WP-Safety

BBForms – Flexible Contact Forms, Survey, Quiz, Poll & Custom Forms Editor Security & Risk Analysis

wordpress.org/plugins/bbforms

Build your [forms] faster and easily just by typing them!

10 active installs v1.0.8 PHP 7.0+ WP 4.4+ Updated Jan 21, 2026
codecontact-formcustom-formformsshortcode
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is BBForms – Flexible Contact Forms, Survey, Quiz, Poll & Custom Forms Editor Safe to Use in 2026?

Generally Safe

Score 100/100

BBForms – Flexible Contact Forms, Survey, Quiz, Poll & Custom Forms Editor has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago
Risk Assessment

The "bbforms" v1.0.8 plugin exhibits a generally good security posture with several strong security practices in place. The absence of any recorded CVEs, even historical ones, is a significant positive indicator of the plugin's security development. The static analysis also reveals a commendable use of prepared statements for SQL queries (90%) and proper output escaping (93%), along with a robust number of nonce and capability checks (7 and 21 respectively). The attack surface, while present with 7 entry points, is entirely protected by authentication mechanisms, which is excellent. However, two flows with unsanitized paths identified during the taint analysis, although not reaching critical or high severity, warrant attention. These indicate potential avenues for manipulation if malicious input is not handled with sufficient sanitization at specific points. Furthermore, the inclusion of a bundled Select2 library at version v1.0.2, which is likely outdated, represents a potential risk if vulnerabilities exist in that specific version of the library. Overall, the plugin is well-developed from a security standpoint, but the identified unsanitized paths and the outdated bundled library are minor weaknesses that should be addressed to achieve an even more secure state.

Key Concerns

  • Unsanitized paths in taint analysis
  • Bundled outdated library (Select2 v1.0.2)
Vulnerabilities
None known

BBForms – Flexible Contact Forms, Survey, Quiz, Poll & Custom Forms Editor Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

BBForms – Flexible Contact Forms, Survey, Quiz, Poll & Custom Forms Editor Code Analysis

Dangerous Functions
0
Raw SQL Queries
4
38 prepared
Unescaped Output
41
543 escaped
Nonce Checks
7
Capability Checks
21
File Operations
3
External Requests
2
Bundled Libraries
1

Bundled Libraries

Select21.0.2

SQL Query Safety

90% prepared42 total queries

Output Escaping

93% escaped584 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

9 flows2 with unsanitized paths
bbforms_forms_get_views (includes\custom-tables\forms.php:380)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

BBForms – Flexible Contact Forms, Survey, Quiz, Poll & Custom Forms Editor Attack Surface

Entry Points7
Unprotected0

AJAX Handlers 5

authwp_ajax_bbforms_hide_review_noticeincludes\admin\notices.php:86
authwp_ajax_bbforms_import_formincludes\ajax-functions.php:77
authwp_ajax_bbforms_submissions_export_csvincludes\ajax-functions.php:217
authwp_ajax_bbforms_form_submitincludes\submit.php:123
noprivwp_ajax_bbforms_form_submitincludes\submit.php:124

