Does Lead Form Data Collection to CRM have any unpatched vulnerabilities?

No. All known vulnerabilities in Lead Form Data Collection to CRM have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Lead Form Data Collection to CRM compatible with WordPress 6.8.5?

According to WordPress.org data, Lead Form Data Collection to CRM 3.2 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is Lead Form Data Collection to CRM updated?

Lead Form Data Collection to CRM was last updated on Jun 30, 2025. Frequent updates are generally a positive security signal.

What is Lead Form Data Collection to CRM's security score?

Lead Form Data Collection to CRM has a WP-Safety security score of 96/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Lead Form Data Collection to CRM Security Review

Safety Verdict

Is Lead Form Data Collection to CRM Safe to Use in 2026?

Generally Safe

Score 96/100

Lead Form Data Collection to CRM has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Jul 1, 2025Updated 9mo ago

Risk Assessment

The 'wp-leads-builder-any-crm' plugin version 3.2 exhibits a mixed security posture. On the positive side, it demonstrates good practices regarding SQL queries, with 96% using prepared statements, and a high rate of output escaping (85%). The plugin also shows a strong emphasis on security checks with 36 nonce checks and 35 capability checks, contributing to a relatively small attack surface with only one unprotected entry point. However, there are significant concerns related to the handling of serialized data and potential input sanitization issues.

The static analysis reveals the use of the `unserialize` function seven times, which is a known vector for deserialization vulnerabilities if not handled with extreme caution, especially with user-controlled input. Furthermore, the taint analysis identified 13 flows with unsanitized paths, including 11 of high severity. This suggests a substantial risk of attackers being able to inject malicious data into the application, potentially leading to code execution or data manipulation.

The vulnerability history indicates a past pattern of security weaknesses, with three known CVEs, including one high-severity vulnerability. The common vulnerability types, such as Missing Authorization and SQL Injection, alongside the high-severity taint flows, strongly suggest that proper input validation and authorization checks have been a recurring challenge for this plugin. While there are currently no unpatched CVEs, the history and analysis findings point to a need for continuous vigilance and robust development practices to mitigate future risks.

Key Concerns

High severity taint flows detected
Unsanitized paths in taint analysis
Dangerous function 'unserialize' used
Past high severity CVEs
Past medium severity CVEs
External HTTP requests present

Vulnerabilities

3

Lead Form Data Collection to CRM Security Vulnerabilities

CVEs by Year

3 CVEs in 2025

2025

Patched Has unpatched

Severity Breakdown

High

1

Medium

2

3 total CVEs

CVE-2025-5692medium · 6.3Missing Authorization

Lead Form Data Collection to CRM <= 3.1 - Missing Authorization to Authenticated (Subscriber+) Many Actions

Jul 1, 2025 Patched in 3.2 (58d)

CVE-2025-47690high · 8.8Missing Authorization

Lead Form Data Collection to CRM <= 3.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update

May 9, 2025 Patched in 3.2 (54d)

CVE-2025-30810medium · 6.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Lead Form Data Collection to CRM <= 3.0.1 - Authenticated (Contributor+) SQL Injection

Mar 27, 2025 Patched in 3.1 (8d)

Code Analysis

Analyzed Mar 16, 2026

Lead Form Data Collection to CRM Code Analysis

Dangerous Functions

7

Raw SQL Queries

11

238 prepared

Unescaped Output

93

536 escaped

Nonce Checks

36

Capability Checks

35

File Operations

0

External Requests

1

Bundled Libraries

0

Dangerous Functions Found

unserialize$caldera_form_config = unserialize($caldera_forms_config);admin\views\form-crmforms.php:459

unserialize$meta_values = unserialize( $mvalue['meta_value'] ) ;admin\views\form-usermodulemapping.php:130

unserialize$cont_array = unserialize($value->custom_field_values);includes\class_lb_manage_shortcodes.php:481

unserialize$crmFields['fields'][$i]['type'] = array( 'picklistValues' => @unserialize($newfields->custom_field_includes\LBData.php:308

unserialize$caldera_config = unserialize($wp_caldera_value['config']);templates\thirdparty_mapping.php:540

unserialize$caldera_config_data = unserialize($calders_data['config']);templates\thirdparty_mapping.php:1361

unserialize$caldera_config_data = unserialize($calders_data['config']);templates\thirdparty_mapping.php:2400

SQL Query Safety

96% prepared249 total queries

Output Escaping

85% escaped629 total outputs

Data Flows

13 unsanitized

Data Flow Analysis

23 flows13 with unsanitized paths

<form-managefields> (admin\views\form-managefields.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Lead Form Data Collection to CRM Attack Surface

