Does Video Lead Form have any unpatched vulnerabilities?

No. All known vulnerabilities in Video Lead Form have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Video Lead Form compatible with WordPress 3.4.2?

According to WordPress.org data, Video Lead Form 0.6 has been tested up to WordPress 3.4.2. Check the plugin's changelog for the latest compatibility information.

How often is Video Lead Form updated?

Video Lead Form was last updated on Nov 26, 2012. Frequent updates are generally a positive security signal.

What is Video Lead Form's security score?

Video Lead Form has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Video Lead Form Security & Risk Analysis

wordpress.org/plugins/video-lead-form

Flash based video player that embeds a contact or lead form into the video for easy submission by viewers.

10 active installs v0.6 PHP + WP 3.4.2+ Updated Nov 26, 2012

contact-formlead-formvideo-player

A · Safe

CVEs total1

Unpatched0

Last CVENov 26, 2012

Plugin page Download

Safety Verdict

Is Video Lead Form Safe to Use in 2026?

Generally Safe

Score 85/100

Video Lead Form has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Nov 26, 2012Updated 13yr ago

Risk Assessment

The "video-lead-form" plugin, version 0.6, exhibits a mixed security posture. While it has no known unpatched vulnerabilities and utilizes prepared statements for SQL queries, several concerning aspects are highlighted by the static analysis. The presence of external HTTP requests without clear sanitization or validation is a potential risk, as is the low percentage (25%) of properly escaped outputs, indicating a susceptibility to Cross-Site Scripting (XSS) vulnerabilities. The taint analysis, despite reporting no critical or high severity flows, found that all analyzed flows had unsanitized paths, which, when combined with the output escaping issues, suggests potential for malicious input to be processed and displayed insecurely.

The vulnerability history, which includes one medium severity CVE for XSS reported in 2012, further reinforces the concerns around input sanitization and output escaping. Although this vulnerability is historical and patched, the pattern of XSS issues in its past raises a flag. The plugin's limited attack surface (one shortcode) and absence of unprotected entry points are positive signs, but they do not fully mitigate the risks identified in the code analysis and historical data. Overall, while not critically vulnerable currently, the plugin shows weaknesses in input handling and output sanitization that require attention to improve its security.

Key Concerns

Low output escaping percentage
All taint flows had unsanitized paths
Past medium severity XSS vulnerability
External HTTP requests present

Vulnerabilities

Video Lead Form Security Vulnerabilities

CVEs by Year

1 CVE in 2012

2012

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2012-6312medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Video Lead Form < 0.6 - Cross-Site Scripting

Nov 26, 2012 Patched in 0.6 (4075d)

Code Analysis

Analyzed Mar 17, 2026

Video Lead Form Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

3 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

25% escaped12 total outputs

Data Flows

5 unsanitized

Data Flow Analysis

5 flows5 with unsanitized paths

vlf_login_page (VideoLeadForm.php:83)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Video Lead Form Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[vlf] VideoLeadForm.php:335

WordPress Hooks 1

actionadmin_menuVideoLeadForm.php:44

Maintenance & Trust

Video Lead Form Maintenance & Trust

Maintenance Signals

WordPress version tested3.4.2

Last updatedNov 26, 2012

PHP min version

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Video Lead Form Alternatives

Ninja Forms – The Contact Form Builder That Grows With You

ninja-forms

The 100% beginner friendly WordPress form builder. Drag & drop form fields to build beautiful, professional contact forms in minutes.

600K 75 CVEs

Lead Form Builder & Contact Form

lead-form-builder

Fast Drag & Drop Contact From Builder and Lead Generation Tool With Google One Tap Login. Supports Block Editor.

10K 11 CVEs

CubeWP Forms

cubewp-forms

CubeWP Forms is a 100% free drag-and-drop builder for creating contact forms, lead gen forms, appointment request forms, and newsletter signup forms.

4K 1 unpatched

FormFacade – Embed Google Forms in your website

formfacade

Embed Google Forms™ in your wordpress site

1K 1 unpatched

Lead Generation Form

lead-generation-form

100

Create lead forms with drag-and-drop builder, capture leads, and export data easily.

600 No CVEs

Developer Profile

Video Lead Form Developer Profile

Phillip Shipley

2 plugins · 100 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

4075 days

View full developer profile

Detection Fingerprints

How We Detect Video Lead Form

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/video-lead-form/videoleadform/images/vlf-icon-small.png/wp-content/plugins/video-lead-form/videoleadform/images/vlf-logo.jpg

HTML / DOM Fingerprints

CSS Classes

vlf-login-page-containervlf-login-page-new-user-containervlf-login-page-existing-login-containervlf-login-page-headervlf-login-page-bodyvlf-login-page-logovlf-login-page-introerrMsg+1 more

Data Attributes

name="vlf_register"name="vlf_login"name="vlf_first_name"name="vlf_last_name"name="vlf_email_address"name="vlf_site_url"+6 more

JS Globals

vlf_registration_validationvlf_login_validation

FAQ