Does Leads5050 Visitor Insights have any unpatched vulnerabilities?

No. All known vulnerabilities in Leads5050 Visitor Insights have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Leads5050 Visitor Insights compatible with WordPress 6.9.4?

According to WordPress.org data, Leads5050 Visitor Insights 2.3.2 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Leads5050 Visitor Insights compatible with PHP 8.0+?

Leads5050 Visitor Insights requires PHP 8.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Leads5050 Visitor Insights updated?

Leads5050 Visitor Insights was last updated on Mar 4, 2026. Frequent updates are generally a positive security signal.

What is Leads5050 Visitor Insights's security score?

Leads5050 Visitor Insights has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Leads5050 Visitor Insights Security & Risk Analysis

wordpress.org/plugins/leads-5050-visitor-insights

Monitor Visits to your site and Identify Leads, Customers and Competitors

30 active installs v2.3.2 PHP 8.0+ WP 6.0+ Updated Mar 4, 2026

interactive-mapleads-generationreferrersvisit-monitorvisitor-dashboard

A · Safe

CVEs total2

Unpatched0

Last CVEMay 7, 2021

Plugin page Download

Safety Verdict

Is Leads5050 Visitor Insights Safe to Use in 2026?

Generally Safe

Score 99/100

Leads5050 Visitor Insights has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: May 7, 2021Updated 1mo ago

Risk Assessment

The "leads-5050-visitor-insights" v2.3.2 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries, performing output escaping on a high percentage of outputs, and incorporating nonce and capability checks for most entry points. The absence of dangerous functions, file operations, external HTTP requests, and taint flows with unsanitized paths is also a strong indicator of secure coding in these areas.

However, a significant concern is the presence of one unprotected AJAX handler, which represents a direct entry point for potential attackers without proper authorization validation. While there are no currently unpatched CVEs, the plugin has a history of two medium-severity vulnerabilities, both related to Missing Authorization and Improper Access Control. This historical pattern, combined with the identified unprotected AJAX handler, suggests a recurring weakness in access control mechanisms that requires careful attention.

In conclusion, the plugin has strengths in secure data handling and output sanitization. Nevertheless, the unprotected AJAX endpoint and the historical vulnerability pattern related to authorization pose notable risks. It would be prudent to thoroughly audit the unprotected AJAX handler to ensure no sensitive actions can be performed without proper authentication and authorization.

Key Concerns

Unprotected AJAX handler
History of medium severity vulnerabilities

Vulnerabilities

Leads5050 Visitor Insights Security Vulnerabilities

CVEs by Year

2 CVEs in 2021

2021

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

WF-15d9c743-5700-482a-a6bc-ecf541ea9e7d-leads-5050-visitor-insightsmedium · 4.3Missing Authorization

leads5050-visitor-insights <= 1.0.5 - Authorization Bypass

May 7, 2021 Patched in 1.1.0 (991d)

WF-5b05e973-c0ab-492f-8b51-e7c2f33475ad-leads-5050-visitor-insightsmedium · 5.3Improper Access Control

leads5050-visitor-insights < 1.0.4 - Unauthenticated Arbitrary License Change

May 7, 2021 Patched in 1.0.4 (991d)

Code Analysis

Analyzed Mar 16, 2026

Leads5050 Visitor Insights Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

44 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

86% escaped51 total outputs

Attack Surface

1 unprotected

Leads5050 Visitor Insights Attack Surface

Entry Points4

Unprotected1

AJAX Handlers 2

authwp_ajax_leads5050_set_licenseclass.leads5050-visitor-insights.php:88

authwp_ajax_leads5050_visit_reportclass.leads5050-visitor-insights.php:89

Shortcodes 2

[leads5050_template_basic] inc\leads5050-shortcodes.php:55

[leads5050_map_on_page] inc\leads5050-shortcodes.php:88

WordPress Hooks 7

actionadmin_enqueue_scriptsclass.leads5050-visitor-insights.php:65

actionadmin_initclass.leads5050-visitor-insights.php:66

actionadmin_menuclass.leads5050-visitor-insights.php:67

actionplugins_loadedclass.leads5050-visitor-insights.php:74

actionwp_enqueue_scriptsclass.leads5050-visitor-insights.php:79

actionwp_enqueue_scriptsclass.leads5050-visitor-insights.php:80

actionplugins_loadedclass.leads5050-visitor-insights.php:83

Maintenance & Trust

Leads5050 Visitor Insights Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 4, 2026

PHP min version8.0

Downloads5K

Community Trust

Rating100/100

Number of ratings1

Active installs30

Alternatives

Leads5050 Visitor Insights Alternatives

MapGeo – Interactive Geo Maps

interactive-geo-maps

Create interactive vector maps of the world, continents, any country in the world and specific regions, including individual US state county maps.

40K 3 CVEs

Open User Map

open-user-map

Engage your visitors with an interactive map – let them add markers instantly or create a custom map showcasing your favorite spots.

10K 3 CVEs

HTML5 Maps

html5-maps

Nice looking interactive responsive and mobile-friendly HTML5 Maps incl. US, World and more, with an option to customize view and behavior of the maps

5K 2 CVEs

Mapster WP Maps

mapster-wp-maps

Mapster WP Maps is the smoothest, easiest way to make maps for your site. No API keys required.

3K 4 CVEs

Interactive World Map

interactive-world-map

Free plugin for WordPress displays an interactive map of the World. The map features customized colors, links and popup balloons.

1K 3 CVEs

Developer Profile

Leads5050 Visitor Insights Developer Profile

Hub5050

6 plugins · 2K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

991 days

View full developer profile

Detection Fingerprints

How We Detect Leads5050 Visitor Insights

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/leads-5050-visitor-insights/css/leads5050.css/wp-content/plugins/leads-5050-visitor-insights/libs/ol.css/wp-content/plugins/leads-5050-visitor-insights/js/leads5050-admin.js/wp-content/plugins/leads-5050-visitor-insights/js/leads5050.js/wp-content/plugins/leads-5050-visitor-insights/libs/ol.js/wp-content/plugins/leads-5050-visitor-insights/js/leads5050-map.js

Script Paths

js/leads5050-admin.jsjs/leads5050.jslibs/ol.jsjs/leads5050-map.js

Version Parameters

leads5050-visitor-insights/css/leads5050.css?ver=leads5050-visitor-insights/libs/ol.css?ver=leads5050-visitor-insights/js/leads5050-admin.js?ver=leads5050-visitor-insights/js/leads5050.js?ver=leads5050-visitor-insights/libs/ol.js?ver=leads5050-visitor-insights/js/leads5050-map.js?ver=

HTML / DOM Fingerprints

Data Attributes

data-url="admin-ajax.php"

JS Globals

varzl

REST Endpoints

/wp-json/leads5050/

FAQ