WP-Safety

Cool FormKit Lite – Advanced Form Builder for Elementor Security & Risk Analysis

wordpress.org/plugins/extensions-for-elementor-form

Contact form addon for Elementor. Create forms in Elementor Free or extend Elementor Pro forms with conditional logic, country code and extra fields.

20K active installs v2.6.4 PHP 7.4+ WP 6.2+ Updated Apr 1, 2026
contact-formelementorelementor-formelementor-form-builderform-builder
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Cool FormKit Lite – Advanced Form Builder for Elementor Safe to Use in 2026?

Generally Safe

Score 100/100

Cool FormKit Lite – Advanced Form Builder for Elementor has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The 'extensions-for-elementor-form' plugin, version 2.6.3, exhibits a generally good security posture with several strong practices in place. The plugin demonstrates a high level of adherence to secure coding standards by utilizing prepared statements for all SQL queries and a very high percentage of properly escaped output. Furthermore, the absence of any recorded vulnerabilities (CVEs) or critical/high taint flows suggests a mature development process and a stable codebase. The presence of numerous nonce and capability checks also indicates an effort to protect against common attack vectors.

However, a significant concern arises from the presence of one AJAX handler that lacks authentication checks. This creates a direct entry point for potential unauthorized access or manipulation, even though the taint analysis did not reveal critical issues stemming from this specific handler. While the number of total flows analyzed (8) is relatively small, the three flows with unsanitized paths, even if not classified as critical or high severity, warrant attention as they could potentially be exploited in conjunction with other weaknesses or future code changes. The bundled Select2 library, while not explicitly stated as outdated, is a dependency that could introduce risks if not kept up-to-date.

In conclusion, the plugin is strong in its handling of database interactions and output sanitization, and its vulnerability history is excellent. The primary weakness lies in the unprotected AJAX endpoint, which is a direct security gap. Addressing this single unprotected entry point would significantly enhance the plugin's overall security. The presence of unsanitized paths, even without critical severity, should be investigated further to ensure they do not present a latent risk.

Key Concerns

  • Unprotected AJAX handler found
  • Flows with unsanitized paths identified
Vulnerabilities
None known

Cool FormKit Lite – Advanced Form Builder for Elementor Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Cool FormKit Lite – Advanced Form Builder for Elementor Release Timeline

v2.6.4Current
v2.6.3
v2.6.2
v2.6.1
v2.6.0
v2.5.9
v2.5.7
v2.5.6
v2.5.5
v2.5.4
v2.5.3
v2.5.2
v2.5.1
v2.5.0
v2.4.5
v2.4.4
v2.4.3
v2.4.2
v2.4.0
v2.3
Code Analysis
Analyzed Mar 16, 2026

Cool FormKit Lite – Advanced Form Builder for Elementor Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
12 prepared
Unescaped Output
17
517 escaped
Nonce Checks
16
Capability Checks
19
File Operations
0
External Requests
4
Bundled Libraries
1

Bundled Libraries

Select2

SQL Query Safety

100% prepared12 total queries

Output Escaping

97% escaped534 total outputs
Data Flows · Security
3 unsanitized

Data Flow Analysis

8 flows3 with unsanitized paths
prepare_items (admin\entries\cfkef-list-table.php:244)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Cool FormKit Lite – Advanced Form Builder for Elementor Attack Surface

