Does Contact Form Block have any unpatched vulnerabilities?

No. All known vulnerabilities in Contact Form Block have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Contact Form Block compatible with WordPress 6.9.4?

According to WordPress.org data, Contact Form Block 1.0.6 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Contact Form Block compatible with PHP 7.4+?

Contact Form Block requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Contact Form Block updated?

Contact Form Block was last updated on Jan 27, 2026. Frequent updates are generally a positive security signal.

What is Contact Form Block's security score?

Contact Form Block has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Contact Form Block Security & Risk Analysis

wordpress.org/plugins/contact-form-block

Tired of those heavy and old contact forms? Try this one. Simple, yet modern, pretty and extremely optimized. No JS or CSS files are loaded.

600 active installs v1.0.6 PHP 7.4+ WP 6.0+ Updated Jan 27, 2026

blockcaptchacontactformmail

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Contact Form Block Safe to Use in 2026?

Generally Safe

Score 100/100

Contact Form Block has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago

Risk Assessment

The "contact-form-block" v1.0.6 plugin demonstrates a generally strong security posture, with excellent output escaping practices and no recorded vulnerabilities in its history. The static analysis reveals a very small attack surface consisting of a single shortcode and no AJAX handlers or REST API routes that are exposed without authentication. The code also shows good use of capability checks to restrict access to sensitive operations. However, a significant concern is the presence of a single SQL query that does not utilize prepared statements. While the plugin appears to be well-maintained and has avoided known vulnerabilities, this lack of prepared statements for database interactions represents a potential risk for SQL injection if the data used in that query is not strictly sanitized and validated beforehand. The absence of taint analysis findings is positive, suggesting that any data flows within the analyzed code are being handled securely or are not present in a way that exposes vulnerabilities. Overall, the plugin is strong, but the unparameterized SQL query requires careful consideration.

Key Concerns

SQL query not using prepared statements

Vulnerabilities

None known

Contact Form Block Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Contact Form Block Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

41 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared1 total queries

Output Escaping

98% escaped42 total outputs

Attack Surface

Contact Form Block Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[contact-form-block] classes\run.php:12

WordPress Hooks 29

filtermcfb_form_after_emailclasses\addons\human_check.php:3

filtermcfb_validateclasses\addons\human_check.php:4

filtermcfb_form_after_emailclasses\addons\phone_field.php:9

filtermcfb_form_read_dataclasses\addons\phone_field.php:10

filtermcfb_email_contentclasses\addons\phone_field.php:11

filtermcfb_fill_templateclasses\addons\phone_field.php:12

filtermcfb_form_infoclasses\addons\recaptcha_v3.php:9

filtermcfb_form_htmlclasses\addons\recaptcha_v3.php:10

filtermcfb_validateclasses\addons\recaptcha_v3.php:11

actionadmin_menuclasses\admin.php:8

actionadmin_enqueue_scriptsclasses\admin.php:15

actionadmin_post_nopriv_meow_sends_mailclasses\core.php:28

actionadmin_post_meow_sends_mailclasses\core.php:29

actionplugins_loadedclasses\core.php:32

actioninitclasses\core.php:33

actionwp_mail_failedclasses\core.php:34

actionrest_api_initclasses\rest.php:15

actionadmin_noticescommon\admin.php:70

filterplugin_row_metacommon\admin.php:75

filteredd_sl_api_request_verify_sslcommon\admin.php:76

actioninitcommon\admin.php:94

actionadmin_menucommon\admin.php:151

filteradmin_footer_textcommon\admin.php:156

actionadmin_headcommon\admin.php:282

actionadmin_noticescommon\news.php:43

filtersafe_style_csscommon\news.php:44

actionadmin_noticescommon\ratings.php:33

filtersafe_style_csscommon\ratings.php:34

actionrest_api_initcommon\rest.php:14

Maintenance & Trust

Contact Form Block Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 27, 2026

PHP min version7.4

Downloads26K

Community Trust

Rating98/100

Number of ratings39

Active installs600

Alternatives

Contact Form Block Alternatives

reCaptcha Add-On for FormCraft

formcraft-recaptcha

Add reCaptcha to your FormCraft forms.

7K No CVEs

Contact Form 7 – Blacklist Unwanted Email

block-email-cf7

This is a free add-on plugin for contact form 7, which validates the email field and restrict unwanted email submission as well as allowed only busine …

400 No CVEs

Invisible Anti Spam for Contact Form 7 (Simple No-Bot)

simple-no-bot

Simple, lightweight, no captcha, no configuration. Just works.

200 No CVEs

Gutenberg Forms Add-on for MailPoet

guten-forms-mailpoet

MailPoet add-on for Gutenberg Forms. Connect with MailPoet and send leads/subscribers to your MailPoet list with the form submissions.

100 No CVEs

Emailjs Block

email-via-emailjs-blocks

Email via Emailjs Blocks - Send emails from WordPress without a mail server through emailjs.com API. Just add your free API keys and have your contact …

70 No CVEs

Developer Profile

Contact Form Block Developer Profile

Jordy Meow

27 plugins · 371K total installs

trust score

Avg Security Score

92/100

Avg Patch Time

372 days

View full developer profile

Detection Fingerprints

How We Detect Contact Form Block

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/contact-form-block/app/index.js/wp-content/plugins/contact-form-block/app/vendor.js

Version Parameters

contact-form-block/app/index.js?ver=contact-form-block/app/vendor.js?ver=

HTML / DOM Fingerprints

CSS Classes

mcfb-form

Data Attributes

data-mcfb-id

JS Globals

mcfb_contact_form_block

REST Endpoints

/contact-form-block/v1

FAQ