Does Lenix Leads Collector have any unpatched vulnerabilities?

No. All known vulnerabilities in Lenix Leads Collector have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Lenix Leads Collector compatible with WordPress 6.8.5?

According to WordPress.org data, Lenix Leads Collector 2.0.0 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Lenix Leads Collector compatible with PHP 7.0+?

Lenix Leads Collector requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Lenix Leads Collector updated?

Lenix Leads Collector was last updated on Jun 12, 2025. Frequent updates are generally a positive security signal.

What is Lenix Leads Collector's security score?

Lenix Leads Collector has a WP-Safety security score of 98/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Lenix Leads Collector Security & Risk Analysis

wordpress.org/plugins/lenix-elementor-leads-addon

Leads Collector, Collects forms entries from Elementor,Cf7,WPForms and more with export to CSV.

10K active installs v2.0.0 PHP 7.0+ WP 5.0+ Updated Jun 12, 2025

contact-form-dbcrmform-collectorhello-plusleads

A · Safe

CVEs total1

Unpatched0

Last CVEFeb 19, 2025

Plugin page Download

Safety Verdict

Is Lenix Leads Collector Safe to Use in 2026?

Generally Safe

Score 98/100

Lenix Leads Collector has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Feb 19, 2025Updated 9mo ago

Risk Assessment

The lenix-elementor-leads-addon plugin version 2.0.0 exhibits a generally good security posture with several strengths, including a complete absence of unprotected AJAX handlers and REST API routes. The presence of numerous nonce and capability checks on its entry points is also a positive sign. However, there are areas for improvement. The taint analysis reveals two high-severity flows with unsanitized paths, indicating a potential risk of input manipulation that could lead to vulnerabilities if not handled carefully downstream. While the majority of SQL queries utilize prepared statements and output escaping is mostly implemented correctly, the remaining percentages (28% for SQL, 24% for output) suggest that a small number of potentially insecure operations might exist.

The plugin's vulnerability history shows one previously disclosed high-severity vulnerability related to Cross-Site Scripting (XSS). Although this vulnerability is currently patched and there are no unpatched CVEs, the pattern of past XSS issues warrants attention, especially in conjunction with the taint analysis findings. The existence of two high-severity taint flows with unsanitized paths, coupled with a history of XSS, suggests a heightened vigilance is needed around user-supplied input. Overall, while the plugin demonstrates a commitment to security best practices, the identified taint flows and historical vulnerability type highlight specific areas that require careful review and ongoing monitoring to mitigate potential risks.

Key Concerns

High severity taint flow with unsanitized paths
High severity taint flow with unsanitized paths
SQL queries not using prepared statements
Output not properly escaped
Historically vulnerable to XSS

Vulnerabilities

Lenix Leads Collector Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

High

1 total CVE

CVE-2025-1039high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Lenix Elementor Leads addon <= 1.8.2 - Unauthenticated Stored Cross-Site Scripting via URL Form Field

Feb 19, 2025 Patched in 1.8.3 (2d)

Code Analysis

Analyzed Mar 16, 2026

Lenix Leads Collector Code Analysis

Dangerous Functions

Raw SQL Queries

13 prepared

Unescaped Output

171 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

72% prepared18 total queries

Output Escaping

76% escaped224 total outputs

Data Flows

6 unsanitized

Data Flow Analysis

7 flows6 with unsanitized paths

add_custom_filters (inc\class-lenix-custom-fields.php:556)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Lenix Leads Collector Attack Surface

Entry Points6

Unprotected0

AJAX Handlers 6

authwp_ajax_save_custom_fieldinc\class-lenix-custom-fields.php:49

authwp_ajax_delete_custom_fieldinc\class-lenix-custom-fields.php:50

authwp_ajax_update_custom_fields_orderinc\class-lenix-custom-fields.php:51

authwp_ajax_lenix_submit_response_ajaxinc\class-lenix-lead-response.php:12

authwp_ajax_lenix_get_response_historyinc\class-lenix-lead-response.php:18

authwp_ajax_update_lead_statusinc\class-lenix-lead-status.php:17

WordPress Hooks 49

actionplugins_loadedelementor-leads.php:50

filterplugin_row_metaelementor-leads.php:53

actionwpcf7_mail_sentinc\cf7-integration.php:103

actioninitinc\class-lenix-custom-fields.php:19

actionlenix_after_lead_saveinc\class-lenix-custom-fields.php:22

actionadd_meta_boxesinc\class-lenix-custom-fields.php:23

actionadd_meta_boxesinc\class-lenix-custom-fields.php:24

actionelementor_leads_general_settingsinc\class-lenix-custom-fields.php:27

actionadmin_initinc\class-lenix-custom-fields.php:28

actionwp_footerinc\class-lenix-custom-fields.php:31

actionadmin_noticesinc\class-lenix-custom-fields.php:34

actionadmin_enqueue_scriptsinc\class-lenix-custom-fields.php:48

actionsave_post_elementor_leadinc\class-lenix-custom-fields.php:52

filtermanage_elementor_lead_posts_columnsinc\class-lenix-custom-fields.php:56

actionmanage_elementor_lead_posts_custom_columninc\class-lenix-custom-fields.php:57

