Does AFB – Auto Form Builder – Drag & Drop Form Creator have any unpatched vulnerabilities?

No. All known vulnerabilities in AFB – Auto Form Builder – Drag & Drop Form Creator have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is AFB – Auto Form Builder – Drag & Drop Form Creator compatible with WordPress 6.9.4?

According to WordPress.org data, AFB – Auto Form Builder – Drag & Drop Form Creator 1.1.6 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is AFB – Auto Form Builder – Drag & Drop Form Creator compatible with PHP 7.4+?

AFB – Auto Form Builder – Drag & Drop Form Creator requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is AFB – Auto Form Builder – Drag & Drop Form Creator updated?

AFB – Auto Form Builder – Drag & Drop Form Creator was last updated on Mar 6, 2026. Frequent updates are generally a positive security signal.

What is AFB – Auto Form Builder – Drag & Drop Form Creator's security score?

AFB – Auto Form Builder – Drag & Drop Form Creator has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

AFB – Auto Form Builder – Drag & Drop Form Creator Security & Risk Analysis

wordpress.org/plugins/auto-form-builder

Auto Form Builder is the easiest drag-and-drop form builder for WordPress. Create contact forms, surveys, and multi-step forms in minutes.

100 active installs v1.1.6 PHP 7.4+ WP 6.0+ Updated Mar 6, 2026

contact-formdrag-and-dropformform-builderforms

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is AFB – Auto Form Builder – Drag & Drop Form Creator Safe to Use in 2026?

Generally Safe

Score 100/100

AFB – Auto Form Builder – Drag & Drop Form Creator has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 27d ago

Risk Assessment

The 'auto-form-builder' plugin v1.1.6 exhibits a generally good security posture with a strong emphasis on secure coding practices. The extensive use of prepared statements for SQL queries and proper output escaping for almost all outputs are significant strengths. The plugin also demonstrates a good understanding of WordPress security by incorporating a substantial number of nonce and capability checks. However, there are notable concerns stemming from the attack surface. The presence of 30 AJAX handlers, with 4 of them lacking authentication checks, presents a potential entry point for unauthorized actions if these handlers are not properly secured by other means. Additionally, the taint analysis revealed 2 high-severity flows with unsanitized paths, indicating a risk of potential vulnerabilities if user-supplied data is not strictly validated and sanitized before being used in sensitive operations, particularly in file operations where unsanitized paths can lead to directory traversal or other file system manipulation attacks. The complete absence of any recorded CVEs or past vulnerabilities is a positive sign, suggesting diligent maintenance and a lack of known exploitable flaws. Overall, while the plugin has a strong foundation in secure coding, the identified vulnerabilities in the attack surface and taint analysis require immediate attention to mitigate potential risks.

Key Concerns

AJAX handlers without auth checks
High severity unsanitized taint flows

Vulnerabilities

None known

AFB – Auto Form Builder – Drag & Drop Form Creator Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

AFB – Auto Form Builder – Drag & Drop Form Creator Code Analysis

Dangerous Functions

Raw SQL Queries

111 prepared

Unescaped Output

2925 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

97% prepared114 total queries

Output Escaping

98% escaped2975 total outputs

Data Flows

5 unsanitized

Data Flow Analysis

19 flows5 with unsanitized paths

handle_form_import (includes\class-auto-form-builder-import-export.php:262)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

4 unprotected

AFB – Auto Form Builder – Drag & Drop Form Creator Attack Surface

Entry Points33

Unprotected4

AJAX Handlers 30

authwp_ajax_auto_form_builder_save_turnstile_settingsincludes\addons\cloudflare-turnstile\class-auto-form-builder-addon-cloudflare-turnstile.php:69

authwp_ajax_auto_form_builder_verify_turnstile_testincludes\addons\cloudflare-turnstile\class-auto-form-builder-addon-cloudflare-turnstile.php:70

authwp_ajax_auto_form_builder_track_eventincludes\addons\form-analytics\class-auto-form-builder-addon-form-analytics.php:106

noprivwp_ajax_auto_form_builder_track_eventincludes\addons\form-analytics\class-auto-form-builder-addon-form-analytics.php:107

authwp_ajax_afb_sync_historical_analyticsincludes\addons\form-analytics\class-auto-form-builder-addon-form-analytics.php:110

authwp_ajax_afb_reset_analytics_dataincludes\addons\form-analytics\class-auto-form-builder-addon-form-analytics.php:111

authwp_ajax_auto_form_builder_save_recaptcha_settingsincludes\addons\recaptcha\class-auto-form-builder-addon-recaptcha.php:70

