Does LeadSnap have any unpatched vulnerabilities?

No. All known vulnerabilities in LeadSnap have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is LeadSnap compatible with WordPress 6.1.10?

According to WordPress.org data, LeadSnap 1.25 has been tested up to WordPress 6.1.10. Check the plugin's changelog for the latest compatibility information.

Is LeadSnap compatible with PHP 5.2.4+?

LeadSnap requires PHP 5.2.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is LeadSnap updated?

LeadSnap was last updated on Mar 9, 2023. Frequent updates are generally a positive security signal.

What is LeadSnap's security score?

LeadSnap has a WP-Safety security score of 83/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

LeadSnap Security & Risk Analysis

wordpress.org/plugins/leadsnap

Save the leads to our lead management system CRM generated by Contact Form 7

1K active installs v1.25 PHP 5.2.4+ WP 5.0+ Updated Mar 9, 2023

cf7contact-formcrmleadsmanagement

B · Generally Safe

CVEs total1

Unpatched0

Last CVEMar 10, 2023

Plugin page Download

Safety Verdict

Is LeadSnap Safe to Use in 2026?

Mostly Safe

Score 83/100

LeadSnap is generally safe to use though it hasn't been updated recently. 1 past CVE were resolved. Keep it updated.

1 known CVELast CVE: Mar 10, 2023Updated 3yr ago

Risk Assessment

The leadsnap v1.25 plugin presents a significant security risk primarily due to its unprotected attack surface and historical vulnerability. The plugin exposes 12 AJAX handlers with no authentication or permission checks, meaning any user, including unauthenticated ones, can trigger these actions. This is a critical oversight. Furthermore, the presence of the `unserialize` function without apparent sanitization is a major concern, especially when combined with the fact that the plugin has a history of a critical deserialization vulnerability. While the plugin does utilize prepared statements for most of its SQL queries and has a decent output escaping rate, these strengths are overshadowed by the severe lack of input validation and authorization.

Key Concerns

12 unprotected AJAX handlers
Presence of unserialize function
One critical unpatched CVE historically
One flow with unsanitized paths
No capability checks on AJAX

Vulnerabilities

LeadSnap Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

Patched Has unpatched

Severity Breakdown

Critical

1 total CVE

WF-aefbebce-9433-455d-b27c-93088b0c8494-leadsnapcritical · 9.8Deserialization of Untrusted Data

LeadSnap <= 1.23 - Unauthenticated PHP Object Injection via AJAX

Mar 10, 2023 Patched in 1.24 (319d)

Code Analysis

Analyzed Mar 16, 2026

LeadSnap Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

7 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$ser_address = unserialize( $val->meta_value );includes\class-wsl-formidable-api.php:120

unserialize$ser_address = unserialize( $val->meta_value );includes\class-wsl-formidable-api.php:286

SQL Query Safety

67% prepared6 total queries

Output Escaping

70% escaped10 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths

<class-wsl-cf7-api> (includes\class-wsl-cf7-api.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

12 unprotected

LeadSnap Attack Surface

Entry Points12

Unprotected12

AJAX Handlers 12

noprivwp_ajax_wncrm_typeformleadsnap.php:193

authwp_ajax_wncrm_typeformleadsnap.php:194

authwp_ajax_fl_builder_emailleadsnap.php:207

noprivwp_ajax_fl_builder_emailleadsnap.php:208

authwp_ajax_brizy_submit_formleadsnap.php:220

noprivwp_ajax_brizy_submit_formleadsnap.php:221

authwp_ajax_rednao_smart_forms_save_form_valuesleadsnap.php:235

noprivwp_ajax_rednao_smart_forms_save_form_valuesleadsnap.php:236

authwp_ajax_tve_api_form_submitleadsnap.php:264

noprivwp_ajax_tve_api_form_submitleadsnap.php:265

authwp_ajax_uagb_process_formsleadsnap.php:286

noprivwp_ajax_uagb_process_formsleadsnap.php:287

WordPress Hooks 14

actionadmin_initadmin\class-wsl-admin.php:10

actionadmin_menuadmin\class-wsl-admin.php:11

actionwp_enqueue_scriptsincludes\helpers.php:77

actionwpcf7_submitleadsnap.php:81

filterwpcf7_editor_panelsleadsnap.php:86

actionwpcf7_after_saveleadsnap.php:100

actionninja_forms_after_submissionleadsnap.php:127

filterwpforms_process_entry_saveleadsnap.php:138

actiongform_after_submissionleadsnap.php:150

actionelementor_pro/forms/new_recordleadsnap.php:152

actionet_pb_contact_form_submitleadsnap.php:166

actionfluentform_submission_insertedleadsnap.php:181

actioncaldera_forms_submit_completeleadsnap.php:249

actionfrm_after_create_entryleadsnap.php:278

Maintenance & Trust

LeadSnap Maintenance & Trust

Maintenance Signals

WordPress version tested6.1.10

Last updatedMar 9, 2023

PHP min version5.2.4

Downloads6K

Community Trust

Rating100/100

Number of ratings4

Active installs1K

Alternatives

LeadSnap Alternatives

Juridic-OS Connector

juridic-os-connector

El plugin oficial de Juridic-OS para integración de formularios de contacto con sistemas de gestión legal.

0 No CVEs

QuarkLeads

quarkleads

100

Connect your WordPress contact forms directly to QuarkLeads CRM — and turn every website inquiry into an actionable lead instantly.

0 No CVEs

Lenix Leads Collector

lenix-elementor-leads-addon

Leads Collector, Collects forms entries from Elementor,Cf7,WPForms and more with export to CSV.

10K 1 CVE

CubeWP Forms

cubewp-forms

CubeWP Forms is a 100% free drag-and-drop builder for creating contact forms, lead gen forms, appointment request forms, and newsletter signup forms.

4K 1 unpatched

Contact Form 7 CiviCRM integration

contact-form-7-civicrm-integration

100

Contact Form 7 CiviCRM integration.

200 No CVEs

Developer Profile

LeadSnap Developer Profile

leadsnap

1 plugin · 1K total installs

trust score

Avg Security Score

83/100

Avg Patch Time

319 days

View full developer profile

Detection Fingerprints

How We Detect LeadSnap

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/leadsnap/assets/css/style.css/wp-content/plugins/leadsnap/assets/js/scripts.js

Script Paths

/wp-content/plugins/leadsnap/assets/js/scripts.js

HTML / DOM Fingerprints

HTML Comments

Data Attributes

data-noncedata-actiondata-plugindata-slug

JS Globals

leadsnap_ajax_object

REST Endpoints

/wp-json/leadsnap/v1/submit/wp-json/leadsnap/v1/form-data/wp-json/leadsnap/v1/settings

FAQ