WP-Safety

SWELLEnterprise Security & Risk Analysis

wordpress.org/plugins/swellenterprise

A plugin that connects your website to the SWELLEnterprise services.

0 active installs v1.0.0 PHP 7.0+ WP 3.0.1+ Updated Jan 6, 2023
client-managementcrmleadsproject-managementsales
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is SWELLEnterprise Safe to Use in 2026?

Generally Safe

Score 85/100

SWELLEnterprise has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago
Risk Assessment

The swellenterprise v1.0.0 plugin exhibits a mixed security posture. While the vast majority of its output is properly escaped and it has no recorded vulnerability history, several concerning aspects are highlighted by the static analysis. The presence of unsanitized paths in taint analysis, although not classified as critical or high, suggests a potential for unexpected behavior or information leakage if those paths are not handled with care. Furthermore, the plugin exposes three AJAX handlers without authentication checks, representing a significant attack surface that could be exploited by unauthenticated users. The use of the `unserialize` function without apparent sanitization also poses a risk, as it can lead to deserialization vulnerabilities if the serialized data originates from an untrusted source. The complete lack of prepared statements for SQL queries is another significant concern, increasing the susceptibility to SQL injection attacks. Despite these issues, the absence of known CVEs and the generally good output escaping offer some reassurance, but the identified vulnerabilities require immediate attention.

Key Concerns

  • AJAX handlers without auth checks
  • SQL queries without prepared statements
  • Dangerous function: unserialize
  • Flows with unsanitized paths
Vulnerabilities
None known

SWELLEnterprise Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

SWELLEnterprise Code Analysis

Dangerous Functions
4
Raw SQL Queries
3
0 prepared
Unescaped Output
41
1048 escaped
Nonce Checks
4
Capability Checks
3
File Operations
7
External Requests
6
Bundled Libraries
1

Dangerous Functions Found

unserialize$this->value = unserialize( $this->value );admin\exopite-simple-options\fields\fieldset.php:69
unserialize$this->value = unserialize( $this->value );admin\exopite-simple-options\fields\group.php:222
unserialize$this->value = unserialize( $this->value );admin\exopite-simple-options\fields\group.php:272
unserialize$this->value = unserialize( $this->value );admin\exopite-simple-options\fields\tab.php:74

Bundled Libraries

jQuery

SQL Query Safety

0% prepared3 total queries

Output Escaping

96% escaped1089 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

6 flows2 with unsanitized paths
display_options_section_footer (admin\exopite-simple-options\exopite-simple-options-framework-class.php:1666)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