Entry Points13
Unprotected1

AJAX Handlers 13

authwp_ajax_cfkef_plugin_installadmin\class-cfkef-admin.php:105
authwp_ajax_cfkef_plugin_activateadmin\class-cfkef-admin.php:106
authwp_ajax_cpfm_handle_opt_inadmin\feedback\cpfm-feedback-notice.php:15
authwp_ajax_cfl_install_pluginadmin\marketing\cfl-marketing-common.php:71
authwp_ajax_cfl_mkt_dismiss_noticeadmin\marketing\cfl-marketing-common.php:72
authwp_ajax_ccfef_elementor_review_noticeincludes\frontend\widget\country-code-addon.php:51
authwp_ajax_cfef_elementor_review_noticeincludes\frontend\widget\create-conditional-fields.php:50
authwp_ajax_coolformkit_forms_send_formmodules\forms\components\ajax-handler.php:252
noprivwp_ajax_coolformkit_forms_send_formmodules\forms\components\ajax-handler.php:253
authwp_ajax_ccfef_elementor_review_noticewidgets\addons\coolform-country-code-addon.php:51
authwp_ajax_cfef_elementor_review_noticewidgets\addons\coolform-create-conditional-fields.php:44
authwp_ajax_cfef_elementor_review_noticewidgets\helloplus-addons\helloplus-conditional-fields.php:45
authwp_ajax_ccfef_elementor_review_noticewidgets\helloplus-addons\helloplus-country-code-addon.php:51
WordPress Hooks 126
actionadmin_menuadmin\class-cfkef-admin.php:68
actionadmin_initadmin\class-cfkef-admin.php:69
actionadmin_enqueue_scriptsadmin\class-cfkef-admin.php:70
actioncpfm_register_noticeadmin\class-cfkef-admin.php:72
actioncpfm_after_opt_in_cool_formsadmin\class-cfkef-admin.php:97
actioninitadmin\entries\cfkef-entries-posts.php:36
actionadd_meta_boxesadmin\entries\cfkef-entries-posts.php:37
actionadmin_enqueue_scriptsadmin\entries\cfkef-entries-posts.php:38
actioncfkef_render_menu_pagesadmin\entries\cfkef-entries-posts.php:39
actionadmin_headadmin\entries\cfkef-entries-posts.php:40
filtercfkef_dashboard_tabsadmin\entries\cfkef-entries-posts.php:41
actionadmin_initadmin\entries\cfkef-post-bulk-actions.php:92
actionremovable_query_argsadmin\entries\cfkef-post-bulk-actions.php:93
actioncfkef_admin_noticesadmin\entries\cfkef-post-bulk-actions.php:415
actioncfkef_admin_noticesadmin\entries\cfkef-post-bulk-actions.php:456
actionadmin_enqueue_scriptsadmin\feedback\admin-feedback-form.php:28
actionadmin_headadmin\feedback\admin-feedback-form.php:29
actionadmin_initadmin\feedback\cpfm-feedback-notice.php:13
actionadmin_enqueue_scriptsadmin\feedback\cpfm-feedback-notice.php:14
actionadmin_footeradmin\feedback\cpfm-feedback-notice.php:17
filtercron_schedulesadmin\feedback\cron\cfl-class-cron.php:19
actioncfl_extra_data_updateadmin\feedback\cron\cfl-class-cron.php:20
actionadmin_enqueue_scriptsadmin\marketing\cfl-marketing-common.php:52
actionin_admin_headeradmin\marketing\cfl-marketing-common.php:54
actionadmin_enqueue_scriptsadmin\marketing\cfl-marketing-common.php:59
actionadmin_enqueue_scriptsadmin\marketing\cfl-marketing-common.php:61
actionelementor/initadmin\marketing\cfl-marketing-common.php:67
actionelementor/editor/after_enqueue_scriptsadmin\marketing\cfl-marketing-common.php:347
actionelementor/admin-top-bar/is-activeadmin\register-menu-dashboard\cfkef-dashboard.php:100
actionadmin_print_scriptsadmin\register-menu-dashboard\cfkef-dashboard.php:101
actionadmin_enqueue_scriptsadmin\register-menu-dashboard\cfkef-dashboard.php:102
actionadmin_menuadmin\register-menu-dashboard\cfkef-dashboard.php:115
actionadmin_noticesadmin\register-menu-dashboard\cfkef-dashboard.php:389
actionelementor/element/cool-form/section_form_options/after_section_endadmin\review-notice.php:32
actionelementor/editor/before_enqueue_stylesadmin\review-notice.php:34
actionadmin_noticesadmin\review-notice.php:36
actionactivated_pluginextensions-for-elementor-form.php:84
actionwp_enqueue_scriptsextensions-for-elementor-form.php:85
actionelementor/editor/before_enqueue_scriptsextensions-for-elementor-form.php:86