Shortcodes 2

[bbforms] includes\shortcodes\bbforms.php:49
[bbform] includes\shortcodes\bbforms.php:50
WordPress Hooks 117
actionplugins_loadedbbforms.php:223
actionplugins_loadedbbforms.php:224
actionplugins_loadedbbforms.php:225
actioninitbbforms.php:227
actioninitincludes\actions\action.php:43
actioninitincludes\actions\action.php:44
filterwp_mail_fromincludes\actions\actions\email.php:113
filterwp_mail_from_nameincludes\actions\actions\email.php:114
filterwp_mail_content_typeincludes\actions\actions\email.php:115
actionadmin_noticesincludes\admin\notices.php:69
actionadmin_initincludes\admin\pages\settings.php:32
actionrest_api_initincludes\admin\pages\settings.php:33
actioncmb2_admin_initincludes\admin\pages\settings.php:182
filterbbforms_settings_messages_meta_boxesincludes\admin\settings\error-messages.php:47
filterbbforms_settings_messages_meta_boxesincludes\admin\settings\form-messages.php:58
filterbbforms_settings_general_meta_boxesincludes\admin\settings\general.php:56
filterbbforms_settings_submissions_meta_boxesincludes\admin\settings\submissions-cleanup.php:50
actionadmin_menuincludes\admin.php:51
actionadmin_menuincludes\admin.php:60
actionadmin_menuincludes\admin.php:75
actionadmin_menuincludes\admin.php:143
actionadmin_menuincludes\admin.php:159
actionadmin_bar_menuincludes\admin.php:228
actionadmin_bar_menuincludes\admin.php:264
actionadmin_bar_menuincludes\admin.php:300
actionadmin_initincludes\admin.php:317
filteradmin_footer_textincludes\admin.php:471
actioninitincludes\bbcodes\bbcode.php:45
actioninitincludes\bbcodes\bbcode.php:46
actioninitincludes\bbcodes\bbcode.php:47
actionbbforms_schedule_eventsincludes\cron\auto-submissions-cleanup.php:36
actionbbforms_clear_scheduled_eventsincludes\cron\auto-submissions-cleanup.php:46
actionbbforms_auto_submissions_cleanup_eventincludes\cron\auto-submissions-cleanup.php:91
filtercron_schedulesincludes\cron.php:33
filterct_bbforms_categories_labelsincludes\custom-tables\categories.php:30
filterct_query_whereincludes\custom-tables\categories.php:64
filterct_query_bbforms_categories_search_fieldsincludes\custom-tables\categories.php:84
filtermanage_bbforms_categories_columnsincludes\custom-tables\categories.php:104
filtermanage_bbforms_categories_sortable_columnsincludes\custom-tables\categories.php:124
actionmanage_bbforms_categories_custom_columnincludes\custom-tables\categories.php:176
filterct_bbforms_categories_default_dataincludes\custom-tables\categories.php:195
actioncmb2_initincludes\custom-tables\categories.php:238
actionct_render_bbforms_categories_add_formincludes\custom-tables\categories.php:309
actionct_render_bbforms_categories_edit_formincludes\custom-tables\categories.php:310
filterct_insert_object_dataincludes\custom-tables\categories.php:346
filterct_bbforms_forms_labelsincludes\custom-tables\forms.php:31
filterct_query_whereincludes\custom-tables\forms.php:77
filterct_query_joinincludes\custom-tables\forms.php:117
filterct_query_bbforms_forms_search_fieldsincludes\custom-tables\forms.php:138
filtermanage_bbforms_forms_columnsincludes\custom-tables\forms.php:159
filtermanage_bbforms_forms_sortable_columnsincludes\custom-tables\forms.php:178
filterbbforms_forms_row_actionsincludes\custom-tables\forms.php:273
actionbbforms_action_duplicate_formincludes\custom-tables\forms.php:331
actionbbforms_action_reset_submissionsincludes\custom-tables\forms.php:378
filterbbforms_forms_get_viewsincludes\custom-tables\forms.php:425
actionmanage_bbforms_forms_custom_columnincludes\custom-tables\forms.php:520
filterct_bbforms_forms_default_dataincludes\custom-tables\forms.php:553
actionadd_meta_boxesincludes\custom-tables\forms.php:579
actionct_bbforms_forms_edit_screen_submit_meta_box_submit_post_topincludes\custom-tables\forms.php:658
actioncmb2_initincludes\custom-tables\forms.php:856
filteradmin_body_classincludes\custom-tables\forms.php:926
actionadmin_footerincludes\custom-tables\forms.php:1067
filterct_insert_object_dataincludes\custom-tables\forms.php:1381
actiondelete_objectincludes\custom-tables\forms.php:1503
actionadmin_initincludes\custom-tables\submissions.php:29
filterwp_redirectincludes\custom-tables\submissions.php:53
filteradmin_body_classincludes\custom-tables\submissions.php:74
filterct_bbforms_submissions_labelsincludes\custom-tables\submissions.php:94
filterct_query_whereincludes\custom-tables\submissions.php:134
filterct_query_bbforms_submissions_search_fieldsincludes\custom-tables\submissions.php:156
filtermanage_bbforms_submissions_columnsincludes\custom-tables\submissions.php:188
filtermanage_bbforms_submissions_sortable_columnsincludes\custom-tables\submissions.php:211
filterbbforms_submissions_row_actionsincludes\custom-tables\submissions.php:251
filterbbforms_submissions_bulk_actionsincludes\custom-tables\submissions.php:296
actionmanage_bbforms_submissions_extra_tablenavincludes\custom-tables\submissions.php:357
actionmanage_bbforms_submissions_custom_columnincludes\custom-tables\submissions.php:406
filterct_bbforms_submissions_default_dataincludes\custom-tables\submissions.php:597
actionadd_meta_boxesincludes\custom-tables\submissions.php:611
filterbbforms_render_fieldincludes\custom-tables\submissions.php:724
filterct_insert_object_dataincludes\custom-tables\submissions.php:830
actiondelete_objectincludes\custom-tables\submissions.php:907
filterct_bbforms_tags_labelsincludes\custom-tables\tags.php:30
filterct_query_whereincludes\custom-tables\tags.php:64
filterct_query_bbforms_tags_search_fieldsincludes\custom-tables\tags.php:84
filtermanage_bbforms_tags_columnsincludes\custom-tables\tags.php:104
filtermanage_bbforms_tags_sortable_columnsincludes\custom-tables\tags.php:124
actionmanage_bbforms_tags_custom_columnincludes\custom-tables\tags.php:176
filterct_bbforms_tags_default_dataincludes\custom-tables\tags.php:195
actioncmb2_initincludes\custom-tables\tags.php:238
actionct_render_bbforms_tags_add_formincludes\custom-tables\tags.php:309
actionct_render_bbforms_tags_edit_formincludes\custom-tables\tags.php:310
filterct_insert_object_dataincludes\custom-tables\tags.php:346
actionct_initincludes\custom-tables.php:225
actioninitincludes\fields\field.php:49
actioninitincludes\fields\field.php:50
actioninitincludes\fields\field.php:51
filterupload_dirincludes\fields\fields\file.php:239
actionbbforms_initincludes\file.php:29
actionwp_loadedincludes\form-preview.php:92
actioninitincludes\form-preview.php:116
actionwp_enqueue_scriptsincludes\form-preview.php:139
filterwp_privacy_personal_data_erasersincludes\privacy\erasers\submissions.php:31
filterwp_privacy_personal_data_exportersincludes\privacy\exporters\submissions.php:31
actionadmin_initincludes\privacy.php:32
actioninitincludes\scripts.php:31
actionadmin_initincludes\scripts.php:91
actionadmin_enqueue_scriptsincludes\scripts.php:147
actionadmin_bar_initincludes\scripts.php:232
actioninitincludes\submit.php:108
actionbbforms_pre_initintegrations\easy-digital-downloads\easy-digital-downloads.php:128
filterbbforms_get_tagsintegrations\easy-digital-downloads\includes\tags.php:87
filterbbforms_do_tagintegrations\easy-digital-downloads\includes\tags.php:319
filterbbforms_tags_help_tags_list_contentintegrations\easy-digital-downloads\includes\tags.php:399
filterbbforms_get_tagsintegrations\woocommerce\includes\tags.php:87
filterbbforms_do_tagintegrations\woocommerce\includes\tags.php:327
filterbbforms_tags_help_tags_list_contentintegrations\woocommerce\includes\tags.php:394
actionbbforms_pre_initintegrations\woocommerce\woocommerce.php:128

