Does C7 Form Builder have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is C7 Form Builder compatible with WordPress 4.3.34?

According to WordPress.org data, C7 Form Builder 1.0.0-beta.2 has been tested up to WordPress 4.3.34. Check the plugin's changelog for the latest compatibility information.

How often is C7 Form Builder updated?

C7 Form Builder was last updated on Sep 8, 2015. Frequent updates are generally a positive security signal.

What is C7 Form Builder's security score?

C7 Form Builder has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

C7 Form Builder Security & Risk Analysis

wordpress.org/plugins/c7-form-builder

Provides an easy to use and powerful API for building forms that can be displayed, customized and saved any way you want.

30 active installs v1.0.0-beta.2 PHP + WP 3.8.0+ Updated Sep 8, 2015

custom-fieldsformmetameta-boxesrepeatable

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is C7 Form Builder Safe to Use in 2026?

Generally Safe

Score 85/100

C7 Form Builder has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago

Risk Assessment

The "c7-form-builder" plugin version 1.0.0-beta.2 exhibits a generally strong security posture based on the provided static analysis. The absence of dangerous functions, raw SQL queries, and file operations is highly commendable. Furthermore, the plugin demonstrates good practices in output escaping (94%) and includes necessary nonce and capability checks, indicating a developer conscious of common WordPress security pitfalls. The lack of any recorded vulnerabilities in its history further strengthens this positive assessment, suggesting a stable and well-maintained codebase.

However, the static analysis did not cover taint flows, leaving a potential blind spot for vulnerabilities that might arise from unsanitized user input being used in sensitive operations. While the current entry points are limited and appear protected, any future expansion of functionality, particularly with additional AJAX handlers or REST API routes, would require diligent security reviews. The beta status also implies that the plugin is still under active development and may not have undergone extensive real-world testing, which could hide latent issues.

In conclusion, "c7-form-builder" shows promising signs of secure development with robust foundational practices. The main areas for vigilance are the unanalyzed taint flows and the inherent risks associated with beta software. Continued adherence to secure coding principles, especially regarding input sanitization and validation for any new features, will be crucial for maintaining its security.

Vulnerabilities

None known

C7 Form Builder Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

C7 Form Builder Release Timeline

v1.0.0-beta.2Current

v1.0.0-beta

Code Analysis

Analyzed Mar 16, 2026

C7 Form Builder Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

16 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

94% escaped17 total outputs

Attack Surface

C7 Form Builder Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[cfb_form] includes\class-cfb-main.php:140

WordPress Hooks 25

actionplugins_loadedc7-form-builder.php:134

actionadmin_enqueue_scriptsincludes\class-cfb-main.php:124

actionwp_enqueue_scriptsincludes\class-cfb-main.php:125

actioninitincludes\class-cfb-main.php:128

filtercfb_maybe_init_admin_formincludes\class-cfb-main.php:130

filtercfb_maybe_init_post_formincludes\class-cfb-main.php:131

filtercfb_maybe_init_taxonomy_formincludes\class-cfb-main.php:132

filtercfb_maybe_init_theme_formincludes\class-cfb-main.php:133

filtercfb_maybe_init_user_formincludes\class-cfb-main.php:134

filtercfb_do_redirect_post_form_typeincludes\class-cfb-main.php:136

filtercfb_do_redirect_user_form_typeincludes\class-cfb-main.php:137

filtercfb_do_redirect_taxonomy_form_typeincludes\class-cfb-main.php:138

actionedit_form_after_titleincludes\class-cfb-main.php:143

actiondelete_termincludes\class-cfb-main.php:147

actionadmin_initincludes\forms\class-cfb-admin-form.php:91

actionadmin_menuincludes\forms\class-cfb-admin-form.php:92

actionadd_meta_boxesincludes\forms\class-cfb-post-form.php:62

actionsave_postincludes\forms\class-cfb-post-form.php:63

actioncreated_termincludes\forms\class-cfb-taxonomy-form.php:59

actionedited_termincludes\forms\class-cfb-taxonomy-form.php:60

actioninitincludes\forms\class-cfb-theme-form.php:33

actionshow_user_profileincludes\forms\class-cfb-user-form.php:33

actionedit_user_profileincludes\forms\class-cfb-user-form.php:34

actionpersonal_options_updateincludes\forms\class-cfb-user-form.php:36

actionedit_user_profile_updateincludes\forms\class-cfb-user-form.php:37

Maintenance & Trust

C7 Form Builder Maintenance & Trust

Maintenance Signals

WordPress version tested4.3.34

Last updatedSep 8, 2015

PHP min version

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs30

Alternatives

C7 Form Builder Alternatives

Flow Fields

flow-fields

Flow Fields is a WordPress plugin that allows you to easily add custom fields to your posts, pages, and other custom post types.

10 No CVEs

Transform Meta Boxes

transform-meta-boxes

Alter any taxonomy's meta box appearance (in the Classic Editor) to single or multiple select dropdowns, or toggle button style checkboxes.

10 No CVEs

Advanced Custom Fields (ACF®)

advanced-custom-fields

ACF helps customize WordPress with powerful, professional and intuitive fields. Proudly powering over 2 million sites, WordPress developers love ACF.

2.0M 10 CVEs

Meta Box

meta-box

Meta Box plugin is a powerful, professional developer toolkit to create custom meta boxes and custom fields for your custom post types in WordPress.

500K 7 CVEs

CMB2

cmb2

CMB2 is a metabox, custom fields, and forms library for WordPress that will blow your mind.

300K 1 CVE

Developer Profile

C7 Form Builder Developer Profile

Chetan Chauhan

2 plugins · 40 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect C7 Form Builder

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/c7-form-builder/assets/css/admin-style.css/wp-content/plugins/c7-form-builder/assets/css/front-style.css/wp-content/plugins/c7-form-builder/assets/js/admin-script.js/wp-content/plugins/c7-form-builder/assets/js/front-script.js

Script Paths

/wp-content/plugins/c7-form-builder/assets/js/admin-script.js/wp-content/plugins/c7-form-builder/assets/js/front-script.js

Version Parameters

c7-form-builder/assets/css/admin-style.css?ver=c7-form-builder/assets/css/front-style.css?ver=c7-form-builder/assets/js/admin-script.js?ver=c7-form-builder/assets/js/front-script.js?ver=

HTML / DOM Fingerprints

CSS Classes

cfb-admin-form-wrapcfb-frontend-form-wrapcfb-form-fieldcfb-field-labelcfb-field-inputcfb-field-textareacfb-field-selectcfb-field-submit+1 more

Data Attributes

data-cfb-field-typedata-cfb-form-id

JS Globals

window.cfb_admin_scriptwindow.cfb_front_script

Shortcode Output

[cfb_form

FAQ