Form Data Collector Security & Risk Analysis
wordpress.org/plugins/form-data-collectorThis plugin will help you to collect and store form data.
Is Form Data Collector Safe to Use in 2026?
Generally Safe
Score 91/100Form Data Collector has a strong security track record. Known vulnerabilities have been patched promptly.
The 'form-data-collector' plugin v2.2.4 exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and implementing nonce and capability checks on its entry points, which are limited to two AJAX handlers. There are no unpatched vulnerabilities, and the last known vulnerability was a medium severity XSS, which is now patched. However, concerns arise from the taint analysis, which revealed one high-severity flow with unsanitized input, indicating a potential for injection attacks. Furthermore, the static analysis shows that a significant portion of output escaping (35%) is not properly handled, increasing the risk of Cross-Site Scripting (XSS) vulnerabilities, especially when combined with the identified taint flow. While the attack surface is small and protected, the presence of unsanitized input and incomplete output escaping are critical weaknesses that need immediate attention.
Key Concerns
- High severity taint flow with unsanitized input
- Significant unescaped output (35%)
Form Data Collector Security Vulnerabilities
CVEs by Year
Severity Breakdown
1 total CVE
Form Data Collector <= 2.2.3 - Reflected Cross-Site Scripting
Form Data Collector Code Analysis
SQL Query Safety
Output Escaping
Data Flow Analysis
Form Data Collector Attack Surface
AJAX Handlers 2
WordPress Hooks 20
Maintenance & Trust
Form Data Collector Maintenance & Trust
Maintenance Signals
Community Trust
Form Data Collector Alternatives
Newsletter – Send awesome emails from WordPress
newsletter
An email marketing tool for your blog: subscription forms to create your lists with unlimited subscribers and newsletters.
Brevo – Email, SMS, Web Push, Chat, and more.
mailin
Turn your WordPress site into a marketing powerhouse. Grow your audience, boost engagement, and drive more sales with Brevo.
Gravity PDF
gravity-forms-pdf-extended
Automatically generate, email and download PDF documents from Gravity Forms entries
E2Pdf – Export Pdf Tool for WordPress
e2pdf
PDF Builder for CF7, Divi, Elementor Forms, Everest, Fluent, Formidable, Forminator, Gravity, JFB, Ninja, WPForms, WooCommerce, Post Meta, ACF, etc.
Gravity Forms Email Blacklist
gravity-forms-email-blacklist
Add-on for Gravity Forms to create a Blacklisting of specific emails or domains for the Email input field to throw a validation error or mark as spam.
Form Data Collector Developer Profile
3 plugins · 330 total installs
How We Detect Form Data Collector
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/form-data-collector/scripts/fdc-front.js/wp-content/plugins/form-data-collector/scripts/fdc-front.min.js/wp-content/plugins/form-data-collector/scripts/fdc-admin.js/wp-content/plugins/form-data-collector/scripts/fdc-admin.min.js/wp-content/plugins/form-data-collector/scripts/fdc-front.js/wp-content/plugins/form-data-collector/scripts/fdc-front.min.js/wp-content/plugins/form-data-collector/scripts/fdc-admin.js/wp-content/plugins/form-data-collector/scripts/fdc-admin.min.jsform-data-collector/scripts/fdc-front.js?ver=form-data-collector/scripts/fdc-front.min.js?ver=form-data-collector/scripts/fdc-admin.js?ver=form-data-collector/scripts/fdc-admin.min.js?ver=HTML / DOM Fingerprints
fdc-enties-filter<!-- Use <b>fdc_privacy_policy_content</b> filter hook to add content here. --><!-- Please use <b>fdc_thickbox_iframe_content</b> action to add content to this modal. --><!-- Entry ID missing -->data-fdc-nonce_fdcVars