WordForce Lead Security & Risk Analysis

wordpress.org/plugins/wordforce-lead

WordForce Lead Plugin is integration between WordPress and Salesforce CRM.

0 active installs v2.1.0 PHP 7.4.3+ WP 4.7+ Updated May 8, 2023
salesforcewordpress-salesforcewordpress-salesforce-integrationwordpress-salesforce-orgwp-salesforce
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is WordForce Lead Safe to Use in 2026?

Generally Safe

Score 85/100

WordForce Lead has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago
Risk Assessment

The wordforce-lead plugin v2.1.0 presents a mixed security posture. While it demonstrates good practices in areas like prepared statements for SQL queries and proper output escaping, significant concerns exist regarding its attack surface and taint analysis. The presence of an unprotected AJAX handler is a critical weakness that could allow unauthorized users to trigger potentially sensitive operations. Furthermore, two taint flows with unsanitized paths, categorized as high severity, indicate a substantial risk of code injection or other vulnerabilities that could be exploited if malicious input is provided to these flows. The plugin's vulnerability history is a positive indicator, with no recorded CVEs, suggesting a generally stable development and maintenance process. However, this lack of historical vulnerabilities should not overshadow the current, evidence-backed risks identified in the static and taint analysis. In conclusion, while the plugin benefits from strong data handling practices in many areas, the identified unprotected entry point and high-severity taint flows necessitate immediate attention and remediation.

Key Concerns

  • Unprotected AJAX handler
  • Two high severity unsanitized taint flows
Vulnerabilities
None known

WordForce Lead Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

WordForce Lead Release Timeline

v2.1.0Current
v2.0.0
v1.0.0
Code Analysis
Analyzed Apr 16, 2026

WordForce Lead Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
24 prepared
Unescaped Output
72
453 escaped
Nonce Checks
2
Capability Checks
0
File Operations
0
External Requests
4
Bundled Libraries
1

Bundled Libraries

DataTables

SQL Query Safety

96% prepared25 total queries

Output Escaping

86% escaped525 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
wdfl_ajax_handler (wordforce-lead.php:75)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

WordForce Lead Attack Surface

Entry Points2
Unprotected1

AJAX Handlers 1

authwp_ajax_my_credentialwordforce-lead.php:74

Shortcodes 1

[WF_LEAD] wdfl-shortcodes.php:138
WordPress Hooks 12
actionadmin_menuwdfl-options.php:28
actionadmin_initwdfl-options.php:227
actioninitwordforce-lead.php:73
actioninitwordforce-lead.php:456
filtermanage_submission_posts_columnswordforce-lead.php:468
actionmanage_submission_posts_custom_columnwordforce-lead.php:480
filtermanage_edit-submission_sortable_columnswordforce-lead.php:488
filterrequestwordforce-lead.php:501
filterrequestwordforce-lead.php:514
actionadmin_enqueue_scriptswordforce-lead.php:639
actionwp_footerwordforce-lead.php:660
actionwp_headwordforce-lead.php:681
Maintenance & Trust

WordForce Lead Maintenance & Trust

Maintenance Signals

WordPress version tested6.2.9
Last updatedMay 8, 2023
PHP min version7.4.3
Downloads2K

Community Trust

Rating100/100
Number of ratings9
Active installs0
Developer Profile

WordForce Lead Developer Profile

roushanbugendai234

1 plugin · 0 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect WordForce Lead

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wordforce-lead/assets/css/wdfl-style.css/wp-content/plugins/wordforce-lead/assets/css/bootstrap.min.css/wp-content/plugins/wordforce-lead/assets/css/dataTables.min.css/wp-content/plugins/wordforce-lead/assets/css/jquery.notifyBar.css/wp-content/plugins/wordforce-lead/assets/css/font-awesome.css/wp-content/plugins/wordforce-lead/assets/css/bootstrap.css.map/wp-content/plugins/wordforce-lead/assets/js/bootstrap.min.js/wp-content/plugins/wordforce-lead/assets/js/validate.min.js+4 more
Script Paths
/wp-content/plugins/wordforce-lead/assets/js/bootstrap.min.js/wp-content/plugins/wordforce-lead/assets/js/validate.min.js/wp-content/plugins/wordforce-lead/assets/js/jquery.notifyBar.js/wp-content/plugins/wordforce-lead/assets/js/dataTables.min.js/wp-content/plugins/wordforce-lead/assets/js/sweetalert.min.js/wp-content/plugins/wordforce-lead/assets/js/script.js
Version Parameters
wordforce-lead/assets/css/wdfl-style.css?ver=wordforce-lead/assets/css/bootstrap.min.css?ver=wordforce-lead/assets/css/dataTables.min.css?ver=wordforce-lead/assets/css/jquery.notifyBar.css?ver=wordforce-lead/assets/css/font-awesome.css?ver=wordforce-lead/assets/css/bootstrap.css.map?ver=wordforce-lead/assets/js/bootstrap.min.js?ver=wordforce-lead/assets/js/validate.min.js?ver=wordforce-lead/assets/js/jquery.notifyBar.js?ver=wordforce-lead/assets/js/dataTables.min.js?ver=wordforce-lead/assets/js/sweetalert.min.js?ver=wordforce-lead/assets/js/script.js?ver=

HTML / DOM Fingerprints

CSS Classes
wdfl-data-display
Data Attributes
data-form-iddata-lead-titledata-lead-namedata-lead-emaildata-lead-phonedata-lead-address+1 more
JS Globals
WDFL_PLUGIN_BASENAMEWDFL_PLUGIN_NAMEWDFL_PLUGIN_DIRWDFL_TEXT_DOMAINWDFL_PLUGIN_VERSIONMYSCRIPT
REST Endpoints
/wp-json/wordforce-lead/v1/data
Shortcode Output
[WF_LEAD]
FAQ

Frequently Asked Questions about WordForce Lead