Does Contact Me have any unpatched vulnerabilities?

No. All known vulnerabilities in Contact Me have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Contact Me compatible with WordPress 3.3.2?

According to WordPress.org data, Contact Me 1.34 has been tested up to WordPress 3.3.2. Check the plugin's changelog for the latest compatibility information.

How often is Contact Me updated?

Contact Me was last updated on Jun 5, 2012. Frequent updates are generally a positive security signal.

What is Contact Me's security score?

Contact Me has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Contact Me Security & Risk Analysis

wordpress.org/plugins/ajax-contact-me

Contact Me is an elegant and light AJAX contact form. Activate the plugin and insert simple short code [contactme] into posts/pages.

100 active installs v1.34 PHP + WP 3.0+ Updated Jun 5, 2012

ajaxcontactcontact-formform

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Contact Me Safe to Use in 2026?

Generally Safe

Score 85/100

Contact Me has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 13yr ago

Risk Assessment

The ajax-contact-me plugin v1.34 exhibits several concerning security practices despite a lack of recorded vulnerabilities. The static analysis reveals a notable attack surface, with two AJAX handlers identified, both of which lack authentication checks. This presents a significant risk as any unauthenticated user could potentially interact with these handlers, leading to unintended consequences. Furthermore, the plugin demonstrates poor output sanitization, with only 8% of outputs being properly escaped. This could open the door to cross-site scripting (XSS) vulnerabilities if user-supplied data is not correctly handled before being displayed. While the plugin does not use dangerous functions and all SQL queries are prepared, the lack of nonce checks on AJAX actions is a critical oversight. The absence of any historical vulnerabilities might suggest a low profile or a lack of targeted attacks, but it does not inherently indicate a secure codebase. The strengths lie in the absence of dangerous functions and the use of prepared statements for SQL. However, the two unprotected AJAX endpoints and the very low percentage of properly escaped output are substantial weaknesses that require immediate attention.

Key Concerns

2 AJAX handlers without auth checks
Low output escaping percentage (8%)
Missing nonce checks on AJAX

Vulnerabilities

None known

Contact Me Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Contact Me Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

1 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

8% escaped12 total outputs

Attack Surface

2 unprotected

Contact Me Attack Surface

Entry Points3

Unprotected2

AJAX Handlers 2

authwp_ajax_contactme_submitcontact-me.php:46

noprivwp_ajax_contactme_submitcontact-me.php:47

Shortcodes 1

[contactme] contact-me.php:50

WordPress Hooks 3

actionadmin_noticescontact-me.php:43

actionadmin_menucontact-me.php:44

actioninitcontact-me.php:45

Maintenance & Trust

Contact Me Maintenance & Trust

Maintenance Signals

WordPress version tested3.3.2

Last updatedJun 5, 2012

PHP min version

Downloads27K

Community Trust

Rating0/100

Number of ratings0

Active installs100

Alternatives

Contact Me Alternatives

Drag and Drop Multiple File Upload for Contact Form 7

drag-and-drop-multiple-file-upload-contact-form-7

This simple plugin create Drag & Drop or choose Multiple File upload in your Confact Form 7 Forms.

60K 14 CVEs

Contact Form X

contact-form-x

100

Displays a user-friendly contact form that your visitors will love. Lightweight, fast, secure, and accessible (ADA/WCAG compliant).

400 1 CVE

Just Contact Form

just-contact-form

Just ajax contact form with captcha, one shortcode and easy to use, without options and without complexity.

100 No CVEs

Creative Contact Form

sexy-contact-form

Creative Contact Form is a responsive contact form builder with amazing visual effects. Over 46,000+ sites are already using Creative Contact Form.

100 1 unpatched

Grunion Ajax

grunion-ajax

Using Grunion Contact Form? Make form submission slick with Grunion Ajax.

50 No CVEs

Developer Profile

Contact Me Developer Profile

ichurakov

7 plugins · 330 total installs

trust score

Avg Security Score

84/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Contact Me

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/ajax-contact-me/css/front_light.css/wp-content/plugins/ajax-contact-me/css/front_dark.css/wp-content/plugins/ajax-contact-me/css/admin.css

Version Parameters

ajax-contact-me/css/front_light.css?ver=ajax-contact-me/css/front_dark.css?ver=ajax-contact-me/css/admin.css?ver=

HTML / DOM Fingerprints

CSS Classes

contactme_useroptionscontactme_error

Data Attributes

id="contactme_admin_email"name="contactme_admin_email"id="contactme_from_name"name="contactme_from_name"id="contactme_from_email"name="contactme_from_email"+12 more

Shortcode Output

<div class="contactme_main"><form id="contactme_form" method="post"><div class="contactme_error"></div><div class="contactme_form_row">

FAQ