WP-Safety

WCC GF to Clio Security & Risk Analysis

wordpress.org/plugins/wcc-gf-to-clio

Send Gravity Form Plugin Submissions to Clio.

0 active installs v1.2.0 PHP 7.2+ WP 4.7+ Updated Unknown
cliogravity-form-cliogravity-form-clio-web-to-leadwordpress-cliowordpress-clio-integration
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is WCC GF to Clio Safe to Use in 2026?

Generally Safe

Score 100/100

WCC GF to Clio has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs
Risk Assessment

The "wcc-gf-to-clio" plugin v1.2.0 exhibits a generally good security posture with a strong emphasis on using prepared statements for SQL queries and proper output escaping. The absence of known CVEs and a history free of vulnerabilities further strengthens this positive outlook. The plugin also demonstrates a good practice by not exposing shortcodes or cron events and having a contained attack surface with all identified AJAX handlers reportedly having authentication checks.

However, there are specific areas that warrant attention. The taint analysis revealed two flows with unsanitized paths, classified as high severity. While these are not directly exposed as vulnerabilities due to the lack of known CVEs, they represent potential weaknesses that could be exploited if a specific attack vector is discovered. Additionally, the absence of capability checks is a notable concern, as it implies that authorization might be solely reliant on nonces or AJAX handler authentication, which could be insufficient in certain scenarios. The presence of file operations and external HTTP requests, although not explicitly flagged as risky in the static analysis, are inherently sensitive functions that require careful scrutiny.

In conclusion, the plugin is well-developed with many security best practices implemented. The lack of historical vulnerabilities is a significant strength. The primary weaknesses lie in the identified unsanitized paths from the taint analysis and the absence of capability checks, which, while not currently exploited, present potential risks that should be addressed for a more robust security profile.

Key Concerns

  • High severity unsanitized paths in taint analysis
  • No capability checks on entry points
  • File operations present
  • External HTTP requests present
Vulnerabilities
None known

WCC GF to Clio Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

WCC GF to Clio Code Analysis

Dangerous Functions
0
Raw SQL Queries
9
58 prepared
Unescaped Output
21
440 escaped
Nonce Checks
23
Capability Checks
0
File Operations
1
External Requests
8
Bundled Libraries
0

SQL Query Safety

87% prepared67 total queries

Output Escaping

95% escaped461 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

9 flows2 with unsanitized paths
wcc_gf_clio_get_module_fields (Inc\WccGfClio_Actions.php:183)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

WCC GF to Clio Attack Surface

Entry Points8
Unprotected0

AJAX Handlers 8

noprivwp_ajax_wcc_gf_clio_get_module_fieldsInc\WccGfClio_Actions.php:59
authwp_ajax_wcc_gf_clio_get_module_fieldsInc\WccGfClio_Actions.php:60
noprivwp_ajax_wcc_gf_clio_get_module_fields_and_form_fieldInc\WccGfClio_Actions.php:63
authwp_ajax_wcc_gf_clio_get_module_fields_and_form_fieldInc\WccGfClio_Actions.php:64
noprivwp_ajax_wcc_gf_clio_get_coinditions_fieldsInc\WccGfClio_Actions.php:67
authwp_ajax_wcc_gf_clio_get_coinditions_fieldsInc\WccGfClio_Actions.php:68
noprivwp_ajax_wcc_gf_clio_statusInc\WccGfClio_Actions.php:71
authwp_ajax_wcc_gf_clio_statusInc\WccGfClio_Actions.php:73
WordPress Hooks 7
actioninitInc\WccGfClio_Actions.php:37
actionadmin_enqueue_scriptsInc\WccGfClio_Actions.php:43
actionadmin_menuInc\WccGfClio_Actions.php:45
actionadmin_menuInc\WccGfClio_Actions.php:46
actionwcc_entries_form_gform_submit_actionInc\WccGfClio_Actions.php:52
actiongform_after_submissionInc\WccGfClio_Actions.php:54
actionwcc_entries_below_view_page_leftInc\WccGfClio_Actions.php:75
Maintenance & Trust

WCC GF to Clio Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedUnknown
PHP min version7.2
Downloads600

Community Trust

Rating100/100
Number of ratings1
Active installs0
Alternatives

WCC GF to Clio Alternatives

WCC CF7 to Clio

WCC CF7 to Clio

wcc-cf7-to-clio

A
100

Send Contact Form 7 Plugin Submissions to Clio.

0 No CVEs
Clio Grow Form

Clio Grow Form

clio-grow-form

A
98

The Clio Grow Wordpress plugin enables law firms who use Clio Grow to automatically capture leads from their website or blog into the Clio Grow CRM.

1K 3 CVEs
Contributors: tripgrass

Contributors: tripgrass

lead-to-clio

A
85

Lead-to-Clio integrates your Wordpress Blog with your Clio Account - automatically creating tasks and contacts for new leads.

10 No CVEs
Developer Profile

WCC GF to Clio Developer Profile

weconnectcodeplugins

11 plugins · 10 total installs

93
trust score
Avg Security Score
99/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect WCC GF to Clio

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wcc-gf-to-clio/assets/css/style.css/wp-content/plugins/wcc-gf-to-clio/assets/js/script.js
Script Paths
/wp-content/plugins/wcc-gf-to-clio/assets/js/script.js
Version Parameters
wcc-gf-to-clio/assets/css/style.css?ver=wcc-gf-to-clio/assets/js/script.js?ver=

HTML / DOM Fingerprints

Shortcode Output
[wcc_gf_clio_shortcode]
FAQ

Frequently Asked Questions about WCC GF to Clio