Does lm CF7 lead manager Addon have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is lm CF7 lead manager Addon compatible with WordPress 4.2.39?

According to WordPress.org data, lm CF7 lead manager Addon 0.1.4 has been tested up to WordPress 4.2.39. Check the plugin's changelog for the latest compatibility information.

How often is lm CF7 lead manager Addon updated?

lm CF7 lead manager Addon was last updated on Oct 5, 2016. Frequent updates are generally a positive security signal.

What is lm CF7 lead manager Addon's security score?

lm CF7 lead manager Addon has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

lm CF7 lead manager Addon Security & Risk Analysis

wordpress.org/plugins/lm-cf7-lead-manager-addon

The plugin extends the popular plugin Contact Form 7, adding the ability to connect your form to LeadManager system.

10 active installs v0.1.4 PHP + WP + Updated Oct 5, 2016

leads

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is lm CF7 lead manager Addon Safe to Use in 2026?

Generally Safe

Score 85/100

lm CF7 lead manager Addon has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago

Risk Assessment

The "lm-cf7-lead-manager-addon" plugin v0.1.4 demonstrates a generally strong security posture based on the provided static analysis. It exhibits good practices by not utilizing dangerous functions, performing all SQL queries using prepared statements, and escaping a high percentage of its output. The absence of file operations and external HTTP requests further reduces potential attack vectors. The presence of nonce checks is also a positive indicator of security awareness.

However, a significant concern arises from the complete lack of capability checks. This means that any function accessible by the plugin, even if there were entry points, would not be restricted by user roles or permissions, making it vulnerable to privilege escalation or unauthorized actions if entry points were discovered. The zero-defect vulnerability history, while positive, could also indicate a lack of rigorous testing or a small user base, which doesn't guarantee future security.

In conclusion, while the plugin's code quality appears high with no immediate critical vulnerabilities identified in static analysis or historical data, the absence of capability checks is a notable weakness that, if combined with any undiscovered entry points, could lead to severe security issues. The plugin is relatively safe in its current state with no apparent exploitable flaws, but this critical oversight warrants attention for future development.

Key Concerns

No capability checks implemented

Vulnerabilities

None known

lm CF7 lead manager Addon Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

lm CF7 lead manager Addon Release Timeline

v0.1.4Current

Code Analysis

Analyzed Mar 16, 2026

lm CF7 lead manager Addon Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

52 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

93% escaped56 total outputs

Attack Surface

lm CF7 lead manager Addon Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 8

actionwpcf7_initdi_wpcf7_lm_module\init.php:13

actionadmin_initdi_wpcf7_lm_module\init.php:60

actionwpcf7_before_send_maildi_wpcf7_lm_module\init.php:193

actioninitdi_wpcf7_lm_module\init.php:233

actionwpcf7_initinit.php:13

actionadmin_initinit.php:60

actionwpcf7_before_send_mailinit.php:193

actioninitinit.php:233

Maintenance & Trust

lm CF7 lead manager Addon Maintenance & Trust

Maintenance Signals

WordPress version tested4.2.39

Last updatedOct 5, 2016

PHP min version

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

lm CF7 lead manager Addon Alternatives

Website Pop-up Builder by BDOW! (formerly Sumo): Pop-ups + forms for email opt-ins and lead generation

sumome

100

Sumo is trusted by over 600,000 businesses — small and large — in growing their email lists, customer base, and revenue online.

20K 1 CVE

Lenix Leads Collector

lenix-elementor-leads-addon

Leads Collector, Collects forms entries from Elementor,Cf7,WPForms and more with export to CSV.

10K 1 CVE

Leadinfo

leadinfo

This plugin can be used to add the Leadinfo tracking code to a Wordpress site

7K 2 CVEs

Lead Call Buttons

lead-call-buttons

Make it easy for website visitors to reach you. When enabled adds customizable buttons to the mobile view of the website, i.e. Call, Map, Schedule.

6K No CVEs

DoLeads Integrator

doleads-integrator

DoLeads Integrator plugin connects your wordpress website contact form with 'DoLeads' Leads Management System.

5K No CVEs

Developer Profile

lm CF7 lead manager Addon Developer Profile

leadmanagerdev

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect lm CF7 lead manager Addon

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

JS Globals

di_extract_from_string_url_wpcf7

Shortcode Output

<input type="hidden" name="lm_post_method"<input type="hidden" name="di_lm_nonce_action"<input type="hidden" name="lm_form"<input type="hidden" name="lm_key"

FAQ