WP-Safety

HIPAA FORMS – Add HIPAA Compliant Webforms to Your WordPress Website Security & Risk Analysis

wordpress.org/plugins/codemonkeys-hipaa-forms

Add HIPAA Compliant web forms easily to your Wordpress website using the HIPAA FORMS SaaS Service and Caldera or Gravity Forms.

900 active installs v3.1.9 PHP + WP 5.4+ Updated Feb 16, 2026
gravity-formshealth-formshipaa-formsmedical-formssecure-forms
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is HIPAA FORMS – Add HIPAA Compliant Webforms to Your WordPress Website Safe to Use in 2026?

Generally Safe

Score 100/100

HIPAA FORMS – Add HIPAA Compliant Webforms to Your WordPress Website has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The "codemonkeys-hipaa-forms" plugin v3.1.9 demonstrates a generally positive security posture with strong adherence to secure coding practices in several areas. The complete absence of SQL injection vulnerabilities due to prepared statements and a lack of file operations are significant strengths. The plugin also boasts a high rate of output escaping, indicating a good effort to prevent cross-site scripting vulnerabilities. Furthermore, the absence of any recorded vulnerabilities in its history suggests a commitment to security maintenance or a fortunate lack of past exploitable issues. However, the plugin is not without its risks. A notable concern is the presence of 102 AJAX handlers, with 2 of them lacking any authentication checks. This directly exposes these entry points to potential unauthorized access and manipulation, which can lead to various security compromises depending on the functionality of these handlers. While taint analysis did not reveal critical or high severity issues, one flow with an unsanitized path is a potential indicator of a less severe but still present risk of information leakage or unintended behavior. The lack of capability checks, though potentially mitigated by other internal checks not detailed, is another area that could be strengthened to ensure proper authorization.

Key Concerns

  • AJAX handlers without auth checks
  • Flows with unsanitized paths
  • Lack of capability checks
Vulnerabilities
None known

HIPAA FORMS – Add HIPAA Compliant Webforms to Your WordPress Website Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

HIPAA FORMS – Add HIPAA Compliant Webforms to Your WordPress Website Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
1 prepared
Unescaped Output
171
461 escaped
Nonce Checks
93
Capability Checks
0
File Operations
0
External Requests
33
Bundled Libraries
0

SQL Query Safety

100% prepared1 total queries

Output Escaping

73% escaped632 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

25 flows1 with unsanitized paths
cm_hipaa_delete_pdf (ajax-functions-php7.php:249)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

HIPAA FORMS – Add HIPAA Compliant Webforms to Your WordPress Website Attack Surface

