WP-Safety

24TT Unrestricted Forms Security & Risk Analysis

wordpress.org/plugins/24tt-unrestricted-forms

Enterprise-grade, 100% unrestricted form builder. Custom database tables for maximum performance, visual customization, and strict data ownership.

0 active installs v1.0.0 PHP 7.4+ WP 6.0+ Updated Apr 13, 2026
contact-formdata-ownershipdrag-and-dropform-buildersecure-forms
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is 24TT Unrestricted Forms Safe to Use in 2026?

Generally Safe

Score 100/100

24TT Unrestricted Forms has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The "24tt-unrestricted-forms" v1.0.0 plugin exhibits a generally strong security posture based on the provided static analysis. The absence of dangerous functions, the exclusive use of prepared statements for all SQL queries, and comprehensive output escaping suggest good development practices. Furthermore, the presence of numerous nonce and capability checks across its entry points is encouraging. The plugin also avoids external HTTP requests and bundled libraries, minimizing potential attack vectors.

However, a critical concern arises from the taint analysis, which identified one flow with unsanitized paths classified as high severity. While the attack surface is small and all entry points have authentication checks, this single high-severity taint flow represents a significant risk of potential code execution or data compromise if exploited. The plugin's history of zero known CVEs is positive, indicating no publicly disclosed vulnerabilities, but it does not mitigate the risk posed by the identified internal code issue.

In conclusion, while the "24tt-unrestricted-forms" v1.0.0 plugin demonstrates many strengths in secure coding, the high-severity unsanitized path flow identified during taint analysis is a critical weakness that requires immediate attention and remediation. The absence of historical vulnerabilities is a good sign, but it should not lead to complacency regarding the actively identified code flaw.

Key Concerns

  • High severity unsanitized path flow
Vulnerabilities
None known

24TT Unrestricted Forms Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

24TT Unrestricted Forms Release Timeline

v1.0.0Current
Code Analysis
Analyzed Apr 16, 2026

24TT Unrestricted Forms Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
20 prepared
Unescaped Output
1
203 escaped
Nonce Checks
8
Capability Checks
9
File Operations
1
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared20 total queries

Output Escaping

100% escaped204 total outputs
Data Flows · Security
1 unsanitized

Data Flow Analysis

4 flows1 with unsanitized paths
<view-entries> (admin/views/view-entries.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

24TT Unrestricted Forms Attack Surface

Entry Points4
Unprotected0

AJAX Handlers 3

authwp_ajax_tt24_save_formadmin/class-24tt-form-builder.php:33
authwp_ajax_tt24_submit_formpublic/class-24tt-submission.php:33
noprivwp_ajax_tt24_submit_formpublic/class-24tt-submission.php:36

Shortcodes 1

[tt24_form] public/class-24tt-frontend.php:30
WordPress Hooks 4
actionadmin_menuadmin/class-24tt-admin-menu.php:29
actionadmin_enqueue_scriptsadmin/class-24tt-form-builder.php:30
actionadmin_initincludes/class-24tt-export.php:33
actionwp_enqueue_scriptspublic/class-24tt-frontend.php:34
Maintenance & Trust

24TT Unrestricted Forms Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 13, 2026
PHP min version7.4
Downloads42

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

24TT Unrestricted Forms Alternatives

HT Contact Form – Drag & Drop Form Builder for WordPress

HT Contact Form – Drag & Drop Form Builder for WordPress

ht-contactform

A
88

The easiest drag & drop form builder for WordPress. Create contact forms, surveys, and lead capture forms in minutes with 38+ fields and 21+ integ &hellip;

10K 6 CVEs
Hash Form – Drag & Drop Form Builder

Hash Form – Drag & Drop Form Builder

hash-form

A
93

Create any kind of forms effortlessly with Hash Form – the ultimate drag & drop form builder plugin for WordPress.

4K 5 CVEs
VPSUForm – Drag & Drop Contact Form Builder with Email Automation

VPSUForm – Drag & Drop Contact Form Builder with Email Automation

v-form

A
92

A lightweight drag-and-drop WordPress form builder with email automation, conditional logic, spam protection, and full lead management.

200 7 CVEs
AFB – Auto Form Builder – Drag & Drop Form Creator

AFB – Auto Form Builder – Drag & Drop Form Creator

auto-form-builder

A
100

Drag-and-drop form builder with conditional logic, file upload, analytics, spam protection, and full customization. 100% free.

100 No CVEs
GenForm – Drag & Drop Form Builder

GenForm – Drag & Drop Form Builder

genform

A
100

The lightweight drag-and-drop form builder for WordPress. Create contact forms, feedback forms, bookings, and more — no coding required.

20 No CVEs
Developer Profile

24TT Unrestricted Forms Developer Profile

24 Tech Time (U) Ltd

2 plugins · 100 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect 24TT Unrestricted Forms

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/24tt-unrestricted-forms/assets/css/admin.css/wp-content/plugins/24tt-unrestricted-forms/assets/js/builder.js
Script Paths
/wp-content/plugins/24tt-unrestricted-forms/assets/js/builder.js
Version Parameters
tt24-admin-csstt24-builder-js

HTML / DOM Fingerprints

HTML Comments
<!-- SECURITY FIRST: Prevent Direct Access --><!-- Main Bootstrap Class: TT24_Unrestricted_Forms --><!-- Retrieves the main instance of the plugin. --><!-- Define core plugin constants. -->+37 more
FAQ

Frequently Asked Questions about 24TT Unrestricted Forms