Does Form Input Masks For Elementor Forms have any unpatched vulnerabilities?

No. All known vulnerabilities in Form Input Masks For Elementor Forms have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Form Input Masks For Elementor Forms compatible with WordPress 6.9.4?

According to WordPress.org data, Form Input Masks For Elementor Forms 2.6.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Form Input Masks For Elementor Forms compatible with PHP 7.4+?

Form Input Masks For Elementor Forms requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Form Input Masks For Elementor Forms updated?

Form Input Masks For Elementor Forms was last updated on Feb 18, 2026. Frequent updates are generally a positive security signal.

What is Form Input Masks For Elementor Forms's security score?

Form Input Masks For Elementor Forms has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Form Input Masks For Elementor Forms Security & Risk Analysis

wordpress.org/plugins/form-masks-for-elementor

Add input masks to Elementor Pro or Hello Plus form fields - phone, date, time, credit card, CPF, CNPJ, CEP & more for accurate entries.

10K active installs v2.6.0 PHP 7.4+ WP 5.5+ Updated Feb 18, 2026

elementorelementor-formelementor-form-builderinput-masksmask

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Form Input Masks For Elementor Forms Safe to Use in 2026?

Generally Safe

Score 100/100

Form Input Masks For Elementor Forms has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The plugin 'form-masks-for-elementor' v2.6.0 exhibits a generally good security posture based on the provided static analysis and vulnerability history. The absence of known CVEs and the strong implementation of security best practices like prepared statements for SQL queries, robust output escaping (96%), and comprehensive nonce and capability checks suggest a well-maintained codebase. The attack surface, while present with 6 AJAX handlers, appears to be protected by authentication checks, and there are no unauthenticated REST API routes or shortcodes to exploit. The taint analysis also shows no critical or high severity unsanitized flows, which is a positive indicator.

However, a minor concern arises from the two flows with unsanitized paths identified during the taint analysis. While not classified as critical or high, these warrant further investigation as they could potentially represent weaknesses. The presence of external HTTP requests, though not explicitly flagged as a vulnerability, is another area that often requires careful scrutiny in security audits, as third-party integrations can sometimes introduce unforeseen risks. The bundled Select2 library, while common, also presents a potential point of concern if it's an outdated version, as vulnerabilities can exist in older library versions.

Overall, this plugin demonstrates strong security fundamentals, with no historical vulnerabilities and a good track record. The few minor points of concern identified in the static analysis are relatively low risk in the absence of any historical exploits. Continued vigilance and regular updates, especially concerning bundled libraries, are recommended to maintain this secure state.

Key Concerns

Flows with unsanitized paths detected
External HTTP requests present
Bundled library (Select2) present

Vulnerabilities

None known

Form Input Masks For Elementor Forms Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Form Input Masks For Elementor Forms Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

369 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2

SQL Query Safety

100% prepared2 total queries

Output Escaping

96% escaped385 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

5 flows2 with unsanitized paths

cfkef_plugin_install (admin\class-cfef-admin.php:137)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Form Input Masks For Elementor Forms Attack Surface

Entry Points6

Unprotected0

AJAX Handlers 6

authwp_ajax_cfkef_plugin_installadmin\class-cfef-admin.php:72

authwp_ajax_cfkef_plugin_activateadmin\class-cfef-admin.php:73

authwp_ajax_cpfm_handle_opt_inadmin\feedback\cpfm-common-notice.php:15

authwp_ajax_fme_install_pluginadmin\marketing\fme-marketing-common.php:78

authwp_ajax_fme_mkt_dismiss_noticeadmin\marketing\fme-marketing-common.php:80

authwp_ajax_fme_elementor_review_noticeincludes\class-fme-plugin.php:62

WordPress Hooks 33

actionadmin_menuadmin\class-cfef-admin.php:68

actionadmin_initadmin\class-cfef-admin.php:69

actionadmin_enqueue_scriptsadmin\class-cfef-admin.php:70

actionadmin_enqueue_scriptsadmin\feedback\admin-feedback-form.php:23

actionadmin_headadmin\feedback\admin-feedback-form.php:24

actionadmin_initadmin\feedback\cpfm-common-notice.php:13

actionadmin_enqueue_scriptsadmin\feedback\cpfm-common-notice.php:14

actionadmin_footeradmin\feedback\cpfm-common-notice.php:16

filtercron_schedulesadmin\feedback\cron\fme-class-cron.php:15

actionfme_extra_data_updateadmin\feedback\cron\fme-class-cron.php:16

actionelementor/initadmin\marketing\fme-marketing-common.php:49

actionelementor/element/loop-grid/section_query/before_section_endadmin\marketing\fme-marketing-common.php:52

