Does amoForms have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is amoForms compatible with WordPress 5.2.24?

According to WordPress.org data, amoForms 3.1.19 has been tested up to WordPress 5.2.24. Check the plugin's changelog for the latest compatibility information.

How often is amoForms updated?

amoForms was last updated on Nov 13, 2019. Frequent updates are generally a positive security signal.

What is amoForms's security score?

amoForms has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

amoForms Security & Risk Analysis

wordpress.org/plugins/amoforms

Create forms and manage submissions easily with a simple interface. Contact forms, subscription forms, or other forms for WordPress. Absolutely FREE!

300 active installs v3.1.19 PHP + WP 4.0+ Updated Nov 13, 2019

adminformpostshortcodewidget

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is amoForms Safe to Use in 2026?

Generally Safe

Score 85/100

amoForms has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago

Risk Assessment

The "amoforms" v3.1.19 plugin presents a mixed security posture. While it has a historically clean record with zero known CVEs, indicating good general maintenance and security awareness from the developers, the static analysis reveals several concerning code practices. The presence of the `exec()` function, even if not directly tied to an exploitable flow in this analysis, is a significant red flag as it can be a gateway to command injection vulnerabilities if not handled with extreme caution and rigorous sanitization. Furthermore, a very low percentage of output escaping (2%) is a critical weakness, suggesting a high risk of cross-site scripting (XSS) vulnerabilities where user-supplied data might be rendered directly in the browser without proper encoding. The taint analysis, while showing no critical or high severity flows, analyzed a very small number of flows (3), making its findings potentially incomplete.

Key Concerns

Use of dangerous function 'exec'
Low output escaping percentage (2%)
Taint analysis flow count is very low

Vulnerabilities

None known

amoForms Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

amoForms Release Timeline

v3.1.19Current

vv3.1.19

v3.1.18

v3.1.17

v3.1.16

v3.1.15

v3.1.14

v3.1.13

v3.1.12

v3.1.11

v3.1.10

v3.1.9

v3.1.8

v3.1.7

v3.1.6

v3.1.5

v3.1.4

v3.1.3

v3.1.1

v3.1.0

Code Analysis

Analyzed Mar 16, 2026

amoForms Code Analysis

Dangerous Functions

Raw SQL Queries

17 prepared

Unescaped Output

132

3 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

execexec($cmd);classes\Vendor\Raven\Client.php:666

Bundled Libraries

TinyMCE

SQL Query Safety

52% prepared33 total queries

Output Escaping

2% escaped135 total outputs

Data Flows · Security

3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths

dismiss_notice_action (classes\Controllers\Settings.php:1181)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

amoForms Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[amoforms] classes\Libs\Shortcodes\Manager.php:40

WordPress Hooks 10

filterwp_handle_upload_prefilterclasses\Controllers\Settings.php:424

filtertiny_mce_before_initclasses\Libs\Filters\TinyMCE.php:26

filtermce_external_pluginsclasses\Libs\Filters\TinyMCE.php:30

filtermce_buttonsclasses\Libs\Filters\TinyMCE.php:31

filtermedia_buttonsclasses\Libs\Hooks\MediaButtons\AddForm.php:19

actionadmin_footerclasses\Libs\Hooks\MediaButtons\AddForm.php:20

actioninitclasses\Libs\Hooks\PreviewPage\ManagePage.php:20

filterthe_contentclasses\Libs\Hooks\PreviewPage\PutForm.php:26

actionadmin_menuclasses\Router.php:391

filteradmin_footer_textviews\other\notice.php:12

Maintenance & Trust

amoForms Maintenance & Trust

Maintenance Signals

WordPress version tested5.2.24

Last updatedNov 13, 2019

PHP min version

Downloads905K

Community Trust

Rating86/100

Number of ratings52

Active installs300

Alternatives

amoForms Alternatives

Login Form Anywhere

Allow admin to show login from anywhere in Wordpress.

50 No CVEs

Amity Related Posts

amity-related-posts

Amity Related Posts Lite is a highly customizable WordPress plugin that linking to related posts from your website/blog archive.

10 No CVEs

Contact Form by BestWebSoft – Advanced WP Contact Form Builder for WordPress

contact-form-plugin

The most powerful and user-friendly WordPress contact form plugin. Create beautiful contact forms, widgets and pages using shortcodes.

30K 10 CVEs

Apollo13 Framework Extensions

apollo13-framework-extensions

Adds custom post types, shortcodes and some features that are used in themes built on Apollo13 Framework.

20K 6 CVEs

Content Blocks (Custom Post Widget)

custom-post-widget

This plugin enables you to edit and display Content Blocks in a sidebar widget or using a shortcode.

10K 6 CVEs

Developer Profile

amoForms Developer Profile

BaggerMAN

1 plugin · 300 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect amoForms

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

FAQ

amoForms Security & Risk Analysis

Is amoForms Safe to Use in 2026?

Generally Safe

Key Concerns

amoForms Security Vulnerabilities

amoForms Release Timeline

amoForms Code Analysis

Dangerous Functions Found

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

amoForms Attack Surface

Shortcodes 1

amoForms Maintenance & Trust

Maintenance Signals

Community Trust

amoForms Alternatives

Login Form Anywhere

Amity Related Posts

Contact Form by BestWebSoft – Advanced WP Contact Form Builder for WordPress

Apollo13 Framework Extensions

Content Blocks (Custom Post Widget)

amoForms Developer Profile

How We Detect amoForms

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about amoForms