ANON::form embedded secure form Security & Risk Analysis
wordpress.org/plugins/anonform-embedded-secure-formEmbed ANON::form's End-to-End Encrypted secure and anonymized web forms into your website with an iframe and a shortcode.
Is ANON::form embedded secure form Safe to Use in 2026?
Generally Safe
Score 99/100ANON::form embedded secure form has a strong security track record. Known vulnerabilities have been patched promptly.
The "anonform-embedded-secure-form" plugin v1.8 exhibits a generally good security posture based on static analysis, with no critical or high severity issues found in taint analysis, and a high percentage of properly escaped outputs. The plugin avoids dangerous functions, file operations, and external HTTP requests, which are common sources of vulnerabilities. However, the absence of any nonce checks or capability checks across its entry points, combined with a medium severity Cross-Site Scripting (XSS) vulnerability historically, raises significant concerns. While no unpatched CVEs are currently listed, the past XSS issue indicates a potential weakness in input sanitization, and the lack of robust authorization checks on its single shortcode entry point means that any user could potentially trigger its functionality, which might be exploited if combined with an unpatched or newly discovered vulnerability. The plugin's strengths lie in its avoidance of complex functionalities that often introduce bugs, but its vulnerability history and lack of authorization checks represent the most significant risks.
Key Concerns
- No nonce checks on entry points
- No capability checks on entry points
- History of Medium severity XSS
- High percentage of unescaped outputs (19%)
ANON::form embedded secure form Security Vulnerabilities
CVEs by Year
Severity Breakdown
1 total CVE
ANON::form embedded secure form <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
ANON::form embedded secure form Code Analysis
Output Escaping
ANON::form embedded secure form Attack Surface
Shortcodes 1
WordPress Hooks 7
Maintenance & Trust
ANON::form embedded secure form Maintenance & Trust
Maintenance Signals
Community Trust
ANON::form embedded secure form Alternatives
SiteGuard WP Plugin
siteguard
SiteGurad WP Plugin is the plugin specialized for the protection against the attack to the management page and login.
CF7 Apps – Honeypot, Database, Redirection, Webhook, and Addons for Contact Form 7
contact-form-7-honeypot
Addons for Contact Form 7 — Honeypot, Database Entries, Redirection, Spam Protection, Webhooks, ACF integration for Contact Form 7, and more.
Really Simple CAPTCHA
really-simple-captcha
Really Simple CAPTCHA is a CAPTCHA module intended to be called from other plugins. It is originally created for my Contact Form 7 plugin.
Advanced Google reCAPTCHA
advanced-google-recaptcha
Captcha protection against spam comments & brute force login attacks using Google reCAPTCHA.
Spam protection, Honeypot, Anti-Spam by CleanTalk
cleantalk-spam-protect
Blocks spam comments, fake users, contact form spam and more. No impact on SEO. Privacy focused. CAPTCHA free, premium Antispam plugin.
ANON::form embedded secure form Developer Profile
1 plugin · 10 total installs
How We Detect ANON::form embedded secure form
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/anonform-embedded-secure-form/css/embed-anonform.cssanonform-embedded-secure-form/css/embed-anonform.css?ver=HTML / DOM Fingerprints
anon-admin-noticeanon-admin-notice-contentanon-admin-notice-messageanon-col-12anon-admin-notice-headeranon-flexanon-buttonanon-button-review+4 moreid="anonform-div"id="anonform-app"loading="lazy"title="Embedded secure form from ANON::form"data-noncewindow.anonform<div id="anonform-div"><iframe id="anonform-app" src="