Scheduled Events 1

bbforms_auto_submissions_cleanup_event
Maintenance & Trust

BBForms – Flexible Contact Forms, Survey, Quiz, Poll & Custom Forms Editor Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 21, 2026
PHP min version7.0
Downloads797

Community Trust

Rating100/100
Number of ratings6
Active installs10
Alternatives

BBForms – Flexible Contact Forms, Survey, Quiz, Poll & Custom Forms Editor Alternatives

WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More

WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More

wpforms-lite

A
90

The best WordPress contact form plugin. Drag & Drop form builder to create beautiful contact forms, payment forms, & other custom forms.

6.0M 13 CVEs
Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder

Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder

fluentform

B
82

Get a fast contact form plugin. Create advanced forms using drag and drop form builder with all smart features.

600K 27 CVEs
Forminator Forms – Contact Form, Payment Form & Custom Form Builder

Forminator Forms – Contact Form, Payment Form & Custom Form Builder

forminator

B
76

Best WordPress form builder plugin. Create contact forms, payment forms & order forms with 1000+ integrations.

600K 36 CVEs
SureForms – Contact Form, Payment Form & Other Custom Form Builder

SureForms – Contact Form, Payment Form & Other Custom Form Builder

sureforms

A
88

The most beginner-friendly, AI Form Builder for WordPress to create contact forms, payment forms & other custom forms with advanced features, with …

400K 15 CVEs
Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder

Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder

everest-forms

B
84

The best WordPress form builder. Create contact forms, payment forms, conversational forms, custom forms, surveys, & quizzes using drag and drop.

100K 12 CVEs
Developer Profile

BBForms – Flexible Contact Forms, Survey, Quiz, Poll & Custom Forms Editor Developer Profile

Ruben Garcia

30 plugins · 25K total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
139 days
View full developer profile
Detection Fingerprints

How We Detect BBForms – Flexible Contact Forms, Survey, Quiz, Poll & Custom Forms Editor

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/bbforms/assets/css/admin.css/wp-content/plugins/bbforms/assets/css/frontend.css/wp-content/plugins/bbforms/assets/css/bbforms.css/wp-content/plugins/bbforms/assets/js/frontend.js/wp-content/plugins/bbforms/assets/js/admin.js/wp-content/plugins/bbforms/assets/js/bbforms.js
Generator Patterns
BBForms - Version 1.0.8
Version Parameters
bbforms/assets/css/admin.css?ver=bbforms/assets/css/frontend.css?ver=bbforms/assets/css/bbforms.css?ver=bbforms/assets/js/frontend.js?ver=bbforms/assets/js/admin.js?ver=bbforms/assets/js/bbforms.js?ver=

HTML / DOM Fingerprints

CSS Classes
bbforms-wrapperbbforms-form-wrapperbbforms-field-wrapperbbforms-submit-buttonbbforms-field-label
Data Attributes
data-bbforms-field-iddata-bbforms-form-id
JS Globals
bbforms_frontend_params
Shortcode Output
[bbforms_form id="
FAQ

Frequently Asked Questions about BBForms – Flexible Contact Forms, Survey, Quiz, Poll & Custom Forms Editor