authwp_ajax_auto_form_builder_verify_recaptcha_testincludes\addons\recaptcha\class-auto-form-builder-addon-recaptcha.php:71

authwp_ajax_auto_form_builder_update_submission_statusincludes\admin\class-auto-form-builder-submission-status-manager.php:43

authwp_ajax_auto_form_builder_mark_submission_readincludes\admin\class-auto-form-builder-submission-status-manager.php:44

authwp_ajax_auto_form_builder_toggle_submission_starredincludes\admin\class-auto-form-builder-submission-status-manager.php:45

authwp_ajax_auto_form_builder_bulk_update_statusincludes\admin\class-auto-form-builder-submission-status-manager.php:46

authwp_ajax_auto_form_builder_get_status_countsincludes\admin\class-auto-form-builder-submission-status-manager.php:47

authwp_ajax_auto_form_builder_upload_fileincludes\class-auto-form-builder-ajax.php:30

noprivwp_ajax_auto_form_builder_upload_fileincludes\class-auto-form-builder-ajax.php:31

authwp_ajax_auto_form_builder_saveincludes\class-auto-form-builder-ajax.php:40

authwp_ajax_auto_form_builder_save_settingsincludes\class-auto-form-builder-ajax.php:41

authwp_ajax_auto_form_builder_get_settingsincludes\class-auto-form-builder-ajax.php:42

authwp_ajax_auto_form_builder_delete_submissionincludes\class-auto-form-builder-ajax.php:43

authwp_ajax_auto_form_builder_test_endpointincludes\class-auto-form-builder-ajax.php:44

noprivwp_ajax_auto_form_builder_serve_assetincludes\class-auto-form-builder-asset-server.php:49

authwp_ajax_auto_form_builder_serve_assetincludes\class-auto-form-builder-asset-server.php:50

authwp_ajax_auto_form_builder_export_formsincludes\class-auto-form-builder-import-export.php:28

authwp_ajax_auto_form_builder_export_entriesincludes\class-auto-form-builder-import-export.php:29

authwp_ajax_auto_form_builder_import_formsincludes\class-auto-form-builder-import-export.php:30

authwp_ajax_auto_form_builder_import_entriesincludes\class-auto-form-builder-import-export.php:31

authwp_ajax_auto_form_builder_create_template_formincludes\class-auto-form-builder-onboarding.php:43

authwp_ajax_auto_form_builder_complete_onboardingincludes\class-auto-form-builder-onboarding.php:44

authwp_ajax_auto_form_builder_preview_formincludes\frontend\class-auto-form-builder-preview-handler.php:30

authwp_ajax_auto_form_builder_get_form_preview_dataincludes\frontend\class-auto-form-builder-preview-handler.php:33

Shortcodes 3

[auto_form_builder] includes\class-auto-form-builder-frontend.php:200

[auto_form_builder] includes\frontend\class-auto-form-builder-shortcode-handler.php:59

[auto_form_builder] includes\frontend\class-auto-form-builder-shortcode-handler.php:61

WordPress Hooks 62

actioninitauto-form-builder.php:55

actionadmin_post_auto_form_builder_downloadauto-form-builder.php:96

actionplugins_loadedauto-form-builder.php:131

actionadmin_post_auto_form_builder_secure_downloadauto-form-builder.php:319

filterplugin_action_linksauto-form-builder.php:347

actionadmin_enqueue_scriptsincludes\addons\class-auto-form-builder-pro-base-addon.php:281

actionwp_enqueue_scriptsincludes\addons\class-auto-form-builder-pro-base-addon.php:283

actionadmin_enqueue_scriptsincludes\addons\class-auto-form-builder-pro-base-addon.php:284

actionadmin_enqueue_scriptsincludes\addons\class-auto-form-builder-pro-base-addon.php:322

actionwp_enqueue_scriptsincludes\addons\class-auto-form-builder-pro-base-addon.php:324

actionadmin_enqueue_scriptsincludes\addons\class-auto-form-builder-pro-base-addon.php:325

filterauto_form_builder_field_typesincludes\addons\cloudflare-turnstile\class-auto-form-builder-addon-cloudflare-turnstile.php:57

filterauto_form_builder_field_renderersincludes\addons\cloudflare-turnstile\class-auto-form-builder-addon-cloudflare-turnstile.php:58

actionadmin_menuincludes\addons\cloudflare-turnstile\class-auto-form-builder-addon-cloudflare-turnstile.php:66