Entry Points102
Unprotected2

AJAX Handlers 102

authwp_ajax_cm_hipaa_get_formsajax-functions-php7.php:45
noprivwp_ajax_cm_hipaa_get_formsajax-functions-php7.php:46
authwp_ajax_cm_hipaa_get_submitted_forms_listajax-functions-php7.php:81
noprivwp_ajax_cm_hipaa_get_submitted_forms_listajax-functions-php7.php:82
authwp_ajax_cm_hipaa_get_submitted_formajax-functions-php7.php:105
noprivwp_ajax_cm_hipaa_get_submitted_formajax-functions-php7.php:106
authwp_ajax_cm_hipaa_submit_noteajax-functions-php7.php:133
noprivwp_ajax_cm_hipaa_submit_noteajax-functions-php7.php:134
authwp_ajax_cm_hipaa_get_notesajax-functions-php7.php:157
noprivwp_ajax_cm_hipaa_get_notesajax-functions-php7.php:158
authwp_ajax_cm_hipaa_get_form_historyajax-functions-php7.php:183
noprivwp_ajax_cm_hipaa_get_form_historyajax-functions-php7.php:184
authwp_ajax_cm_hipaa_selected_users_modalajax-functions-php7.php:202
noprivwp_ajax_cm_hipaa_selected_users_modalajax-functions-php7.php:203
authwp_ajax_cm_hipaa_reassign_selected_userajax-functions-php7.php:221
noprivwp_ajax_cm_hipaa_reassign_selected_userajax-functions-php7.php:222
authwp_ajax_cm_hipaa_generate_pdfajax-functions-php7.php:245
noprivwp_ajax_cm_hipaa_generate_pdfajax-functions-php7.php:246
authwp_ajax_cm_hipaa_delete_pdfajax-functions-php7.php:260
noprivwp_ajax_cm_hipaa_delete_pdfajax-functions-php7.php:261
authwp_ajax_cm_hipaa_archive_formajax-functions-php7.php:284
noprivwp_ajax_cm_hipaa_archive_formajax-functions-php7.php:285
authwp_ajax_cm_hipaa_restore_formajax-functions-php7.php:308
noprivwp_ajax_cm_hipaa_restore_formajax-functions-php7.php:309
authwp_ajax_cm_hipaa_destroy_formajax-functions-php7.php:332
noprivwp_ajax_cm_hipaa_destroy_formajax-functions-php7.php:333
authwp_ajax_cm_hipaa_print_formajax-functions-php7.php:356
noprivwp_ajax_cm_hipaa_print_formajax-functions-php7.php:357
authwp_ajax_cm_hipaa_get_logsajax-functions-php7.php:383
noprivwp_ajax_cm_hipaa_get_logsajax-functions-php7.php:384
authwp_ajax_cm_hipaa_get_baa_formajax-functions-php7.php:406
noprivwp_ajax_cm_hipaa_get_baa_formajax-functions-php7.php:407
authwp_ajax_cm_hipaa_submit_baa_formajax-functions-php7.php:433
noprivwp_ajax_cm_hipaa_submit_baa_formajax-functions-php7.php:434
authwp_ajax_cm_hipaa_get_baa_pdfajax-functions-php7.php:456
noprivwp_ajax_cm_hipaa_get_baa_pdfajax-functions-php7.php:457
authwp_ajax_cm_hipaa_get_support_ticketsajax-functions-php7.php:480
noprivwp_ajax_cm_hipaa_get_support_ticketsajax-functions-php7.php:481
authwp_ajax_cm_hipaa_submit_support_ticketajax-functions-php7.php:508
noprivwp_ajax_cm_hipaa_submit_support_ticketajax-functions-php7.php:509
authwp_ajax_cm_hipaa_close_support_ticketajax-functions-php7.php:532
noprivwp_ajax_cm_hipaa_close_support_ticketajax-functions-php7.php:533
authwp_ajax_cm_hipaa_validate_accountajax-functions-php7.php:555
noprivwp_ajax_cm_hipaa_validate_accountajax-functions-php7.php:556
authwp_ajax_cm_hipaa_update_available_formsajax-functions-php7.php:588
noprivwp_ajax_cm_hipaa_update_available_formsajax-functions-php7.php:589
authwp_ajax_cm_hipaa_update_user_roleajax-functions-php7.php:611
noprivwp_ajax_cm_hipaa_update_user_roleajax-functions-php7.php:612
authwp_ajax_cm_hipaa_get_file_upload_urlajax-functions-php7.php:635
noprivwp_ajax_cm_hipaa_get_file_upload_urlajax-functions-php7.php:636
authwp_ajax_cm_hipaa_export_formajax-functions-php7.php:660
noprivwp_ajax_cm_hipaa_export_formajax-functions-php7.php:661
