Does Contact Form Clean and Simple have any unpatched vulnerabilities?

No. All known vulnerabilities in Contact Form Clean and Simple have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Contact Form Clean and Simple compatible with WordPress 6.9.4?

According to WordPress.org data, Contact Form Clean and Simple 4.12.2 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Contact Form Clean and Simple compatible with PHP 7.4+?

Contact Form Clean and Simple requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Contact Form Clean and Simple updated?

Contact Form Clean and Simple was last updated on Dec 31, 2025. Frequent updates are generally a positive security signal.

What is Contact Form Clean and Simple's security score?

Contact Form Clean and Simple has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Contact Form Clean and Simple Security & Risk Analysis

wordpress.org/plugins/clean-and-simple-contact-form-by-meg-nicholas

A clean and simple contact form with flexible CSS framework support.

8K active installs v4.12.2 PHP 7.4+ WP 5.6+ Updated Dec 31, 2025

bootstrapcontactcontact-formfeedback-formform

A · Safe

CVEs total2

Unpatched0

Last CVEJan 14, 2020

Plugin page Download

Safety Verdict

Is Contact Form Clean and Simple Safe to Use in 2026?

Generally Safe

Score 99/100

Contact Form Clean and Simple has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Jan 14, 2020Updated 3mo ago

Risk Assessment

The 'clean-and-simple-contact-form-by-meg-nicholas' plugin, version 4.12.2, exhibits a mixed security posture. While it demonstrates good practices in several areas, including the complete absence of raw SQL queries and a very high percentage of properly escaped output, there are notable concerns.

The static analysis reveals an attack surface with two unprotected AJAX handlers, posing a potential risk if these handlers can be triggered by unauthenticated users. The lack of taint analysis data is a weakness, as it prevents a deeper understanding of how data flows through the plugin and if potentially malicious inputs could be mishandled. However, the absence of critical or high severity taint flows, if the analysis were comprehensive, would be a positive indicator.

The plugin's vulnerability history shows two past medium-severity CVEs, both related to Cross-site Scripting (XSS). The fact that there are no currently unpatched vulnerabilities is a positive sign, suggesting that the developers have addressed past issues. However, the repeated occurrence of XSS vulnerabilities in the past warrants attention and suggests a need for continued vigilance in input sanitization and output encoding practices.

Key Concerns

Unprotected AJAX handlers present
Limited taint analysis data
Past medium XSS vulnerabilities

Vulnerabilities

Contact Form Clean and Simple Security Vulnerabilities

CVEs by Year

1 CVE in 2014

2014

1 CVE in 2020

2020

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

WF-602c8145-dcf7-4844-8e54-bc50efa307f4-clean-and-simple-contact-form-by-meg-nicholasmedium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Contact Form Clean and Simple <= 4.7.0 - Authenticated Stored Cross-Site Scripting

Jan 14, 2020 Patched in 4.7.1 (1470d)

CVE-2014-8955medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Contact Form Clean and Simple < 4.4.1 - Cross-Site Scripting

Nov 7, 2014 Patched in 4.4.1 (3364d)

Code Analysis

Analyzed Mar 16, 2026

Contact Form Clean and Simple Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

280 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

98% escaped285 total outputs

Attack Surface

2 unprotected

Contact Form Clean and Simple Attack Surface

Entry Points5

Unprotected2

AJAX Handlers 2

authwp_ajax_cscf-submitformajax.php:3

noprivwp_ajax_cscf-submitformajax.php:4

REST API Routes 1

POST/wp-json/cscf/v1/submitclass.cscf_rest_api.php:27

Shortcodes 2

[contact-form] shortcodes\contact-form.php:3

[cscf-contact-form] shortcodes\contact-form.php:4

WordPress Hooks 11

filterwidget_textclass.cscf.php:9

actionwp_enqueue_scriptsclass.cscf.php:12

actionadmin_enqueue_scriptsclass.cscf.php:17

actionadmin_enqueue_scriptsclass.cscf.php:21

actionplugins_loadedclass.cscf.php:26

filtercscf_spamfilterclass.cscf.php:31

actionwp_mail_failedclass.cscf.php:33

actionrest_api_initclass.cscf_rest_api.php:15

actionadmin_menuclass.cscf_settings.php:14

actionadmin_initclass.cscf_settings.php:18

actionphpmailer_initclean-and-simple-contact-form-by-meg-nicholas.php:100

Maintenance & Trust

Contact Form Clean and Simple Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 31, 2025

PHP min version7.4

Downloads547K

Community Trust

Rating94/100

Number of ratings195

Active installs8K

Alternatives

Contact Form Clean and Simple Alternatives

Contact Form & SMTP Plugin for WordPress by PirateForms

pirate-forms

A simple and effective WordPress contact form & SMTP plugin. Compatible with best themes out there, is both a secure and responsive contact form p …

30K 4 CVEs

Bootstrap for Contact Form 7

bootstrap-for-contact-form-7

This plugin modifies the output of the popular Contact Form 7 plugin to be styled in compliance with themes using the Bootstrap CSS framework.

10K No CVEs

Lite Contact Form

lite-contact-form

Lightweight and simple contact form with no additional user-unfriendly options. Can be additionally protected against spam by using Akismet and Google …

100 No CVEs

Kento Ajax Contact Form

kento-ajax-contact-form

A simple contact form plugin using AJAX.

20 No CVEs

Lana Contact Form

lana-contact-form

Easy to use contact form with captcha

20 No CVEs

Developer Profile

Contact Form Clean and Simple Developer Profile

fullworks

13 plugins · 79K total installs

trust score

Avg Security Score

94/100

Avg Patch Time

1372 days

View full developer profile

Detection Fingerprints

How We Detect Contact Form Clean and Simple

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/clean-and-simple-contact-form-by-meg-nicholas/js/jquery.validate.min.js/wp-content/plugins/clean-and-simple-contact-form-by-meg-nicholas/js/jquery.validate.contact.form.js/wp-content/plugins/clean-and-simple-contact-form-by-meg-nicholas/css/bootstrap-forms.min.css/wp-content/plugins/clean-and-simple-contact-form-by-meg-nicholas/css/cscf-modern.css/wp-content/plugins/clean-and-simple-contact-form-by-meg-nicholas/js/jquery.admin.settings.js

Script Paths

https://www.google.com/recaptcha/api.js

Version Parameters

clean-and-simple-contact-form-by-meg-nicholas/js/jquery.validate.min.js?ver=clean-and-simple-contact-form-by-meg-nicholas/js/jquery.validate.contact.form.js?ver=clean-and-simple-contact-form-by-meg-nicholas/css/bootstrap-forms.min.css?ver=clean-and-simple-contact-form-by-meg-nicholas/css/cscf-modern.css?ver=clean-and-simple-contact-form-by-meg-nicholas/js/jquery.admin.settings.js?ver=

HTML / DOM Fingerprints

CSS Classes

cscf-settingsexpandable-headingrecaptcha-field

HTML Comments

Plugin Name: Contact Form Clean and SimpleAuthor: Meghan NicholasAuthor URI: http://www.megnicholas.comThis program is free software; you can redistribute it and/or+11 more

Data Attributes

data-cscf-id

JS Globals

cscfvars

REST Endpoints

/wp-json/cscf/v1/contact-form

Shortcode Output

[contact-form-clean-and-simple]

FAQ