Does Form Plant have any unpatched vulnerabilities?

No. All known vulnerabilities in Form Plant have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Form Plant compatible with WordPress 6.9.4?

According to WordPress.org data, Form Plant 1.0.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Form Plant compatible with PHP 8.0+?

Form Plant requires PHP 8.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Form Plant updated?

Form Plant was last updated on Mar 13, 2026. Frequent updates are generally a positive security signal.

What is Form Plant's security score?

Form Plant has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Form Plant Security & Risk Analysis

wordpress.org/plugins/form-plant

A form plugin with built-in confirmation screen, submission data storage, and external site embedding — ready to use right out of the box.

0 active installs v1.0.0 PHP 8.0+ WP 6.0+ Updated Mar 13, 2026

contact-formcustom-formemailforminquiry

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Form Plant Safe to Use in 2026?

Generally Safe

Score 100/100

Form Plant has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 22d ago

Risk Assessment

The "form-plant" plugin v1.0.0 exhibits a generally strong security posture based on the provided static analysis. The plugin demonstrates good practices by implementing nonce checks and capability checks for its entry points. The high percentage of prepared statements for SQL queries and proper output escaping significantly mitigates common web vulnerabilities like SQL injection and cross-site scripting (XSS).

Key Concerns

Flows with unsanitized paths
File operations present
External HTTP requests present

Vulnerabilities

None known

Form Plant Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Form Plant Code Analysis

Dangerous Functions

Raw SQL Queries

8 prepared

Unescaped Output

793 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

89% prepared9 total queries

Output Escaping

99% escaped798 total outputs

Data Flows

6 unsanitized

Data Flow Analysis

7 flows6 with unsanitized paths

ajax_export_submissions (includes\class-admin.php:527)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Form Plant Attack Surface

Entry Points21

Unprotected0

AJAX Handlers 15

authwp_ajax_fplant_save_formincludes\class-admin.php:38

authwp_ajax_fplant_delete_formincludes\class-admin.php:39

authwp_ajax_fplant_duplicate_formincludes\class-admin.php:40

authwp_ajax_fplant_export_submissionsincludes\class-admin.php:41

authwp_ajax_fplant_get_submission_detailincludes\class-admin.php:42

authwp_ajax_fplant_delete_submissionsincludes\class-admin.php:43

authwp_ajax_fplant_quick_edit_formincludes\class-admin.php:44

authwp_ajax_fplant_trash_formincludes\class-admin.php:45

authwp_ajax_fplant_download_fileincludes\class-admin.php:46

authwp_ajax_fplant_upload_cssincludes\class-form-plant.php:148

authwp_ajax_fplant_delete_cssincludes\class-form-plant.php:149

authwp_ajax_fplant_submit_formincludes\class-submission-manager.php:29

noprivwp_ajax_fplant_submit_formincludes\class-submission-manager.php:30

authwp_ajax_fplant_validate_formincludes\class-submission-manager.php:33

noprivwp_ajax_fplant_validate_formincludes\class-submission-manager.php:34

Shortcodes 6

[fplant] includes\class-shortcode.php:22

[fplant_field] includes\class-shortcode.php:23

[fplant_submit] includes\class-shortcode.php:24

[fplant_errors] includes\class-shortcode.php:25

[fplant_success] includes\class-shortcode.php:26

[fplant_field_error] includes\class-shortcode.php:27

WordPress Hooks 22

actionplugins_loadedform-plant.php:42

actionadmin_menuincludes\class-admin.php:29

actionadmin_initincludes\class-admin.php:32

actionadmin_initincludes\class-admin.php:35

filterset-screen-optionincludes\class-admin.php:49

filterset_screen_option_fplant_submissions_per_pageincludes\class-admin.php:51

filterscreen_settingsincludes\class-admin.php:285

actionwp_mail_failedincludes\class-email-handler.php:23

actioninitincludes\class-embed.php:23

actiontemplate_redirectincludes\class-embed.php:24

filterquery_varsincludes\class-embed.php:25

actionsave_post_fplant_formincludes\class-form-manager.php:22

actioninitincludes\class-form-plant.php:132

actioninitincludes\class-form-plant.php:135

actionplugins_loadedincludes\class-form-plant.php:138

actionwp_enqueue_scriptsincludes\class-form-plant.php:141

actionadmin_enqueue_scriptsincludes\class-form-plant.php:142

actionphpmailer_initincludes\class-form-plant.php:145

filterupload_dirincludes\class-form-plant.php:742

actionrest_api_initincludes\class-rest-api.php:28

filterrest_pre_serve_requestincludes\class-rest-api.php:29

filterupload_dirincludes\class-submission-manager.php:769

Maintenance & Trust

Form Plant Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 13, 2026

PHP min version8.0

Downloads136

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Form Plant Alternatives

Quick Contact Form

quick-contact-form

An easy to set up, plug and play contact form with a huge range of options and styles. A beginner friendly WordPress contact form plugin.

1K 7 CVEs

Form – Contact Form

form-forms

Form is advanced solution for WordPress users. Contact Form Is awesome WordPress plugin with many useful features and effects.

100 1 CVE

IAKPress – Quiz Maker, Form Builder, Photo Gallery, Custom Post UI

iakpress

IAKPress is an innovative add-ons kit to create forms, exam quiz, pages and many more.

100 No CVEs

All Post Contact Form

allpost-contactform

This plugin adds confirmation and completion screens to any HTML form and sends submitted data via email.

10 1 unpatched

LW Simple Forms

lw-simple-forms

100

A flexible form plugin that implements the flow of input → confirmation → completion screen, while also supporting simple one-step submissions.

10 No CVEs

Developer Profile

Form Plant Developer Profile

Reiji Sato

2 plugins · 100 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Form Plant

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/form-plant/assets/css/frontend.css/wp-content/plugins/form-plant/assets/js/frontend.js

Version Parameters

form-plant/assets/css/frontend.css?ver=form-plant/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

form-plant-embed-wrapper

Data Attributes

data-form-plant-embed-id

JS Globals

FPlantEmbed

FAQ