Does ChatBot Conversational Forms have any unpatched vulnerabilities?

No. All known vulnerabilities in ChatBot Conversational Forms have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is ChatBot Conversational Forms compatible with WordPress 6.9.4?

According to WordPress.org data, ChatBot Conversational Forms 1.4.6 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is ChatBot Conversational Forms compatible with PHP 5.6+?

ChatBot Conversational Forms requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is ChatBot Conversational Forms updated?

ChatBot Conversational Forms was last updated on Dec 3, 2025. Frequent updates are generally a positive security signal.

What is ChatBot Conversational Forms's security score?

ChatBot Conversational Forms has a WP-Safety security score of 96/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

ChatBot Conversational Forms Security & Risk Analysis

wordpress.org/plugins/conversational-forms

ChatBot for WordPress WPBot Addon. Build conversational forms for ChatBot for Lead Generation & more inside the WPBot ChatBot.

2K active installs v1.4.6 PHP 5.6+ WP 4.6+ Updated Dec 3, 2025

booking-formchatbotcontact-formform-builderforms

A · Safe

CVEs total4

Unpatched0

Last CVEJan 7, 2025

Plugin page Download

Safety Verdict

Is ChatBot Conversational Forms Safe to Use in 2026?

Generally Safe

Score 96/100

ChatBot Conversational Forms has a strong security track record. Known vulnerabilities have been patched promptly.

4 known CVEsLast CVE: Jan 7, 2025Updated 4mo ago

Risk Assessment

The "conversational-forms" v1.4.6 plugin presents a mixed security posture. While it demonstrates some good practices, such as a high percentage of SQL queries using prepared statements and a significant number of output escaping points, there are several concerning areas that require attention. The large number of AJAX handlers (17 total) with a substantial portion lacking authentication checks (13) creates a significant attack surface. Furthermore, the taint analysis reveals 11 flows with unsanitized paths and 5 high-severity flows, indicating potential vulnerabilities that could be exploited if not properly handled.

The plugin's vulnerability history, with 4 known CVEs including one high and three medium severity, and past issues of Path Traversal and Cross-site Scripting, suggests a recurring pattern of exploitable weaknesses. Although there are currently no unpatched CVEs, the historical data implies a need for ongoing vigilance and robust security practices. The presence of dangerous functions like `create_function` and `unserialize` also adds to the risk profile, as these can be misused if not handled with extreme care.

In conclusion, while the plugin has strengths in areas like prepared statements and output escaping, the high number of unprotected entry points, concerning taint analysis results, and past vulnerability history indicate that this plugin should be treated with caution. Improvements in authentication for AJAX handlers and stricter input sanitization are crucial to mitigate the identified risks.

Key Concerns

Unprotected AJAX handlers
High severity taint flows
Unsanitized paths in taint flows
Vulnerability history (1 high, 3 medium)
Dangerous functions used
Low output escaping percentage

Vulnerabilities

ChatBot Conversational Forms Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

2 CVEs in 2024

2024

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

High

Medium

4 total CVEs

CVE-2025-22813medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Conversational Forms for ChatBot <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jan 7, 2025 Patched in 1.4.3 (8d)

CVE-2024-34380medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Conversational Forms for ChatBot <= 1.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting

May 3, 2024 Patched in 1.3.0 (5d)

CVE-2024-32729high · 7.5Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Conversational Forms for ChatBot <= 1.1.8 - Unauthenticated Arbitrary File Download

Apr 22, 2024 Patched in 1.2.0 (8d)

CVE-2023-23981medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Conversational Forms for ChatBot <= 1.1.6 - Authenticated (Administrator+) Stored Cross-Site Scripting

Jan 20, 2023 Patched in 1.1.7 (368d)

Code Analysis

Analyzed Mar 16, 2026

ChatBot Conversational Forms Code Analysis

Dangerous Functions

Raw SQL Queries

58 prepared

Unescaped Output

272

589 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

create_function$total_function = create_function(null, 'return ' . $formula . ';');classes\core.php:1450

unserialize$this->value = unserialize( $value );classes\entry\field.php:116

unserialize$this->value = unserialize( $this->value );classes\entry\field.php:134

unserialize$this->meta_value = unserialize( $value );classes\entry\meta.php:40

unserialize$value = unserialize( $value );classes\object.php:98

unserialize$form = unserialize($result->config);qcformbuilder-core.php:319

unserialize$form = unserialize($result->config);qcformbuilder-core.php:376

Bundled Libraries

jQueryPHPMailer

SQL Query Safety

83% prepared70 total queries

Output Escaping

68% escaped861 total outputs

Data Flows

11 unsanitized

Data Flow Analysis

17 flows11 with unsanitized paths

captcha_check (classes\core.php:674)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

