Does WPrequal have any unpatched vulnerabilities?

No. All known vulnerabilities in WPrequal have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WPrequal compatible with WordPress 6.8.5?

According to WordPress.org data, WPrequal 8.4.1 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is WPrequal compatible with PHP 7.4+?

WPrequal requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WPrequal updated?

WPrequal was last updated on Aug 13, 2025. Frequent updates are generally a positive security signal.

What is WPrequal's security score?

WPrequal has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WPrequal Security & Risk Analysis

wordpress.org/plugins/wprequal

Easy-to-use lead generation, lead capture, lead manager, and form builders. No advanced setup required; works well and looks great out-of-the-box.

80 active installs v8.4.1 PHP 7.4+ WP 4.0+ Updated Aug 13, 2025

lead-capturelead-generationmortgagemortgage-calculatorreal-estate

A · Safe

CVEs total1

Unpatched0

Last CVEFeb 17, 2025

Plugin page Download

Safety Verdict

Is WPrequal Safe to Use in 2026?

Generally Safe

Score 99/100

WPrequal has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Feb 17, 2025Updated 7mo ago

Risk Assessment

The "wprequal" plugin v8.4.1 exhibits a strong security posture based on the static analysis provided. The complete absence of dangerous functions, 100% utilization of prepared statements for SQL queries, and proper output escaping across all detected outputs are commendable practices. Furthermore, the presence of nonce and capability checks on all identified entry points, including AJAX handlers and shortcodes, indicates a proactive approach to preventing common web vulnerabilities.

Despite these strengths, there are minor concerns to note. The analysis reveals two flows with unsanitized paths, although they are not classified as critical or high severity. This suggests a potential, albeit low-risk, for path traversal or similar vulnerabilities. The plugin's history of one disclosed CVE, which is now patched, is not ideal but not a significant red flag given its current patched status. The presence of file operations and external HTTP requests, while not inherently insecure, are areas that warrant careful monitoring for potential future vulnerabilities.

In conclusion, "wprequal" v8.4.1 appears to be a relatively secure plugin due to its robust implementation of security best practices. The lack of critical or high-severity findings in static analysis and its currently patched vulnerability history are positive indicators. However, the minor taint analysis findings related to unsanitized paths should be addressed in future updates to further harden the plugin's security.

Key Concerns

Flows with unsanitized paths detected

Vulnerabilities

WPrequal Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-0796medium · 4.3Cross-Site Request Forgery (CSRF)

Mortgage Lead Capture System <= 8.2.11 - Cross-Site Request Forgery to Settings Reset

Feb 17, 2025 Patched in 8.3.1 (31d)

Code Analysis

Analyzed Mar 16, 2026

WPrequal Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

716 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped718 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

new_note_ajax (includes\classes\class.Note.php:127)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

