Does EngageBay Forms – Simple and Powerful Forms to Capture and Nurture Leads have any unpatched vulnerabilities?

No. All known vulnerabilities in EngageBay Forms – Simple and Powerful Forms to Capture and Nurture Leads have been patched as of the latest data update. Always keep the plugin updated to the latest version.

EngageBay Forms – Simple and Powerful Forms to Capture and Nurture Leads Security & Risk Analysis

wordpress.org/plugins/engagebay-forms

The simple, powerful and the ultimate FREE form builder software for WordPress. Create responsive and beautiful forms in minutes to capture leads, gro …

100 active installs v3.2 PHP + WP 3.7+ Updated Jul 14, 2025

contact-formcontact-form-pluginformform-builderforms

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is EngageBay Forms – Simple and Powerful Forms to Capture and Nurture Leads Safe to Use in 2026?

Generally Safe

Score 100/100

EngageBay Forms – Simple and Powerful Forms to Capture and Nurture Leads has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8mo ago

Risk Assessment

The engagebay-forms plugin, version 3.2, exhibits a generally good security posture based on the provided static analysis and vulnerability history. The absence of known CVEs, critical taint flows, dangerous functions, and direct SQL queries is a significant strength. Furthermore, the plugin utilizes prepared statements for all its SQL queries, which is a best practice. It also includes capability checks and nonces, indicating an awareness of WordPress security mechanisms. However, there are areas for improvement. A notable concern is the low percentage of properly escaped output (29%). This could potentially lead to Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is not adequately sanitized before being displayed. The presence of external HTTP requests also warrants attention, as these can be points of exploitation if not handled securely. The plugin's vulnerability history is clean, with no recorded CVEs. This suggests a well-maintained and secure development process thus far. In conclusion, while the plugin has a strong foundation in terms of preventing common and severe vulnerabilities like SQL injection and RCE, the insufficient output escaping represents a tangible risk that needs to be addressed to achieve a robust security profile.

Key Concerns

Low percentage of properly escaped output
External HTTP requests present

Vulnerabilities

None known

EngageBay Forms – Simple and Powerful Forms to Capture and Nurture Leads Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

EngageBay Forms – Simple and Powerful Forms to Capture and Nurture Leads Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

17 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

TinyMCE

Output Escaping

29% escaped59 total outputs

Data Flows

All sanitized

Data Flow Analysis

1 flows

<class-engagebay-tinymce-utils> (includes\class-engagebay-tinymce-utils.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

EngageBay Forms – Simple and Powerful Forms to Capture and Nurture Leads Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[engagebayform] includes\class-engagebay-tinymce-utils.php:6

WordPress Hooks 13

actionplugins_loadedengagebay-forms.php:41

actioninitincludes\class-engagebay-admin.php:14

actionadmin_enqueue_scriptsincludes\class-engagebay-admin.php:15

actionadmin_menuincludes\class-engagebay-admin.php:16

actionelementor/widgets/registerincludes\class-engagebay-elementor-forms.php:10

actionadmin_headincludes\class-engagebay-tinymce-utils.php:5

actionload-post.phpincludes\class-engagebay-tinymce-utils.php:7

actionload-post-new.phpincludes\class-engagebay-tinymce-utils.php:8

actionsave_postincludes\class-engagebay-tinymce-utils.php:9

actionwpincludes\class-engagebay-tinymce-utils.php:10

filtermce_external_pluginsincludes\class-engagebay-tinymce-utils.php:25

filtermce_buttonsincludes\class-engagebay-tinymce-utils.php:26

actionadd_meta_boxesincludes\class-engagebay-tinymce-utils.php:91

Maintenance & Trust

EngageBay Forms – Simple and Powerful Forms to Capture and Nurture Leads Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJul 14, 2025

PHP min version

Downloads9K

Community Trust

Rating20/100

Number of ratings1

Active installs100

Alternatives

EngageBay Forms – Simple and Powerful Forms to Capture and Nurture Leads Alternatives

WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More

wpforms-lite

The best WordPress contact form plugin. Drag & Drop form builder to create beautiful contact forms, payment forms, & other custom forms.

6.0M 13 CVEs

Contact Form by Supsystic

contact-form-by-supsystic

Contact Form Builder with drag-and-drop editor to create responsive, mobile ready contact forms in a second. Custom fields and contact form templates

7K 1 unpatched

Contact Form Generator : Creative form builder for WordPress

contact-form-generator

Contact Form Generator is a creative and powerful contact form builder! You will get ready-to-use forms in 5 minutes!

900 3 CVEs

NM Contact Forms

nm-contact-forms

Contact form plugin. NM contact forms allow you simple contact form integration with two built-in anti-spam solutions. Supports get variable.

200 No CVEs

DigitSix Simple Contact Form

digitsix-simple-contact-form

DigitSix Simple Contact Form is a simple solution for those who need simple contact forms for their website.

30 No CVEs

Developer Profile

EngageBay Forms – Simple and Powerful Forms to Capture and Nurture Leads Developer Profile

engagebay

6 plugins · 400 total installs

trust score

Avg Security Score

99/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect EngageBay Forms – Simple and Powerful Forms to Capture and Nurture Leads

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/engagebay-forms/assets/css/engagebay_forms.css

Script Paths

/wp-content/plugins/engagebay-forms/assets/js/engagebay.js

HTML / DOM Fingerprints

CSS Classes

engagebay-forms-wrapnav-tab-activeengagebay-forms-logo

Data Attributes

id="engagebaywrapper"id="engagebay-forms-logo"

JS Globals

EhAPI

REST Endpoints

/wp-json/engagebay/v1/forms

Shortcode Output

<script>
                var EhAPI = EhAPI || {}; 
                EhAPI.after_load = function() {
                    EhAPI.set_account('

');
                    EhAPI.execute('rules');
                };
                (function(d, s, f) {
                    var sc = document.createElement(s);
                    sc.type = 'text/javascript';
                    sc.async = true;
                    sc.src = f;
                    var m = document.getElementsByTagName(s)[0];
                    m.parentNode.insertBefore(sc, m);   
                })(document, 'script', '//d2p078bqz5urf7.cloudfront.net/jsapi/ehform.js');
            </script>
            <script>
                function waitForEhForms() {
                    const interval = 100; // Check every 100ms
                    const checkAndLoad = () => {
                        const params = new URLSearchParams(window.location.search);

FAQ