actionrestrict_manage_postsinc\class-lenix-custom-fields.php:58

filterparse_queryinc\class-lenix-custom-fields.php:59

filterredirect_post_locationinc\class-lenix-custom-fields.php:378

filtermonths_dropdown_resultsinc\class-lenix-elementor-forms.php:562

actionadd_meta_boxesinc\class-lenix-elementor-forms.php:840

filtermanage_posts_columnsinc\class-lenix-elementor-forms.php:841

actionmanage_posts_custom_columninc\class-lenix-elementor-forms.php:842

filterviews_edit-elementor_leadinc\class-lenix-elementor-forms.php:843

actionadmin_headinc\class-lenix-elementor-forms.php:845

actioninitinc\class-lenix-elementor-forms.php:846

actionpre_get_postsinc\class-lenix-elementor-forms.php:847

actionadd_meta_boxesinc\class-lenix-lead-response.php:7

actionadmin_enqueue_scriptsinc\class-lenix-lead-response.php:8

actionadmin_post_lenix_submit_responseinc\class-lenix-lead-response.php:10

actionlead_status_add_form_fieldsinc\class-lenix-lead-status.php:7

actionlead_status_edit_form_fieldsinc\class-lenix-lead-status.php:8

actioncreated_lead_statusinc\class-lenix-lead-status.php:9

actionedited_lead_statusinc\class-lenix-lead-status.php:10

actionadmin_enqueue_scriptsinc\class-lenix-lead-status.php:11

actionmanage_elementor_lead_posts_columnsinc\class-lenix-lead-status.php:12

actionmanage_elementor_lead_posts_custom_columninc\class-lenix-lead-status.php:13

actionadmin_noticesinc\class-lenix-lead-status.php:15

actionadmin_enqueue_scriptsinc\class-lenix-lead-status.php:16

actionelementor_pro/forms/new_recordinc\elementor-api.php:51

actionhello_plus/forms/processinc\elementor-api.php:52

actionadmin_footerinc\functions.php:50

actionwp_footerinc\functions.php:51

actionadmin_headinc\meta-boxes.php:67

actionadmin_menuinc\meta-boxes.php:76

actionload-edit.phpinc\meta-boxes.php:205

actionsave_post_elementor_leadinc\meta-boxes.php:239

actioninitinc\postype-taxonomy.php:60

actioninitinc\postype-taxonomy.php:118

actionwpforms_process_completeinc\wpforms-integration.php:101

Maintenance & Trust

Lenix Leads Collector Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJun 12, 2025

PHP min version7.0

Downloads183K

Community Trust

Rating88/100

Number of ratings25

Active installs10K

Alternatives

Lenix Leads Collector Alternatives

LeadSnap

leadsnap

Save the leads to our lead management system CRM generated by Contact Form 7

1K 1 CVE

CRM and Lead Management by vcita

crm-customer-relationship-management-by-vcita

CRM for WordPress: a powerful, all-in-one client management tool that will help you keep your clients close and create long-lasting customer relations …

100 5 CVEs

Wise Agent Lead Forms

wiseagentleadform

100

Short Description: The Wise Agent WordPress plugin lets you easily add capture forms to any page on your WordPress site.

100 1 CVE

Sprout Clients – CRM and Lead Management

sprout-clients

Properly leveraging your contact lists isn’t sending out a single email to the entire list asking for work — instead you need to build business relati …

70 3 CVEs

HelloLeads CF7 Form

helloleads-cf7-form

This Plugin provide functionality for connecting the HelloLeads CRM. You can directly create your lead into HelloLeads CRM via submitting the CF7 form …

30 No CVEs

Developer Profile

Lenix Leads Collector Developer Profile

yonifre

6 plugins · 41K total installs

trust score

Avg Security Score

83/100

Avg Patch Time

85 days

View full developer profile

Detection Fingerprints

How We Detect Lenix Leads Collector

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/lenix-elementor-leads-addon/assets/css/admin-style.css/wp-content/plugins/lenix-elementor-leads-addon/assets/js/main.js

Script Paths

/wp-content/plugins/lenix-elementor-leads-addon/assets/js/main.js

Version Parameters

lenix-elementor-leads-addon/assets/css/admin-style.css?ver=lenix-elementor-leads-addon/assets/js/main.js?ver=

HTML / DOM Fingerprints

CSS Classes

lenix_leads_collectorlenix-custom-field

Data Attributes

data-lenix-leads-field-keydata-lenix-leads-field-type

JS Globals

window.LenixLeadsAjax

FAQ