SWELLEnterprise Attack Surface

Entry Points6
Unprotected3

AJAX Handlers 6

authwp_ajax_exopite-sof-export-optionsadmin\exopite-simple-options\exopite-simple-options-framework-class.php:423
authwp_ajax_exopite-sof-import-optionsadmin\exopite-simple-options\exopite-simple-options-framework-class.php:424
authwp_ajax_exopite-sof-reset-optionsadmin\exopite-simple-options\exopite-simple-options-framework-class.php:425
authwp_ajax_exopite-sof-file_uploaderadmin\exopite-simple-options\upload-class.php:22
authwp_ajax_exopite-sof-file-batch-deleteadmin\exopite-simple-options\upload-class.php:26
authwp_ajax_swell_get_dataincludes\class-swellenterprise.php:238
WordPress Hooks 44
actionadmin_noticesadmin\exopite-simple-options\exopite-simple-options-framework-class.php:294
actionadmin_noticesadmin\exopite-simple-options\exopite-simple-options-framework-class.php:353
actionadmin_enqueue_scriptsadmin\exopite-simple-options\exopite-simple-options-framework-class.php:383
filtermce_external_pluginsadmin\exopite-simple-options\exopite-simple-options-framework-class.php:389
actionadmin_initadmin\exopite-simple-options\exopite-simple-options-framework-class.php:421
actionadmin_menuadmin\exopite-simple-options\exopite-simple-options-framework-class.php:422
actionadmin_initadmin\exopite-simple-options\exopite-simple-options-framework-class.php:448
actionsave_postadmin\exopite-simple-options\exopite-simple-options-framework-class.php:449
actionexopite_sof_display_page_headeradmin\exopite-simple-options\exopite-simple-options-framework-class.php:1903
actionexopite_sof_display_page_footeradmin\exopite-simple-options\exopite-simple-options-framework-class.php:2030
actionplugins_loadedincludes\class-swellenterprise.php:196
actionadmin_enqueue_scriptsincludes\class-swellenterprise.php:225
actionadmin_enqueue_scriptsincludes\class-swellenterprise.php:226
actioninitincludes\class-swellenterprise.php:227
actioninitincludes\class-swellenterprise.php:228
actioninitincludes\class-swellenterprise.php:229
actionadd_meta_boxesincludes\class-swellenterprise.php:230
actionadd_meta_boxesincludes\class-swellenterprise.php:231
actioninitincludes\class-swellenterprise.php:233
actioninitincludes\class-swellenterprise.php:234
actioninitincludes\class-swellenterprise.php:235
actioninitincludes\class-swellenterprise.php:236
actioninitincludes\class-swellenterprise.php:237
actionrest_api_initincludes\class-swellenterprise.php:239
actionwp_trash_postincludes\class-swellenterprise.php:240
actionedit_form_after_editorincludes\class-swellenterprise.php:241
actionsave_postincludes\class-swellenterprise.php:242
filterhttp_request_timeoutincludes\class-swellenterprise.php:243
actioninitincludes\class-swellenterprise.php:254
actioninitincludes\class-swellenterprise.php:261
actioninitincludes\class-swellenterprise.php:264
actionupgrader_process_completeincludes\class-swellenterprise.php:272
actionadmin_noticesincludes\class-swellenterprise.php:278
actionadmin_noticesincludes\class-swellenterprise.php:279
filtermanage_lead_posts_columnsincludes\class-swellenterprise.php:292
filtermanage_client_posts_columnsincludes\class-swellenterprise.php:293
filtermanage_contact_posts_columnsincludes\class-swellenterprise.php:294
actionmanage_posts_custom_columnincludes\class-swellenterprise.php:295
actionadmin_headincludes\class-swellenterprise.php:296
filtermanage_edit-lead_sortable_columnsincludes\class-swellenterprise.php:305
actionpre_get_postsincludes\class-swellenterprise.php:306
filteracf/load_field/name=client_create_webhookincludes\class-swellenterprise.php:310
actionwp_enqueue_scriptsincludes\class-swellenterprise.php:324
actionwp_enqueue_scriptsincludes\class-swellenterprise.php:325
Maintenance & Trust

SWELLEnterprise Maintenance & Trust

Maintenance Signals

WordPress version tested6.1.10
Last updatedJan 6, 2023
PHP min version7.0
Downloads686

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

SWELLEnterprise Alternatives

Sprout Clients – CRM and Lead Management

Sprout Clients – CRM and Lead Management

sprout-clients

A
95

Properly leveraging your contact lists isn’t sending out a single email to the entire list asking for work — instead you need to build business relati …

70 3 CVEs
Contact Form 7 – SalesKing CRM Addon

Contact Form 7 – SalesKing CRM Addon

contact-form-7-salesking-crm-addon

A
85

Get your Contact Form 7 data straight into SalesKing CRM.

10 No CVEs
VIA Lead Integration for Gravity Forms and Salesforce

VIA Lead Integration for Gravity Forms and Salesforce

via-crm-forms

A
85

VIA Lead Integration for Gravity Forms and Salesforce

0 No CVEs
Lenix Leads Collector

Lenix Leads Collector

lenix-elementor-leads-addon

A
98

Leads Collector, Collects forms entries from Elementor,Cf7,WPForms and more with export to CSV.

10K 1 CVE
WP Gravity Forms Salesforce

WP Gravity Forms Salesforce

gf-salesforce-crmperks

A
96

Gravity Forms Salesforce Add-on sends Gravity forms entries to salesforce CRM.

1K 3 CVEs
Developer Profile

SWELLEnterprise Developer Profile

DesignLoud

1 plugin · 0 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect SWELLEnterprise

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/swellenterprise/css/swellenterprise-admin.css/wp-content/plugins/swellenterprise/js/swellenterprise-admin.js
Version Parameters
swellenterprise/css/swellenterprise-admin.css?ver=swellenterprise/js/swellenterprise-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
swellenterprise-admin-css
HTML Comments
This function is provided for demonstration purposes only.An instance of this class should be passed to the run() functiondefined in SWELLEnterprise_Loader as all of the hooks are definedin that particular class.+3 more
Data Attributes
data-swellenterprise-admin
JS Globals
swellenterprise_admin_params
FAQ

Frequently Asked Questions about SWELLEnterprise