Does Leaf CRM have any unpatched vulnerabilities?

No. All known vulnerabilities in Leaf CRM have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Leaf CRM compatible with WordPress 6.9.4?

According to WordPress.org data, Leaf CRM 1.2.3 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Leaf CRM compatible with PHP 5.6+?

Leaf CRM requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Leaf CRM updated?

Leaf CRM was last updated on Dec 8, 2025. Frequent updates are generally a positive security signal.

What is Leaf CRM's security score?

Leaf CRM has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Leaf CRM Security & Risk Analysis

wordpress.org/plugins/leaf-crm

Capture leads from WordPress forms into Leaf CRM. Supports integration with Contact Form 7, Ninja Forms, WPForms, Forminator, and Elementor Form.

0 active installs v1.2.3 PHP 5.6+ WP 5.0+ Updated Dec 8, 2025

contactform7elementorformsforminatorninjaformswpforms

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Leaf CRM Safe to Use in 2026?

Generally Safe

Score 100/100

Leaf CRM has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago

Risk Assessment

The static analysis of leaf-crm v1.2.4 reveals a strong security posture with a remarkably small attack surface and excellent code hygiene. The absence of AJAX handlers, REST API routes, shortcodes, and cron events significantly limits potential entry points for attackers. Furthermore, the code exhibits strong security practices, with all SQL queries utilizing prepared statements and a very high percentage of output being properly escaped, indicating good protection against injection and XSS vulnerabilities. The lack of dangerous functions, file operations, and external HTTP requests also contributes positively to its security profile. The vulnerability history is also clean, with no known CVEs, suggesting a history of secure development and maintenance.

Key Concerns

No Nonce checks found
No Capability checks found
Three external HTTP requests

Vulnerabilities

None known

Leaf CRM Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Leaf CRM Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

62 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

98% escaped63 total outputs

Attack Surface

Leaf CRM Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 10

actionplugins_loadedincludes\class-leaf-crm.php:155

actionadmin_enqueue_scriptsincludes\class-leaf-crm.php:170

actionadmin_enqueue_scriptsincludes\class-leaf-crm.php:171

actionadmin_menuincludes\class-leaf-crm.php:172

actionwpcf7_before_send_mailincludes\class-leaf-crm.php:185

actionwpforms_process_completeincludes\class-leaf-crm.php:192

actionforminator_form_after_save_entryincludes\class-leaf-crm.php:201

actionninja_forms_after_submissionincludes\class-leaf-crm.php:208

actionelementor_pro/forms/new_recordincludes\class-leaf-crm.php:215

actionfluentform_submission_insertedincludes\class-leaf-crm.php:222

Maintenance & Trust

Leaf CRM Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 8, 2025

PHP min version5.6

Downloads984

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Leaf CRM Alternatives

Image CAPTCHA for Contact Form 7 and WPForms by HookAndHook (DSGVO/GDPR)

contact-form-7-image-captcha

100

Adds an Image CAPTCHA to Contact Form 7 and WPForms, GDPR ready, perfect WPForms or Contact Form 7 Spam Protection Image CAPTCHA, adds a honeypot

80K No CVEs

Database for Contact Form 7, WPforms, Elementor forms

contact-form-entries

Saves Contact Form 7, WPforms,Elementor Forms, CRM Perks Forms and many other contact form submissions to database.

70K 13 CVEs

Utimate Kit ( Styler ) for WPForms

styler-for-wpforms

100

Ultimate Kit for WPForms makes the task of designing WPForms an easy one.

30K No CVEs

Database Addon For WPForms ( wpforms entries ) – WPFormsDB

database-for-wpforms

100

Save and manage WPForms entries (WPForms database). It is a lightweight WPForms database plugin.

20K No CVEs

ACF Field For CF7

acf-field-for-contact-form-7

100

Adds a 'Contact Form 7' field type for the Advanced Custom Fields WordPress plugin.

10K No CVEs

Developer Profile

Leaf CRM Developer Profile

Leaf CRM Team

1 plugin · 0 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Leaf CRM

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/leaf-crm/admin/css/leaf-crm-admin.css/wp-content/plugins/leaf-crm/admin/css/toastr.min.css/wp-content/plugins/leaf-crm/admin/css/bootstrap.min.css/wp-content/plugins/leaf-crm/admin/js/leaf-crm-admin.js/wp-content/plugins/leaf-crm/admin/js/toastr.min.js/wp-content/plugins/leaf-crm/admin/js/bootstrap.bundle.min.js

Script Paths

wp-content/plugins/leaf-crm/admin/js/leaf-crm-admin.jswp-content/plugins/leaf-crm/admin/js/toastr.min.jswp-content/plugins/leaf-crm/admin/js/bootstrap.bundle.min.js

Version Parameters

leaf-crm-admin.css?ver=toastr.min.css?ver=bootstrap.min.css?ver=leaf-crm-admin.js?ver=toastr.min.js?ver=bootstrap.bundle.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

leaf-crm-admin

FAQ