WP-Safety

Formation Forms – Contact Form, 200 Form Designs, Powerful Builder Security & Risk Analysis

wordpress.org/plugins/formation

Enhance user experience with Formation Login Forms plugin for WordPress. Engaging animations for sleek and intuitive login interactions.

20 active installs v1.1.2 PHP 7.0+ WP 5.5+ Updated Dec 20, 2024
contact-formcontact-form-pluginscustom-formform-builderforms
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Formation Forms – Contact Form, 200 Form Designs, Powerful Builder Safe to Use in 2026?

Generally Safe

Score 92/100

Formation Forms – Contact Form, 200 Form Designs, Powerful Builder has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The "formation" plugin version 1.1.2 exhibits a generally good security posture with strong adherence to best practices. The static analysis reveals no unprotected entry points, a low percentage of SQL queries not using prepared statements, and a high rate of properly escaped outputs. The presence of nonce and capability checks on all identified AJAX handlers and REST API routes further strengthens its defense against common web vulnerabilities. The plugin also has a clean vulnerability history, with no known CVEs, indicating a potentially well-maintained codebase.

Despite the positive findings, there are specific areas that warrant attention. The taint analysis identified three high-severity flows with unsanitized paths, which could potentially be exploited if a user can influence the input that leads to these paths. Additionally, the presence of the `move_uploaded_file` function, a known dangerous function, without immediate context of its sanitization or usage context, introduces a potential risk for file upload vulnerabilities. While the vulnerability history is clean, the taint analysis findings suggest potential undiscovered vulnerabilities that could arise from the identified unsanitized paths.

In conclusion, "formation" v1.1.2 presents a mixed security profile. Its robust implementation of authentication and output escaping is commendable, and the lack of historical vulnerabilities is a significant strength. However, the high-severity taint flows and the presence of a dangerous function necessitate careful review and potentially remediation to ensure a truly secure user experience. Continued vigilance and security audits are recommended, especially around the identified taint flow areas.

Key Concerns

  • High severity unsanitized paths in taint analysis
  • Presence of dangerous function: move_uploaded_file
  • Bundled library: Select2 (potential outdated dependency)
Vulnerabilities
None known

Formation Forms – Contact Form, 200 Form Designs, Powerful Builder Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Formation Forms – Contact Form, 200 Form Designs, Powerful Builder Release Timeline

v1.1.2Current
v1.1.1
v1.1.0
v1.0
Code Analysis
Analyzed Apr 16, 2026

Formation Forms – Contact Form, 200 Form Designs, Powerful Builder Code Analysis

Dangerous Functions
2
Raw SQL Queries
1
15 prepared
Unescaped Output
32
565 escaped
Nonce Checks
20
Capability Checks
3
File Operations
26
External Requests
7
Bundled Libraries
1

Dangerous Functions Found

move_uploaded_filemove_uploaded_file( $file, $file_path );inc/entries/class.entries.php:97
move_uploaded_fileif( move_uploaded_file( $file, $upload_file ) ) {inc/notification/class.smtp.php:62

Bundled Libraries

Select2

SQL Query Safety

94% prepared16 total queries

Output Escaping

95% escaped597 total outputs
Data Flows · Security
6 unsanitized

Data Flow Analysis

10 flows6 with unsanitized paths
formation_template_redirect (inc/class.formation-preview.php:102)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Formation Forms – Contact Form, 200 Form Designs, Powerful Builder Attack Surface