authwp_ajax_cm_hipaa_bulk_export_formsajax-functions-php7.php:685
noprivwp_ajax_cm_hipaa_bulk_export_formsajax-functions-php7.php:686
authwp_ajax_cm_hipaa_export_form_notesajax-functions-php7.php:709
noprivwp_ajax_cm_hipaa_export_form_notesajax-functions-php7.php:710
authwp_ajax_cm_hipaa_export_form_historyajax-functions-php7.php:733
noprivwp_ajax_cm_hipaa_export_form_historyajax-functions-php7.php:734
authwp_ajax_cm_hipaa_update_custom_statusajax-functions-php7.php:758
noprivwp_ajax_cm_hipaa_update_custom_statusajax-functions-php7.php:759
authwp_ajax_cm_hipaa_submit_caldera_formajax-functions-php7.php:1104
noprivwp_ajax_cm_hipaa_submit_caldera_formajax-functions-php7.php:1105
authwp_ajax_cm_hipaa_submit_gravity_formajax-functions-php7.php:1405
noprivwp_ajax_cm_hipaa_submit_gravity_formajax-functions-php7.php:1406
authwp_ajax_cm_hipaa_validate_accountajax-functions.php:42
noprivwp_ajax_cm_hipaa_validate_accountajax-functions.php:43
authwp_ajax_cm_hipaa_get_submitted_forms_listajax-functions.php:126
authwp_ajax_cm_hipaa_get_submitted_formajax-functions.php:157
authwp_ajax_cm_hipaa_submit_noteajax-functions.php:204
authwp_ajax_cm_hipaa_update_custom_status_selectajax-functions.php:230
authwp_ajax_cm_hipaa_get_notesajax-functions.php:260
authwp_ajax_cm_hipaa_get_form_historyajax-functions.php:297
authwp_ajax_cm_hipaa_selected_users_modalajax-functions.php:326
authwp_ajax_cm_hipaa_reassign_selected_userajax-functions.php:355
authwp_ajax_cm_hipaa_generate_pdfajax-functions.php:389
authwp_ajax_cm_hipaa_delete_pdfajax-functions.php:418
authwp_ajax_cm_hipaa_archive_formajax-functions.php:449
authwp_ajax_cm_hipaa_restore_formajax-functions.php:480
authwp_ajax_cm_hipaa_destroy_formajax-functions.php:511
authwp_ajax_cm_hipaa_print_formajax-functions.php:542
authwp_ajax_cm_hipaa_get_logsajax-functions.php:585
authwp_ajax_cm_hipaa_get_baa_formajax-functions.php:612
authwp_ajax_cm_hipaa_submit_baa_formajax-functions.php:655
authwp_ajax_cm_hipaa_get_baa_pdfajax-functions.php:682
authwp_ajax_cm_hipaa_get_support_ticketsajax-functions.php:713
authwp_ajax_cm_hipaa_submit_support_ticketajax-functions.php:742
authwp_ajax_cm_hipaa_close_support_ticketajax-functions.php:767
authwp_ajax_cm_hipaa_update_available_formsajax-functions.php:801
authwp_ajax_cm_hipaa_update_user_roleajax-functions.php:825
authwp_ajax_cm_hipaa_get_file_upload_urlajax-functions.php:860
noprivwp_ajax_cm_hipaa_get_file_upload_urlajax-functions.php:861
authwp_ajax_cm_hipaa_rebuild_form_fieldsajax-functions.php:908
noprivwp_ajax_cm_hipaa_rebuild_form_fieldsajax-functions.php:909
authwp_ajax_cm_hipaa_export_formajax-functions.php:943
authwp_ajax_cm_hipaa_bulk_export_formsajax-functions.php:978
authwp_ajax_cm_hipaa_export_form_notesajax-functions.php:1009
authwp_ajax_cm_hipaa_export_form_historyajax-functions.php:1040
authwp_ajax_cm_hipaa_update_custom_statusajax-functions.php:1075
authwp_ajax_cm_hipaa_submit_caldera_formajax-functions.php:1515
noprivwp_ajax_cm_hipaa_submit_caldera_formajax-functions.php:1516
authwp_ajax_cm_hipaa_submit_gravity_formajax-functions.php:1942
noprivwp_ajax_cm_hipaa_submit_gravity_formajax-functions.php:1943
WordPress Hooks 8
actionadmin_enqueue_scriptsadmin-enqueue.php:57
actionadmin_menuadmin-page.php:11
actionwp_enqueue_scriptsenqueue.php:93
filterwphipaa-forms.php:23
filtergform_validation_messagehipaa-forms.php:98
actionadmin_initincludes\options.php:53
actioninituser-role.php:100
actioninituser-role.php:111
Maintenance & Trust

