Does Thrail CRM have any unpatched vulnerabilities?

No. All known vulnerabilities in Thrail CRM have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Thrail CRM compatible with WordPress 6.6.5?

According to WordPress.org data, Thrail CRM 1.0.2 has been tested up to WordPress 6.6.5. Check the plugin's changelog for the latest compatibility information.

Is Thrail CRM compatible with PHP 7.4+?

Thrail CRM requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Thrail CRM updated?

Thrail CRM was last updated on Unknown. Frequent updates are generally a positive security signal.

What is Thrail CRM's security score?

Thrail CRM has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Thrail CRM Security & Risk Analysis

wordpress.org/plugins/thrail-crm

Thrail CRM: Simplify Your Customer Management

0 active installs v1.0.2 PHP 7.4+ WP 5.9+ Updated Unknown

crmemail-automationemail-logslead-managementwordpress-plugin

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Thrail CRM Safe to Use in 2026?

Generally Safe

Score 100/100

Thrail CRM has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs

Risk Assessment

The "thrail-crm" v1.0.2 plugin exhibits a generally good security posture, with several positive indicators. The high percentage of prepared statements for SQL queries and properly escaped output are strong signs of secure coding practices. The absence of dangerous functions, external HTTP requests, and known vulnerabilities in its history further contributes to this positive outlook. Nonce checks are present in a reasonable number of places, indicating an awareness of common WordPress attack vectors. The plugin also has a low total attack surface with only 5 entry points.

However, there are a few areas that warrant attention. The presence of 2 REST API routes without permission callbacks represents a significant security concern, as these endpoints could potentially be accessed and exploited by unauthenticated users. Additionally, the 2 identified flows with unsanitized paths in the taint analysis, while not classified as critical or high severity, suggest a potential for path traversal vulnerabilities if these flows involve user-supplied input. The single file operation is also a point to monitor, though its impact depends heavily on the context and whether it's properly secured.

Overall, "thrail-crm" v1.0.2 has a solid foundation in security best practices. The lack of historical vulnerabilities is encouraging. The primary risks lie in the unprotected REST API routes and the unsanitized paths identified in the taint analysis. Addressing these specific issues would significantly strengthen the plugin's security.

Key Concerns

REST API routes without permission callbacks
Flows with unsanitized paths

Vulnerabilities

None known

Thrail CRM Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Thrail CRM Code Analysis

Dangerous Functions

Raw SQL Queries

12 prepared

Unescaped Output

25 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

92% prepared13 total queries

Output Escaping

96% escaped26 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

7 flows2 with unsanitized paths

render_filters (classes\Trait.php:7)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Thrail CRM Attack Surface

Entry Points5

Unprotected2

AJAX Handlers 2

authwp_ajax_delete_leadincludes\Ajax.php:14

authwp_ajax_update_leadincludes\Ajax.php:15

REST API Routes 2

POST/wp-json/thrail-crm/v1/submitincludes\RestAPI.php:11

POST/wp-json/thrail-crm/v1/update-email-settings/includes\RestAPI.php:26

Shortcodes 1

[thrail-crm] includes\Frontend\Shortcode.php:8

WordPress Hooks 9

actionadmin_menuincludes\Admin\Menu.php:17

actionadmin_initincludes\Admin\Menu.php:18

actionadmin_footerincludes\Admin\Menu.php:19

actionwp_enqueue_scriptsincludes\Assets.php:20

actionadmin_enqueue_scriptsincludes\Assets.php:21

actionthrail_send_followup_emailincludes\Email.php:6

actionwp_footerincludes\Frontend\Shortcode.php:9

actionrest_api_initincludes\RestAPI.php:8

actionplugins_loadedthrail-crm.php:43

Scheduled Events 1

thrail_send_followup_email

Maintenance & Trust

Thrail CRM Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5

Last updatedUnknown

PHP min version7.4

Downloads373

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Thrail CRM Alternatives

Groundhogg — CRM, Newsletters, and Marketing Automation

groundhogg

Groundhogg is the best WordPress CRM & Marketing Automation plugin. Create flows, email campaigns, and have a CRM all within your WordPress site.

2K 23 CVEs

SureContact – Newsletters, Email Marketing, Automation, Revenue Tracking & CRM

surecontact

100

Send newsletters, set up email automations, manage contacts and track ecommerce revenue in a CRM for WordPress.

500 No CVEs

Followize Extension – Contact Form 7

followize-extension-cf7

Receba os leads gerados através do seu site diretamente no Followize.

100 No CVEs

Followize

followize

Receba os leads gerados através do seu site diretamente no Followize.

90 No CVEs

Followize Extension – Gravity Forms

followize-extension-gf

Receba os leads gerados através do seu site diretamente no Followize.

30 No CVEs

Developer Profile

Thrail CRM Developer Profile

Sadekur Rahman

2 plugins · 0 total installs

trust score

Avg Security Score

93/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Thrail CRM

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/thrail-crm/assets/js/frontend.js/wp-content/plugins/thrail-crm/assets/css/frontend.css/wp-content/plugins/thrail-crm/assets/js/admin.js/wp-content/plugins/thrail-crm/assets/css/admin.css/wp-content/plugins/thrail-crm/assets/css/jquery-ui.css

Script Paths

/wp-content/plugins/thrail-crm/assets/js/frontend.js/wp-content/plugins/thrail-crm/assets/js/admin.js

Version Parameters

thrail-crm/assets/js/frontend.js?ver=thrail-crm/assets/css/frontend.css?ver=thrail-crm/assets/js/admin.js?ver=thrail-crm/assets/css/admin.css?ver=thrail-crm/assets/css/jquery-ui.css?ver=

HTML / DOM Fingerprints

CSS Classes

form-containerloader-container

Data Attributes

id="thrailOptinForm"id="formLoader"

JS Globals

THRAIL.ajaxurlTHRAIL.resturlTHRAIL.nonceTHRAIL.errorTHRAIL.confirmTHRAIL.rest_base

REST Endpoints

/thrail-crm/v1/submit/thrail-crm/v1/update-email-settings/

Shortcode Output

<form id="thrailOptinForm" action="" method="post"><label for="name">Name:</label><input type="text" id="name" name="name" required placeholder="Enter your name"><label for="email">Email:</label>

FAQ

Thrail CRM Security & Risk Analysis

Is Thrail CRM Safe to Use in 2026?

Generally Safe

Key Concerns

Thrail CRM Security Vulnerabilities

Thrail CRM Code Analysis

SQL Query Safety

Output Escaping

Data Flow Analysis

Thrail CRM Attack Surface

AJAX Handlers 2

REST API Routes 2

Shortcodes 1

Scheduled Events 1

Thrail CRM Maintenance & Trust

Maintenance Signals

Community Trust

Thrail CRM Alternatives

Groundhogg — CRM, Newsletters, and Marketing Automation

SureContact – Newsletters, Email Marketing, Automation, Revenue Tracking & CRM

Followize Extension – Contact Form 7

Followize

Followize Extension – Gravity Forms

Thrail CRM Developer Profile

How We Detect Thrail CRM

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Thrail CRM