Does click5 CRM add-on to WPForms have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is click5 CRM add-on to WPForms compatible with WordPress 6.3.8?

According to WordPress.org data, click5 CRM add-on to WPForms 1.0.3 has been tested up to WordPress 6.3.8. Check the plugin's changelog for the latest compatibility information.

Is click5 CRM add-on to WPForms compatible with PHP 7.0+?

click5 CRM add-on to WPForms requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is click5 CRM add-on to WPForms updated?

click5 CRM add-on to WPForms was last updated on Sep 28, 2023. Frequent updates are generally a positive security signal.

What is click5 CRM add-on to WPForms's security score?

click5 CRM add-on to WPForms has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

click5 CRM add-on to WPForms Security & Risk Analysis

wordpress.org/plugins/wpf-add-on-by-click5

Seemingly integrate your WPForms forms with click5 CRM.

0 active installs v1.0.3 PHP 7.0+ WP 5.3+ Updated Sep 28, 2023

click5contactcontact-formcrmform

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is click5 CRM add-on to WPForms Safe to Use in 2026?

Generally Safe

Score 85/100

click5 CRM add-on to WPForms has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago

Risk Assessment

The "wpf-add-on-by-click5" v1.0.3 plugin exhibits a concerning security posture due to a significant number of unprotected entry points. While the code shows good practices regarding SQL queries and avoids dangerous functions and file operations, the lack of authentication checks on all 9 REST API routes presents a substantial risk. This means any user, regardless of their logged-in status or permissions, could potentially interact with these API endpoints and trigger unintended actions.

The static analysis highlights that 100% of REST API routes are exposed without permission callbacks. Although taint analysis and vulnerability history show no immediate critical flaws or past vulnerabilities, this widespread lack of authorization on entry points is a fundamental security weakness. The presence of external HTTP requests also warrants careful inspection to ensure they do not introduce further vulnerabilities.

In conclusion, the plugin demonstrates strengths in its SQL query handling and absence of known critical vulnerabilities. However, the extensive attack surface presented by unprotected REST API routes significantly outweighs these positives, making it a high-risk plugin that requires immediate attention to implement proper authentication and authorization checks.

Key Concerns

9 unprotected REST API routes
1 capability check for 9 entry points
37% of output not properly escaped

Vulnerabilities

None known

click5 CRM add-on to WPForms Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

click5 CRM add-on to WPForms Release Timeline

v1.0.3Current

v1.0.2

v1.0.1

Code Analysis

Analyzed Apr 16, 2026

click5 CRM add-on to WPForms Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

