Leadee – Leads Analytics and Message Storage Security & Risk Analysis
wordpress.org/plugins/leadeeStore and analyze leads and messages from Contact Form 7, WPForms, Ninja Forms in a convenient Leadee dashboard.
Is Leadee – Leads Analytics and Message Storage Safe to Use in 2026?
Generally Safe
Score 92/100Leadee – Leads Analytics and Message Storage has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The 'leadee' plugin v1.0.4 exhibits a mixed security posture. On the positive side, the plugin demonstrates strong data handling practices with all SQL queries using prepared statements and all output properly escaped. Furthermore, there is no recorded vulnerability history, suggesting a generally stable and secure codebase over time.
However, a significant concern arises from the presence of one unprotected AJAX handler. This creates a direct entry point for potential attackers, as it lacks authentication or capability checks. While the static analysis did not reveal any critical taint flows or dangerous functions, and file operations and external HTTP requests are present, they are not flagged as inherently risky in this analysis. The absence of nonce checks on the AJAX handler is a critical oversight that could lead to various attacks if the handler performs sensitive operations.
In conclusion, while the plugin benefits from secure data handling and a clean vulnerability history, the unprotected AJAX endpoint represents a critical weakness. The lack of any nonce checks on this entry point significantly elevates the risk profile, outweighing the strengths in other areas. A thorough review of the AJAX handler's functionality and the implementation of proper authentication and authorization mechanisms are strongly recommended.
Key Concerns
- Unprotected AJAX handler
- Missing nonce check on AJAX handler
Leadee – Leads Analytics and Message Storage Security Vulnerabilities
Leadee – Leads Analytics and Message Storage Release Timeline
Leadee – Leads Analytics and Message Storage Code Analysis
Bundled Libraries
SQL Query Safety
Output Escaping
Leadee – Leads Analytics and Message Storage Attack Surface
AJAX Handlers 1
WordPress Hooks 7
Maintenance & Trust
Leadee – Leads Analytics and Message Storage Maintenance & Trust
Maintenance Signals
Community Trust
Leadee – Leads Analytics and Message Storage Alternatives
MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy)
google-analytics-for-wordpress
The best free Google Analytics plugin for WordPress. See how visitors find and use your website so you can grow your business with powerful analytics.
Independent Analytics
independent-analytics
A simple WordPress analytics plugin that is privacy-friendly, fast, and an alternative to Google Analytics.
Beehive Analytics – Google Analytics Dashboard
beehive-analytics
View visitor stats and track user behavior from within WordPress. A Google Analytics plugin with dashboard reports and Google Tag Manager support.
Analytify – Google Analytics Dashboard For WordPress (GA4 analytics tracking)
wp-analytify
Analytify is the must-have Plugin for Google Analytics 4 Integration, Tracking, & Reporting in WordPress. Enhanced eCommerce, Events, & Call Analytics
Analytics Insights – Google Analytics Dashboard for WordPress
analytics-insights
A full-featured and entirely free Google Analytics Dashboard plugin for WordPress. Displays stats to help you to better understand your site content.
Leadee – Leads Analytics and Message Storage Developer Profile
1 plugin · 10 total installs
How We Detect Leadee – Leads Analytics and Message Storage
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/leadee/core/assets/js/admin/leadee-admin.js/wp-content/plugins/leadee/core/assets/css/admin/leadee-admin.css/wp-content/plugins/leadee/core/assets/js/admin/leadee-admin.jsleadee-admin-scriptleadee-admin-styleHTML / DOM Fingerprints
outData/wp-json/leadee/v1