WPrequal Attack Surface

Entry Points8

Unprotected0

AJAX Handlers 1

authwp_ajax_new_note_ajaxincludes\classes\class.Note.php:52

Shortcodes 7

[wprequal_calc] includes\classes\class.Calc.php:58

[wprequal_calc_button] includes\classes\class.Calc.php:59

[wprequal_amortize] includes\classes\class.Calc.php:60

[wprequal_contact_form] includes\classes\class.ContactForm.php:112

[wprequal_register_form] includes\classes\class.RegisterForm.php:111

[wprequal] includes\classes\class.SurveyForm.php:120

[wprequal_survey_form_button] includes\classes\class.SurveyForm.php:121

WordPress Hooks 68

actionwprequal_calcincludes\classes\class.Calc.php:52

actionwprequal_calc_buttonincludes\classes\class.Calc.php:53

actionwprequal_amortizeincludes\classes\class.Calc.php:54

actionwp_enqueue_scriptsincludes\classes\class.Calc.php:55

actionwp_enqueue_scriptsincludes\classes\class.Calc.php:56

actionwp_footerincludes\classes\class.Calc.php:167

actioninitincludes\classes\class.ContactForm.php:108

actionwp_enqueue_scriptsincludes\classes\class.ContactForm.php:109

actionwprequal_contact_formincludes\classes\class.ContactForm.php:110

actionadmin_menuincludes\classes\class.ContactFormAdmin.php:66

actionadmin_enqueue_scriptsincludes\classes\class.ContactFormAdmin.php:68

filterpage_row_actionsincludes\classes\class.ContactFormAdmin.php:72

actioninitincludes\classes\class.Core.php:52

actionwp_enqueue_scriptsincludes\classes\class.Core.php:53

actionwp_enqueue_scriptsincludes\classes\class.Core.php:54

actionadmin_enqueue_scriptsincludes\classes\class.Core.php:55

actionadmin_enqueue_scriptsincludes\classes\class.Core.php:56

actionupdate_option_wprequal_allow_loggingincludes\classes\class.Core.php:57

filterbody_classincludes\classes\class.Core.php:59

actionwp_mail_failedincludes\classes\class.Email.php:90

filterwp_mailincludes\classes\class.Email.php:91

actioninitincludes\classes\class.Lead.php:155

actioninitincludes\classes\class.Lead.php:156

actionadmin_menuincludes\classes\class.Lead.php:164

actionadmin_menuincludes\classes\class.Lead.php:165

actionadmin_initincludes\classes\class.Lead.php:166

filterbulk_actions-edit-wprequal_leadincludes\classes\class.Lead.php:169

filtermanage_wprequal_lead_posts_columnsincludes\classes\class.Lead.php:170

filterpage_row_actionsincludes\classes\class.Lead.php:171

actionadd_meta_boxesincludes\classes\class.Note.php:51

filterpretty_dateincludes\classes\class.Note.php:53

actionadmin_enqueue_scriptsincludes\classes\class.Note.php:54

actioninitincludes\classes\class.RegisterForm.php:108

actionwprequal_register_formincludes\classes\class.RegisterForm.php:109

actionadmin_menuincludes\classes\class.RegisterFormAdmin.php:66

filterpage_row_actionsincludes\classes\class.RegisterFormAdmin.php:71

actioninitincludes\classes\class.Settings.php:99

actionadmin_initincludes\classes\class.Settings.php:103

actionadmin_initincludes\classes\class.Settings.php:104

actionupdate_option_wprequal_access_tokenincludes\classes\class.Settings.php:105

actionadmin_menuincludes\classes\class.Settings.php:106

actionadmin_initincludes\classes\class.Settings.php:107

actionwprequal_help_buttonsincludes\classes\class.Settings.php:108

actionwp_enqueue_scriptsincludes\classes\class.SurveyForm.php:113

actioninitincludes\classes\class.SurveyForm.php:114

actionwp_enqueue_scriptsincludes\classes\class.SurveyForm.php:115

actionwp_footerincludes\classes\class.SurveyForm.php:116

actionwprequal_survey_formincludes\classes\class.SurveyForm.php:117

actionwprequal_survey_form_buttonincludes\classes\class.SurveyForm.php:118

actionwp_footerincludes\classes\class.SurveyForm.php:654

actionadmin_enqueue_scriptsincludes\classes\class.SurveyFormAdmin.php:64

actionadmin_menuincludes\classes\class.SurveyFormAdmin.php:65

actionadmin_footerincludes\classes\class.SurveyFormAdmin.php:66

actionadd_meta_boxesincludes\classes\class.SurveyFormAdmin.php:68

actionadmin_enqueue_scriptsincludes\classes\class.SurveyFormAdmin.php:69

actionsave_post_postincludes\classes\class.SurveyFormAdmin.php:71

actionsave_post_pageincludes\classes\class.SurveyFormAdmin.php:72

filterpage_row_actionsincludes\classes\class.SurveyFormAdmin.php:75

actionwp_mail_failedincludes\classes\class.Text.php:84

filterwp_mailincludes\classes\class.Text.php:85

filterhidden_meta_boxesincludes\functions\hide-metaboxes.php:18

actionadmin_initincludes\functions\reset-defaults.php:18

actionin_plugin_update_message-wprequal/wprequal.phpincludes\functions\update-notice.php:18

actionwprequal_after_post_entryincludes\functions\webhook.php:18

actionwidgets_initincludes\widgets\class.WidgetInit.php:86

actionplugins_loadedwprequal.php:67

actioninitwprequal.php:77

actionrest_api_initwprequal.php:82

Maintenance & Trust

WPrequal Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedAug 13, 2025

PHP min version7.4

Downloads26K

Community Trust

Rating86/100

Number of ratings4

Active installs80

Alternatives

WPrequal Alternatives

Mortgage Calculator

mortgage-calculator

It provides an easy to use mortgage calculator widget.

4K No CVEs

Mortgage Calculators WP

mortgage-calculators-wp

Mortgage Calculators WP provides users with a simple, elegant and responsive solution for users to calculate mortgage values.

3K 2 CVEs

Advanced Real Estate Mortgage Calculator

advanced-real-estate-mortgage-calculator

Advanced Real Estate Mortgage Calculator is an easy-to-use financial calculator and a great tool for real estate websites.

100 No CVEs

Ultimate Loan & Mortgage Calculator

ultimate-loan-mortgage-calculator

100

For financial advisors and real estate professionals: the most effective loan & mortgage calculator plugin for WordPress!

100 No CVEs

Mortgage Calculator

mobile-friendly-mortgage-calculator

Mobile friendly mortgage calculator widget with extra payments and fields builder.

90 No CVEs

Developer Profile

WPrequal Developer Profile

Kevin Brent

2 plugins · 180 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

31 days

View full developer profile

Detection Fingerprints

How We Detect WPrequal

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wprequal/assets/js/wprequal-app.min.js/wp-content/plugins/wprequal/assets/css/wprequal-app.min.css/wp-content/plugins/wprequal/assets/js/wprequal-calc.js/wp-content/plugins/wprequal/assets/js/wprequal.js

Script Paths

/wp-content/plugins/wprequal/assets/js/wprequal-app.min.js/wp-content/plugins/wprequal/assets/js/wprequal-calc.js/wp-content/plugins/wprequal/assets/js/wprequal.js

Version Parameters

wprequal_jswprequal_calc_popupAmortize

HTML / DOM Fingerprints

CSS Classes

wprequal-calccalc-hidecalc-button-shortcode

HTML Comments

+2 more

Data Attributes

data-loanTermTypedata-popupCalcdata-Amortize

JS Globals

wprequalCalcwprequal_calc_popupAmortize

REST Endpoints

/wp-json/wprequal/v3/nonce/wp-json/wprequal/v3/entry

Shortcode Output

[wprequal_calc][wprequal_calc_button][wprequal_amortize]

FAQ

WPrequal Security & Risk Analysis

Is WPrequal Safe to Use in 2026?

Generally Safe

Key Concerns

WPrequal Security Vulnerabilities

CVEs by Year

Severity Breakdown

WPrequal Code Analysis

Output Escaping

Data Flow Analysis

WPrequal Attack Surface

AJAX Handlers 1

Shortcodes 7

WPrequal Maintenance & Trust

Maintenance Signals

Community Trust

WPrequal Alternatives

Mortgage Calculator

Mortgage Calculators WP

Advanced Real Estate Mortgage Calculator

Ultimate Loan & Mortgage Calculator

Mortgage Calculator

WPrequal Developer Profile

How We Detect WPrequal

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about WPrequal