Does Ajaxy Forms have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Ajaxy Forms compatible with WordPress 6.8.5?

According to WordPress.org data, Ajaxy Forms 1.0.4 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Ajaxy Forms compatible with PHP 7.4+?

Ajaxy Forms requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Ajaxy Forms updated?

Ajaxy Forms was last updated on May 9, 2025. Frequent updates are generally a positive security signal.

What is Ajaxy Forms's security score?

Ajaxy Forms has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Ajaxy Forms Security — No Known CVEs

Safety Verdict

Is Ajaxy Forms Safe to Use in 2026?

Generally Safe

Score 92/100

Ajaxy Forms has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The "ajaxy-forms" plugin v1.0.4 demonstrates a generally strong security posture based on the provided static analysis. It effectively utilizes prepared statements for all SQL queries and a high percentage of its output is properly escaped, which are crucial security practices. The absence of known CVEs and a clean vulnerability history further indicate a well-maintained and secure plugin. However, the analysis does reveal some potential areas for improvement and careful consideration.

The presence of 4 flows with unsanitized paths in the taint analysis, despite being classified as non-critical, warrants attention. These flows could potentially be exploited if an attacker can control the data flowing through them. The single file operation and multiple external HTTP requests, while not inherently insecure, represent potential attack vectors if not handled with extreme care and proper input validation. The limited attack surface with only one AJAX handler, which is noted as having an authentication check, is a positive aspect.

Overall, "ajaxy-forms" v1.0.4 appears to be a relatively secure plugin, prioritizing fundamental security measures. The lack of historical vulnerabilities is a significant strength. However, the identified unsanitized path flows in the taint analysis and the presence of file operations and external HTTP requests suggest that further scrutiny and potentially enhanced validation for these specific code paths would be beneficial to further strengthen its security.

Key Concerns

Flows with unsanitized paths in taint analysis
Presence of file operations
External HTTP requests present

Vulnerabilities

None known

Ajaxy Forms Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Ajaxy Forms Release Timeline

v1.0.4Current

v1.0.3

v1.0.2

v1.0.2a

v1.0.2b

v1.0.1

Code Analysis

Analyzed Mar 17, 2026

Ajaxy Forms Code Analysis

Dangerous Functions

0

Raw SQL Queries

0

22 prepared

Unescaped Output

10

111 escaped

Nonce Checks

5

Capability Checks

1

File Operations

1

External Requests

4

Bundled Libraries

0

SQL Query Safety

100% prepared22 total queries

Output Escaping

92% escaped121 total outputs

Data Flows · Security

4 unsanitized

Data Flow Analysis

12 flows4 with unsanitized paths

extra_tablenav (admin\inc\entry\Table.php:47)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Ajaxy Forms Attack Surface

Entry Points1

Unprotected0

AJAX Handlers 1

authwp_ajax_ajaxy_forms_actionadmin\inc\form\Builder.php:17

WordPress Hooks 13

actionadmin_initadmin\inc\entry\Settings.php:14

actionadmin_menuadmin\inc\entry\Settings.php:15

actionadmin_enqueue_scriptsadmin\inc\entry\Settings.php:16

actionadmin_noticesadmin\inc\entry\Table.php:298

actionadmin_initadmin\inc\form\Builder.php:14

actionadmin_menuadmin\inc\form\Builder.php:15

actionadmin_enqueue_scriptsadmin\inc\form\Builder.php:16

actionadmin_menuadmin\inc\form\Settings.php:13

actionadmin_enqueue_scriptsadmin\inc\form\Settings.php:14

actionadmin_footeradmin\inc\form\Table.php:22

actionadmin_noticesadmin\inc\form\Table.php:276

actionrest_api_initplugin.php:451

actionwp_enqueue_scriptsplugin.php:464

Maintenance & Trust

Ajaxy Forms Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedMay 9, 2025

PHP min version7.4

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Ajaxy Forms Alternatives

Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder

everest-forms

B

77

The best WordPress form builder. Create contact forms, payment forms, conversational forms, custom forms, surveys, & quizzes using drag and drop.

100K 15 CVEs

Drag and Drop Multiple File Upload for Contact Form 7

drag-and-drop-multiple-file-upload-contact-form-7

B

81

This simple plugin create Drag & Drop or choose Multiple File upload in your Confact Form 7 Forms.

60K 16 CVEs

Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder

form-maker

B

82

Form Maker is a user-friendly contact form builder that allows to create forms for any purpose, from a simple contact form to multi page survey forms

30K 36 CVEs

NEX-Forms – Ultimate Forms Plugin for WordPress

nex-forms-express-wp-form-builder

B

76

Build beautiful responsive forms for WordPress. Contact forms, surveys, quizzes, booking forms, payments, popups & more with NEX-Forms...

7K 31 CVEs

FormCraft – Form Builder

formcraft-form-builder

B

79

Create gorgeous forms for your site using this drag-and-drop form builder.

3K 10 CVEs

Developer Profile

Ajaxy Forms Developer Profile

Naji Amer

2 plugins · 10 total installs

88

trust score

Avg Security Score

92/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Ajaxy Forms

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/ajaxy-forms/build/js/script.js/wp-content/plugins/ajaxy-forms/build/css/style.css

Script Paths

/wp-content/plugins/ajaxy-forms/build/js/script.js

Version Parameters

ajaxy-forms/build/css/style.css?ver=ajaxy-forms/build/js/script.js?ver=

HTML / DOM Fingerprints

CSS Classes

ajaxy-formajaxy-forms-wrapper

Data Attributes

data-ajaxy-form-name

JS Globals

ajaxy_forms_form_validation_rulesajaxy_forms_form_validation_messages

REST Endpoints

/wp-json/ajaxy-forms/v1/form/

Shortcode Output

[form name=""][form name="some_form_name"]

FAQ

Ajaxy Forms Security & Risk Analysis