13 unprotected

ChatBot Conversational Forms Attack Surface

Entry Points23

Unprotected13

AJAX Handlers 17

authwp_ajax_wfb_create_formclasses\admin.php:132

authwp_ajax_toggle_form_stateclasses\admin.php:136

authwp_ajax_save_wfb_settingclasses\admin.php:137

authwp_ajax_wfb_dismiss_pointerclasses\admin.php:138

authwp_ajax_wfb_bulk_actionclasses\admin.php:139

authwp_ajax_wfb_get_form_previewclasses\admin.php:141

authwp_ajax_wfb_email_saveclasses\core.php:153

authwp_ajax_browse_entriesclasses\core.php:203

authwp_ajax_get_entryclasses\core.php:204

authwp_ajax_wfb_process_ajax_submitincludes\ajax.php:12

noprivwp_ajax_wfb_process_ajax_submitincludes\ajax.php:13

authwp_ajax_wfb_live_gravatar_get_gravatarincludes\custom_field_class.php:53

noprivwp_ajax_wfb_live_gravatar_get_gravatarincludes\custom_field_class.php:54

authwp_ajax_wpbot_get_formqcformbuilder-core.php:308

noprivwp_ajax_wpbot_get_formqcformbuilder-core.php:309

authwp_ajax_wpbot_capture_form_valueqcformbuilder-core.php:332

noprivwp_ajax_wpbot_capture_form_valueqcformbuilder-core.php:333

Shortcodes 6

[qcformbuilder_form] classes\core.php:132

[qcformbuilder_form_modal] classes\core.php:134

[qcformbuilder_form] qcformbuilder-core.php:46

[qcformbuilder_form_modal] qcformbuilder-core.php:47

[qcformbuilder_form] qcformbuilder-core.php:62

[qcformbuilder_form_modal] qcformbuilder-core.php:63

WordPress Hooks 173

filterqcformbuilder_forms_get_field_typescf2\Hooks.php:34

actionadmin_headclass-qc-free-plugin-upgrade-notice.php:34

actionplugin_row_metaclass-qc-free-plugin-upgrade-notice.php:115

actionadmin_menuclass-qc-free-plugin-upgrade-notice.php:157

actionqcformbuilder_forms_autopopulate_typesclasses\admin\apsetup.php:29

actionqcformbuilder_forms_autopopulate_type_configclasses\admin\apsetup.php:30

actionadmin_footerclasses\admin\clippy.php:51

actionadmin_menuclasses\admin\factory.php:17

filterall_pluginsclasses\admin.php:102

actioninitclasses\admin.php:105

actionadmin_menuclasses\admin.php:108

actionadmin_enqueue_scriptsclasses\admin.php:111

filterqcformbuilder_forms_get_panel_extensionsclasses\admin.php:114

filterqcformbuilder_forms_entry_viewer_buttonsclasses\admin.php:115

filterqcformbuilder_forms_entry_editor_buttonsclasses\admin.php:116

actionqcformbuilder_forms_admin_templatesclasses\admin.php:120

actionqcformbuilder_forms_entry_meta_templatesclasses\admin.php:121

actioninitclasses\admin.php:123

filterwp_fullscreen_buttonsclasses\admin.php:125

filterqcformbuilder_forms_field_option_presetsclasses\admin.php:128

actionadmin_footerclasses\admin.php:142

actionadmin_footer-edit.phpclasses\admin.php:146

actionadmin_footer-post.phpclasses\admin.php:147

actionadmin_footer-post-new.phpclasses\admin.php:148

actionqcformbuilder_forms_new_form_template_endclasses\admin.php:150

actionqcformbuilder_forms_prerender_editclasses\admin.php:152

actioninitclasses\admin.php:154

actionqcformbuilder_forms_admin_footerclasses\admin.php:156

actionqcformbuilder_forms_admin_initclasses\admin.php:158

actionadmin_initclasses\admin.php:160

filterqcformbuilder_forms_render_form_elementclasses\admin.php:393

filterqcformbuilder_forms_save_revisionclasses\admin.php:738

filterqcformbuilder_forms_save_revisionclasses\admin.php:752

actionqcformbuilder_forms_admin_enqueue_post_editorclasses\admin.php:1152

actionqcformbuilder_forms_admin_main_enqueueclasses\admin.php:1153

actionqcformbuilder_forms_admin_enqueue_form_editorclasses\admin.php:1154

actionadmin_headclasses\admin.php:1183

actionadmin_enqueue_scriptsclasses\admin.php:1185

actionqcformbuilder_forms_admin_footerclasses\admin.php:1236

filterqcformbuilder_forms_save_revisionclasses\api\forms.php:653

filterqcformbuilder_forms_save_revisionclasses\api\forms.php:666

actionwp_footerclasses\cdn\jsdelivr.php:33

filterqcformbuilder_forms_script_urlsclasses\cdn.php:89

filterqcformbuilder_forms_style_urlsclasses\cdn.php:90

