Does Form Block have any unpatched vulnerabilities?

No. All known vulnerabilities in Form Block have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Form Block compatible with WordPress 6.9.4?

According to WordPress.org data, Form Block 1.7.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Form Block compatible with PHP 7.4+?

Form Block requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Form Block updated?

Form Block was last updated on Jan 31, 2026. Frequent updates are generally a positive security signal.

What is Form Block's security score?

Form Block has a WP-Safety security score of 94/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Form Block Security & Risk Analysis

wordpress.org/plugins/form-block

An extensive yet user-friendly form block.

200 active installs v1.7.1 PHP 7.4+ WP 6.7+ Updated Jan 31, 2026

accessibilityblock-editorcontact-formformgutenberg

A · Safe

CVEs total2

Unpatched0

Last CVEAug 7, 2025

Plugin page Download

Safety Verdict

Is Form Block Safe to Use in 2026?

Generally Safe

Score 94/100

Form Block has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Aug 7, 2025Updated 2mo ago

Risk Assessment

The "form-block" plugin v1.7.1 presents a mixed security posture. On one hand, the static analysis shows a remarkably small attack surface with no discernible entry points and a complete absence of dangerous functions, SQL queries requiring sanitization, file operations, external requests, and crucially, no raw SQL queries or critical taint flows. This indicates a strong adherence to secure coding practices in these specific areas. However, a significant concern arises from the complete lack of output escaping and the absence of nonce and capability checks on all potential entry points, despite their apparent zero count in the static analysis. This suggests that while there may not be direct vulnerabilities exposed, any future expansion or modification of the plugin without implementing proper output escaping and access controls could lead to severe security flaws.

Key Concerns

No output escaping implemented
No nonce checks
No capability checks
Vulnerability history indicates past critical issues

Vulnerabilities

Form Block Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Critical

Medium

2 total CVEs

CVE-2025-54693critical · 9.8Unrestricted Upload of File with Dangerous Type

Form Block <= 1.5.5 - Unauthenticated Arbitrary File Upload

Aug 7, 2025 Patched in 1.5.6 (5d)

CVE-2023-30616medium · 4.3Cross-Site Request Forgery (CSRF)

Form Block <= 1.0.1 - Cross-Site Request Forgery

Apr 20, 2023 Patched in 1.0.2 (278d)

Code Analysis

Analyzed Mar 16, 2026

Form Block Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared4 total queries

Output Escaping

0% escaped18 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

get_options_page_html (inc\class-admin.php:126)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Form Block Attack Surface

Entry Points0

Unprotected0

Maintenance & Trust

Form Block Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 31, 2026

PHP min version7.4

Downloads9K

Community Trust

Rating100/100

Number of ratings4

Active installs200

Alternatives

Form Block Alternatives

Form Builder Blocks

ninja-chandel-form-builder-blocks

100

Build powerful, custom forms directly inside the WordPress Block Editor with drag-and-drop ease and built-in entry management.

20 No CVEs

CF block

contact-block

CF Block is a custom Gutenberg Block That has the following upgradation to be followed they are

10 No CVEs

Advanced Editor Tools

tinymce-advanced

100

Extends and enhances the block editor (Gutenberg) and the classic editor (TinyMCE).

2.0M 1 CVE

JetFormBuilder — Dynamic Blocks Form Builder

jetformbuilder

Advanced form builder plugin for Gutenberg. Create forms from the ground up, customize the existing ones, and style them up – all in one editor.

90K 7 CVEs

Contact Form 7: Accessible Defaults

contact-form-7-accessible-defaults

100

Replaces the default Contact Form 7 form with an accessible equivalent and provides a suite of selectable base forms.

5K No CVEs

Developer Profile

Form Block Developer Profile

epiphyt

4 plugins · 14K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

116 days

View full developer profile

Detection Fingerprints

How We Detect Form Block

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/form-block/assets/style/build/admin.css/wp-content/plugins/form-block/assets/js/tabs.js/wp-content/plugins/form-block/assets/js/snackbar.js/wp-content/plugins/form-block/assets/js/submissions.js/wp-content/plugins/form-block/assets/style/build/admin.min.css/wp-content/plugins/form-block/assets/js/build/tabs.min.js/wp-content/plugins/form-block/assets/js/build/snackbar.min.js/wp-content/plugins/form-block/assets/js/build/submissions.min.js

Script Paths

/wp-content/plugins/form-block/assets/js/build/tabs.js/wp-content/plugins/form-block/assets/js/build/snackbar.js/wp-content/plugins/form-block/assets/js/build/submissions.js

Version Parameters

form-block-admin?ver=form-block-admin-tabs?ver=form-block-admin-snackbar?ver=form-block-admin-submissions?ver=

HTML / DOM Fingerprints

CSS Classes

form-block-admin-snackbar

Data Attributes

data-form-block-noncedata-form-block-rest-url

JS Globals

formBlockSubmissions

REST Endpoints

/wp-json/form-block/v1/submissions

FAQ