WP-Safety

Contact AJAX forms Security & Risk Analysis

wordpress.org/plugins/contact-ajax-form

Easily add Contact AJAX forms to any page, post or widget area with an unlimited number of custom fields. Easy to manage and style!

0 active installs v1.0.0 PHP + WP 3.0.0+ Updated Unknown
ajax-formcontactcontact-formformjquery
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Contact AJAX forms Safe to Use in 2026?

Generally Safe

Score 100/100

Contact AJAX forms has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs
Risk Assessment

The "contact-ajax-form" plugin v1.0.0 exhibits a concerning security posture due to its unprotected entry points and the presence of dangerous functions. While it demonstrates good practices in SQL query handling and a lack of external HTTP requests, the plugin's reliance on AJAX handlers without authentication checks, combined with the use of `unserialize` and `create_function`, presents significant risks. The taint analysis, despite no critical or high severity flows, shows multiple flows with unsanitized paths, which could be leveraged in conjunction with the unprotected AJAX handlers to execute arbitrary code or inject malicious data. The absence of any recorded vulnerabilities is a positive sign, but it does not negate the inherent risks identified in the code itself. The plugin has a limited attack surface overall, with only two unprotected entry points, but these are critical given the dangerous functions present. Therefore, while the plugin has some strengths, the identified code-level risks necessitate caution.

Key Concerns

  • AJAX handlers without auth checks
  • Dangerous functions present (unserialize, create_function)
  • Flows with unsanitized paths (taint analysis)
  • Insufficient output escaping (44% proper)
Vulnerabilities
None known

Contact AJAX forms Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Contact AJAX forms Code Analysis

Dangerous Functions
3
Raw SQL Queries
0
1 prepared
Unescaped Output
45
35 escaped
Nonce Checks
2
Capability Checks
2
File Operations
3
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$form_data = unserialize( unserialize( $fields['_form_data'][0] ) );form-admin.php:425
unserialize$form_data = unserialize( unserialize( $fields['_form_data'][0] ) );form-admin.php:425
create_functionadd_action( 'widgets_init', create_function( '', 'return register_widget("IWAJAX_Contact_Widget");' form-widget.php:94

SQL Query Safety

100% prepared1 total queries

Output Escaping

44% escaped80 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

4 flows3 with unsanitized paths
iwacontact_validate_recaptcha (form-display.php:380)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Contact AJAX forms Attack Surface

Entry Points3
Unprotected2

AJAX Handlers 2

authwp_ajax_iwajax_submitform-display.php:5
noprivwp_ajax_iwajax_submitform-display.php:6

Shortcodes 1

[insert_ajaxcontact] form-display.php:295
WordPress Hooks 21
actionadd_meta_boxesform-admin.php:4
actionadmin_head-post.phpform-admin.php:5
actionadmin_head-post-new.phpform-admin.php:6
actionadmin_menuform-admin.php:7
actionadmin_menuform-admin.php:8
actionmanage_iwacontactform_posts_custom_columnform-admin.php:9
actionsave_postform-admin.php:10
filterplugin_action_linksform-admin.php:13
filtermanage_edit-iwacontactform_columnsform-admin.php:14
filterpost_row_actionsform-admin.php:15
filterparse_queryform-admin.php:16
filterpost_updated_messagesform-admin.php:17
actioninitform-display.php:4
actionwidgets_initform-widget.php:94
actioninitfunctions.php:4
actionadmin_initfunctions.php:5
actionadmin_initwpset\wpset.inc.php:167
actionadmin_menuwpset\wpset.inc.php:168
actionadd_meta_boxeswpset\wpset.inc.php:172
actionsave_postwpset\wpset.inc.php:173
actionadmin_initwpset\wpset.inc.php:178
Maintenance & Trust

Contact AJAX forms Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29
Last updatedUnknown
PHP min version
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Contact AJAX forms Alternatives

Contact Form7: Autocomplete

Contact Form7: Autocomplete

contact-form7-autocomplete

A
85

Enables adding a date field for Contact Form 7 Wordpress Plugin using jQuery UI\'s autocomplete Requires Contact form 7 4.2 or higher

500 No CVEs
Referrer Input for Contact Form 7

Referrer Input for Contact Form 7

referrer-input-for-contact-form-7

A
85

Contact Form 7 Addon that creates a cache-resistant input that contains the URL of the page the user visited before the contact form page.

500 No CVEs
Visual Form Builder – Custom Validation Messages

Visual Form Builder – Custom Validation Messages

vfb-custom-validation-messages

A
85

Customize the default jQuery validation messages for all Visual Form Builder or Visual Form Builder Pro forms.

200 No CVEs
Chosen for WordPress

Chosen for WordPress

chosen

A
85

Make long, unwieldy select boxes much more user-friendly.

100 No CVEs
Grunion Ajax

Grunion Ajax

grunion-ajax

A
85

Using Grunion Contact Form? Make form submission slick with Grunion Ajax.

50 No CVEs
Developer Profile

Contact AJAX forms Developer Profile

test test

1 plugin · 0 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Contact AJAX forms

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/contact-ajax-form/css/ajax-contact.css/wp-content/plugins/contact-ajax-form/js/ajax-contact.js/wp-content/plugins/contact-ajax-form/css/ajax-contact-admin.css/wp-content/plugins/contact-ajax-form/js/ajax-contact-admin.js
Script Paths
/wp-content/plugins/contact-ajax-form/js/ajax-contact.js/wp-content/plugins/contact-ajax-form/js/ajax-contact-admin.js

HTML / DOM Fingerprints

JS Globals
objectL10n
FAQ

Frequently Asked Questions about Contact AJAX forms