WP-Safety

Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) Security & Risk Analysis

wordpress.org/plugins/buddyforms

BuddyForms is a versatile plugin that allows the creation of post forms, registration forms, profile forms, content forms, and supports file uploads.

1K active installs v2.9.0 PHP 5.3+ WP 4.0+ Updated Jun 4, 2025
custom-formform-builderformsregistrationuser-registration
20
F · Critical Risk
CVEs total18
Unpatched2
Last CVEOct 19, 2025
Plugin page Download
Safety Verdict

Is Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) Safe to Use in 2026?

Critical Risk — Avoid

Score 20/100

Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) is critically unsafe with 18 known CVEs, 2 still unpatched. Avoid in production.

18 known CVEs 2 unpatched Last CVE: Oct 19, 2025Updated 10mo ago
Risk Assessment

BuddyForms v2.9.0 presents a mixed security posture. While the plugin demonstrates good practices in its use of prepared statements for SQL queries (93%) and proper output escaping (95%), several significant concerns emerge from the static analysis. A notable 12 out of 26 AJAX handlers lack authentication checks, creating a substantial attack surface that could be exploited for unauthorized actions. Additionally, 11 out of 27 analyzed taint flows involve unsanitized paths, with one classified as high severity, indicating potential vulnerabilities related to file operations or path manipulation.

The plugin's vulnerability history is a major red flag. With 18 known CVEs, including 2 critical and 6 high-severity unpatched vulnerabilities, BuddyForms has a history of severe security flaws. The types of past vulnerabilities, such as Remote File Inclusion, Privilege Management, SSRF, XSS, Deserialization, and SQL Injection, are particularly concerning as they represent common and dangerous attack vectors. The recent vulnerability in October 2025, coupled with the current unpatched critical issues, suggests a recurring problem with maintaining a secure codebase. This historical trend, combined with the identified code analysis risks, points to a plugin that requires immediate attention and likely updates.

In conclusion, while BuddyForms shows some strengths in its coding practices like prepared statements and output escaping, these are overshadowed by the significant and persistent security issues revealed by its vulnerability history and the presence of unprotected AJAX handlers and unsanitized taint flows. The high number of past critical vulnerabilities and the currently unpatched ones are a strong indicator of a heightened risk for WordPress sites using this plugin. Users should exercise extreme caution and prioritize updating to a version that addresses these ongoing security concerns.

Key Concerns

  • Unpatched Critical CVEs
  • Unpatched High Severity CVEs
  • High Severity Taint Flow
  • Unprotected AJAX Handlers
  • Flows with Unsanitized Paths
  • Bundled Library Outdated (Freemius v1.0)
Vulnerabilities
18

Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) Security Vulnerabilities

CVEs by Year

1 CVE in 2018
2018
1 CVE in 2019
2019
2 CVEs in 2022
2022
2 CVEs in 2023
2023
8 CVEs in 2024
2024
4 CVEs in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Critical
2
High
6
Medium
10

18 total CVEs

CVE-2025-62973medium · 5.3Missing Authorization

BuddyForms <= 2.9.0 - Missing Authorization

Oct 19, 2025Unpatched
CVE-2025-32151high · 8.8Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

BuddyForms <= 2.8.17 - Authenticated (Contributor+) Local File Inclusion

Apr 4, 2025Unpatched
CVE-2024-12038medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Frontend Content Forms for User Submissions (UGC) <= 2.8.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'buddyforms_nav' Shortcode

Feb 21, 2025 Patched in 2.8.16 (1d)
CVE-2024-12037medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Frontend Content Forms for User Submissions (UGC) <= 2.8.13 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jan 30, 2025 Patched in 2.8.14 (1d)
CVE-2024-47377medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BuddyForms <= 2.8.12 - Authenticated (Editor+) Stored Cross-Site Scripting

Sep 30, 2024 Patched in 2.8.13 (11d)
CVE-2024-8246high · 8.8Improper Privilege Management

Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) <= 2.8.11 - Authenticated (Contributor+) Privilege Escalation

Sep 13, 2024 Patched in 2.8.12 (1d)
CVE-2024-5149medium · 6.5Use of Insufficiently Random Values

BuddyForms <= 2.8.9 - Email Verification Bypass due to Insufficient Randomness

Jun 4, 2024 Patched in 2.8.10 (28d)
CVE-2024-32830critical · 9.3Server-Side Request Forgery (SSRF)

