Does Lead Generation Form have any unpatched vulnerabilities?

No. All known vulnerabilities in Lead Generation Form have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Lead Generation Form compatible with WordPress 6.9.4?

According to WordPress.org data, Lead Generation Form 1.0.9 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Lead Generation Form compatible with PHP 4.0+?

Lead Generation Form requires PHP 4.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Lead Generation Form updated?

Lead Generation Form was last updated on Dec 17, 2025. Frequent updates are generally a positive security signal.

What is Lead Generation Form's security score?

Lead Generation Form has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Lead Generation Form Security Review

Safety Verdict

Is Lead Generation Form Safe to Use in 2026?

Generally Safe

Score 100/100

Lead Generation Form has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago

Risk Assessment

The "lead-generation-form" v1.0.9 plugin exhibits a generally strong security posture based on the provided static analysis. It demonstrates good practices by utilizing prepared statements for all SQL queries and has a high percentage of properly escaped output. The absence of dangerous functions, file operations, and critical/high severity taint flows are positive indicators. The plugin also incorporates a reasonable number of nonce and capability checks, suggesting an effort to secure its entry points.

However, a closer look reveals some potential areas for improvement. While the attack surface is small and all entry points appear to have authentication checks, the presence of external HTTP requests without further context regarding their security implications warrants caution. The bundled DataTables library, version 2.0.8, could also be a point of concern if it's not actively maintained or if there are known vulnerabilities in this specific version or its dependencies.

The plugin's vulnerability history is currently empty, which is excellent. This suggests a history of responsible development or a lack of discovery of significant vulnerabilities to date. This positive track record, combined with the strong static analysis findings, paints a picture of a plugin that is likely secure for current use. Nevertheless, continuous monitoring and updates for bundled libraries remain crucial for long-term security.

Key Concerns

Bundled outdated library (DataTables v2.0.8)
External HTTP requests (2)

Vulnerabilities

None known

Lead Generation Form Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Lead Generation Form Code Analysis

Dangerous Functions

0

Raw SQL Queries

0

16 prepared

Unescaped Output

13

769 escaped

Nonce Checks

12

Capability Checks

6

File Operations

0

External Requests

2

Bundled Libraries

1

Bundled Libraries

DataTables2.0.8

SQL Query Safety

100% prepared16 total queries

Output Escaping

98% escaped782 total outputs

Data Flows

All sanitized

Data Flow Analysis

10 flows

<form-generator> (admin\form-generator.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Lead Generation Form Attack Surface

Entry Points7

Unprotected0

AJAX Handlers 5

authwp_ajax_wlgf_manage_form_actionlead-generation-form.php:295

authwp_ajax_wlgf_save_formlead-generation-form.php:361

authwp_ajax_wlgf_lead_loaderlead-generation-form.php:620

authwp_ajax_wlgf_import_exportlead-generation-form.php:779

authwp_ajax_wlgf_save_settingslead-generation-form.php:832

Shortcodes 2

[WLFG] includes\shortcode-ajax.php:6

[WLFG] includes\shortcode.php:6

WordPress Hooks 11

filterwp_handle_upload_prefilterincludes\shortcode-ajax.php:584

filterwp_handle_upload_prefilterincludes\shortcode-ajax.php:719

actionphpmailer_initincludes\shortcode-ajax.php:826

filterwp_handle_upload_prefilterincludes\shortcode.php:562

filterwp_handle_upload_prefilterincludes\shortcode.php:692

actionphpmailer_initincludes\shortcode.php:791

actionadmin_initlead-generation-form.php:97

actionplugins_loadedlead-generation-form.php:103

actionwp_enqueue_scriptslead-generation-form.php:126

actionadmin_enqueue_scriptslead-generation-form.php:147

actionadmin_menulead-generation-form.php:169

Maintenance & Trust

Lead Generation Form Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 17, 2025

PHP min version4.0

Downloads5K

Community Trust

Rating0/100

Number of ratings0

Active installs600

Alternatives

Lead Generation Form Alternatives

Ninja Forms – The Contact Form Builder That Grows With You

ninja-forms

B

76

The 100% beginner friendly WordPress form builder. Drag & drop form fields to build beautiful, professional contact forms in minutes.

600K 74 CVEs

Lead Form Builder & Contact Form

lead-form-builder

A

89

Fast Drag & Drop Contact From Builder and Lead Generation Tool With Google One Tap Login. Supports Block Editor.

10K 10 CVEs

WS Form LITE – Drag & Drop Contact Form Builder

ws-form

A

96

Contact form builder for WordPress. Create professional, accessible, mobile-friendly forms in minutes without coding.

10K 5 CVEs

FormFacade – Embed Google Forms in your website

formfacade

B

72

Embed Google Forms™ in your wordpress site

1K 1 unpatched

Contact Forms by Cimatti

contact-forms

A

91

Create and publish forms in your WordPress website with drag and drop. Contact forms, landing page forms, invitations, and more.

