Does Plezi have any unpatched vulnerabilities?

No. All known vulnerabilities in Plezi have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Plezi compatible with WordPress 6.7.5?

According to WordPress.org data, Plezi 1.0.8 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is Plezi compatible with PHP 7.4+?

Plezi requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Plezi updated?

Plezi was last updated on Dec 20, 2024. Frequent updates are generally a positive security signal.

What is Plezi's security score?

Plezi has a WP-Safety security score of 90/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Plezi Security & Risk Analysis

wordpress.org/plugins/plezi

Free marketing tool to help small businesses on their journey to digital success : tracking, forms, emails, content management, automation, etc.

200 active installs v1.0.8 PHP 7.4+ WP 5.6+ Updated Dec 20, 2024

automationcontent-managementformslead-generationtracking

A · Safe

CVEs total2

Unpatched0

Last CVEDec 13, 2024

Plugin page Download

Safety Verdict

Is Plezi Safe to Use in 2026?

Generally Safe

Score 90/100

Plezi has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Dec 13, 2024Updated 1yr ago

Risk Assessment

The "plezi" plugin v1.0.8 exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices in its handling of SQL queries, exclusively using prepared statements, and it has no recorded unpatched vulnerabilities despite a history of two known CVEs. The absence of critical or high-severity taint flows is also encouraging. However, several areas raise concerns. The plugin relies heavily on capability checks (6 in total) but shows a complete lack of nonce checks, which are crucial for preventing CSRF attacks on any interactive elements. Furthermore, a significant portion of its output (49%) is not properly escaped, creating a substantial risk of Cross-Site Scripting (XSS) vulnerabilities. The history of two CVEs, one high and one medium severity, both related to XSS, strongly suggests a recurring pattern of insecure output handling within the plugin's codebase that has not been fully addressed.

Key Concerns

Missing nonce checks
High percentage of unescaped output
History of high/medium severity XSS vulnerabilities
External HTTP requests without apparent sanitization

Vulnerabilities

Plezi Security Vulnerabilities

CVEs by Year

1 CVE in 2022

2022

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

High

Medium

2 total CVEs

CVE-2024-11763medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Plezi <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

Dec 13, 2024 Patched in 1.0.7 (9d)

CVE-2022-0680high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Plezi < 1.0.3 - Unauthenticated Stored Cross-Site Scripting

Mar 7, 2022 Patched in 1.0.3 (687d)

Code Analysis

Analyzed Mar 16, 2026

Plezi Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

51 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

TinyMCE

Output Escaping

51% escaped100 total outputs

Attack Surface

Plezi Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[plezi] plezi.php:67

WordPress Hooks 22

actionadmin_headbuilders\divi-module\includes\modules\PleziForm\PleziForm.php:18

actionadmin_noticesincludes\plz-admin.php:529

actionadmin_menuplezi.php:40

actionadmin_initplezi.php:41

actionadmin_enqueue_scriptsplezi.php:42

actionwp_enqueue_scriptsplezi.php:43

actionload_textdomain_mofileplezi.php:44

actionplugins_loadedplezi.php:45

actioninitplezi.php:46

actionwp_dashboard_setupplezi.php:47

actionelementor/elements/categories_registeredplezi.php:48

actionelementor/widgets/registerplezi.php:49

actiondivi_extensions_initplezi.php:50

actioninitplezi.php:51

actionvc_before_initplezi.php:52

filterupdate_footerplezi.php:57

filterplugin_action_links_plezi/plezi.phpplezi.php:58

filtermce_buttonsplezi.php:59

filtermce_external_pluginsplezi.php:60

filtermce_external_languagesplezi.php:61

filterblock_categories_allplezi.php:62

filterrest_api_initrest-api\class-plz-rest-api-configuration.php:292

Maintenance & Trust

Plezi Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedDec 20, 2024

PHP min version7.4

Downloads7K

Community Trust

Rating100/100

Number of ratings6

Active installs200

Alternatives

Plezi Alternatives

Jetpack CRM – Clients, Leads, Invoices, Billing, Email Marketing, & Automation

zero-bs-crm

The CRM for small businesses. Manage leads, invoicing, billing, email marketing, clients, contacts, quotes, automation. Works with WooCommerce too.

30K 8 CVEs

WS Form LITE – Drag & Drop Contact Form Builder

ws-form

Contact form builder for WordPress. Create professional, accessible, mobile-friendly forms in minutes without coding.

10K 5 CVEs

Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce

sender-net-automated-emails

Sender is an all-in-one email & SMS marketing platform designed keeping the challenges of ecommerce and small businesses in mind.

5K 2 CVEs

Zoho Campaigns

zoho-campaigns

Zoho Campaigns

4K 4 CVEs

Account Engagement

pardot

Integrate Account Engagement with WordPress: easily track visitors, embed forms and dynamic content in pages and posts, or use the forms or dynamic co …

2K 1 CVE

Developer Profile

Plezi Developer Profile

Plezi

1 plugin · 200 total installs

trust score

Avg Security Score

90/100

Avg Patch Time

348 days

View full developer profile

Detection Fingerprints

How We Detect Plezi

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/plezi/assets/css/admin.css/wp-content/plugins/plezi/assets/css/style.css/wp-content/plugins/plezi/assets/js/admin.js/wp-content/plugins/plezi/assets/js/front.js/wp-content/plugins/plezi/assets/js/tinymce-plugin.js/wp-content/plugins/plezi/assets/js/plz-dashboard.js/wp-content/plugins/plezi/assets/js/elementor-widget.js

Script Paths

https://brain.plezi.co/api/v1/web_forms/scripts?content_web_form_id=

Version Parameters

plezi/assets/css/admin.css?ver=plezi/assets/css/style.css?ver=plezi/assets/js/admin.js?ver=plezi/assets/js/front.js?ver=plezi/assets/js/tinymce-plugin.js?ver=plezi/assets/js/plz-dashboard.js?ver=plezi/assets/js/elementor-widget.js?ver=

HTML / DOM Fingerprints

CSS Classes

plz-hiddenplz-contentplz-form-fieldplz-form-descriptionplz-form-titleplz-form-wrapper

HTML Comments

Data Attributes

data-plezi-form-iddata-plezi-form-actiondata-plezi-campaign-iddata-plezi-contact-iddata-plezi-form-layout

JS Globals

plzTrackPleziplz_track

REST Endpoints

/wp-json/plz/v2/configuration/get-forms-list/wp-json/plz/v2/contact/save

Shortcode Output

<form id="plz-form-

FAQ

Plezi Security & Risk Analysis

Is Plezi Safe to Use in 2026?

Generally Safe

Key Concerns

Plezi Security Vulnerabilities

CVEs by Year

Severity Breakdown

Plezi Code Analysis

Bundled Libraries

Output Escaping

Plezi Attack Surface

Shortcodes 1

Plezi Maintenance & Trust

Maintenance Signals

Community Trust

Plezi Alternatives

Jetpack CRM – Clients, Leads, Invoices, Billing, Email Marketing, & Automation

WS Form LITE – Drag & Drop Contact Form Builder

Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce

Zoho Campaigns

Account Engagement

Plezi Developer Profile

How We Detect Plezi

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Plezi