BuddyForms <= 2.8.8 - Unauthenticated Arbitrary File Read and Server-Side Request Forgery

Apr 22, 2024 Patched in 2.8.9 (8d)
CVE-2024-30198medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BuddyForms <= 2.8.5 - Reflected Cross-Site Scripting via page

Mar 25, 2024 Patched in 2.8.6 (5d)
CVE-2024-1158medium · 4.3Missing Authorization

Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) <= 2.8.7 - Missing Authorization

Mar 6, 2024 Patched in 2.8.8 (8d)
CVE-2024-1170high · 8.2Missing Authorization

Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) <= 2.8.7 - Missing Authorization to Unauthenticated Media Deletion

Mar 6, 2024 Patched in 2.8.8 (1d)
CVE-2024-1169high · 7.5Missing Authorization

Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) <= 2.8.7 - Missing Authorization to Unauthenticated Media Upload

Mar 6, 2024 Patched in 2.8.8 (1d)
CVE-2023-25981medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Post, Registration and Profile Form Builder – FrontEnd Editor BuddyForms – Easy WordPress Forms <= 2.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

May 11, 2023 Patched in 2.8.2 (257d)
CVE-2023-26326high · 8.8Deserialization of Untrusted Data

BuddyForms <= 2.7.7 - PHAR Deserialization

Feb 20, 2023 Patched in 2.7.8 (337d)
CVE-2022-38971medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BuddyForms <= 2.7.2 - Authenticated (Contributor+) Stored Stored Cross-Site Scripting

Oct 27, 2022 Patched in 2.7.3 (453d)
WF-ba5d1bd4-da0d-43f4-b28f-4a4a2702b3b0-buddyformsmedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Post, Registration and Profile Form Builder – FrontEnd Editor BuddyForms – Easy WordPress Forms <= 2.6.9 - Cross-Site Scripting

Jun 26, 2022 Patched in 2.6.10 (576d)
WF-3fda31fa-efc9-44b9-99ba-9e3e23aa2ee0-buddyformshigh · 8.8Missing Authorization

Freemius SDK <= 2.2.3 - Missing Authorization to Arbitrary Options Update

Feb 25, 2019 Patched in 2.3.2 (1793d)
CVE-2018-21003critical · 9.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Post, Registration and Profile Form Builder – FrontEnd Editor BuddyForms – Easy WordPress Forms <= 2.2.7 - SQL Injection

Nov 9, 2018 Patched in 2.2.8 (1901d)
Code Analysis
Analyzed Mar 16, 2026

Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
13 prepared
Unescaped Output
70
1470 escaped
Nonce Checks
19
Capability Checks
28
File Operations
9
External Requests
3
Bundled Libraries
3

Bundled Libraries

Select2TinyMCEFreemius1.0

SQL Query Safety

93% prepared14 total queries

Output Escaping

95% escaped1540 total outputs
Data Flows
11 unsanitized

Data Flow Analysis

25 flows11 with unsanitized paths
buddyforms_new_post_status_mail_notification (includes\admin\form-builder\meta-boxes\metabox-mail-notification.php:586)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
12 unprotected

Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) Attack Surface

Entry Points43
Unprotected12

AJAX Handlers 26

authwp_ajax_buddyforms_post_types_taxonomiesincludes\admin\admin-ajax.php:9
authwp_ajax_buddyforms_close_submission_default_page_notificationincludes\admin\admin-ajax.php:30
authwp_ajax_buddyforms_update_taxonomy_defaultincludes\admin\admin-ajax.php:45
authwp_ajax_buddyforms_new_pageincludes\admin\admin-ajax.php:76
authwp_ajax_buddyforms_url_builderincludes\admin\admin-ajax.php:119
authwp_ajax_buddyforms_custom_form_templateincludes\admin\admin-ajax.php:155
authwp_ajax_buddyforms_display_form_elementincludes\admin\form-builder\form-builder-elements.php:1810
authwp_ajax_buddyforms_form_templateincludes\admin\form-builder\form-templates.php:299
authwp_ajax_buddyforms_load_form_layoutincludes\admin\form-builder\meta-boxes\metabox-layout.php:142
authwp_ajax_buddyforms_new_mail_notificationincludes\admin\form-builder\meta-boxes\metabox-mail-notification.php:511
authwp_ajax_buddyforms_test_emailincludes\admin\form-builder\meta-boxes\metabox-mail-notification.php:566
authwp_ajax_buddyforms_new_post_status_mail_notificationincludes\admin\form-builder\meta-boxes\metabox-mail-notification.php:619
authwp_ajax_buddyforms_ajax_edit_postincludes\form\form-ajax.php:6
authwp_ajax_bf_load_taxonomyincludes\form\form-ajax.php:23
noprivwp_ajax_bf_load_taxonomyincludes\form\form-ajax.php:24
authwp_ajax_buddyforms_ajax_process_edit_postincludes\form\form-ajax.php:93
noprivwp_ajax_buddyforms_ajax_process_edit_postincludes\form\form-ajax.php:94
authwp_ajax_buddyforms_ajax_delete_postincludes\form\form-ajax.php:220
noprivwp_ajax_handle_dropped_mediaincludes\functions.php:1325
authwp_ajax_handle_dropped_mediaincludes\functions.php:1326
noprivwp_ajax_handle_deleted_mediaincludes\functions.php:1375
authwp_ajax_handle_deleted_mediaincludes\functions.php:1376
noprivwp_ajax_upload_image_from_urlincludes\functions.php:1401
authwp_ajax_upload_image_from_urlincludes\functions.php:1402
authwp_ajax_buddyforms_gdpr_data_requestincludes\gdpr.php:142
noprivwp_ajax_buddyforms_gdpr_data_requestincludes\gdpr.php:143