actioninitclasses\core.php:109

actiontemplate_redirectclasses\core.php:111

filterqcformbuilder_forms_get_form_processorsclasses\core.php:114

filterqcformbuilder_forms_submit_redirect_completeclasses\core.php:115

actionqcformbuilder_forms_edit_endclasses\core.php:116

filterqcformbuilder_forms_render_get_fieldclasses\core.php:117

filterqcformbuilder_forms_render_get_fieldclasses\core.php:118

filterqcformbuilder_forms_view_field_paragraphclasses\core.php:119

filterqcformbuilder_forms_get_magic_tagsclasses\core.php:122

actionqcformbuilder_forms_submit_completeclasses\core.php:125

actionwp_loadedclasses\core.php:128

actionwpclasses\core.php:129

actionwp_footerclasses\core.php:135

filtershortcode_atts_qcformbuilder_formclasses\core.php:138

filtershortcode_atts_qcformbuilder_form_modalclasses\core.php:139

filtershortcode_atts_qcformbuilder_formclasses\core.php:141

filtershortcode_atts_qcformbuilder_form_modalclasses\core.php:142

actionqcformbuilder_forms_core_initclasses\core.php:146

filterpre_update_option__qcformbuilder_forms_email_api_settingsclasses\core.php:147

actionqcformbuilder_forms_render_startclasses\core.php:162

actionqcformbuilder_forms_submit_completeclasses\core.php:165

filterqcformbuilder_forms_manage_capclasses\core.php:169

filterqcformbuilder_forms_send_emailclasses\core.php:171

actiontemplate_redirectclasses\core.php:189

filterqcformbuilder_forms_mailerclasses\core.php:193

filterqcformbuilder_forms_mailerclasses\core.php:195

filterqcformbuilder_forms_autoresponse_mailclasses\core.php:197

filterqcformbuilder_forms_mailerclasses\core.php:199

filterqcformbuilder_forms_autoresponse_mailclasses\core.php:200

actionqcformbuilder_forms_entry_actionsclasses\core.php:205

actionrest_api_initclasses\core.php:208

actionqcformbuilder_forms_save_formclasses\core.php:225

actionqcformbuilder_forms_submit_completeclasses\core.php:232

actioninitclasses\core.php:235

actionwp_enqueue_scriptsclasses\core.php:292

filterqcformbuilder_forms_render_noticesclasses\core.php:1011

filterqcformbuilder_forms_render_noticesclasses\core.php:1481

filterqcformbuilder_forms_render_form_attributesclasses\core.php:4373

actionqcformbuilder_forms_submit_startclasses\db\track.php:113

actionqcformbuilder_forms_submit_completeclasses\db\track.php:114

actionqcformbuilder_forms_submit_completeclasses\db\track.php:115

actionqcformbuilder_forms_mailer_completeclasses\db\track.php:116

actionqcformbuilder_forms_mailer_failedclasses\db\track.php:117

actionqcformbuilder_forms_mailer_invalidclasses\db\track.php:118

filterqcformbuilder_forms_mailerclasses\email\previews.php:34

filterqcformbuilder_forms_magic_formclasses\email\resend.php:183

actionqcformbuilder_forms_magic_parser_dataclasses\email\resend.php:184

filterqcformbuilder_forms_mailerclasses\email\settings.php:184

actionwp_footerclasses\entry\viewer.php:87

filterqcformbuilder_forms_save_field_credit_card_numberclasses\field\credit.php:25

filterqcformbuilder_forms_save_field_credit_card_cvcclasses\field\credit.php:26

actionwp_footerclasses\field\localizer.php:37

filterqcformbuilder_forms_field_attributes-utmclasses\field\utm.php:15

filterqcformbuilder_forms_view_field_utmclasses\field\utm.php:16

filterupload_dirclasses\files.php:136

actionqcformbuilder_forms_mailer_completeclasses\files.php:220

actionqcformbuilder_forms_mailer_failedclasses\files.php:221

filterwp_privacy_personal_data_erasersclasses\gdpr.php:30

filterwp_privacy_personal_data_exportersclasses\gdpr.php:44

filterqcformbuilder_forms_pre_do_field_magicclasses\magic.php:19

filterqcformbuilder_forms_render_assets_minifyclasses\render\assets.php:812

filterqcformbuilder_forms_render_assets_minifyclasses\render\assets.php:822

filterqcformbuilder_forms_render_get_fieldclasses\render\autopopulation.php:20

filterqcformbuilder_forms_autopopulate_post_type_argsclasses\render\autopopulation.php:21