46 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

63% escaped73 total outputs

Attack Surface

9 unprotected

click5 CRM add-on to WPForms Attack Surface

Entry Points9

Unprotected9

REST API Routes 9

POST/wp-json/click5_wpf_addon/API/update_option_AJAXapi.php:362

POST/wp-json/click5_wpf_addon/API/edit_const_option_AJAXapi.php:368

POST/wp-json/click5_wpf_addon/API/reset_options_AJAXapi.php:374

GET/wp-json/click5_wpf_addon/API/get_constants_AJAXapi.php:379

POST/wp-json/click5_wpf_addon/API/get_pagination_logsapi.php:385

POST/wp-json/click5_wpf_addon/API/reset_count_errorsapi.php:390

GET/wp-json/click5_wpf_addon/API/get_notificationsapi.php:395

POST/wp-json/click5_wpf_addon/API/post_notificationsapi.php:400

POST/wp-json/click5_wpf_addon/API/post_remove_notificationapi.php:405

WordPress Hooks 10

actionrest_api_initapi.php:361

filterauto_update_pluginwpf-addon-by-click5.php:28

actionadmin_menuwpf-addon-by-click5.php:32

actionadmin_initwpf-addon-by-click5.php:41

filterplugin_row_metawpf-addon-by-click5.php:55

actionadmin_initwpf-addon-by-click5.php:65

actionadmin_noticeswpf-addon-by-click5.php:68

actionclick5_wpf_default_optionswpf-addon-by-click5.php:101

actionadmin_enqueue_scriptswpf-addon-by-click5.php:430

actionwpforms_process_completewpf-addon-by-click5.php:619

Maintenance & Trust

click5 CRM add-on to WPForms Maintenance & Trust

Maintenance Signals

WordPress version tested6.3.8

Last updatedSep 28, 2023

PHP min version7.0

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

click5 CRM add-on to WPForms Alternatives

click5 CRM add-on to Ninja Forms

click5-crm-add-on-to-ninja-forms

Seemingly integrate your Ninja forms with click5 CRM.

0 No CVEs

click5 CRM add-on to Gravity Forms

gf-add-on-by-click5

Seemingly integrate your Gravity Forms forms with click5 CRM.

0 No CVEs

AFI – The Easiest Integration Plugin

advanced-form-integration

Connect any WordPress form or event to 200+ apps — no code. Send leads, orders, and signups to your CRM, email, or sheets in minutes.

10K 9 CVEs

Lenix Leads Collector

lenix-elementor-leads-addon

Leads Collector, Collects forms entries from Elementor,Cf7,WPForms and more with export to CSV.

10K 1 CVE

Contact Form to Any API

contact-form-to-any-api

Send Contact Form 7 submissions to any API, Webhook or CRM - quick setup, flexible payloads, endpoints and authentication.

9K 1 unpatched

Developer Profile

click5 CRM add-on to WPForms Developer Profile

click5

8 plugins · 7K total installs

trust score

Avg Security Score

83/100

Avg Patch Time

375 days

View full developer profile

Detection Fingerprints

How We Detect click5 CRM add-on to WPForms

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wpf-add-on-by-click5/js/jquery.min.js/wp-content/plugins/wpf-add-on-by-click5/js/jquery.dataTables.min.js/wp-content/plugins/wpf-add-on-by-click5/js/dataTables.bootstrap.min.js/wp-content/plugins/wpf-add-on-by-click5/js/click5_wpf_admin.js/wp-content/plugins/wpf-add-on-by-click5/css/dataTables.bootstrap.min.css/wp-content/plugins/wpf-add-on-by-click5/css/click5_wpf_admin.css

Script Paths

https://click5interactive.com/wordpress-wpf-plugin/wp-content/plugins/wpf-add-on-by-click5/js/jquery.min.jshttps://click5interactive.com/wordpress-wpf-plugin/wp-content/plugins/wpf-add-on-by-click5/js/jquery.dataTables.min.js

https://click5interactive.com/wordpress-wpf-plugin/wp-content/plugins/wpf-add-on-by-click5/js/dataTables.bootstrap.min.js

https://click5interactive.com/wordpress-wpf-plugin/wp-content/plugins/wpf-add-on-by-click5/js/click5_wpf_admin.js

Version Parameters

wpf-add-on-by-click5/js/jquery.min.js?ver=wpf-add-on-by-click5/js/jquery.dataTables.min.js?ver=wpf-add-on-by-click5/js/dataTables.bootstrap.min.js?ver=wpf-add-on-by-click5/js/click5_wpf_admin.js?ver=wpf-add-on-by-click5/css/dataTables.bootstrap.min.css?ver=wpf-add-on-by-click5/css/click5_wpf_admin.css?ver=

HTML / DOM Fingerprints

CSS Classes

click5_wpf_headingclick5_wpf_wrapper_content_settingscontent-leftpostboxhndleposting_url_wrappercan-disabledisabled+6 more

HTML Comments

Data Attributes

id="verification_token"id="user_identificator"id="click5_wpf_addon_posting_url"id="click5_wpf_addon_form_enable_data-value="id="phpFormData"+2 more

JS Globals

CLICK5_WPF_VERSION

FAQ