Shortcodes 17

[buddyforms_gpdr] includes\gdpr.php:91
[buddyforms_form] includes\shortcodes.php:10
[bf] includes\shortcodes.php:11
[buddyforms_the_loop] includes\shortcodes.php:266
[buddyforms_list_all] includes\shortcodes.php:267
[bf_user_posts_list] includes\shortcodes.php:268
[bf_posts_list] includes\shortcodes.php:269
[buddyforms_nav] includes\shortcodes.php:314
[bf_nav] includes\shortcodes.php:315
[buddyforms_button_view_posts] includes\shortcodes.php:357
[bf_link_to_user_posts] includes\shortcodes.php:358
[buddyforms_button_add_new] includes\shortcodes.php:394
[bf_link_to_form] includes\shortcodes.php:395
[bf_login_form] includes\shortcodes.php:431
[buddyforms_reset_password] includes\shortcodes.php:501
[bf_new_submission_link] includes\shortcodes.php:549
[bf_meta_key_count] includes\shortcodes.php:580
WordPress Hooks 141
actioninitBuddyForms.php:63
actioninitBuddyForms.php:71
actioninitBuddyForms.php:77
actioninitBuddyForms.php:78
actionadmin_menuBuddyForms.php:79
filterplugin_iconBuddyForms.php:167
actionadmin_noticesBuddyForms.php:631
filterhandle_gdpr_admin_noticeBuddyForms.php:638
actionadmin_enqueue_scriptsincludes\admin\admin-analytics.php:66
filterpermission_listincludes\admin\admin-analytics.php:77
actionpost_submitbox_startincludes\admin\class-bf-admin-notices.php:21
actionadmin_noticesincludes\admin\class-bf-admin-notices.php:97
filtershow_affiliate_program_noticeincludes\admin\class-bf-admin-notices.php:120
actionedit_form_topincludes\admin\form-builder\meta-boxes\metabox-form-header.php:16
actionwp_mail_failedincludes\admin\form-builder\meta-boxes\metabox-mail-notification.php:584
actionbuddyforms_form_setup_nav_li_lastincludes\admin\form-builder\meta-boxes\metabox-mail-notification.php:631
actionbuddyforms_form_setup_tab_pane_lastincludes\admin\form-builder\meta-boxes\metabox-mail-notification.php:651
actionbuddyforms_form_setup_nav_li_lastincludes\admin\form-builder\meta-boxes\metabox-permissions.php:277
actionbuddyforms_form_setup_tab_pane_lastincludes\admin\form-builder\meta-boxes\metabox-permissions.php:293
actionbuddyforms_form_setup_nav_li_lastincludes\admin\form-builder\meta-boxes\metabox-registration.php:12
actionbuddyforms_form_setup_tab_pane_lastincludes\admin\form-builder\meta-boxes\metabox-registration.php:13
actionadd_meta_boxesincludes\admin\form-builder\meta-boxes\metabox-select-form.php:35
actionsave_postincludes\admin\form-builder\meta-boxes\metabox-select-form.php:136
filterdisplay_post_statesincludes\admin\functions.php:72
filterthe_titleincludes\admin\functions.php:99
filtermce_external_pluginsincludes\admin\functions.php:227
filterdisplay_post_statesincludes\admin\functions.php:232
actionmedia_buttonsincludes\admin\mce-editor-button.php:12
actionadmin_footerincludes\admin\mce-editor-button.php:47
actionadmin_footerincludes\admin\mce-editor-button.php:135
filterbuddyforms_admin_tabsincludes\admin\password-strengh-settings.php:6
actionbuddyforms_settings_page_tabincludes\admin\password-strengh-settings.php:14
actionadmin_initincludes\admin\password-strengh-settings.php:115
filterwp_privacy_personal_data_exportersincludes\admin\personal-data-exporter.php:78
actionadmin_enqueue_scriptsincludes\admin\pricing-page\pricing-page.php:25
actionadd_meta_boxesincludes\admin\register-post-types.php:9
filterget_user_option_meta-box-order_buddyformsincludes\admin\register-post-types.php:38
filterpostbox_classes_buddyforms_buddyforms_form_elementsincludes\admin\register-post-types.php:50
filterbuddyforms_metabox_sidebarincludes\admin\register-post-types.php:51
filterpostbox_classes_buddyforms_buddyforms_form_setupincludes\admin\register-post-types.php:52
filterpostbox_classes_buddyforms_buddyforms_form_designerincludes\admin\register-post-types.php:53
filterpostbox_classes_buddyforms_buddyforms_form_shortcodesincludes\admin\register-post-types.php:54
filterpostbox_classes_buddyforms_buddyforms_form_go_proincludes\admin\register-post-types.php:55
actionpost_edit_form_tagincludes\admin\register-post-types.php:140
filterwp_insert_post_dataincludes\admin\register-post-types.php:176
actionsave_postincludes\admin\register-post-types.php:260
actiontransition_post_statusincludes\admin\register-post-types.php:278
actioninitincludes\admin\register-post-types.php:392
actionadmin_headincludes\admin\register-post-types.php:398
filterpost_updated_messagesincludes\admin\register-post-types.php:432
filtermanage_buddyforms_posts_columnsincludes\admin\register-post-types.php:451
actionmanage_buddyforms_posts_custom_columnincludes\admin\register-post-types.php:512
actionadmin_head-edit.phpincludes\admin\register-post-types.php:590
actionadmin_head-post.phpincludes\admin\register-post-types.php:591
actionadmin_head-post-new.phpincludes\admin\register-post-types.php:592
actionpost_submitbox_misc_actionsincludes\admin\register-post-types.php:659
