ALIDANI Contact forms Security & Risk Analysis
wordpress.org/plugins/alidani-contact-formContact form with visual form builder. Contact form that sends the data to email, to a database list and easy to update the content.
Is ALIDANI Contact forms Safe to Use in 2026?
Generally Safe
Score 85/100ALIDANI Contact forms has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The 'alidani-contact-form' plugin v1.4 exhibits a concerning security posture primarily due to a significant number of unprotected AJAX handlers, representing a large attack surface. While the code generally adheres to good practices like using prepared statements for SQL queries and proper output escaping, the lack of authentication and capability checks on four out of five entry points is a critical weakness. The taint analysis further highlights this, revealing three critical severity flows with unsanitized paths, strongly suggesting potential vulnerabilities that could be exploited through these unprotected AJAX endpoints.
The plugin's clean vulnerability history is a positive sign, indicating that past issues have likely been addressed or that the plugin hasn't been a significant target. However, this history does not mitigate the immediate risks identified in the static and taint analysis. The presence of a bundled library, DataTables, while not flagged as a specific issue here, could become a future concern if it's not kept up-to-date.
In conclusion, despite good practices in areas like SQL and output handling, the unprotected AJAX handlers and critical taint flows present a substantial risk. Developers should prioritize implementing proper authentication and capability checks for these AJAX actions to secure the plugin.
Key Concerns
- Unprotected AJAX handlers
- Critical severity taint flows (unsanitized paths)
- Missing nonce checks on AJAX handlers
- Missing capability checks on AJAX handlers
ALIDANI Contact forms Security Vulnerabilities
ALIDANI Contact forms Code Analysis
Bundled Libraries
SQL Query Safety
Output Escaping
Data Flow Analysis
ALIDANI Contact forms Attack Surface
AJAX Handlers 4
Shortcodes 1
WordPress Hooks 2
Maintenance & Trust
ALIDANI Contact forms Maintenance & Trust
Maintenance Signals
Community Trust
ALIDANI Contact forms Alternatives
No alternatives data available yet.
ALIDANI Contact forms Developer Profile
1 plugin · 10 total installs
How We Detect ALIDANI Contact forms
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/alidani-contact-form/assets/css/bootstrap.min.css/wp-content/plugins/alidani-contact-form/assets/css/jquery.dataTables.min.css/wp-content/plugins/alidani-contact-form/assets/css/jquery.notifyBar.css/wp-content/plugins/alidani-contact-form/assets/css/alidanicontactformstyle.css/wp-content/plugins/alidani-contact-form/assets/js/alidanijquery.js/wp-content/plugins/alidani-contact-form/assets/js/bootstrap.min.js/wp-content/plugins/alidani-contact-form/assets/js/jquery.dataTables.min.js/wp-content/plugins/alidani-contact-form/assets/js/jquery.notifyBar.js+2 morehttps://www.uniquetechnology.com.au/wp-content/plugins/alidani-contact-form/assets/js/alidanijquery.jshttps://www.uniquetechnology.com.au/wp-content/plugins/alidani-contact-form/assets/js/bootstrap.min.jshttps://www.uniquetechnology.com.au/wp-content/plugins/alidani-contact-form/assets/js/jquery.dataTables.min.jshttps://www.uniquetechnology.com.au/wp-content/plugins/alidani-contact-form/assets/js/jquery.notifyBar.jshttps://www.uniquetechnology.com.au/wp-content/plugins/alidani-contact-form/assets/js/jquery.validate.min.jshttps://www.uniquetechnology.com.au/wp-content/plugins/alidani-contact-form/assets/js/alidaniscript.jsHTML / DOM Fingerprints
alidani_contact_form_stylealidaniformajaxurl[alidaniform]