PLUGIN SECURITY
Is Zero Bs Crm safe?
Known vulnerabilities, PHP compatibility and safer alternatives for the Zero Bs Crm WordPress plugin — checked against WP Clinic's local security database.
Plugin details
- Slug:
zero-bs-crm - Requires PHP: 7.4+
- Max supported PHP (analyzed): <8.0
Known vulnerabilities
- Jetpack CRM – Clients, Leads, Invoices, Billing, Email Marketing, & Automation [zero-bs-crm] < 5.4.3 [CVE-2022-3919, Jetpack CRM <= 5.4.2 - Authenticated (Administrator+) Cross-Site Scripting, Jetpack CRM < 5.4.3 - Admin+ Cross-Site Scripting]
- Jetpack CRM – Clients, Leads, Invoices, Billing, Email Marketing, & Automation [zero-bs-crm] < 5.5 [CVE-2022-4497, WordPress Jetpack CRM Plugin < 5.5 is vulnerable to Cross Site Scripting (XSS), Jetpack CRM <= 5.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting, Jetpack CRM < 5.5 - Contributor+ Stored XSS]
- Jetpack CRM – Clients, Leads, Invoices, Billing, Email Marketing, & Automation [zero-bs-crm] < 5.5.0 [CVE-2023-27429, WordPress Jetpack CRM Plugin <= 5.4.4 is vulnerable to Cross Site Scripting (XSS), Jetpack CRM <= 5.4.4 - Authenticated (Administrator+) Stored Cross-Site Scripting, Jetpack CRM < 5.5.0 - Admin+ Stored XSS]
- Jetpack CRM – Clients, Leads, Invoices, Billing, Email Marketing, & Automation [zero-bs-crm] < 5.4.0 [CVE-2022-3342, WordPress Jetpack CRM Plugin <= 5.3.1 is vulnerable to Cross Site Request Forgery (CSRF), Jetpack CRM <= 5.3.1 - Cross-Site Request Forgery and PHAR Deserialization, Jetpack CRM < 5.4.0 - PHAR Deserialisation via CSRF]
- Jetpack CRM – Clients, Leads, Invoices, Billing, Email Marketing, & Automation [zero-bs-crm] < 5.5.1 [Jetpack CRM <= 5.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting]
+ 5 more known vulnerabilities
- Jetpack CRM – Clients, Leads, Invoices, Billing, Email Marketing, & Automation [zero-bs-crm] < 5.5.1 [Jetpack CRM <= 5.5.0 - Authenticated (Client+) Stored Cross-Site Scripting]
- Jetpack CRM – Clients, Leads, Invoices, Billing, Email Marketing, & Automation [zero-bs-crm] < 5.5.1 [Jetpack CRM < 5.5.1 - Client+ XSS]
- Jetpack CRM – Clients, Leads, Invoices, Billing, Email Marketing, & Automation [zero-bs-crm] < 5.5.1 [Jetpack CRM < 5.5.1 - CRM Admin+ XSS]
- Jetpack CRM – Clients, Leads, Invoices, Billing, Email Marketing, & Automation [zero-bs-crm] < 4.2.4 [Jetpackcrm Ext Woo Connect < 2.13 - Sensitive Information Exposure]
- Jetpack CRM – Clients, Leads, Invoices, Billing, Email Marketing, & Automation [zero-bs-crm] < 6.7.1 [CVE-2026-22356, Jetpack CRM <= 6.7.0 - Unauthenticated Local File Inclusion]
Vulnerabilities are matched against the exact installed version when it's known. Always keep the plugin updated to the latest release.
Safer / more established alternatives
- Flamingo — 800000+ active installs — max PHP 8.4
- HubSpot All-In-One Marketing – Forms, Popups, Live Chat — 200000+ active installs — max PHP 8.4
- FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution — 80000+ active installs — max PHP <8.0
- LeadConnector — 20000+ active installs
- WP Customer Area — 10000+ active installs
Check your own WordPress site
Run a free passive scan now, or create a free account and install the WP Clinic plugin for a deep scan of your whole hosting account and AI-assisted repair.