leadlovers forms Security & Risk Analysis

wordpress.org/plugins/leadlovers-forms

Este plugin WordPress insere uma nova opção de integração para os formulários com o leadlovers de forma nativa. Com ele é possível adicionar uma ação …

100 active installs v1.0.2 PHP 7.4+ WP 5.9+ Updated May 26, 2022
emailleadloversleadlovers-integrationleadlovers-widgetwidget
63
C · Use Caution
CVEs total1
Unpatched1
Last CVEFeb 16, 2026
Download
Safety Verdict

Is leadlovers forms Safe to Use in 2026?

Use With Caution

Score 63/100

leadlovers forms has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Feb 16, 2026Updated 4yr ago
Risk Assessment

The "leadlovers-forms" plugin v1.0.2 exhibits a strong security posture based on the provided static analysis. The absence of dangerous functions, proper usage of prepared statements for SQL queries, and 100% of outputs being properly escaped are excellent indicators of secure coding practices. Furthermore, the plugin demonstrates good awareness of security by implementing nonce checks on 5 AJAX handlers and capability checks on 2, contributing to a reduced attack surface. The vulnerability history being completely clean, with zero known CVEs, reinforces this positive assessment and suggests a well-maintained and secure codebase.

Vulnerabilities
1 published

leadlovers forms Security Vulnerabilities

CVEs by Year

1 CVE in 2026 · unpatched
2026
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2026-39657medium · 5.3Missing Authorization

leadlovers forms <= 1.0.2 - Missing Authorization

Feb 16, 2026Unpatched
Version History

leadlovers forms Release Timeline

v1.0.2Current1 CVE
v1.0.11 CVE
v1.0.01 CVE
Code Analysis
Analyzed Mar 16, 2026

leadlovers forms Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
3 prepared
Unescaped Output
0
58 escaped
Nonce Checks
5
Capability Checks
2
File Operations
0
External Requests
1
Bundled Libraries
0

SQL Query Safety

100% prepared3 total queries

Output Escaping

100% escaped58 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

3 flows
<CaptureLogController> (inc\Base\Controllers\CaptureLogController.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

leadlovers forms Attack Surface

Entry Points10
Unprotected0

AJAX Handlers 10

authwp_ajax_leadlovers-save-leadinc\Base\Controllers\CaptureLeadController.php:13
noprivwp_ajax_leadlovers-save-leadinc\Base\Controllers\CaptureLeadController.php:14
authwp_ajax_leadlovers-save-capture-loginc\Base\Controllers\CaptureLogController.php:14
noprivwp_ajax_leadlovers-save-capture-loginc\Base\Controllers\CaptureLogController.php:15
authwp_ajax_leadlovers-save-error-loginc\Base\Controllers\ErrorLogController.php:14
noprivwp_ajax_leadlovers-save-error-loginc\Base\Controllers\ErrorLogController.php:15
authwp_ajax_leadlovers-save-integrationinc\Base\Controllers\IntegrationController.php:14
noprivwp_ajax_leadlovers-save-integrationinc\Base\Controllers\IntegrationController.php:15
authwp_ajax_leadlovers-get-integrationsinc\Base\Controllers\IntegrationController.php:16
noprivwp_ajax_leadlovers-get-integrationsinc\Base\Controllers\IntegrationController.php:17
WordPress Hooks 20
actionadmin_menuinc\Api\SettingsApi.php:22
actionadmin_initinc\Api\SettingsApi.php:26
actioninitinc\Base\Controllers\CaptureLogController.php:13
actionmanage_ll-capture-logs_posts_columnsinc\Base\Controllers\CaptureLogController.php:16
actionmanage_ll-capture-logs_posts_custom_columninc\Base\Controllers\CaptureLogController.php:17
filtermanage_ll-capture-logs_posts_sortable_columnsinc\Base\Controllers\CaptureLogController.php:18
filterpost_row_actionsinc\Base\Controllers\CaptureLogController.php:19
actioninitinc\Base\Controllers\ErrorLogController.php:13
actionmanage_ll-error-logs_posts_columnsinc\Base\Controllers\ErrorLogController.php:16
actionmanage_ll-error-logs_posts_custom_columninc\Base\Controllers\ErrorLogController.php:17
filtermanage_ll-error-logs_posts_sortable_columnsinc\Base\Controllers\ErrorLogController.php:18
filterpost_row_actionsinc\Base\Controllers\ErrorLogController.php:19
actioninitinc\Base\Controllers\IntegrationController.php:13
actionmanage_ll-integrations_posts_columnsinc\Base\Controllers\IntegrationController.php:18
actionmanage_ll-integrations_posts_custom_columninc\Base\Controllers\IntegrationController.php:19
filtermanage_ll-integrations_posts_sortable_columnsinc\Base\Controllers\IntegrationController.php:20
filterpost_row_actionsinc\Base\Controllers\IntegrationController.php:21
actionwp_enqueue_scriptsinc\Base\Enqueue.php:25
actionwp_enqueue_scriptsinc\Base\Enqueue.php:26
filterscript_loader_taginc\Base\Enqueue.php:27
Maintenance & Trust

leadlovers forms Maintenance & Trust

Maintenance Signals

WordPress version tested6.0.11
Last updatedMay 26, 2022
PHP min version7.4
Downloads5K

Community Trust

Rating0/100
Number of ratings0
Active installs100
Developer Profile

leadlovers forms Developer Profile

leadlovers

2 plugins · 3K total installs

76
trust score
Avg Security Score
74/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect leadlovers forms

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/leadlovers-forms/assets/js/capture-lead.js/wp-content/plugins/leadlovers-forms/assets/js/functions.js/wp-content/plugins/leadlovers-forms/assets/js/load.js
Script Paths
https://public-libs.leadlovers.com/wpplugin-react/index.js
Version Parameters
leadlovers-forms/assets/js/capture-lead.js?ver=leadlovers-forms/assets/js/functions.js?ver=leadlovers-forms/assets/js/load.js?ver=

HTML / DOM Fingerprints

Data Attributes
data-leadlovers-id
JS Globals
leadlovers_api_key
REST Endpoints
/wp-json/leadlovers-save-capture-log/wp-json/leadlovers-get-integrations/wp-json/leadlovers-save-capture-log/wp-json/leadlovers-save-error-log/wp-json/leadlovers-save-lead
FAQ

Frequently Asked Questions about leadlovers forms