.

Key Concerns

AJAX handlers without authentication checks
Incomplete nonce checks on AJAX handlers
Incomplete capability checks on AJAX handlers

Vulnerabilities

None known

Lead Captor Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Lead Captor Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

170 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

93% escaped183 total outputs

Attack Surface

4 unprotected

Lead Captor Attack Surface

Entry Points4

Unprotected4

AJAX Handlers 4

noprivwp_ajax_lead_captor_save_subscriberincludes\class-lead-captor.php:322

authwp_ajax_lead_captor_save_subscriberincludes\class-lead-captor.php:323

noprivwp_ajax_lead_captor_save_subscriberlead-captor\includes\class-lead-captor.php:317

authwp_ajax_lead_captor_save_subscriberlead-captor\includes\class-lead-captor.php:318

WordPress Hooks 20

actionplugins_loadedincludes\class-lead-captor.php:279

actionadmin_enqueue_scriptsincludes\class-lead-captor.php:294

actionadmin_enqueue_scriptsincludes\class-lead-captor.php:295

actionadmin_menuincludes\class-lead-captor.php:296

actionadmin_initincludes\class-lead-captor.php:297

actioninitincludes\class-lead-captor.php:298

actionadmin_initincludes\class-lead-captor.php:300

actionwp_enqueue_scriptsincludes\class-lead-captor.php:319

actionwp_enqueue_scriptsincludes\class-lead-captor.php:320

actionwp_footerincludes\class-lead-captor.php:321

actionplugins_loadedlead-captor\includes\class-lead-captor.php:274

actionadmin_enqueue_scriptslead-captor\includes\class-lead-captor.php:289

actionadmin_enqueue_scriptslead-captor\includes\class-lead-captor.php:290

actionadmin_menulead-captor\includes\class-lead-captor.php:291

actionadmin_initlead-captor\includes\class-lead-captor.php:292

actioninitlead-captor\includes\class-lead-captor.php:293

actionadmin_initlead-captor\includes\class-lead-captor.php:295

actionwp_enqueue_scriptslead-captor\includes\class-lead-captor.php:314

actionwp_enqueue_scriptslead-captor\includes\class-lead-captor.php:315

actionwp_footerlead-captor\includes\class-lead-captor.php:316

Maintenance & Trust

Lead Captor Maintenance & Trust

Maintenance Signals

WordPress version tested4.8.28

Last updatedSep 15, 2017

PHP min version

Downloads3K

Community Trust

Rating40/100

Number of ratings1

Active installs10

Alternatives

Lead Captor Alternatives

Icegram Engage – Popups, Optins, CTAs & lot more…

icegram

Create popups, opt-in forms, and call-to-action messages to capture leads and engage visitors on your WordPress site.

20K 18 CVEs

Smart Popup by Supsystic

popup-by-supsystic

Create targeted popups for lead capture, event notifications, announcements, and promotions — shown at the right time without disrupting your visitors …

10K 8 CVEs

Optinly – Exit Intent, Newsletter Popups, Gamification & Opt-in Forms

optinly

Capture more leads & increase conversions with Optinly. Use 75+ templates and advanced triggering options to create highly converting popup campaigns!

900 3 CVEs

Elegant Subscription Popup

elegant-subscription-popup

Elegant Subscription Popup is the most popular lead capturing wordpress plugin (7000+ downloads) that helps to convert your visitors to subscribers, t …

70 No CVEs

ProProfs Picreel – Popup Builder for Lead Capture & Conversion

proprofs-picreel

100

Convert visitors into leads with smart popups, precise targeting, and 700+ integrations — all without coding.

0 No CVEs

Developer Profile

Lead Captor Developer Profile

Quema Labs

4 plugins · 230 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Lead Captor

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/lead-captor/public/css/lead-captor-public.css/wp-content/plugins/lead-captor/admin/css/flickity.css/wp-content/plugins/lead-captor/admin/css/lead-captor-admin.css/wp-content/plugins/lead-captor/admin/js/imagesloaded.pkgd.min.js/wp-content/plugins/lead-captor/admin/js/flickity.pkgd.min.js/wp-content/plugins/lead-captor/admin/js/lead-captor-admin.js

Script Paths

/wp-content/plugins/lead-captor/admin/js/imagesloaded.pkgd.min.js/wp-content/plugins/lead-captor/admin/js/flickity.pkgd.min.js/wp-content/plugins/lead-captor/admin/js/lead-captor-admin.js

Version Parameters

lead-captor/public/css/lead-captor-public.css?ver=lead-captor/admin/css/flickity.css?ver=lead-captor/admin/css/lead-captor-admin.css?ver=lead-captor/admin/js/imagesloaded.pkgd.min.js?ver=lead-captor/admin/js/flickity.pkgd.min.js?ver=lead-captor/admin/js/lead-captor-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

lead-captor-content

Data Attributes

data-lead-captor-templatedata-lead-captor-popup-image

JS Globals

lead_captor_js_var

FAQ