actionadmin_menuincludes\admin\register-post-types.php:671
filterpost_row_actionsincludes\admin\register-post-types.php:706
actionadmin_initincludes\admin\register-post-types.php:721
filterhidden_meta_boxesincludes\admin\register-post-types.php:723
actionadmin_menuincludes\admin\settings.php:13
actionadmin_initincludes\admin\settings.php:79
actionadmin_initincludes\admin\settings.php:511
actionadmin_menuincludes\admin\submissions.php:17
filterset-screen-optionincludes\admin\submissions.php:19
actionadmin_initincludes\admin\submissions.php:20
actioninitincludes\admin\submissions.php:253
actionshow_user_profileincludes\admin\user-meta.php:7
actionedit_user_profileincludes\admin\user-meta.php:10
actionpersonal_options_updateincludes\admin\user-meta.php:135
actionedit_user_profile_updateincludes\admin\user-meta.php:138
actionadmin_menuincludes\admin\welcome-screen.php:12
actionadmin_headincludes\admin\welcome-screen.php:206
actioninitincludes\change-password.php:99
actioninitincludes\class-buddyforms-session.php:66
filterbnfw_trigger_insert_postincludes\compatibility.php:13
actionwp_enqueue_scriptsincludes\compatibility.php:14
actionadmin_enqueue_scriptsincludes\form\form-assets.php:22
actionadmin_enqueue_scriptsincludes\form\form-assets.php:23
filteradmin_footer_textincludes\form\form-assets.php:24
actionadmin_enqueue_scriptsincludes\form\form-assets.php:27
actionwp_enqueue_scriptsincludes\form\form-assets.php:29
filterwp_handle_upload_prefilterincludes\form\form-control.php:1333
filterbuddyforms_form_field_include_extra_htmlincludes\form\form-control.php:1439
filterbuddyforms_update_form_titleincludes\form\form-control.php:1496
filterbuddyforms_before_update_post_metaincludes\form\form-control.php:1540
filterbuddyforms_update_form_contentincludes\form\form-control.php:1543
actionedit_postincludes\form\form-control.php:1561
filtertiny_mce_before_initincludes\form\form-elements.php:321
filterthe_contentincludes\form\form-elements.php:398
filtertiny_mce_before_initincludes\form\form-elements.php:550
filtertiny_mce_before_initincludes\form\form-elements.php:618
filterthe_contentincludes\form\form-elements.php:683
actioninitincludes\form\form-preview.php:7
filterthe_contentincludes\form\form-preview.php:20
filterbuddyforms_form_custom_validationincludes\form\form-validation.php:9
actionwpincludes\form\form.php:457
actionwp_before_admin_bar_renderincludes\functions.php:12
actionpre_get_postsincludes\functions.php:77
actioninitincludes\functions.php:104
filterwp_login_errorsincludes\functions.php:344
filterregister_urlincludes\functions.php:364
filterlogin_form_bottomincludes\functions.php:365
actionlogin_form_bottomincludes\functions.php:386
filtermce_external_pluginsincludes\functions.php:954
actionadmin_bar_menuincludes\functions.php:1184
actionbuddyforms_form_hero_lastincludes\functions.php:1228
filterbuddyforms_loop_form_slugincludes\functions.php:2056
filterbuddyforms_mail_to_before_send_notificationincludes\functions.php:2072
filtersafe_style_cssincludes\functions.php:2102
filterblock_categories_allincludes\gutenberg\gutenberg.php:27
actionenqueue_block_editor_assetsincludes\gutenberg\gutenberg.php:40
actioninitincludes\gutenberg\shortcodes\shortcodes-to-blocks.php:180
actionbuddyforms_process_field_submissionincludes\resources\pfbc\FieldControl.php:33
filterbuddyforms_field_localizationincludes\resources\pfbc\FieldControl.php:34
filterbf_submission_column_defaultincludes\resources\pfbc\FieldControl.php:35
actionbuddyforms_update_post_metaincludes\resources\pfbc\FieldControl.php:36
filterbuddyforms_element_required_validationincludes\resources\pfbc\FieldControl.php:38
actioninitincludes\rewrite-roles.php:13
filterquery_varsincludes\rewrite-roles.php:49
filterget_edit_post_linkincludes\rewrite-roles.php:75
filterinitincludes\rewrite-roles.php:195
filterlogin_redirectincludes\rewrite-roles.php:231
filterthe_contentincludes\rewrite-roles.php:276
filterthe_contentincludes\rewrite-roles.php:291
actiontemplate_includeincludes\the-content.php:7
filterthe_contentincludes\the-content.php:31
filterthe_contentincludes\the-content.php:73
filterbuddyforms_the_contentincludes\the-content.php:86
filterauthenticateincludes\wp-insert-user.php:442
filteruser_row_actionsincludes\wp-insert-user.php:470
actionadmin_action_buddyforms_activateincludes\wp-insert-user.php:492
filternonce_user_logged_outincludes\wp-insert-user.php:517
actionadmin_action_buddyforms_resend_activationincludes\wp-insert-user.php:537
actionadmin_noticesincludes\wp-insert-user.php:582
filterviews_usersincludes\wp-insert-user.php:599
filterusers_list_table_query_argsincludes\wp-insert-user.php:623
actiontemplate_redirectincludes\wp-insert-user.php:663
actionbuddyforms_process_submission_endincludes\wp-mail.php:34
actiontransition_post_statusincludes\wp-mail.php:350
actionwp_footertemplates\buddyforms\login-form.php:27