actionwp_headextensions-for-elementor-form.php:87
actionelementor_pro/forms/actions/registerextensions-for-elementor-form.php:88
actionplugins_loadedextensions-for-elementor-form.php:89
filterplugin_row_metaextensions-for-elementor-form.php:194
actionadmin_noticesextensions-for-elementor-form.php:234
actionadmin_noticesextensions-for-elementor-form.php:239
actionadmin_noticesextensions-for-elementor-form.php:244
actionadmin_noticesextensions-for-elementor-form.php:249
actionadmin_noticesextensions-for-elementor-form.php:275
actionelementor/initincludes\class-cfl-loader.php:91
actioncfkef/form/entriesincludes\collect-entries\class-cfkef-save-entries.php:22
actionelementor_pro/forms/fields/registerincludes\frontend\class-cfl-frontend.php:66
actionelementor_pro/forms/actions/registerincludes\frontend\class-cfl-frontend.php:68
actionelementor/widget/before_render_contentincludes\frontend\widget\class-custom-success-message.php:17
actionelementor/element/form/section_integration/after_section_endincludes\frontend\widget\class-custom-success-message.php:18
actionwp_enqueue_scriptsincludes\frontend\widget\class-custom-success-message.php:19
actionelementor-pro/forms/pre_renderincludes\frontend\widget\class-custom-success-message.php:81
actionelementor/element/form/section_form_fields/before_section_endincludes\frontend\widget\class-elementor-mask-control.php:23
filterelementor_pro/forms/render/itemincludes\frontend\widget\class-elementor-mask-control.php:24
actionwp_enqueue_scriptsincludes\frontend\widget\class-fme-plugin.php:61
actionelementor/preview/initincludes\frontend\widget\class-fme-plugin.php:62
actioninitincludes\frontend\widget\class-fme-plugin.php:63
actionfme_after_mask_attribute_addedincludes\frontend\widget\class-fme-plugin.php:64
actionwp_enqueue_scriptsincludes\frontend\widget\country-code-addon.php:46
actionelementor_pro/forms/render_field/telincludes\frontend\widget\country-code-addon.php:47
actionelementor/element/form/section_form_fields/before_section_endincludes\frontend\widget\country-code-addon.php:48
actionelementor/preview/initincludes\frontend\widget\country-code-addon.php:49
actionelementor/editor/before_enqueue_stylesincludes\frontend\widget\country-code-addon.php:50
actionelementor/frontend/widget/before_renderincludes\frontend\widget\create-conditional-fields.php:45
actionelementor/element/form/section_form_fields/before_section_endincludes\frontend\widget\create-conditional-fields.php:46
actionwp_enqueue_scriptsincludes\frontend\widget\create-conditional-fields.php:47
actionelementor_pro/forms/validationincludes\frontend\widget\create-conditional-fields.php:48
actionelementor/editor/before_enqueue_stylesincludes\frontend\widget\create-conditional-fields.php:49
actionelementor/widgets/registerincludes\module-base.php:244
filtercool_formkit/forms/field_typesmodules\forms\classes\recaptcha-handler.php:297
filtercool_formkit/forms/render/itemmodules\forms\classes\recaptcha-handler.php:299
filterelementor/editor/localize_settingsmodules\forms\classes\recaptcha-handler.php:301
actioncool_formkit/forms/validationmodules\forms\classes\recaptcha-handler.php:305
actionelementor/preview/enqueue_scriptsmodules\forms\classes\recaptcha-handler.php:306
actionelementor/frontend/after_register_scriptsmodules\forms\classes\recaptcha-handler.php:316
actionelementor/frontend/after_enqueue_scriptsmodules\forms\classes\recaptcha-handler.php:318
filtercool_formkit/forms/field_typesmodules\forms\fields\field-base.php:94
actionelementor/preview/enqueue_scriptsmodules\forms\fields\field-base.php:96
actionelementor/element/cool-form/section_form_fields/before_section_endmodules\forms\fields\field-base.php:98
actionelementor/frontend/after_enqueue_scriptsmodules\forms\module.php:186
actionelementor/frontend/after_register_stylesmodules\forms\module.php:187