actionelementor/element/form/section_form_fields/before_section_endadmin\marketing\fme-marketing-common.php:66

actionelementor/element/taxonomy-filter/section_taxonomy_filter/before_section_endadmin\marketing\fme-marketing-common.php:69

actionadmin_noticesadmin\marketing\fme-marketing-common.php:75

actionelementor/editor/after_enqueue_scriptsadmin\marketing\fme-marketing-common.php:237

actionelementor/editor/after_enqueue_stylesadmin\marketing\fme-marketing-common.php:238

actionactivated_pluginform-masks-for-elementor.php:57

filterplugin_row_metaform-masks-for-elementor.php:65

actionplugins_loadedform-masks-for-elementor.php:67

actioncpfm_register_noticeform-masks-for-elementor.php:90

actioncpfm_after_opt_in_fmeform-masks-for-elementor.php:116

actionadmin_noticesform-masks-for-elementor.php:182

actionadmin_noticesform-masks-for-elementor.php:187

actionelementor/element/form/section_form_fields/before_section_endincludes\class-elementor-mask-control.php:22

filterelementor_pro/forms/render/itemincludes\class-elementor-mask-control.php:23

actionadmin_print_scriptsincludes\class-fme-elementor-page.php:25

actionadmin_noticesincludes\class-fme-elementor-page.php:144

actionwp_enqueue_scriptsincludes\class-fme-plugin.php:58

actionelementor/frontend/after_enqueue_scriptsincludes\class-fme-plugin.php:59

actionelementor/preview/initincludes\class-fme-plugin.php:60

actioninitincludes\class-fme-plugin.php:61

actionelementor/editor/before_enqueue_scriptsincludes\class-fme-plugin.php:124

Scheduled Events 7

fme_extra_data_update

mfe_extra_data_update

ccfef_extra_data_update

cfefp_extra_data_update

cfef_extra_data_update

fme_extra_data_update

Maintenance & Trust

Form Input Masks For Elementor Forms Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 18, 2026

PHP min version7.4

Downloads180K

Community Trust

Rating82/100

Number of ratings18

Active installs10K

Alternatives

Form Input Masks For Elementor Forms Alternatives

Input Mask For Elementor Form Fields

mask-form-elementor

100

Apply input masks in Elementor form widget fields - phone, date, time, credit card, CPF, CNPJ, CEP & more for valid and error-free entries.

20K No CVEs

Input Masks for Elementor Forms

input-masks-for-elementor-forms

100

The plugin that allows you to create input fields with 6 pre-defined formats or custom as your formats in your Elementor Forms forms

500 No CVEs

Cool FormKit Lite – Advanced Form Builder for Elementor

extensions-for-elementor-form

100

Contact form addon for Elementor. Create forms in Elementor Free or extend Elementor Pro forms with conditional logic, country code and extra fields.

20K No CVEs

Conditional Fields for Elementor Form – Apply Conditional Logic

conditional-fields-for-elementor-form

100

Add conditional fields to Elementor forms and apply if-else conditional logic to show or hide Elementor form widget fields via dynamic rules.

10K No CVEs

Country Code For Elementor Form Telephone Field

country-code-field-for-elementor-form

100

Add a country code dropdown with flags to Elementor form phone field for valid international numbers. Also works with Hello Plus form widget.

10K No CVEs

Developer Profile

Form Input Masks For Elementor Forms Developer Profile

Cool Plugins

19 plugins · 109K total installs

trust score

Avg Security Score

98/100

Avg Patch Time

490 days

View full developer profile

Detection Fingerprints

How We Detect Form Input Masks For Elementor Forms

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/form-masks-for-elementor/admin/feedback/cpfm-common-notice.php/wp-content/plugins/form-masks-for-elementor/admin/marketing/fme-marketing-common.php/wp-content/plugins/form-masks-for-elementor/admin/feedback/cron/fme-class-cron.php/wp-content/plugins/form-masks-for-elementor/includes/class-fme-plugin.php/wp-content/plugins/form-masks-for-elementor/includes/class-fme-elementor-page.php/wp-content/plugins/form-masks-for-elementor/admin/feedback/admin-feedback-form.php

Version Parameters

form-masks-for-elementor/style.css?ver=form-masks-for-elementor/assets/js/fme-input-mask.js?ver=

HTML / DOM Fingerprints

CSS Classes

fme-input-mask

Data Attributes

data-inputmask

JS Globals

fme_init_input_mask

FAQ