Does Leadpages have any unpatched vulnerabilities?

No. All known vulnerabilities in Leadpages have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Leadpages compatible with WordPress 6.9.4?

According to WordPress.org data, Leadpages 1.1.4 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Leadpages compatible with PHP 8.0+?

Leadpages requires PHP 8.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Leadpages updated?

Leadpages was last updated on Mar 10, 2026. Frequent updates are generally a positive security signal.

What is Leadpages's security score?

Leadpages has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Leadpages Security & Risk Analysis

wordpress.org/plugins/leadpages

Easily publish your Leadpages landing pages to your WordPress site. Promote your lead magnets, events, promotions, and more.

10K active installs v1.1.4 PHP 8.0+ WP 6.0+ Updated Mar 10, 2026

form-builderlanding-pagelead-generationleadpagessales-page

A · Safe

CVEs total1

Unpatched0

Last CVEJan 27, 2026

Plugin page Download

Safety Verdict

Is Leadpages Safe to Use in 2026?

Generally Safe

Score 99/100

Leadpages has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jan 27, 2026Updated 24d ago

Risk Assessment

The Leadpages plugin v1.1.4 exhibits a generally good security posture with strong adherence to secure coding practices. The static analysis reveals a lack of identified dangerous functions, a high percentage of properly escaped output, and the exclusive use of prepared statements for all SQL queries. Furthermore, the absence of identified unsanitized paths in taint analysis suggests a low risk of common injection vulnerabilities originating from direct code manipulation. The plugin also demonstrates a commendable effort in implementing capability checks, which is crucial for restricting access to sensitive functionalities. However, a significant concern arises from the plugin's vulnerability history. The presence of one unpatched medium-severity CVE, last updated in 2026, indicates a critical oversight in maintenance and patching, potentially exposing users to known security risks. The common vulnerability type being 'Missing Authorization' in past issues also warrants attention, as it suggests a recurring pattern that, despite current code analysis showing no direct issues, could resurface if not carefully managed.

Key Concerns

Unpatched medium severity CVE
100% SQL using prepared statements
95% output properly escaped
No taint flows with unsanitized paths
No dangerous functions
No file operations
No critical or high severity taint flows
No observed missing nonce checks on AJAX
No observed missing capability checks
No shortcodes, cron events, or REST API routes observed

Vulnerabilities

Leadpages Security Vulnerabilities

CVEs by Year

1 CVE in 2026

2026

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-68050medium · 5.3Missing Authorization

Leadpages <= 1.1.3 - Missing Authorization

Jan 27, 2026 Patched in 1.1.4 (50d)

Code Analysis

Analyzed Mar 16, 2026

Leadpages Code Analysis

Dangerous Functions

Raw SQL Queries

30 prepared

Unescaped Output

42 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared30 total queries

Output Escaping

95% escaped44 total outputs

Attack Surface

Leadpages Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 26

actionadmin_noticesincludes\Activator.php:64

actioninitincludes\Core.php:67

actioninitincludes\Core.php:68

actionrest_api_initincludes\Core.php:69

actionplugins_loadedincludes\Core.php:71

filterwp_insert_post_dataincludes\Core.php:74

actionadmin_menuincludes\Core.php:83

actionadmin_menuincludes\Core.php:84

actionadmin_enqueue_scriptsincludes\Core.php:85

actionadmin_menuincludes\Core.php:88

actionadmin_noticesincludes\Core.php:98

actionadmin_noticesincludes\other\fallback-php-version.php:25

actionadmin_noticesincludes\other\fallback-wp-version.php:29

actionadmin_noticestrunk\includes\Activator.php:64

actioninittrunk\includes\Core.php:67

actioninittrunk\includes\Core.php:68

actionrest_api_inittrunk\includes\Core.php:69

actionplugins_loadedtrunk\includes\Core.php:71

filterwp_insert_post_datatrunk\includes\Core.php:74

actionadmin_menutrunk\includes\Core.php:83

actionadmin_menutrunk\includes\Core.php:84

actionadmin_enqueue_scriptstrunk\includes\Core.php:85

actionadmin_menutrunk\includes\Core.php:88

actionadmin_noticestrunk\includes\Core.php:98

actionadmin_noticestrunk\includes\other\fallback-php-version.php:25

actionadmin_noticestrunk\includes\other\fallback-wp-version.php:29

Maintenance & Trust

Leadpages Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 10, 2026

PHP min version8.0

Downloads10K

Community Trust

Rating100/100

Number of ratings3

Active installs10K

Alternatives

Leadpages Alternatives

WS Form LITE – Drag & Drop Contact Form Builder

ws-form

Contact form builder for WordPress. Create professional, accessible, mobile-friendly forms in minutes without coding.

10K 5 CVEs

Instapage Plugin

instapage

Instapage plugin - the best way for WordPress to seamlessly publish landing pages as a natural extension of your WordPress blog or website.

5K 1 CVE

Formstack Online Forms

formstack

This plugin allows you to easily embed Web forms built with Formstack's online form builder into your sidebar, pages, and posts.

1K 1 unpatched

ONTRApages

ontrapages

ONTRApages for WordPress allows Ontraport Premium users to connect to their accounts and easily publish their landing pages on their own WordPress sit …

1K No CVEs

Contact Forms by Cimatti

contact-forms

Create and publish forms in your WordPress website with drag and drop. Contact forms, landing page forms, invitations, and more.

700 11 CVEs

Developer Profile

Leadpages Developer Profile

Leadpages

1 plugin · 10K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

50 days

View full developer profile

Detection Fingerprints

How We Detect Leadpages

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/leadpages/build/landingpages.css/wp-content/plugins/leadpages/build/landingpages.js/wp-content/plugins/leadpages/build/lp_settings.css/wp-content/plugins/leadpages/build/lp_settings.js/wp-content/plugins/leadpages/public/leadpages-icons.css

Script Paths

/wp-content/plugins/leadpages/build/landingpages.js/wp-content/plugins/leadpages/build/lp_settings.js

Version Parameters

leadpages/build/landingpages.js?ver=leadpages/build/lp_settings.js?ver=leadpages/public/leadpages-icons.css?ver=

HTML / DOM Fingerprints

CSS Classes

leadpages-page-root

FAQ