WP-Safety

QuarkLeads Security & Risk Analysis

wordpress.org/plugins/quarkleads

Connect your WordPress contact forms directly to QuarkLeads CRM — and turn every website inquiry into an actionable lead instantly.

0 active installs v1.0.0 PHP 7.4+ WP 5.0+ Updated Oct 15, 2025
contact-form-integrationform-automationlead-managementquarkleadswordpress-crm
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is QuarkLeads Safe to Use in 2026?

Generally Safe

Score 100/100

QuarkLeads has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5mo ago
Risk Assessment

The 'quarkleads' v1.0.0 plugin demonstrates a generally strong security posture based on the provided static analysis. The absence of known vulnerabilities in its history and the complete utilization of prepared statements for all SQL queries are significant strengths. Furthermore, the high percentage of properly escaped output (85%) suggests good practices in preventing cross-site scripting (XSS) vulnerabilities. The plugin also incorporates nonces and capability checks on most entry points, contributing to a reduced attack surface from an authentication perspective.

Key Concerns

  • Low number of capability checks
  • 15% of output is not properly escaped
  • Uses file operations
  • Makes external HTTP requests
Vulnerabilities
None known

QuarkLeads Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

QuarkLeads Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
18 prepared
Unescaped Output
8
46 escaped
Nonce Checks
11
Capability Checks
4
File Operations
1
External Requests
3
Bundled Libraries
0

SQL Query Safety

100% prepared18 total queries

Output Escaping

85% escaped54 total outputs
Data Flows
All sanitized

Data Flow Analysis

7 flows
qrkl_save_form_mapping (includes\class-form-mapping.php:42)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

QuarkLeads Attack Surface

Entry Points8
Unprotected0

AJAX Handlers 8

authwp_ajax_qrkl_validate_merchantincludes\class-functions.php:4
noprivwp_ajax_qrkl_validate_merchantincludes\class-functions.php:5
authwp_ajax_qrkl_reset_merchantincludes\class-functions.php:39
noprivwp_ajax_qrkl_reset_merchantincludes\class-functions.php:40
authwp_ajax_qrkl_save_integrationsincludes\class-functions.php:67
authwp_ajax_qrkl_get_integration_settingsincludes\class-functions.php:98
authwp_ajax_qrkl_check_verificationincludes\class-functions.php:109
authwp_ajax_qrkl_get_filtered_logsincludes\class-log-viewer-error.php:59
WordPress Hooks 18
actionacf/save_postincludes\class-dispatcher.php:11
actionwpcf7_before_send_mailincludes\class-dispatcher.php:14
actiongform_after_submissionincludes\class-dispatcher.php:17
actionwpforms_process_completeincludes\class-dispatcher.php:20
filterninja_forms_submit_dataincludes\class-dispatcher.php:23
actionelementor_pro/forms/render_formincludes\class-dispatcher.php:27
actionelementor_pro/forms/new_recordincludes\class-dispatcher.php:30
filterqrkl_form_payloadincludes\class-dispatcher.php:33
actionadmin_initincludes\class-form-mapping.php:59
actionqrkl_cron_verify_tokenincludes\class-functions.php:172
actionadmin_noticesincludes\class-functions.php:262
filtercron_schedulesincludes\class-functions.php:274
actionqrkl_cron_cleanup_logsincludes\class-functions.php:342
actionadmin_enqueue_scriptsincludes\enqueue-assets.php:76
actionadmin_initquarkleads.php:27
actionadmin_menuquarkleads.php:40
filterplugin_row_metaquarkleads.php:104
actionplugins_loadedquarkleads.php:123

Scheduled Events 2

qrkl_cron_verify_token
qrkl_cron_cleanup_logs
Maintenance & Trust

QuarkLeads Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedOct 15, 2025
PHP min version7.4
Downloads172

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

QuarkLeads Alternatives

Groundhogg — CRM, Newsletters, and Marketing Automation

Groundhogg — CRM, Newsletters, and Marketing Automation

groundhogg

A
88

Groundhogg is the best WordPress CRM & Marketing Automation plugin. Create flows, email campaigns, and have a CRM all within your WordPress site.

2K 23 CVEs
WP-CRM System – Manage Clients and Projects

WP-CRM System – Manage Clients and Projects

wp-crm-system

C
67

WP-CRM System – Manage Clients and Projects is a WordPress CRM that is designed to work exclusively with YOUR WordPress site.

900 1 unpatched
Followize Extension – Contact Form 7

Followize Extension – Contact Form 7

followize-extension-cf7

A
85

Receba os leads gerados através do seu site diretamente no Followize.

100 No CVEs
LeadBoxer

LeadBoxer

leadboxer

A
91

This plugin can be used to add the LeadBoxer tracking code to a Wordpress site

100 1 CVE
Followize

Followize

followize

A
85

Receba os leads gerados através do seu site diretamente no Followize.

90 No CVEs
Developer Profile

QuarkLeads Developer Profile

quarkleads

1 plugin · 0 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect QuarkLeads

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/quarkleads/dist/assets/css/admin.css/wp-content/plugins/quarkleads/dist/assets/js/admin.js/wp-content/plugins/quarkleads/dist/assets/js/merchant-auth.js
Script Paths
/wp-content/plugins/quarkleads/dist/assets/js/admin.js/wp-content/plugins/quarkleads/dist/assets/js/merchant-auth.js
Version Parameters
quarkleads/dist/assets/css/admin.css?ver=quarkleads/dist/assets/js/admin.js?ver=quarkleads/dist/assets/js/merchant-auth.js?ver=

HTML / DOM Fingerprints

HTML Comments
<!-- ✅ Only show logs if merchant is verified --><!-- Parent slug (from your main menu) -->
Data Attributes
data-target="#qrkl-modal-verify-merchant"
JS Globals
qrkl_ajaxQRKL_MerchantAuthTrans
FAQ

Frequently Asked Questions about QuarkLeads