[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fHxOQ0vkXAJtYGnt-FaW1psDgFHIU_6M8eFuK4cRomRo":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":38,"analysis":39,"fingerprints":299},"users-to-crm-contacts","Users to CRM Contacts","1.6","Dipesh Patel","https:\u002F\u002Fprofiles.wordpress.org\u002Fdipesh_patel\u002F","\u003Cp>This plugin integrates your WordPress site with SugarCRM\u002FSuiteCRM, enabling smooth data exchange between your website users and SugarCRM\u002FSuiteCRM contacts.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003Cbr \u002F>\n– Automatically sync WordPress users to SugarCRM\u002FSuiteCRM.\u003Cbr \u002F>\n– Map user meta fields to SugarCRM\u002FSuiteCRM contact fields.\u003Cbr \u002F>\n– Create and update SugarCRM\u002FSuiteCRM contacts directly from WordPress.\u003Cbr \u002F>\n– Handle duplicate records with robust conflict management.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Use Cases:\u003C\u002Fstrong>\u003Cbr \u002F>\n– Simplify lead management by syncing website registrations to SugarCRM\u002FSuiteCRM.\u003Cbr \u002F>\n– Update SugarCRM\u002FSuiteCRM contacts when users modify their profiles.\u003Cbr \u002F>\n– Avoid duplicate records with a seamless email-based search.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Why Use This Plugin?\u003C\u002Fstrong>\u003Cbr \u002F>\nWith this plugin, you can automate your workflow and enhance your CRM’s usability by keeping your user data in sync with SugarCRM\u002FSuiteCRM.\u003C\u002Fp>\n","Integrate WordPress with SugarCRM\u002FSuiteCRM to sync user data, simplify lead management, and improve user tracking",10,2641,0,"2024-12-15T07:23:00.000Z","6.7.5","5.6","7.4",[19,20,21,22,23],"synchronize-wp-users-with-sugarcrm-suitecrm","synchronize-wp-users-with-suitecrm","wordpress-users-to-crm-contacts","wordpress-with-crm","wp-users","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fusers-to-crm-contacts.1.6.zip",92,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":34,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},"dipesh_patel",2,110,96,30,91,"2026-04-04T15:27:14.426Z",[],{"attackSurface":40,"codeSignals":102,"taintFlows":112,"riskAssessment":287,"analyzedAt":298},{"hooks":41,"ajaxHandlers":69,"restRoutes":97,"shortcodes":98,"cronEvents":99,"entryPointCount":100,"unprotectedCount":101},[42,48,52,56,60,63,67],{"type":43,"name":44,"callback":45,"file":46,"line":47},"action","admin_notices","oepl_wp_user_to_crm_error_notice","OEPL_UserToCRM.conf.php",29,{"type":43,"name":49,"callback":50,"priority":11,"file":46,"line":51},"user_register","oepl_wp_user_to_crm_created_user",31,{"type":43,"name":53,"callback":54,"file":46,"line":55},"admin_menu","oepl_wp_user_to_crm_create_menu",49,{"type":43,"name":57,"callback":58,"file":46,"line":59},"show_user_profile","oepl_wp_user_to_crm_extra_profile_fields",99,{"type":43,"name":61,"callback":58,"file":46,"line":62},"edit_user_profile",100,{"type":43,"name":64,"callback":65,"file":46,"line":66},"admin_footer","oepl_wp_user_to_crm_footer",104,{"type":43,"name":64,"callback":65,"file":46,"line":68},194,[70,76,79,82,85,88,91,94],{"action":71,"nopriv":72,"callback":71,"hasNonce":73,"hasCapCheck":73,"file":74,"line":75},"wpuser_to_crm_test_and_save_credentials",false,true,"WPUserToCRM_admin_functions.php",76,{"action":77,"nopriv":72,"callback":77,"hasNonce":72,"hasCapCheck":72,"file":74,"line":78},"wpuser_to_crm_contacts_field_sync",122,{"action":80,"nopriv":72,"callback":80,"hasNonce":72,"hasCapCheck":72,"file":74,"line":81},"wpuser_to_crm_update_contact_grid_status",376,{"action":83,"nopriv":72,"callback":83,"hasNonce":72,"hasCapCheck":72,"file":74,"line":84},"wpuser_to_crm_save_custom_meta",408,{"action":86,"nopriv":72,"callback":86,"hasNonce":72,"hasCapCheck":72,"file":74,"line":87},"wpuser_to_crm_save_contact_to_crm_module",439,{"action":89,"nopriv":72,"callback":89,"hasNonce":72,"hasCapCheck":72,"file":74,"line":90},"wpuser_to_crm_create_new_contact",480,{"action":92,"nopriv":72,"callback":92,"hasNonce":72,"hasCapCheck":72,"file":74,"line":93},"wpuser_to_crm_update_existing_contact",540,{"action":95,"nopriv":72,"callback":95,"hasNonce":72,"hasCapCheck":72,"file":74,"line":96},"wpuser_to_crm_save_user_to_contacts",783,[],[],[],8,7,{"dangerousFunctions":103,"sqlUsage":104,"outputEscaping":107,"fileOperations":13,"externalRequests":110,"nonceChecks":110,"capabilityChecks":110,"bundledLibraries":111},[],{"prepared":105,"raw":13,"locations":106},19,[],{"escaped":108,"rawEcho":13,"locations":109},60,[],1,[],[113,131,139,153,166,181,192,204,216,229,240,251],{"entryPoint":114,"graph":115,"unsanitizedCount":13,"severity":130},"oepl_wp_user_to_crm_extra_profile_fields (OEPL_UserToCRM.conf.php:101)",{"nodes":116,"edges":128},[117,122],{"id":118,"type":119,"label":120,"file":46,"line":121},"n0","source","$_GET",106,{"id":123,"type":124,"label":125,"file":46,"line":126,"wp_function":127},"n1","sink","get_results() [SQLi]",114,"get_results",[129],{"from":118,"to":123,"sanitized":73},"low",{"entryPoint":132,"graph":133,"unsanitizedCount":13,"severity":130},"\u003COEPL_UserToCRM.conf> (OEPL_UserToCRM.conf.php:0)",{"nodes":134,"edges":137},[135,136],{"id":118,"type":119,"label":120,"file":46,"line":121},{"id":123,"type":124,"label":125,"file":46,"line":126,"wp_function":127},[138],{"from":118,"to":123,"sanitized":73},{"entryPoint":140,"graph":141,"unsanitizedCount":13,"severity":130},"search_box (OEPL_WPUserToCRM_Field_map_table.php:151)",{"nodes":142,"edges":151},[143,147],{"id":118,"type":119,"label":144,"file":145,"line":146},"$_POST","OEPL_WPUserToCRM_Field_map_table.php",152,{"id":123,"type":124,"label":148,"file":145,"line":149,"wp_function":150},"echo() [XSS]",158,"echo",[152],{"from":118,"to":123,"sanitized":73},{"entryPoint":154,"graph":155,"unsanitizedCount":13,"severity":130},"wpuser_to_crm_test_and_save_credentials (WPUserToCRM_admin_functions.php:30)",{"nodes":156,"edges":164},[157,160],{"id":118,"type":119,"label":158,"file":74,"line":159},"$_POST (x3)",45,{"id":123,"type":124,"label":161,"file":74,"line":162,"wp_function":163},"update_option() [Settings Manipulation]",57,"update_option",[165],{"from":118,"to":123,"sanitized":73},{"entryPoint":167,"graph":168,"unsanitizedCount":13,"severity":130},"wpuser_to_crm_save_contact_to_crm_module (WPUserToCRM_admin_functions.php:421)",{"nodes":169,"edges":178},[170,172,175],{"id":118,"type":119,"label":144,"file":74,"line":171},435,{"id":123,"type":173,"label":174,"file":74,"line":171},"transform","→ wpuser_to_crm_save_user_details()",{"id":176,"type":124,"label":125,"file":74,"line":177,"wp_function":127},"n2",673,[179,180],{"from":118,"to":123,"sanitized":72},{"from":123,"to":176,"sanitized":73},{"entryPoint":182,"graph":183,"unsanitizedCount":110,"severity":191},"prepare_items (OEPL_WPUserToCRM_Field_map_table.php:171)",{"nodes":184,"edges":189},[185,187],{"id":118,"type":119,"label":120,"file":145,"line":186},190,{"id":123,"type":124,"label":125,"file":145,"line":188,"wp_function":127},198,[190],{"from":118,"to":123,"sanitized":72},"high",{"entryPoint":193,"graph":194,"unsanitizedCount":110,"severity":191},"\u003COEPL_WPUserToCRM_Field_map_table> (OEPL_WPUserToCRM_Field_map_table.php:0)",{"nodes":195,"edges":201},[196,197,198,199],{"id":118,"type":119,"label":144,"file":145,"line":146},{"id":123,"type":124,"label":148,"file":145,"line":149,"wp_function":150},{"id":176,"type":119,"label":120,"file":145,"line":186},{"id":200,"type":124,"label":125,"file":145,"line":188,"wp_function":127},"n3",[202,203],{"from":118,"to":123,"sanitized":73},{"from":176,"to":200,"sanitized":72},{"entryPoint":205,"graph":206,"unsanitizedCount":110,"severity":191},"wpuser_to_crm_update_contact_grid_status (WPUserToCRM_admin_functions.php:332)",{"nodes":207,"edges":214},[208,210],{"id":118,"type":119,"label":144,"file":74,"line":209},351,{"id":123,"type":124,"label":211,"file":74,"line":212,"wp_function":213},"get_row() [SQLi]",352,"get_row",[215],{"from":118,"to":123,"sanitized":72},{"entryPoint":217,"graph":218,"unsanitizedCount":110,"severity":191},"wpuser_to_crm_create_new_contact (WPUserToCRM_admin_functions.php:452)",{"nodes":219,"edges":226},[220,222,224],{"id":118,"type":119,"label":144,"file":74,"line":221},468,{"id":123,"type":173,"label":223,"file":74,"line":221},"→ wpuser_to_crm_get_contact_field_data()",{"id":176,"type":124,"label":125,"file":74,"line":225,"wp_function":127},573,[227,228],{"from":118,"to":123,"sanitized":72},{"from":123,"to":176,"sanitized":72},{"entryPoint":230,"graph":231,"unsanitizedCount":110,"severity":191},"wpuser_to_crm_update_existing_contact (WPUserToCRM_admin_functions.php:492)",{"nodes":232,"edges":237},[233,235,236],{"id":118,"type":119,"label":144,"file":74,"line":234},508,{"id":123,"type":173,"label":223,"file":74,"line":234},{"id":176,"type":124,"label":125,"file":74,"line":225,"wp_function":127},[238,239],{"from":118,"to":123,"sanitized":72},{"from":123,"to":176,"sanitized":72},{"entryPoint":241,"graph":242,"unsanitizedCount":110,"severity":191},"wpuser_to_crm_save_user_to_contacts (WPUserToCRM_admin_functions.php:749)",{"nodes":243,"edges":248},[244,246,247],{"id":118,"type":119,"label":144,"file":74,"line":245},767,{"id":123,"type":173,"label":223,"file":74,"line":245},{"id":176,"type":124,"label":125,"file":74,"line":225,"wp_function":127},[249,250],{"from":118,"to":123,"sanitized":72},{"from":123,"to":176,"sanitized":72},{"entryPoint":252,"graph":253,"unsanitizedCount":286,"severity":191},"\u003CWPUserToCRM_admin_functions> (WPUserToCRM_admin_functions.php:0)",{"nodes":254,"edges":278},[255,256,257,258,259,262,265,267,269,271,274,276],{"id":118,"type":119,"label":158,"file":74,"line":159},{"id":123,"type":124,"label":161,"file":74,"line":162,"wp_function":163},{"id":176,"type":119,"label":144,"file":74,"line":209},{"id":200,"type":124,"label":211,"file":74,"line":212,"wp_function":213},{"id":260,"type":119,"label":158,"file":74,"line":261},"n4",502,{"id":263,"type":124,"label":125,"file":74,"line":264,"wp_function":127},"n5",567,{"id":266,"type":119,"label":144,"file":74,"line":171},"n6",{"id":268,"type":173,"label":174,"file":74,"line":171},"n7",{"id":270,"type":124,"label":125,"file":74,"line":177,"wp_function":127},"n8",{"id":272,"type":119,"label":273,"file":74,"line":221},"n9","$_POST (x4)",{"id":275,"type":173,"label":223,"file":74,"line":221},"n10",{"id":277,"type":124,"label":125,"file":74,"line":225,"wp_function":127},"n11",[279,280,281,282,283,284,285],{"from":118,"to":123,"sanitized":73},{"from":176,"to":200,"sanitized":73},{"from":260,"to":263,"sanitized":73},{"from":266,"to":268,"sanitized":72},{"from":268,"to":270,"sanitized":73},{"from":272,"to":275,"sanitized":72},{"from":275,"to":277,"sanitized":72},4,{"summary":288,"deductions":289},"The \"users-to-crm-contacts\" plugin v1.6 exhibits a mixed security posture.  On the positive side, it demonstrates strong adherence to secure coding practices regarding SQL queries and output escaping, with 100% of both using prepared statements and proper escaping respectively. The absence of any historical vulnerabilities, critical or otherwise, suggests a history of relatively secure development. However, a significant concern arises from the substantial attack surface, specifically the seven unprotected AJAX handlers, which represent a direct pathway for potential exploitation if not properly secured by other means not evident in this analysis.  The taint analysis further highlights this by revealing seven high-severity flows with unsanitized paths, strongly correlated with these unprotected AJAX endpoints.\n\nThe lack of reported CVEs is encouraging, but the presence of high-severity taint flows alongside unprotected AJAX handlers indicates a clear and present risk. While the plugin avoids common pitfalls like raw SQL queries or unescaped output, the vulnerability in its authentication and sanitization of AJAX endpoints, as evidenced by the taint analysis, is a critical weakness.  The plugin's strengths in SQL and output handling are undermined by its weaknesses in securing its primary entry points.  Therefore, while the historical record is clean, the current code analysis points to a medium to high risk due to the exploitable attack surface.",[290,292,295],{"reason":291,"points":11},"Unprotected AJAX handlers",{"reason":293,"points":294},"High severity unsanitized taint flows",14,{"reason":296,"points":297},"External HTTP requests (potential for SSRF)",3,"2026-03-17T00:30:53.652Z",{"wat":300,"direct":311},{"assetPaths":301,"generatorPatterns":305,"scriptPaths":306,"versionParams":307},[302,303,304],"\u002Fwp-content\u002Fplugins\u002Fusers-to-crm-contacts\u002Fstyle\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fusers-to-crm-contacts\u002Fjs\u002Fsweetalert2.min.js","\u002Fwp-content\u002Fplugins\u002Fusers-to-crm-contacts\u002Fjs\u002FOEPL_users.js",[],[303,304],[308,309,310],"users-to-crm-contacts\u002Fstyle.css?ver=1.0.0","users-to-crm-contacts\u002Fjs\u002Fsweetalert2.min.js?ver=1.0.0","users-to-crm-contacts\u002Fjs\u002FOEPL_users.js?ver=1.0.0",{"cssClasses":312,"htmlComments":319,"htmlAttributes":320,"restEndpoints":325,"jsGlobals":326,"shortcodeOutput":328},[313,314,315,316,317,318],"submit_to_crm","dialog1","dialog2","oe-loader-section","oe-loading-section-title","oe-loader-icon",[],[321,322,323,324],"id=\"Update_to_CRM\"","name=\"Update_to_CRM\"","id=\"Submit_to_CRM\"","name=\"Submit_to_CRM\"",[],[327],"objusertocrm",[]]