Does AIO Forms – Craft Complex Forms Easily have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is AIO Forms – Craft Complex Forms Easily compatible with WordPress 6.9.4?

According to WordPress.org data, AIO Forms – Craft Complex Forms Easily 1.3.32 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is AIO Forms – Craft Complex Forms Easily updated?

AIO Forms – Craft Complex Forms Easily was last updated on Apr 5, 2026. Frequent updates are generally a positive security signal.

What is AIO Forms – Craft Complex Forms Easily's security score?

AIO Forms – Craft Complex Forms Easily has a WP-Safety security score of 98/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

AIO Forms – Craft Complex Forms Easily Security & Risk Analysis

wordpress.org/plugins/all-in-one-forms

The best form builder for small business and freelancers, Make complex forms easily. Lifetime license.

700 active installs v1.3.32 PHP + WP 3.3+ Updated Apr 5, 2026

calculated-fieldscalculation-formsformform-builderforms

A · Safe

CVEs total1

Unpatched0

Last CVEOct 23, 2025

Plugin page Download

Safety Verdict

Is AIO Forms – Craft Complex Forms Easily Safe to Use in 2026?

Generally Safe

Score 98/100

AIO Forms – Craft Complex Forms Easily has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Oct 23, 2025Updated 1mo ago

Risk Assessment

The 'all-in-one-forms' plugin v1.3.30 exhibits a mixed security posture. On the positive side, it demonstrates good practices by predominantly using prepared statements for SQL queries and having a relatively low number of detected dangerous functions. The absence of bundled libraries and a single external HTTP request are also favorable indicators.

However, significant concerns arise from the static analysis. The presence of two AJAX handlers without authentication checks creates a substantial attack surface that could be exploited by unauthenticated users. Furthermore, the taint analysis revealed two flows with unsanitized paths, which, while not classified as critical or high severity in this specific analysis, represent potential avenues for injection vulnerabilities if exploited. The vulnerability history, though showing no currently unpatched CVEs, indicates a past high-severity vulnerability related to unrestricted file uploads, suggesting a recurring pattern of security weaknesses in this area.

In conclusion, while the plugin shows some good security habits, the unprotected AJAX endpoints and the historical pattern of file upload vulnerabilities present notable risks. The taint analysis also points to potential, albeit currently unclassified, risks. Addressing the unprotected entry points and rigorously auditing file upload functionality would be crucial steps in improving the plugin's security.

Key Concerns

AJAX handlers without auth checks
Taint flows with unsanitized paths (potential)
Past high severity vulnerability (Unrestricted Upload)
Low percentage of properly escaped output
Low number of nonce checks

Vulnerabilities

1 published

AIO Forms – Craft Complex Forms Easily Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

High

1 total CVE

CVE-2025-11889high · 7.2Unrestricted Upload of File with Dangerous Type

AIO Forms <= 1.3.18 - Authenticated (Admin+) Arbitrary File Upload via Zip Import

Oct 23, 2025 Patched in 1.3.19 (33d)

Version History

AIO Forms – Craft Complex Forms Easily Release Timeline

No version history available.

Code Analysis

Analyzed Mar 16, 2026

AIO Forms – Craft Complex Forms Easily Code Analysis

Dangerous Functions

Raw SQL Queries

25 prepared

Unescaped Output

31 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

96% prepared26 total queries

Output Escaping

69% escaped45 total outputs

Data Flows · Security

2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths

GetFileUpload (ajax\EntryUtilsAjax.php:60)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

AIO Forms – Craft Complex Forms Easily Attack Surface

Entry Points2

Unprotected2

AJAX Handlers 2

authwp_ajax_aio_remind_mecore\Loader.php:62

authwp_ajax_aio_dontshowagaincore\Loader.php:64

WordPress Hooks 21

actioninitajax\AjaxBase.php:42

actioninitblocks\BlockLoader.php:17

actionenqueue_block_editor_assetsblocks\BlockLoader.php:18

filterallinoneforms_format_fixed_fieldcore\FixedFieldFormatter.php:6

filterrednao-easy-calculation-forms-get-loadercore\Loader.php:59

filteraio_load_field_translation_configcore\Loader.php:60

actionadmin_noticescore\Loader.php:61

actionwpcore\Loader.php:63

actioninitcore\Loader.php:75

actionadmin_menucore\Loader.php:85

filterallinoneforms_get_ai_fields_descriptioncore\Loader.php:98

filterallinoneforms_get_ai_fields_settingscore\Loader.php:99

filterrednao-calculated-fields-get-additional-fieldscore\Loader.php:331

actioninitcore\Loader.php:333

actionphpmailer_initcore\Managers\EmailManager\EmailManager.php:101

filterallinoneforms_get_server_dependency_Chainedcore\Managers\FormLoader\ServerDependencyHooks.php:2

actionadmin_enqueue_scriptscore\PluginBase.php:126

actionadmin_menucore\PluginBase.php:127

actionadmin_initcore\PluginBase.php:128

actionallinoneforms_delete_expired_itemsManagers\SchedulerManager\SchedulerManager.php:27

actionallinoneforms_before_entry_searchpr\PRLoader.php:28

Scheduled Events 1

allinoneforms_delete_expired_items

Maintenance & Trust

AIO Forms – Craft Complex Forms Easily Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedApr 5, 2026

PHP min version

Downloads83K

Community Trust

Rating98/100

Number of ratings32

Active installs700

Alternatives

AIO Forms – Craft Complex Forms Easily Alternatives

Easy Calculation Forms

easy-pricing-forms

The best form builder when you want to calculate something.

20 No CVEs

WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More

wpforms-lite

The best WordPress contact form plugin. Drag & Drop form builder to create beautiful contact forms, payment forms, & other custom forms.

6.0M 16 CVEs

Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder

fluentform

Get a fast contact form plugin. Create advanced forms using drag and drop form builder with all smart features.

700K 33 CVEs

Ninja Forms – The Contact Form Builder That Grows With You

ninja-forms

The 100% beginner friendly WordPress form builder. Drag & drop form fields to build beautiful, professional contact forms in minutes.

600K 75 CVEs

SureForms – Contact Form, Payment Form & Other Custom Form Builder

sureforms

The most beginner-friendly AI Form Builder for WordPress. Create contact, payment, quiz & custom forms with advanced features in minutes.

500K 16 CVEs

Developer Profile

AIO Forms – Craft Complex Forms Easily Developer Profile

EDGARROJAS

19 plugins · 12K total installs

trust score

Avg Security Score

94/100

Avg Patch Time

278 days

View full developer profile

Detection Fingerprints

How We Detect AIO Forms – Craft Complex Forms Easily

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/all-in-one-forms/core/js/RNTranslator.js

Script Paths