Does Airy Frontend Forms have any unpatched vulnerabilities?

No. All known vulnerabilities in Airy Frontend Forms have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Airy Frontend Forms compatible with WordPress 6.9.4?

According to WordPress.org data, Airy Frontend Forms 1.0.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Airy Frontend Forms compatible with PHP 8.0+?

Airy Frontend Forms requires PHP 8.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Airy Frontend Forms updated?

Airy Frontend Forms was last updated on Feb 25, 2026. Frequent updates are generally a positive security signal.

What is Airy Frontend Forms's security score?

Airy Frontend Forms has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Airy Frontend Forms Security Review

Safety Verdict

Is Airy Frontend Forms Safe to Use in 2026?

Generally Safe

Score 100/100

Airy Frontend Forms has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The "airy-frontend-forms" v1.0.0 plugin presents a mixed security posture. On the positive side, it demonstrates good practices by extensively utilizing prepared statements for SQL queries and performing robust output escaping, with 84% and 90% respectively. The plugin also includes a healthy number of nonce and capability checks, indicating an awareness of common WordPress security mechanisms. Furthermore, its vulnerability history is clean, with zero recorded CVEs, suggesting a stable and likely well-maintained codebase in terms of known past issues.

However, significant concerns arise from the static analysis. The plugin exposes two AJAX handlers without any authentication checks, creating a direct entry point for unauthenticated users. This is exacerbated by the taint analysis, which reveals 16 high-severity flows with unsanitized paths. These flows, combined with the unprotected AJAX handlers, pose a substantial risk of arbitrary code execution or data manipulation if an attacker can leverage these unsanitized inputs. The presence of file operations and external HTTP requests, while not explicitly flagged as risky in this analysis, also warrants cautious monitoring given the unsanitized path issues.

In conclusion, while the plugin has a clean vulnerability history and good internal coding practices regarding SQL and output sanitization, the critical taint analysis results coupled with unprotected AJAX endpoints represent a significant and immediate security risk. Addressing these high-severity unsanitized path flows and securing the AJAX handlers should be the highest priority.

Key Concerns

AJAX handlers without auth checks
High severity taint flows with unsanitized paths

Vulnerabilities

None known

Airy Frontend Forms Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Airy Frontend Forms Code Analysis

Dangerous Functions

0

Raw SQL Queries

17

92 prepared

Unescaped Output

104

926 escaped

Nonce Checks

24

Capability Checks

27

File Operations

1

External Requests

1

Bundled Libraries

0

SQL Query Safety

84% prepared109 total queries

Output Escaping

90% escaped1030 total outputs

Data Flows

16 unsanitized

Data Flow Analysis

22 flows16 with unsanitized paths

handle_admin_actions (includes\admin\class-affcf-admin.php:72)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Airy Frontend Forms Attack Surface

Entry Points20

Unprotected2

AJAX Handlers 17

authwp_ajax_affcf_save_formincludes\admin\class-affcf-admin.php:43

authwp_ajax_affcf_delete_formincludes\admin\class-affcf-admin.php:44

authwp_ajax_affcf_get_field_groupsincludes\admin\class-affcf-admin.php:45

authwp_ajax_affcf_get_taxonomiesincludes\admin\class-affcf-admin.php:46

authwp_ajax_affcf_load_field_groupsincludes\admin\class-affcf-admin.php:47

authwp_ajax_affcf_load_taxonomiesincludes\admin\class-affcf-admin.php:48

authwp_ajax_affcf_reject_postincludes\admin\class-affcf-rejection-meta-box.php:35

authwp_ajax_affcf_get_field_groupsincludes\admin\forms\class-affcf-admin-field-helper.php:26

authwp_ajax_affcf_get_fields_for_groupincludes\admin\forms\class-affcf-admin-field-helper.php:27

authwp_ajax_affcf_get_taxonomiesincludes\admin\forms\class-affcf-admin-field-helper.php:28