700 11 CVEs

Developer Profile

Lead Generation Form Developer Profile

FARAZFRANK

28 plugins · 47K total installs

79

trust score

Avg Security Score

100/100

Avg Patch Time

578 days

View full developer profile

Detection Fingerprints

How We Detect Lead Generation Form

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/lead-generation-form/admin/assets/formbuilder-master/js/form-builder.min.js/wp-content/plugins/lead-generation-form/admin/assets/datatables/datatables.min.js/wp-content/plugins/lead-generation-form/admin/assets/datatables/datatables.bootstrap5.min.js/wp-content/plugins/lead-generation-form/admin/assets/bootstrap-5.3.3/dist/js/popper.min.js/wp-content/plugins/lead-generation-form/admin/assets/bootstrap-5.3.3/dist/js/bootstrap.min.js/wp-content/plugins/lead-generation-form/admin/assets/bootstrap-5.3.3/dist/js/bootstrap.bundle.min.js/wp-content/plugins/lead-generation-form/admin/assets/fontawesome-free-6.4.2-web/css/all.min.css/wp-content/plugins/lead-generation-form/admin/assets/datatables/datatables.min.css+12 more

Script Paths

/wp-content/plugins/lead-generation-form/admin/assets/formbuilder-master/js/form-builder.min.js/wp-content/plugins/lead-generation-form/admin/assets/datatables/datatables.min.js/wp-content/plugins/lead-generation-form/admin/assets/datatables/datatables.bootstrap5.min.js/wp-content/plugins/lead-generation-form/admin/assets/bootstrap-5.3.3/dist/js/popper.min.js/wp-content/plugins/lead-generation-form/admin/assets/bootstrap-5.3.3/dist/js/bootstrap.min.js/wp-content/plugins/lead-generation-form/admin/assets/bootstrap-5.3.3/dist/js/bootstrap.bundle.min.js+7 more

Version Parameters

lead-generation-form/admin/assets/formbuilder-master/js/form-builder.min.js?ver=lead-generation-form/admin/assets/datatables/datatables.min.js?ver=lead-generation-form/admin/assets/datatables/datatables.bootstrap5.min.js?ver=lead-generation-form/admin/assets/bootstrap-5.3.3/dist/js/popper.min.js?ver=lead-generation-form/admin/assets/bootstrap-5.3.3/dist/js/bootstrap.min.js?ver=lead-generation-form/admin/assets/bootstrap-5.3.3/dist/js/bootstrap.bundle.min.js?ver=lead-generation-form/admin/assets/fontawesome-free-6.4.2-web/css/all.min.css?ver=lead-generation-form/admin/assets/datatables/datatables.min.css?ver=lead-generation-form/includes/assets/css/wlgf-shortcode-form.css?ver=lead-generation-form/includes/assets/js/wlgf-shortcode-form.js?ver=lead-generation-form/includes/assets/js/wlgf-shortcode-ajax-script.js?ver=lead-generation-form/admin/assets/bootstrap-5.3.3/dist/css/bootstrap.css?ver=lead-generation-form/admin/assets/css/manage-forms.css?ver=lead-generation-form/admin/assets/js/manage-forms.js?ver=lead-generation-form/admin/assets/css/form-generator.css?ver=lead-generation-form/admin/assets/js/form-generator.js?ver=lead-generation-form/admin/assets/css/leads.css?ver=lead-generation-form/admin/assets/js/leads.js?ver=lead-generation-form/admin/assets/js/import-export.js?ver=lead-generation-form/admin/assets/js/settings.js?ver=

HTML / DOM Fingerprints

CSS Classes

wlgf-shortcode-formwlgf-form-inputwlgf-form-labelwlgf-submit-buttonwlgf-form-fieldwlgf-modal-dialogwlgf-manage-forms-containerwlgf-form-builder+1 more

HTML Comments

+3 more

Data Attributes

data-wlgf-form-id

JS Globals

ajax_object

Shortcode Output

[lead_generation_form]

FAQ

Lead Generation Form Security & Risk Analysis

Is Lead Generation Form Safe to Use in 2026?

Generally Safe

Key Concerns

Lead Generation Form Security Vulnerabilities

Lead Generation Form Code Analysis

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

Lead Generation Form Attack Surface

AJAX Handlers 5

Shortcodes 2

Lead Generation Form Maintenance & Trust

Maintenance Signals

Community Trust

Lead Generation Form Alternatives

Ninja Forms – The Contact Form Builder That Grows With You

Lead Form Builder & Contact Form

WS Form LITE – Drag & Drop Contact Form Builder

FormFacade – Embed Google Forms in your website

Contact Forms by Cimatti

Lead Generation Form Developer Profile

How We Detect Lead Generation Form

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Lead Generation Form