Does Appointment Form Manager have any unpatched vulnerabilities?

No. All known vulnerabilities in Appointment Form Manager have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Appointment Form Manager compatible with WordPress 5.8.13?

According to WordPress.org data, Appointment Form Manager 2.1.1 has been tested up to WordPress 5.8.13. Check the plugin's changelog for the latest compatibility information.

How often is Appointment Form Manager updated?

Appointment Form Manager was last updated on Sep 11, 2021. Frequent updates are generally a positive security signal.

What is Appointment Form Manager's security score?

Appointment Form Manager has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Appointment Form Manager Security Review

Name: Appointment Form Manager
Rating: 5.0 (1 reviews)

Safety Verdict

Is Appointment Form Manager Safe to Use in 2026?

Generally Safe

Score 85/100

Appointment Form Manager has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago

Risk Assessment

The "appointment-form-manager" plugin v2.1.1 exhibits a mixed security posture. On the positive side, it demonstrates good practices by exclusively using prepared statements for its SQL queries and avoids external HTTP requests and file operations, significantly reducing common attack vectors. The absence of recorded vulnerabilities in its history is also a positive indicator of past stability. However, several concerning aspects in the static analysis warrant attention. A substantial attack surface is exposed, with all 6 AJAX handlers lacking authentication checks, presenting a significant risk for unauthorized actions. Furthermore, only 8% of the total outputs are properly escaped, leaving a high probability of cross-site scripting (XSS) vulnerabilities. The taint analysis also highlights a critical flow with unsanitized paths, indicating a potential for more severe security issues that were not fully mitigated. While the plugin has a clean vulnerability history, the present code analysis reveals critical areas for improvement, particularly concerning input validation and output escaping to secure its extensive AJAX endpoints.

Key Concerns

AJAX handlers without authentication checks
Low percentage of properly escaped outputs
Critical severity taint flow with unsanitized paths
No nonce checks on AJAX handlers

Vulnerabilities

None known

Appointment Form Manager Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Appointment Form Manager Code Analysis

Dangerous Functions

0

Raw SQL Queries

0

5 prepared

Unescaped Output

378

31 escaped

Nonce Checks

0

Capability Checks

3

File Operations

0

External Requests

0

Bundled Libraries

1

Bundled Libraries

jQuery

SQL Query Safety

100% prepared5 total queries

Output Escaping

8% escaped409 total outputs

Data Flows

5 unsanitized

Data Flow Analysis

7 flows5 with unsanitized paths

afm_save_form_data_callback (admin\class-appointment-form-manager-admin.php:210)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

6 unprotected

Appointment Form Manager Attack Surface

Entry Points7

Unprotected6

AJAX Handlers 6

authwp_ajax_afm_save_form_dataincludes\class-appointment-form-manager.php:164

noprivwp_ajax_afm_save_form_dataincludes\class-appointment-form-manager.php:165

authwp_ajax_afm_empty_form_dataincludes\class-appointment-form-manager.php:166

noprivwp_ajax_afm_empty_form_dataincludes\class-appointment-form-manager.php:167

noprivwp_ajax_afm_ajax_contact_send_mailincludes\class-appointment-form-manager.php:187

authwp_ajax_afm_ajax_contact_send_mailincludes\class-appointment-form-manager.php:188

Shortcodes 1

[afm_contact] includes\class-appointment-form-manager.php:186

WordPress Hooks 6

actionplugins_loadedincludes\class-appointment-form-manager.php:146

actionadmin_enqueue_scriptsincludes\class-appointment-form-manager.php:161

actionadmin_enqueue_scriptsincludes\class-appointment-form-manager.php:162

actionadmin_menuincludes\class-appointment-form-manager.php:163

actionwp_enqueue_scriptsincludes\class-appointment-form-manager.php:184

actionwp_enqueue_scriptsincludes\class-appointment-form-manager.php:185

Maintenance & Trust

Appointment Form Manager Maintenance & Trust

Maintenance Signals

WordPress version tested5.8.13

Last updatedSep 11, 2021

PHP min version

Downloads4K

Community Trust

Rating100/100

Number of ratings1

Active installs30

Alternatives

Appointment Form Manager Alternatives

Contact Form 7

contact-form-7

A

89

Just another contact form plugin. Simple but flexible.

10.0M 8 CVEs

Akismet Anti-spam: Spam Protection

akismet

A

99

The best anti-spam protection to block spam comments and spam in a contact form. The most trusted antispam solution for WordPress and WooCommerce.

6.0M 2 CVEs

WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More

wpforms-lite

A

90

The best WordPress contact form plugin. Drag & Drop form builder to create beautiful contact forms, payment forms, & other custom forms.

6.0M 13 CVEs

Database Addon for Contact Form 7 – CFDB7

contact-form-cfdb7

A

90

Save and manage Contact Form 7 messages. Never lose important data. It is a lightweight contact form 7 database plugin.

600K 7 CVEs

Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder

fluentform

B

82

Get a fast contact form plugin. Create advanced forms using drag and drop form builder with all smart features.

600K 27 CVEs

Developer Profile

Appointment Form Manager Developer Profile

Anil Meena

3 plugins · 160 total installs

85

trust score

Avg Security Score

87/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Appointment Form Manager

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/appointment-form-manager/css/admin.css/wp-content/plugins/appointment-form-manager/css/admin-form.css/wp-content/plugins/appointment-form-manager/js/appointment-form-manager-admin.js/wp-content/plugins/appointment-form-manager/js/jquery.min.js/wp-content/plugins/appointment-form-manager/js/form-builder.js/wp-content/plugins/appointment-form-manager/js/form-render.min.js/wp-content/plugins/appointment-form-manager/js/form-load.js

Version Parameters

appointment-form-manager/css/admin.css?ver=appointment-form-manager/css/admin-form.css?ver=appointment-form-manager/js/appointment-form-manager-admin.js?ver=appointment-form-manager/js/jquery.min.js?ver=appointment-form-manager/js/form-builder.js?ver=appointment-form-manager/js/form-render.min.js?ver=appointment-form-manager/js/form-load.js?ver=

HTML / DOM Fingerprints

CSS Classes

afm-admin-styleafm-admin-form-style

FAQ

Appointment Form Manager Security & Risk Analysis

Is Appointment Form Manager Safe to Use in 2026?

Generally Safe

Key Concerns

Appointment Form Manager Security Vulnerabilities

Appointment Form Manager Code Analysis

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

Appointment Form Manager Attack Surface

AJAX Handlers 6

Shortcodes 1

Appointment Form Manager Maintenance & Trust

Maintenance Signals

Community Trust

Appointment Form Manager Alternatives

Contact Form 7

Akismet Anti-spam: Spam Protection

WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More

Database Addon for Contact Form 7 – CFDB7

Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder

Appointment Form Manager Developer Profile

How We Detect Appointment Form Manager

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Appointment Form Manager