authwp_ajax_affcf_auto_saveincludes\frontend\class-affcf-auto-save.php:31

authwp_ajax_affcf_load_draftincludes\frontend\class-affcf-auto-save.php:32

authwp_ajax_affcf_delete_draftincludes\frontend\class-affcf-auto-save.php:33

authwp_ajax_affcf_submit_formincludes\frontend\class-affcf-frontend.php:69

noprivwp_ajax_affcf_submit_formincludes\frontend\class-affcf-frontend.php:73

authwp_ajax_affcf_upload_imageincludes\frontend\class-affcf-frontend.php:76

noprivwp_ajax_affcf_upload_imageincludes\frontend\class-affcf-frontend.php:77

Shortcodes 3

[affcf_form] includes\frontend\class-affcf-frontend.php:51

[affcf_dashboard] includes\frontend\class-affcf-frontend.php:52

[affcf_edit_form] includes\frontend\class-affcf-frontend.php:53

WordPress Hooks 20

actionplugins_loadedairy-frontend-forms.php:85

actionadmin_initincludes\admin\class-affcf-admin.php:36

actionadmin_enqueue_scriptsincludes\admin\class-affcf-admin.php:37

actionadmin_noticesincludes\admin\class-affcf-admin.php:40

actionadmin_menuincludes\admin\class-affcf-menu.php:28

actionadd_meta_boxesincludes\admin\class-affcf-rejection-meta-box.php:30

actionsave_postincludes\admin\class-affcf-rejection-meta-box.php:31

actionadmin_post_affcf_reject_postincludes\admin\class-affcf-rejection-meta-box.php:32

actionadmin_enqueue_scriptsincludes\admin\class-affcf-rejection-meta-box.php:38

actionadmin_initincludes\admin\class-affcf-settings.php:23

actionacf/initincludes\compatibility\class-affcf-acf-compat.php:25

actionadmin_noticesincludes\compatibility\class-affcf-plugin-checker.php:23

actionadmin_enqueue_scriptsincludes\core\class-affcf-hooks.php:36

actiontransition_post_statusincludes\core\class-affcf-hooks.php:39

actionadmin_enqueue_scriptsincludes\core\class-affcf-hooks.php:45

filteracf/load_value/type=icon_pickerincludes\core\class-affcf-hooks.php:51

actionwp_enqueue_scriptsincludes\frontend\class-affcf-frontend.php:59

actionwp_footerincludes\frontend\class-affcf-frontend.php:63

actiontemplate_redirectincludes\frontend\class-affcf-frontend.php:66

actionadmin_post_affcf_delete_postincludes\frontend\class-affcf-frontend.php:72

Maintenance & Trust

Airy Frontend Forms Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 25, 2026

PHP min version8.0

Downloads122

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Airy Frontend Forms Alternatives

No alternatives data available yet.

Developer Profile

Airy Frontend Forms Developer Profile

airythemes

2 plugins · 20 total installs

94

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Airy Frontend Forms

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/airy-frontend-forms/assets/css/admin-style.css/wp-content/plugins/airy-frontend-forms/assets/css/frontend-style.css/wp-content/plugins/airy-frontend-forms/assets/js/admin-script.js/wp-content/plugins/airy-frontend-forms/assets/js/frontend-script.js/wp-content/plugins/airy-frontend-forms/assets/js/form-builder.js

Script Paths

/wp-content/plugins/airy-frontend-forms/assets/js/admin-script.js/wp-content/plugins/airy-frontend-forms/assets/js/frontend-script.js/wp-content/plugins/airy-frontend-forms/assets/js/form-builder.js

Version Parameters

airy-frontend-forms/assets/css/admin-style.css?ver=airy-frontend-forms/assets/css/frontend-style.css?ver=airy-frontend-forms/assets/js/admin-script.js?ver=airy-frontend-forms/assets/js/frontend-script.js?ver=airy-frontend-forms/assets/js/form-builder.js?ver=

HTML / DOM Fingerprints

CSS Classes

affcf-form-wrapperaffcf-frontend-formaffcf-form-field

HTML Comments

<!-- Main Admin Class<!-- Exit if accessed directly.<!-- Initialize admin components.<!-- AJAX handlers for field groups.+14 more

Data Attributes

data-affcf-form-iddata-affcf-field-id

JS Globals

AFFCF_Admin_Form_BuilderAFFCF_Frontend_Form

REST Endpoints

/wp-json/affcf/v1/forms/wp-json/affcf/v1/forms/(?P<id>\d+)/wp-json/affcf/v1/field-groups/wp-json/affcf/v1/field-groups/(?P<id>\d+)/wp-json/affcf/v1/taxonomies

Shortcode Output

[airy-frontend-form id="[affcf_frontend_form id="

FAQ

Airy Frontend Forms Security & Risk Analysis