actionwp_footerclasses\render\footer.php:53

actionadmin_footerclasses\render\footer.php:55

actionphpmailer_initclasses\save.php:460

actionqcformbuilder_forms_core_initclasses\settings\init.php:23

actionqcformbuilder_forms_settings_registeredclasses\settings\init.php:24

actionqcformbuilder_forms_settings_registeredclasses\settings\init.php:26

actionqcformbuilder_forms_render_endclasses\shortcode\atts.php:64

filterqcformbuilder_forms_render_get_fieldclasses\shortcode\defaults.php:53

actionadmin_menuclasses\support.php:39

actionadmin_enqueue_scriptsclasses\support.php:40

filterqcformbuilder_forms_render_get_fieldclasses\sync\sync.php:112

actioninitclasses\tracking.php:47

actionqcformbuilder_forms_tracking_send_rowsclasses\tracking.php:50

actionwidgets_initclasses\widget.php:110

actionqcformbuilder_forms_redirectincludes\ajax.php:8

filterqcformbuilder_forms_render_form_classesincludes\ajax.php:9

actionqcformbuilder_forms_general_settings_panelincludes\ajax.php:10

filterqcformbuilder_forms_render_field_classesincludes\custom_field_class.php:7

filterqcformbuilder_forms_render_field_classes_type-fileincludes\custom_field_class.php:69

filterqcformbuilder_forms_render_field_classes_type-toggle_switchincludes\custom_field_class.php:74

filterqcformbuilder_forms_render_field_classes_type-color_pickerincludes\custom_field_class.php:79

filterqcformbuilder_forms_view_field_checkboxincludes\field_processors.php:4

filterqcformbuilder_forms_process_field_fileincludes\field_processors.php:32

filterqcformbuilder_forms_process_field_advanced_fileincludes\field_processors.php:33

filterqcformbuilder_forms_render_get_field_type-hiddenincludes\field_processors.php:191

filterqcformbuilder_forms_validate_field_phone_betterincludes\field_processors.php:211

filterqcformbuilder_forms_validate_field_star_ratingincludes\field_processors.php:237

filterqcformbuilder_forms_validate_field_emailincludes\field_processors.php:262

filterqcformbuilder_forms_validate_field_numberincludes\field_processors.php:288

filterviews_pluginsincludes\filter_addon_plugins.php:5

filtershow_advanced_pluginsincludes\filter_addon_plugins.php:6

actioncheck_admin_refererincludes\filter_addon_plugins.php:7

actioninitincludes\functions.php:36

filternonce_user_logged_outincludes\functions.php:53

actionadmin_initincludes\plugin-page-banner.php:2

actionqcformbuilder_forms_rest_api_pre_initincludes\wfb-pro-client\classes\hooks.php:33

filterqcformbuilder_forms_mailerincludes\wfb-pro-client\classes\hooks.php:36

filterqcformbuilder_forms_ajax_returnincludes\wfb-pro-client\classes\hooks.php:37

filterqcformbuilder_forms_render_noticesincludes\wfb-pro-client\classes\hooks.php:38

filterqcformbuilder_forms_autoresponse_mailincludes\wfb-pro-client\classes\hooks.php:39

actionqcformbuilder_forms_pro_loadedincludes\wfb-pro-client\classes\hooks.php:40

actionqcformbuilder_forms_checked_tablesincludes\wfb-pro-client\classes\hooks.php:41

actionqcformbuilder_forms_rest_api_pre_initincludes\wfb-pro-client\classes\hooks.php:42

actionqcformbuilder_forms_pro_before_auto_responderincludes\wfb-pro-client\classes\hooks.php:419

actionqcformbuilder_forms_pro_before_main_mailerincludes\wfb-pro-client\classes\hooks.php:420

actionqcformbuilder_forms_pro_after_auto_responderincludes\wfb-pro-client\classes\hooks.php:422

actionqcformbuilder_forms_pro_after_main_mailerincludes\wfb-pro-client\classes\hooks.php:423

actionqcformbuilder_forms_mailer_completeincludes\wfb-pro-client\classes\send.php:113

actionqcformbuilder_forms_mailer_failedincludes\wfb-pro-client\classes\send.php:114