actionelementor/controls/registermodules\forms\module.php:188
actionelementor/editor/after_enqueue_scriptsmodules\forms\module.php:189
actionelementor/editor/after_enqueue_stylesmodules\forms\module.php:190
actioncool_form/forms/actions/registermodules\forms\registrars\form-actions-registrar.php:37
actioninitmodules\forms\registrars\form-actions-registrar.php:58
actionwp_enqueue_scriptswidgets\addons\coolform-country-code-addon.php:46
actioncool_formkit/forms/render_field/telwidgets\addons\coolform-country-code-addon.php:47
actionelementor/element/cool-form/section_form_fields/before_section_endwidgets\addons\coolform-country-code-addon.php:48
actionelementor/preview/initwidgets\addons\coolform-country-code-addon.php:49
actionelementor/editor/before_enqueue_styleswidgets\addons\coolform-country-code-addon.php:50
actionelementor/frontend/widget/before_renderwidgets\addons\coolform-create-conditional-fields.php:39
actionelementor/element/cool-form/section_form_fields/before_section_endwidgets\addons\coolform-create-conditional-fields.php:40
actionwp_enqueue_scriptswidgets\addons\coolform-create-conditional-fields.php:41
actioncool_formkit/forms/validationwidgets\addons\coolform-create-conditional-fields.php:42
actionelementor/editor/before_enqueue_styleswidgets\addons\coolform-create-conditional-fields.php:43
actionelementor/element/cool-form/section_form_fields/before_section_endwidgets\addons\coolform-elementor-mask-control.php:23
filtercool_formkit/forms/render/itemwidgets\addons\coolform-elementor-mask-control.php:24
actionwp_enqueue_scriptswidgets\addons\coolform-fme-plugin.php:59
actionelementor/preview/initwidgets\addons\coolform-fme-plugin.php:60
actioninitwidgets\addons\coolform-fme-plugin.php:61
actioncoolform_fme_after_mask_attribute_addedwidgets\addons\coolform-fme-plugin.php:62
actioncool_form/forms/actions/registerwidgets\coolform-addons-loader.php:42
actionelementor/element/ehp-form/section_integration/after_section_startwidgets\helloplus-addons\action\save-form-data.php:12
actionelementor/frontend/widget/before_renderwidgets\helloplus-addons\helloplus-conditional-fields.php:40
actionelementor/element/ehp-form/section_form_fields/before_section_endwidgets\helloplus-addons\helloplus-conditional-fields.php:41
actionwp_enqueue_scriptswidgets\helloplus-addons\helloplus-conditional-fields.php:42
actionhello_plus/forms/validationwidgets\helloplus-addons\helloplus-conditional-fields.php:43
actionelementor/editor/before_enqueue_styleswidgets\helloplus-addons\helloplus-conditional-fields.php:44
actionwp_enqueue_scriptswidgets\helloplus-addons\helloplus-country-code-addon.php:46
actionhello_plus/forms/render_field/ehp-telwidgets\helloplus-addons\helloplus-country-code-addon.php:47
actionelementor/element/ehp-form/section_form_fields/before_section_endwidgets\helloplus-addons\helloplus-country-code-addon.php:48
actionelementor/preview/initwidgets\helloplus-addons\helloplus-country-code-addon.php:49
actionelementor/editor/before_enqueue_styleswidgets\helloplus-addons\helloplus-country-code-addon.php:50
actionelementor/element/ehp-form/section_form_fields/before_section_endwidgets\helloplus-addons\helloplus-elementor-mask-control.php:25
filterhello_plus/forms/render/itemwidgets\helloplus-addons\helloplus-elementor-mask-control.php:26
actionwp_enqueue_scriptswidgets\helloplus-addons\helloplus-fme-plugin.php:60
actionelementor/preview/initwidgets\helloplus-addons\helloplus-fme-plugin.php:61
actioninitwidgets\helloplus-addons\helloplus-fme-plugin.php:62
actionhelloplus_after_mask_attribute_addedwidgets\helloplus-addons\helloplus-fme-plugin.php:63
actionplugins_loadedwidgets\helloplus-addons-loader.php:49
actionelementor/element/ehp-form/section_integration/after_section_endwidgets\helloplus-addons-loader.php:56

