Form Builder CP Security & Risk Analysis
wordpress.org/plugins/cp-easy-form-builderForm Builder CP is a contact form plugin for creating contact forms with a visual form builder and email them.
Is Form Builder CP Safe to Use in 2026?
Generally Safe
Score 98/100Form Builder CP has a strong security track record. Known vulnerabilities have been patched promptly.
The "cp-easy-form-builder" plugin v1.2.45 presents a mixed security posture. The static analysis reveals strong adherence to several security best practices, with a high percentage of output escaping and a notable absence of dangerous functions or file operations. The plugin also implements nonce and capability checks on its entry points, indicating an effort to protect against common web attacks. However, the presence of SQL queries, with only 25% utilizing prepared statements, is a significant concern that could lead to SQL injection vulnerabilities if not carefully managed. The single external HTTP request also warrants scrutiny to ensure it is handled securely.
The vulnerability history shows a pattern of medium-severity SQL Injection and Cross-site Scripting (XSS) vulnerabilities in the past. While there are currently no unpatched CVEs, the recurrence of these specific vulnerability types, coupled with the static analysis findings regarding raw SQL, suggests a potential ongoing risk in how user input is handled in database interactions. The plugin has a relatively small attack surface, with no unprotected entry points identified in the static analysis, which is a positive indicator. Overall, the plugin exhibits good practices in output escaping and access control, but the handling of database queries and past vulnerability patterns necessitate careful monitoring and potential remediation to mitigate the identified risks.
Key Concerns
- SQL queries, only 25% using prepared statements
- Medium severity SQL injection vulnerabilities in history
- Medium severity XSS vulnerabilities in history
- External HTTP requests present
Form Builder CP Security Vulnerabilities
CVEs by Year
Severity Breakdown
3 total CVEs
Form Builder CP <= 1.2.41 - Authenticated (Contributor+) SQL Injection
Form Builder CP <= 1.2.41 - Authenticated (Contributor+) SQL Injection
Form Builder CP <= 1.2.31 - Authenticated (Administrator+) Stored Cross-Site Scripting
Form Builder CP Code Analysis
Bundled Libraries
SQL Query Safety
Output Escaping
Data Flow Analysis
Form Builder CP Attack Surface
AJAX Handlers 1
Shortcodes 1
WordPress Hooks 13
Maintenance & Trust
Form Builder CP Maintenance & Trust
Maintenance Signals
Community Trust
Form Builder CP Alternatives
WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More
wpforms-lite
The best WordPress contact form plugin. Drag & Drop form builder to create beautiful contact forms, payment forms, & other custom forms.
Contact Form by Supsystic
contact-form-by-supsystic
Contact Form Builder with drag-and-drop editor to create responsive, mobile ready contact forms in a second. Custom fields and contact form templates
Contact Form Generator : Creative form builder for WordPress
contact-form-generator
Contact Form Generator is a creative and powerful contact form builder! You will get ready-to-use forms in 5 minutes!
NM Contact Forms
nm-contact-forms
Contact form plugin. NM contact forms allow you simple contact form integration with two built-in anti-spam solutions. Supports get variable.
EngageBay Forms – Simple and Powerful Forms to Capture and Nurture Leads
engagebay-forms
The simple, powerful and the ultimate FREE form builder software for WordPress. Create responsive and beautiful forms in minutes to capture leads, gro …
Form Builder CP Developer Profile
34 plugins · 89K total installs
How We Detect Form Builder CP
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/cp-easy-form-builder/js/ckeditor/ckeditor.js/wp-content/plugins/cp-easy-form-builder/js/cp_easy_form_builder.js/wp-content/plugins/cp-easy-form-builder/js/custom.js/wp-content/plugins/cp-easy-form-builder/js/jquery.validate.min.js/wp-content/plugins/cp-easy-form-builder/js/jquery.validate.unobtrusive.js/wp-content/plugins/cp-easy-form-builder/js/sortable.min.js/wp-content/plugins/cp-easy-form-builder/css/style.css/wp-content/plugins/cp-easy-form-builder/js/ckeditor/ckeditor.js/wp-content/plugins/cp-easy-form-builder/js/cp_easy_form_builder.js/wp-content/plugins/cp-easy-form-builder/js/custom.js/wp-content/plugins/cp-easy-form-builder/js/jquery.validate.min.js/wp-content/plugins/cp-easy-form-builder/js/jquery.validate.unobtrusive.js/wp-content/plugins/cp-easy-form-builder/js/sortable.min.jscp-easy-form-builder/css/style.css?ver=cp-easy-form-builder/js/cp_easy_form_builder.js?ver=cp-easy-form-builder/js/custom.js?ver=cp-easy-form-builder/js/jquery.validate.min.js?ver=cp-easy-form-builder/js/jquery.validate.unobtrusive.js?ver=cp-easy-form-builder/js/sortable.min.js?ver=HTML / DOM Fingerprints
cp-form-buildercp-form-builder-containercp-form-builder-form-wrapcp-form-builder-field-wrapcp-form-builder-labelcp-form-builder-inputcp-form-builder-textareacp-form-builder-select+7 more<!--start-cp-easy-form-builder--><!--end-cp-easy-form-builder--><!-- Generated by CP Easy Form Builder -->data-cp-form-iddata-form-namedata-form-structuredata-field-typedata-field-namedata-field-requiredCPFormBuildercpEasyFormBuilderVarscpEasyFormBuilderSettings/wp-json/cp-easy-form-builder/v1/submit[CP_EASY_FORM_FORM id=""[CP_EASY_FORM_FORM form_id="" name="" ]