filterauto_form_builder_validate_submissionincludes\addons\cloudflare-turnstile\class-auto-form-builder-addon-cloudflare-turnstile.php:73

actionauto_form_builder_form_renderedincludes\addons\form-analytics\class-auto-form-builder-addon-form-analytics.php:48

actionauto_form_builder_form_submittedincludes\addons\form-analytics\class-auto-form-builder-addon-form-analytics.php:49

actionauto_form_builder_form_renderedincludes\addons\form-analytics\class-auto-form-builder-addon-form-analytics.php:71

actionauto_form_builder_form_submittedincludes\addons\form-analytics\class-auto-form-builder-addon-form-analytics.php:72

actionwp_loadedincludes\addons\form-analytics\class-auto-form-builder-addon-form-analytics.php:75

actioninitincludes\addons\form-analytics\class-auto-form-builder-addon-form-analytics.php:76

filterdo_shortcode_tagincludes\addons\form-analytics\class-auto-form-builder-addon-form-analytics.php:79

actionadmin_enqueue_scriptsincludes\addons\form-analytics\class-auto-form-builder-addon-form-analytics.php:86

actionadmin_menuincludes\addons\form-analytics\class-auto-form-builder-addon-form-analytics.php:103

actionauto_form_builder_form_submittedincludes\addons\form-analytics\class-auto-form-builder-addon-form-analytics.php:706

actionauto_form_builder_form_renderedincludes\addons\form-analytics\class-auto-form-builder-addon-form-analytics.php:710

filterauto_form_builder_field_typesincludes\addons\recaptcha\class-auto-form-builder-addon-recaptcha.php:58

filterauto_form_builder_field_renderersincludes\addons\recaptcha\class-auto-form-builder-addon-recaptcha.php:59

actionadmin_menuincludes\addons\recaptcha\class-auto-form-builder-addon-recaptcha.php:67

filterauto_form_builder_validate_submissionincludes\addons\recaptcha\class-auto-form-builder-addon-recaptcha.php:74

actionadmin_bar_menuincludes\class-auto-form-builder-admin-bar.php:27

actionadmin_menuincludes\class-auto-form-builder-admin-menu.php:26

actionadmin_enqueue_scriptsincludes\class-auto-form-builder-admin-menu.php:28

actionin_admin_headerincludes\class-auto-form-builder-admin-menu.php:30

actionadmin_enqueue_scriptsincludes\class-auto-form-builder-admin.php:25

filteradmin_body_classincludes\class-auto-form-builder-admin.php:26

actionadmin_initincludes\class-auto-form-builder-admin.php:27

actionadmin_initincludes\class-auto-form-builder-admin.php:28

actionadmin_initincludes\class-auto-form-builder-admin.php:29

actionadmin_initincludes\class-auto-form-builder-admin.php:31

actionadmin_menuincludes\class-auto-form-builder-admin.php:32

actionadmin_menuincludes\class-auto-form-builder-admin.php:33

actionadmin_initincludes\class-auto-form-builder-admin.php:35

actionadmin_initincludes\class-auto-form-builder-ajax.php:27

actioninitincludes\class-auto-form-builder-asset-server.php:48

actionadmin_initincludes\class-auto-form-builder-db.php:121

actioninitincludes\class-auto-form-builder-frontend.php:48

actionadmin_initincludes\class-auto-form-builder-import-export.php:27

actionadmin_enqueue_scriptsincludes\class-auto-form-builder-onboarding.php:41

actionadmin_footerincludes\class-auto-form-builder-onboarding.php:42

actionadmin_menuincludes\class-auto-form-builder-settings.php:26

actionadmin_initincludes\class-auto-form-builder-settings.php:27

actionadmin_initincludes\class-auto-form-builder-version-manager.php:44

actionadmin_noticesincludes\class-auto-form-builder-version-manager.php:45

actionauto_form_builder_form_submittedincludes\frontend\address\class-auto-form-builder-address-field-storage.php:65

filterauto_form_builder_submission_dataincludes\frontend\address\class-auto-form-builder-address-field-storage.php:66

filterauto_form_builder_export_submission_dataincludes\frontend\address\class-auto-form-builder-address-submission-processor.php:31

actionwp_enqueue_scriptsincludes\frontend\class-auto-form-builder-asset-manager.php:26

actionadmin_enqueue_scriptsincludes\frontend\class-auto-form-builder-preview-handler.php:36

actioninitincludes\frontend\class-auto-form-builder-shortcode-handler.php:38

actioninitincludes\frontend\class-auto-form-builder-submission-handler.php:34

filterupload_dirincludes\helpers\class-auto-form-builder-file-validation-helper.php:352

