Does Leadinfo have any unpatched vulnerabilities?

No. All known vulnerabilities in Leadinfo have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Leadinfo compatible with WordPress 6.8.5?

According to WordPress.org data, Leadinfo 2.1.4 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is Leadinfo updated?

Leadinfo was last updated on May 20, 2025. Frequent updates are generally a positive security signal.

What is Leadinfo's security score?

Leadinfo has a WP-Safety security score of 98/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Leadinfo Security & Risk Analysis

wordpress.org/plugins/leadinfo

This plugin can be used to add the Leadinfo tracking code to a Wordpress site

7K active installs v2.1.4 PHP + WP 3.0.1+ Updated May 20, 2025

b2bleadleadinfoleads

A · Safe

CVEs total2

Unpatched0

Last CVEMay 25, 2025

Plugin page Download

Safety Verdict

Is Leadinfo Safe to Use in 2026?

Generally Safe

Score 98/100

Leadinfo has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: May 25, 2025Updated 10mo ago

Risk Assessment

The "leadinfo" plugin v2.1.4 exhibits a mixed security posture. On the positive side, static analysis indicates a small attack surface with no unprotected entry points and a good use of prepared statements for SQL queries. The presence of nonce and capability checks also suggests an attempt to implement security measures. However, there are areas of concern, particularly the 50% rate of unescaped output, which could lead to Cross-Site Scripting (XSS) vulnerabilities. Additionally, the taint analysis revealed two flows with unsanitized paths, though they were not classified as critical or high severity, they still represent potential entry points for malicious data.

The plugin's vulnerability history is a significant red flag. With two known medium-severity CVEs, and a recent vulnerability recorded in May 2025, it indicates a recurring pattern of security weaknesses. The common types of vulnerabilities being Missing Authorization and CSRF further suggest issues with how user actions and data access are handled. While there are currently no unpatched CVEs, the history of past issues, especially those related to authorization, raises concerns about the overall robustness of the plugin's security controls. Therefore, while the plugin demonstrates some good security practices in its code, the historical vulnerability data and the presence of unsanitized paths warrant caution.

Key Concerns

Unescaped output rate is 50%
Taint analysis shows 2 unsanitized path flows
2 known medium severity CVEs in history

Vulnerabilities

Leadinfo Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2025-48271medium · 5.3Missing Authorization

Leadinfo <= 1.1 - Missing Authorization to Unauthenticated Settings Change

May 25, 2025 Patched in 2.1 (6d)

CVE-2024-32112medium · 5.3Cross-Site Request Forgery (CSRF)

Leadinfo <= 1.0 - Cross-Site Request Forgery

Apr 11, 2024 Patched in 1.1 (392d)

Code Analysis

Analyzed Mar 16, 2026

Leadinfo Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

2 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

50% escaped4 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

add_settings (leadinfo.class.php:54)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Leadinfo Attack Surface

Entry Points1

Unprotected0

REST API Routes 1

POST/wp-json//leadinfo/v1/tracker_codeincludes\api\rest.php:11

WordPress Hooks 3

actionrest_api_initincludes\api\rest.php:10

actionadmin_menuleadinfo.class.php:78

actionwp_footerleadinfo.class.php:79

Maintenance & Trust

Leadinfo Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedMay 20, 2025

PHP min version

Downloads43K

Community Trust

Rating80/100

Number of ratings3

Active installs7K

Alternatives

Leadinfo Alternatives

Webmetic

webmetic

100

Easily integrate Webmetic into your WordPress website by adding your Account ID.

20 No CVEs

Online Succes

online-succes

With this plugin you can easily add the Online Succes tracking code to your WordPress site.

90 No CVEs

Miraget B2B Leads generation

miraget-b2b-leads-generation

MiragetLeads is a powerful free open-source plugin for B2B websites which performs data capture on users visiting your website anonymously.

10 No CVEs

IP2GA

ip2ga

Track all user activities on the site, including page views, button clicks, and form submissions, and send them to Google Analytics 4.

0 No CVEs

Mcc Automated

mobile-cost-control-automated

Get accurate information from your prospect's bills and show them a better offer instantly. Show your prospects their line count, total bill, dat …

0 No CVEs

Developer Profile

Leadinfo Developer Profile

Leadinfo

1 plugin · 7K total installs

trust score

Avg Security Score

98/100

Avg Patch Time

199 days

View full developer profile

Detection Fingerprints

How We Detect Leadinfo

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/leadinfo/admin/js/settings.js/wp-content/plugins/leadinfo/admin/css/settings.css

Script Paths

https://cdn.leadinfo.net/ping.js

HTML / DOM Fingerprints

HTML Comments

Data Attributes

data-leadinfo-id

JS Globals

leadinfoGlobalLeadinfoNamespace

REST Endpoints

/wp-json/leadinfo/v1/tracker_code

FAQ