Entry Points1

Unprotected0

AJAX Handlers 1

authwp_ajax_adminAllActionsPROincludes\Functions.php:492

WordPress Hooks 13

actionadmin_menuadmin\lb-admin.php:369

actioninitindex.php:66

actioninitindex.php:67

filterhttp_request_argsindex.php:68

filtersafe_style_cssindex.php:69

actionplugins_loadedindex.php:110

actionuser_registerindex.php:115

actionplugins_loadedindex.php:117

filtercaldera_forms_get_entry_detailtemplates\caldera_form_field_handling.php:11

actionwpcf7_before_send_mailtemplates\contact_form_field_handling.php:12

filterwidget_texttemplates\SmackContactFormGenerator.php:20

actionwpforms_process_completetemplates\wpformpro_form_field_handling.php:11

actionwpforms_process_completetemplates\wpform_field_handling.php:11

Maintenance & Trust

Lead Form Data Collection to CRM Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJun 30, 2025

PHP min version

Downloads84K

Community Trust

Rating80/100

Number of ratings46

Active installs400

Alternatives

Lead Form Data Collection to CRM Alternatives

CRM Connector Plus

crm-connector-plus

A

85

WordPress to CRM/Helpdesk Integration.

0 No CVEs

Zoho CRM Lead Magnet

zoho-crm-forms

C

67

Websites are one of the most important sources of leads for your business.

3K 1 unpatched

DoLeads Integrator

doleads-integrator

A

85

DoLeads Integrator plugin connects your wordpress website contact form with 'DoLeads' Leads Management System.

2K No CVEs

Happierleads – Identify your B2B website visitors even if they work remotely

happierleads

A

85

Identify your B2B website visitors that work remotely Generate 3X more leads than your competition by using your existing web traffic

600 No CVEs

Wise Agent Lead Forms

wiseagentleadform

A

100

Short Description: The Wise Agent WordPress plugin lets you easily add capture forms to any page on your WordPress site.

100 1 CVE

Developer Profile

Lead Form Data Collection to CRM Developer Profile

Smackcoders Inc.,

20 plugins · 40K total installs

71

trust score

Avg Security Score

89/100

Avg Patch Time

958 days

View full developer profile

Detection Fingerprints

How We Detect Lead Form Data Collection to CRM

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-leads-builder-any-crm/assets/css/bootstrap.css/wp-content/plugins/wp-leads-builder-any-crm/assets/css/bootstrap.min.css/wp-content/plugins/wp-leads-builder-any-crm/assets/css/font-awesome/css/font-awesome.css/wp-content/plugins/wp-leads-builder-any-crm/assets/css/font-awesome/css/font-awesome.min.css/wp-content/plugins/wp-leads-builder-any-crm/assets/css/sweetalert.css/wp-content/plugins/wp-leads-builder-any-crm/assets/css/mainstyle.css/wp-content/plugins/wp-leads-builder-any-crm/assets/js/sweetalert-dev.js/wp-content/plugins/wp-leads-builder-any-crm/assets/js/notify.js+9 more

Script Paths

/wp-content/plugins/wp-leads-builder-any-crm/assets/js/sweetalert-dev.js/wp-content/plugins/wp-leads-builder-any-crm/assets/js/notify.js/wp-content/plugins/wp-leads-builder-any-crm/assets/js/basicaction.js/wp-content/plugins/wp-leads-builder-any-crm/assets/js/Droptable.js/wp-content/plugins/wp-leads-builder-any-crm/assets/js/bootstrap.min.js/wp-content/plugins/wp-leads-builder-any-crm/assets/js/bootstrap-modal.min.js+2 more

Version Parameters

wp-leads-builder-any-crm/assets/css/bootstrap.css?ver=wp-leads-builder-any-crm/assets/css/bootstrap.min.css?ver=wp-leads-builder-any-crm/assets/css/font-awesome/css/font-awesome.css?ver=wp-leads-builder-any-crm/assets/css/font-awesome/css/font-awesome.min.css?ver=wp-leads-builder-any-crm/assets/css/sweetalert.css?ver=wp-leads-builder-any-crm/assets/css/mainstyle.css?ver=wp-leads-builder-any-crm/assets/js/sweetalert-dev.js?ver=wp-leads-builder-any-crm/assets/js/notify.js?ver=wp-leads-builder-any-crm/assets/js/basicaction.js?ver=wp-leads-builder-any-crm/assets/js/Droptable.js?ver=wp-leads-builder-any-crm/assets/js/bootstrap.min.js?ver=wp-leads-builder-any-crm/assets/js/bootstrap-modal.min.js?ver=wp-leads-builder-any-crm/assets/css/leads-builder.css?ver=wp-leads-builder-any-crm/assets/css/bootstrap-select.css?ver=wp-leads-builder-any-crm/assets/js/bootstrap-select.js?ver=wp-leads-builder-any-crm/assets/css/icheck/green.css?ver=wp-leads-builder-any-crm/assets/js/icheck.js?ver=

HTML / DOM Fingerprints

CSS Classes

sm-lb-form-fieldssm-lb-custom-btn

HTML Comments

Data Attributes

data-toggle="modal"data-target="#lb-modal"

JS Globals

sm_lb_params

FAQ

Lead Form Data Collection to CRM Security & Risk Analysis