actionqcformbuilder_forms_includes_completeincludes\wfb-pro-client\wfb-pro-init.php:8

filterqcformbuilder_forms_mailerprocessors\classes\conditional_recipient.php:50

filterqcformbuilder_forms_mailerprocessors\classes\conditional_recipient.php:53

filterqcformbuilder_forms_get_form_processorsprocessors\classes\processor.php:65

actioninitqcformbuilder-core.php:24

actionadmin_noticesqcformbuilder-core.php:48

actionadmin_noticesqcformbuilder-core.php:64

actioninitqcformbuilder-core.php:95

actionplugins_loadedqcformbuilder-core.php:101

actionqcformbuilder_forms_v2_initqcformbuilder-core.php:153

actionplugins_loadedqcformbuilder-core.php:159

actionplugins_loadedqcformbuilder-core.php:164

actionplugins_loadedqcformbuilder-core.php:165

filterqcformbuilder_forms_pro_log_modeqcformbuilder-core.php:171

filterqcformbuilder_forms_pro_mail_debugqcformbuilder-core.php:172

actionadmin_menuqcformbuilder-core.php:514

Scheduled Events 1

qcformbuilder_forms_tracking_send_rows

Maintenance & Trust

ChatBot Conversational Forms Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 3, 2025

PHP min version5.6

Downloads51K

Community Trust

Rating100/100

Number of ratings3

Active installs2K

Alternatives

ChatBot Conversational Forms Alternatives

WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More

wpforms-lite

The best WordPress contact form plugin. Drag & Drop form builder to create beautiful contact forms, payment forms, & other custom forms.

6.0M 13 CVEs

Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder

fluentform

Get a fast contact form plugin. Create advanced forms using drag and drop form builder with all smart features.

600K 27 CVEs

Ninja Forms – The Contact Form Builder That Grows With You

ninja-forms

The 100% beginner friendly WordPress form builder. Drag & drop form fields to build beautiful, professional contact forms in minutes.

600K 74 CVEs

SureForms – Contact Form, Payment Form & Other Custom Form Builder

sureforms

The most beginner-friendly, AI Form Builder for WordPress to create contact forms, payment forms & other custom forms with advanced features, with …

400K 15 CVEs

Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder

everest-forms

The best WordPress form builder. Create contact forms, payment forms, conversational forms, custom forms, surveys, & quizzes using drag and drop.

100K 12 CVEs

Developer Profile

ChatBot Conversational Forms Developer Profile

QuantumCloud

29 plugins · 26K total installs

trust score

Avg Security Score

96/100

Avg Patch Time

255 days

View full developer profile

Detection Fingerprints

How We Detect ChatBot Conversational Forms

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/conversational-forms/assets/css/frontend.css/wp-content/plugins/conversational-forms/assets/js/frontend.js/wp-content/plugins/conversational-forms/assets/css/elementor.css/wp-content/plugins/conversational-forms/assets/css/frontend-elementor.css

Script Paths

/wp-content/plugins/conversational-forms/assets/js/frontend.js

Version Parameters

conversational-forms/assets/css/frontend.css?ver=conversational-forms/assets/js/frontend.js?ver=conversational-forms/assets/css/elementor.css?ver=conversational-forms/assets/css/frontend-elementor.css?ver=

HTML / DOM Fingerprints

CSS Classes

conversational-formswfb-form-wrapper

HTML Comments

Data Attributes

data-wfb-form-id

JS Globals

qcformbuilder_forms_settings

REST Endpoints

/wp-json/qcformbuilder-forms/v1/forms/wp-json/qcformbuilder-forms/v1/submit

Shortcode Output

[qcformbuilder_form][qcformbuilder_form_modal]

FAQ

ChatBot Conversational Forms Security & Risk Analysis

Is ChatBot Conversational Forms Safe to Use in 2026?

Generally Safe

Key Concerns

ChatBot Conversational Forms Security Vulnerabilities

CVEs by Year

Severity Breakdown

ChatBot Conversational Forms Code Analysis

Dangerous Functions Found

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

ChatBot Conversational Forms Attack Surface

AJAX Handlers 17

Shortcodes 6

Scheduled Events 1

ChatBot Conversational Forms Maintenance & Trust

Maintenance Signals

Community Trust

ChatBot Conversational Forms Alternatives

WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More

Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder

Ninja Forms – The Contact Form Builder That Grows With You

SureForms – Contact Form, Payment Form & Other Custom Form Builder

Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder

ChatBot Conversational Forms Developer Profile

How We Detect ChatBot Conversational Forms

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about ChatBot Conversational Forms