HIPAA FORMS – Add HIPAA Compliant Webforms to Your WordPress Website Maintenance & Trust

Maintenance Signals

WordPress version tested
Last updatedFeb 16, 2026
PHP min version
Downloads90K

Community Trust

Rating86/100
Number of ratings9
Active installs900
Alternatives

HIPAA FORMS – Add HIPAA Compliant Webforms to Your WordPress Website Alternatives

Gravity Forms Zero Spam

Gravity Forms Zero Spam

gravity-forms-zero-spam

A
100

Enhance your Gravity Forms to include anti-spam measures originally based on the work of David Walsh's "Zero Spam" technique.

100K No CVEs
Gravity Booster – Styles & Layouts for Gravity Forms

Gravity Booster – Styles & Layouts for Gravity Forms

styles-and-layouts-for-gravity-forms

A
100

Gravity Booster - Styles and Layouts for Gravity Forms plugin lets you design and style Gravity Forms without CSS coding. You can also use it for addi …

40K No CVEs
Advanced Custom Fields: Gravity Forms Add-on

Advanced Custom Fields: Gravity Forms Add-on

acf-gravityforms-add-on

A
100

Provides an Advanced Custom Field which allows a WordPress user to select a Gravity Form as part of a field group configuration.

30K No CVEs
Event Tracking for Gravity Forms

Event Tracking for Gravity Forms

gravity-forms-google-analytics-event-tracking

A
92

Easily add event tracking using Gravity Forms and your Google Analytics or Google Tag Manager account. Supports Google Analytics v3 and Gravity Forms …

20K No CVEs
Gravity PDF

Gravity PDF

gravity-forms-pdf-extended

A
100

Automatically generate, email and download PDF documents from Gravity Forms entries

20K 1 CVE
Developer Profile

HIPAA FORMS – Add HIPAA Compliant Webforms to Your WordPress Website Developer Profile

codemonkeys

2 plugins · 910 total installs

89
trust score
Avg Security Score
93/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect HIPAA FORMS – Add HIPAA Compliant Webforms to Your WordPress Website

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/codemonkeys-hipaa-forms/css/gravity-basic.min.css/wp-content/plugins/codemonkeys-hipaa-forms/css/gravity-admin.css/wp-content/plugins/codemonkeys-hipaa-forms/css/print.css/wp-content/plugins/codemonkeys-hipaa-forms/css/admin-style.css/wp-content/plugins/codemonkeys-hipaa-forms/js/viewport-units-buggyfill.js/wp-content/plugins/codemonkeys-hipaa-forms/js/viewport-units-buggyfill.hacks.js/wp-content/plugins/codemonkeys-hipaa-forms/js/admin-script.js/wp-content/plugins/codemonkeys-hipaa-forms/js/jSignature/jSignature.min.noconflict.js+2 more
Script Paths
/wp-content/plugins/codemonkeys-hipaa-forms/js/viewport-units-buggyfill.js/wp-content/plugins/codemonkeys-hipaa-forms/js/viewport-units-buggyfill.hacks.js/wp-content/plugins/codemonkeys-hipaa-forms/js/admin-script.js/wp-content/plugins/codemonkeys-hipaa-forms/js/jSignature/jSignature.min.noconflict.js/wp-content/plugins/codemonkeys-hipaa-forms/js/printThis.js/wp-content/plugins/codemonkeys-hipaa-forms/js/viewport-units-buggyfill.js
Version Parameters
codemonkeys-hipaa-forms/js/viewport-units-buggyfill.js?ver=3.1.9codemonkeys-hipaa-forms/js/viewport-units-buggyfill.hacks.js?ver=3.1.9codemonkeys-hipaa-forms/js/admin-script.js?ver=3.1.9codemonkeys-hipaa-forms/js/jSignature/jSignature.min.noconflict.js?ver=3.1.9codemonkeys-hipaa-forms/js/printThis.js?ver=3.1.9codemonkeys-hipaa-forms/js/viewport-units-buggyfill.js?ver=3.1.9

HTML / DOM Fingerprints

CSS Classes
validation_error
Data Attributes
data-formid
JS Globals
hipaaScript
FAQ

Frequently Asked Questions about HIPAA FORMS – Add HIPAA Compliant Webforms to Your WordPress Website