Maintenance & Trust

AFB – Auto Form Builder – Drag & Drop Form Creator Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 6, 2026

PHP min version7.4

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs100

Alternatives

AFB – Auto Form Builder – Drag & Drop Form Creator Alternatives

HT Contact Form – Drag & Drop Form Builder for WordPress

ht-contactform

The easiest drag & drop form builder for WordPress. Create contact forms, surveys, and lead capture forms in minutes with 38+ fields and 21+ integ …

9K 6 CVEs

VPSUForm – Drag & Drop Contact Form Builder with Email Automation

v-form

A lightweight drag-and-drop WordPress form builder with email automation, conditional logic, spam protection, and full lead management.

200 7 CVEs

GenForm – Drag & Drop Form Builder

genform

100

The lightweight drag-and-drop form builder for WordPress. Create contact forms, feedback forms, bookings, and more — no coding required.

20 No CVEs

Smart AI Forms – AI Form Builder for WordPress

smart-ai-forms-lite

100

The only WordPress form builder that generates complete forms from a plain English prompt. No API key needed. Drag, drop, or just describe it.

10 No CVEs

FormLight – Simple Lightweight Form Builder – Contact, Payment, Registration & More

formlight

100

Clean, easy-to-use form builder with drag-and-drop fields. Pro adds templates & integrates with Mailchimp, Stripe, PayPal, Google Sheets, Zapier.

0 No CVEs

Developer Profile

AFB – Auto Form Builder – Drag & Drop Form Creator Developer Profile

Ali Ghasemirad

1 plugin · 100 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect AFB – Auto Form Builder – Drag & Drop Form Creator

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/auto-form-builder/assets/css/admin-menu.css/wp-content/plugins/auto-form-builder/assets/css/admin.css/wp-content/plugins/auto-form-builder/assets/css/editor.css/wp-content/plugins/auto-form-builder/assets/css/frontend.css/wp-content/plugins/auto-form-builder/assets/css/global.css/wp-content/plugins/auto-form-builder/assets/css/style.css/wp-content/plugins/auto-form-builder/assets/js/admin-menu.js/wp-content/plugins/auto-form-builder/assets/js/admin.js+8 more

Script Paths

/wp-content/plugins/auto-form-builder/assets/js/frontend.js/wp-content/plugins/auto-form-builder/assets/js/frontend/address/address.js/wp-content/plugins/auto-form-builder/assets/js/frontend/address/address-submission.js

Version Parameters

auto-form-builder/assets/css/admin-menu.css?ver=auto-form-builder/assets/css/admin.css?ver=auto-form-builder/assets/css/editor.css?ver=auto-form-builder/assets/css/frontend.css?ver=auto-form-builder/assets/css/global.css?ver=auto-form-builder/assets/css/style.css?ver=auto-form-builder/assets/js/admin-menu.js?ver=auto-form-builder/assets/js/admin.js?ver=auto-form-builder/assets/js/editor.js?ver=auto-form-builder/assets/js/frontend.js?ver=auto-form-builder/assets/js/frontend/address/address.js?ver=auto-form-builder/assets/js/frontend/address/address-submission.js?ver=auto-form-builder/assets/js/frontend/frontend.js?ver=auto-form-builder/assets/js/import-export.js?ver=auto-form-builder/assets/js/onboarding.js?ver=auto-form-builder/assets/js/version-manager.js?ver=

HTML / DOM Fingerprints

CSS Classes

afb-form-editorafb-form-listafb-field-settingsafb-form-previewafb-form-settingsafb-address-field-wrapperafb-form-builder-frontend

HTML Comments

+20 more

Data Attributes

data-afb-field-iddata-afb-field-typedata-afb-form-iddata-afb-form-titledata-afb-is-requireddata-afb-field-label+1 more

JS Globals

auto_form_builder_ajax_urlauto_form_builder_nonceafb_editor_settingsafb_frontend_settingsafb_address_settings

REST Endpoints

/wp-json/auto-form-builder/v1/forms/wp-json/auto-form-builder/v1/forms/(?P<id>[\d]+)/wp-json/auto-form-builder/v1/settings/wp-json/auto-form-builder/v1/submissions/wp-json/auto-form-builder/v1/submissions/(?P<id>[\d]+)

Shortcode Output

<div class="afb-form-container" data-form-id="<form id="afb-form-<label class="afb-label" for="<input type="text" name="

FAQ