Scheduled Events 4

cfl_extra_data_update
cfl_extra_data_update
cfefp_extra_data_update
cfl_extra_data_update
Maintenance & Trust

Cool FormKit Lite – Advanced Form Builder for Elementor Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 1, 2026
PHP min version7.4
Downloads244K

Community Trust

Rating90/100
Number of ratings21
Active installs20K
Alternatives

Cool FormKit Lite – Advanced Form Builder for Elementor Alternatives

MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor

MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor

metform

A
87

The most popular Elementor forms builder to create WordPress forms like contact forms, booking forms, feedback form, survey forms, application forms a …

600K 26 CVEs
RTMForm Builder

RTMForm Builder

romethemeform

A
99

RTMForm For Elementor Plugin is an Form Builder for Elementor, and Widget Ready to use.

30K 2 CVEs
Input Mask For Elementor Form Fields

Input Mask For Elementor Form Fields

mask-form-elementor

A
100

Apply input masks in Elementor form widget fields - phone, date, time, credit card, CPF, CNPJ, CEP & more for valid and error-free entries.

20K No CVEs
Conditional Fields for Elementor Form – Apply Conditional Logic

Conditional Fields for Elementor Form – Apply Conditional Logic

conditional-fields-for-elementor-form

A
100

Add conditional fields to Elementor forms and apply if-else conditional logic to show or hide Elementor form widget fields via dynamic rules.

10K No CVEs
Country Code For Elementor Form Telephone Field

Country Code For Elementor Form Telephone Field

country-code-field-for-elementor-form

A
100

Add a country code dropdown with flags to Elementor form phone field for valid international numbers. Also works with Hello Plus form widget.

10K No CVEs
Developer Profile

Cool FormKit Lite – Advanced Form Builder for Elementor Developer Profile

Cool Plugins

21 plugins · 113K total installs

78
trust score
Avg Security Score
98/100
Avg Patch Time
434 days
View full developer profile
Detection Fingerprints

How We Detect Cool FormKit Lite – Advanced Form Builder for Elementor

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/extensions-for-elementor-form/assets/js/flatpickr/handle-date-pickr.js/wp-content/plugins/extensions-for-elementor-form/assets/js/flatpickr/handle-time-pickr.js
Script Paths
/wp-content/plugins/extensions-for-elementor-form/assets/js/flatpickr/handle-date-pickr.js/wp-content/plugins/extensions-for-elementor-form/assets/js/flatpickr/handle-time-pickr.js
Version Parameters
/wp-content/plugins/extensions-for-elementor-form/assets/js/flatpickr/handle-date-pickr.js?ver=/wp-content/plugins/extensions-for-elementor-form/assets/js/flatpickr/handle-time-pickr.js?ver=

HTML / DOM Fingerprints

HTML Comments
<!-- Cool FormKit Lite - Elementor Form Builder --><!-- The plugin is compatible with Elementor -->
Data Attributes
data-cfl-plugin-version
JS Globals
window.CoolFormKit
FAQ

Frequently Asked Questions about Cool FormKit Lite – Advanced Form Builder for Elementor