Scheduled Events 1

wp_scheduled_auto_draft_delete
Maintenance & Trust

Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedJun 4, 2025
PHP min version5.3
Downloads215K

Community Trust

Rating96/100
Number of ratings180
Active installs1K
Alternatives

Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) Alternatives

WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More

WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More

wpforms-lite

A
90

The best WordPress contact form plugin. Drag & Drop form builder to create beautiful contact forms, payment forms, & other custom forms.

6.0M 13 CVEs
Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder

Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder

fluentform

B
82

Get a fast contact form plugin. Create advanced forms using drag and drop form builder with all smart features.

600K 27 CVEs
Ninja Forms – The Contact Form Builder That Grows With You

Ninja Forms – The Contact Form Builder That Grows With You

ninja-forms

B
76

The 100% beginner friendly WordPress form builder. Drag & drop form fields to build beautiful, professional contact forms in minutes.

600K 74 CVEs
SureForms – Contact Form, Payment Form & Other Custom Form Builder

SureForms – Contact Form, Payment Form & Other Custom Form Builder

sureforms

A
88

The most beginner-friendly, AI Form Builder for WordPress to create contact forms, payment forms & other custom forms with advanced features, with &hellip;

400K 15 CVEs
Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder

Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder

formidable

B
76

The most advanced WordPress forms plugin. Go beyond contact forms with our drag and drop form builder for surveys, quizzes, and more.

300K 23 CVEs
Developer Profile

Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) Developer Profile

Themekraft

12 plugins · 5K total installs

69
trust score
Avg Security Score
85/100
Avg Patch Time
375 days
View full developer profile
Detection Fingerprints

How We Detect Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/buddyforms/assets/css/buddyforms.css/wp-content/plugins/buddyforms/assets/js/buddyforms.js/wp-content/plugins/buddyforms/assets/css/form.css/wp-content/plugins/buddyforms/assets/js/form.js/wp-content/plugins/buddyforms/assets/css/admin.css/wp-content/plugins/buddyforms/assets/js/admin.js/wp-content/plugins/buddyforms/assets/js/buddyforms-admin-fields.js/wp-content/plugins/buddyforms/assets/js/buddyforms-form-builder.js+13 more
Script Paths
/wp-content/plugins/buddyforms/assets/js/buddyforms.js/wp-content/plugins/buddyforms/assets/js/form.js/wp-content/plugins/buddyforms/assets/js/admin.js/wp-content/plugins/buddyforms/assets/js/buddyforms-admin-fields.js/wp-content/plugins/buddyforms/assets/js/buddyforms-form-builder.js/wp-content/plugins/buddyforms/assets/js/buddyforms-form-editor.js+12 more
Version Parameters
buddyforms/assets/css/buddyforms.css?ver=buddyforms/assets/js/buddyforms.js?ver=buddyforms/assets/css/form.css?ver=buddyforms/assets/js/form.js?ver=buddyforms/assets/css/admin.css?ver=buddyforms/assets/js/admin.js?ver=buddyforms/assets/js/buddyforms-admin-fields.js?ver=buddyforms/assets/js/buddyforms-form-builder.js?ver=buddyforms/assets/js/buddyforms-form-editor.js?ver=buddyforms/assets/js/buddyforms-admin-form-settings.js?ver=buddyforms/assets/js/buddyforms-admin-form-preview.js?ver=buddyforms/assets/js/buddyforms-admin-form-actions.js?ver=buddyforms/assets/js/buddyforms-admin-form-conditions.js?ver=buddyforms/assets/js/buddyforms-admin-form-email.js?ver=buddyforms/assets/js/buddyforms-admin-form-user-registration.js?ver=buddyforms/assets/js/buddyforms-admin-form-post-submission.js?ver=buddyforms/assets/js/buddyforms-admin-form-payment.js?ver=buddyforms/assets/js/buddyforms-admin-form-integrations.js?ver=buddyforms/assets/js/buddyforms-admin-form-other-settings.js?ver=buddyforms/assets/js/buddyforms-admin-plugin-settings.js?ver=buddyforms/assets/js/buddyforms-admin-addon-list.js?ver=

HTML / DOM Fingerprints

CSS Classes
buddyforms-field-wrapperbuddyforms-form-builderbuddyforms-form-editor-containerbuddyforms-backendbuddyforms-frontendbuddyforms-admin-fields-wrapper
Data Attributes
data-bf-field-iddata-bf-form-iddata-bf-field-typedata-bf-field-settingsdata-bf-form-settingsdata-bf-field-order
JS Globals
BuddyFormsbuddyforms_params
Shortcode Output
[buddyforms[buddyforms_form
FAQ

Frequently Asked Questions about Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)