Does API for Ninja Forms have any unpatched vulnerabilities?

No. All known vulnerabilities in API for Ninja Forms have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is API for Ninja Forms compatible with WordPress 6.8.5?

According to WordPress.org data, API for Ninja Forms 1.0.1 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is API for Ninja Forms compatible with PHP 8.1+?

API for Ninja Forms requires PHP 8.1 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is API for Ninja Forms updated?

API for Ninja Forms was last updated on Nov 11, 2025. Frequent updates are generally a positive security signal.

What is API for Ninja Forms's security score?

API for Ninja Forms has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

API for Ninja Forms Security & Risk Analysis

wordpress.org/plugins/api-for-ninja-forms

A REST API for Ninja Forms that supports JSON and PDF output.

10 active installs v1.0.1 PHP 8.1+ WP 6.4+ Updated Nov 11, 2025

apininja-formsninjaformsrest-api

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is API for Ninja Forms Safe to Use in 2026?

Generally Safe

Score 100/100

API for Ninja Forms has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago

Risk Assessment

The "api-for-ninja-forms" v1.0.1 plugin demonstrates a generally strong security posture, with static analysis revealing no critical or high-severity issues. Notably, 100% of SQL queries are prepared, and all identified outputs are properly escaped, significantly mitigating risks of SQL injection and cross-site scripting (XSS). The plugin also avoids dangerous functions and direct file operations. The presence of two nonce checks, although not tied to a large number of entry points, is a positive indicator of security awareness. The single external HTTP request should be monitored, but without further context on its purpose or validation, it's not an immediate high-risk concern. The absence of any recorded vulnerabilities, including CVEs, further supports a positive security assessment. However, the lack of capability checks on its REST API routes is a notable weakness, as it implies that any authenticated user, regardless of their role or permissions, could potentially access or manipulate these endpoints. This represents a potential privilege escalation or unauthorized access vector that requires attention.

Key Concerns

REST API routes lack permission callbacks

Vulnerabilities

None known

API for Ninja Forms Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

API for Ninja Forms Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

19 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped19 total outputs

Data Flows

All sanitized

Data Flow Analysis

1 flows

<class-vwpnfsa-settings> (includes\class-vwpnfsa-settings.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

API for Ninja Forms Attack Surface

Entry Points4

Unprotected0

REST API Routes 4

GET/wp-json/nf-submissions/v1/form/(?P<form_id>\d+)includes\class-vwpnfsa-rest-controller.php:24

GET/wp-json/nf-submissions/v1/form/(?P<form_id>\d+)/fieldsincludes\class-vwpnfsa-rest-controller.php:34

GET/wp-json/nf-submissions/v1/form/(?P<form_id>\d+)includes\class-vwpnfsa-routes.php:20

GET/wp-json/nf-submissions/v1/form/(?P<form_id>\d+)/fieldsincludes\class-vwpnfsa-routes.php:35

WordPress Hooks 7

actionrest_api_initapi-for-ninja-forms.php:47

actionadmin_menuapi-for-ninja-forms.php:56

filterrest_authentication_errorsincludes\class-vwpnfsa-auth.php:122

actionrest_api_initincludes\class-vwpnfsa-routes.php:98

actionadmin_menuincludes\class-vwpnfsa-settings.php:21

actionadmin_initincludes\class-vwpnfsa-settings.php:22

actionadmin_menuincludes\class-vwpnfsa-settings.php:109

Maintenance & Trust

API for Ninja Forms Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedNov 11, 2025

PHP min version8.1

Downloads319

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

API for Ninja Forms Alternatives

WooCommerce Legacy REST API

woocommerce-legacy-rest-api

The WooCommerce Legacy REST API, which is now part of WooCommerce itself but will be removed in WooCommerce 9.0.

400K No CVEs

Disable REST API

disable-json-api

Disable the use of the REST API on your website to site users. Now with User Role support!

90K No CVEs

Make Connector

integromat-connector

Make Connector. Make lets you design, build, and automate by connecting with WordPress in just a few clicks.

80K 3 CVEs

JWT Authentication for WP REST API

jwt-authentication-for-wp-rest-api

100

Extends the WP REST API using JSON Web Tokens Authentication as an authentication method.

60K No CVEs

Disable WP REST API

disable-wp-rest-api

100

Disables the WP REST API for visitors not logged into WordPress.

30K No CVEs

Developer Profile

API for Ninja Forms Developer Profile

sightfactory

8 plugins · 190 total installs

trust score

Avg Security Score

98/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect API for Ninja Forms

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

REST Endpoints

nf-submissions/v1nf-submissions/v1/form/(?P<form_id>\d+)nf-submissions/v1/form/(?P<form_id>\d+)/fields

FAQ