Does Leadfox for WordPress have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Leadfox for WordPress compatible with WordPress 6.8.5?

According to WordPress.org data, Leadfox for WordPress 2.2.4 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is Leadfox for WordPress updated?

Leadfox for WordPress was last updated on Jan 20, 2026. Frequent updates are generally a positive security signal.

What is Leadfox for WordPress's security score?

Leadfox for WordPress has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Leadfox for WordPress Security & Risk Analysis

wordpress.org/plugins/leadfox

Integrate Leadfox tracking code to enable contact synchronisation with a contact lists, forms and enable pop-ups on your WordPress site.

200 active installs v2.2.4 PHP + WP 3.7+ Updated Jan 20, 2026

email-marketinglanding-pagelead-generationmarketing-automationpopup

A · Safe

CVEs total1

Unpatched0

Last CVEMar 31, 2025

Download

Safety Verdict

Is Leadfox for WordPress Safe to Use in 2026?

Generally Safe

Score 99/100

Leadfox for WordPress has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Mar 31, 2025Updated 3mo ago

Risk Assessment

The plugin "leadfox" v2.2.4 exhibits a generally good security posture based on the provided static analysis. The absence of dangerous functions, raw SQL queries, and file operations is a significant strength. The plugin also demonstrates good practices with high output escaping rates and the presence of nonce and capability checks. The external HTTP request, while present, is a single instance and may be for legitimate integration purposes, but warrants further investigation in a full audit.

However, the vulnerability history introduces a notable concern. The presence of a past CVE, even if currently patched, indicates that the plugin has had exploitable weaknesses. The common vulnerability type being CSRF suggests potential issues with state-changing actions not being adequately protected, although the static analysis doesn't immediately highlight this in the current version.

In conclusion, while the current static analysis of v2.2.4 shows a solid security foundation with minimal attack surface and good coding practices, the historical vulnerability is a reminder that past issues can resurface or indicate systemic weaknesses. Continued vigilance and monitoring for future vulnerabilities are recommended.

Key Concerns

Past unpatched CVE
External HTTP request without context

Vulnerabilities

1 published

Leadfox for WordPress Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-31585medium · 6.1Cross-Site Request Forgery (CSRF)

Leadfox for WordPress <= 2.1.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Mar 31, 2025 Patched in 2.2.0 (232d)

Version History

Leadfox for WordPress Release Timeline

No version history available.

Code Analysis

Analyzed Mar 16, 2026

Leadfox for WordPress Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

13 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

93% escaped14 total outputs

Attack Surface

Leadfox for WordPress Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 6

actionplugins_loadedleadfox.php:12

actionwp_enqueue_scriptsleadfox.php:18

actionadmin_initleadfox.php:66

actionadmin_menuleadfox.php:220

actionuser_registerleadfox.php:337

actionwp_footerleadfox.php:382

Maintenance & Trust

Leadfox for WordPress Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJan 20, 2026

PHP min version

Downloads9K

Community Trust

Rating0/100

Number of ratings0

Active installs200

Alternatives

Leadfox for WordPress Alternatives

WPMktgEngine

wpmktgengine

100

WPMktgEngine turns your WordPress site into a marketing engine for your business. A comprehensive online marketing platform.

30 No CVEs

RescueFill — Abandoned Lead Recovery & Automation

rescuefill

100

Instantly recover abandoned lead. Build automated email funnels to win back lost customers.

0 No CVEs

Hostinger Reach – AI-Powered Email Marketing for WordPress

hostinger-reach

Launch and grow your email marketing effortlessly with Hostinger Reach. Collect contacts, sync subscribers, and send emails – all in one, AI powered.

1.0M 1 CVE

ActiveCampaign – The autonomous marketing platform

activecampaign-subscription-forms

Add ActiveCampaign contact forms and live chat to any post, page, or sidebar. Also enable ActiveCampaign site tracking for your WordPress blog.

40K 4 CVEs

Kit (formerly ConvertKit) – Email Newsletter, Email Marketing, Membership, Subscribers and Landing Pages

convertkit

Build your email subscriber lists, send email marketing newsletters, sell more products and build your membership site with Kit (formerly ConvertKit).

40K 4 CVEs

Developer Profile

Leadfox for WordPress Developer Profile

leadfox

1 plugin · 200 total installs

trust score

Avg Security Score

99/100

Avg Patch Time

232 days

View full developer profile

Detection Fingerprints

How We Detect Leadfox for WordPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/leadfox/css/leadfox.css

HTML / DOM Fingerprints

CSS Classes

leadfox-plugin

Data Attributes

name="leadfox-options"id="lf-key"id="lf-secret"id="lf-list"name="leadfox_settings_nonce"action="leadfox_settings_action"

REST Endpoints

https://rest.leadfox.co/v1/authhttps://rest.leadfox.co/v1/list?sort=name

FAQ