Entry Points23
Unprotected0

AJAX Handlers 20

authwp_ajax_formation_create_new_formadmin/class.admin-ajax-functions.php:14
authwp_ajax_formation_editor_saveadmin/class.admin-ajax-functions.php:17
authwp_ajax_formation_make_entry_favadmin/class.admin-ajax-functions.php:20
authwp_ajax_formation_get_entriesadmin/class.admin-ajax-functions.php:23
authwp_ajax_formation_download_fileadmin/class.admin-ajax-functions.php:26
authwp_ajax_formation_entry_deleteadmin/class.admin-ajax-functions.php:29
authwp_ajax_formation_get_form_listadmin/class.admin-ajax-functions.php:32
authwp_ajax_formation_create_other_formadmin/class.admin-ajax-functions.php:35
authwp_ajax_formation_get_page_listadmin/class.admin-ajax-functions.php:38
authwp_ajax_formation_set_tooltip_statadmin/class.admin-ajax-functions.php:41
authwp_ajax_formation_create_new_embed_pageadmin/class.admin-ajax-functions.php:44
authwp_ajax_formation_import_formadmin/class.admin-ajax-functions.php:47
authwp_ajax_formation_export_formsadmin/class.admin-ajax-functions.php:50
authwp_ajax_formation_delete_formadmin/class.admin-ajax-functions.php:53
authwp_ajax_formation_form_status_changeadmin/class.admin-ajax-functions.php:56
authwp_ajax_formation_form_templatesadmin/class.admin-ajax-functions.php:59
authwp_ajax_formation_template_importadmin/class.admin-ajax-functions.php:62
authwp_ajax_formation_get_formsadmin/class.admin-ajax-functions.php:65
authwp_ajax_formation_form_submissioninc/class.ajax-functions.php:10
noprivwp_ajax_formation_form_submissioninc/class.ajax-functions.php:11

REST API Routes 2

GET/wp-json/formation/v1/forms/admin/supports/gutenberg/class.supporter.php:58
GET/wp-json/formation/v1/sforms/(?P<formId>[\d]+)admin/supports/gutenberg/class.supporter.php:82

Shortcodes 1

[formation_form] inc/class.shortcodes.php:16
WordPress Hooks 29
actionadmin_menuadmin/class.formation-menu.php:12
actionadmin_bar_menuadmin/class.formation-menu.php:15
actionadmin_enqueue_scriptsadmin/class.formation-menu.php:18
filterupload_mimesadmin/class.formation-menu.php:20
actionadmin_enqueue_scriptsadmin/editor/class.formation-editor.php:12
actioninitadmin/post-type/class.formation-post.php:9
actionadmin_enqueue_scriptsadmin/pre-templates/class.pre-templates.php:9
actionmedia_buttonsadmin/supports/classic/class.supporter.php:21
actionadmin_footeradmin/supports/classic/class.supporter.php:60
actionelementor/editor/before_enqueue_scriptsadmin/supports/elementor/class.supporter.php:143
actionelementor/widgets/registeradmin/supports/elementor/class.supporter.php:146
actioninitadmin/supports/gutenberg/class.supporter.php:16
actionenqueue_block_editor_assetsadmin/supports/gutenberg/class.supporter.php:19
actionrest_api_initadmin/supports/gutenberg/class.supporter.php:22
actionrest_api_initadmin/supports/gutenberg/class.supporter.php:25
actioninitformation-init.php:47
actionadmin_initformation.php:58
actioninitformation.php:71
actionadmin_initinc/class.actions.php:11
actionadmin_footerinc/class.actions.php:13
actioninitinc/class.actions.php:16
filterdefault_titleinc/class.actions.php:61
filterdefault_contentinc/class.actions.php:62
actiontemplate_redirectinc/class.formation-preview.php:52
actionwp_headinc/class.formation-preview.php:112
actionwp_enqueue_scriptsinc/class.formation-preview.php:113
actionwp_footerinc/class.formation-preview.php:133
actionwp_enqueue_scriptsinc/class.shortcodes.php:14
actionwp_footerinc/class.shortcodes.php:85
Maintenance & Trust

Formation Forms – Contact Form, 200 Form Designs, Powerful Builder Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedDec 20, 2024
PHP min version7.0
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs20
Alternatives

Formation Forms – Contact Form, 200 Form Designs, Powerful Builder Alternatives

WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More

WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More

wpforms-lite

A
88

The best WordPress contact form plugin. Drag & Drop form builder to create beautiful contact forms, payment forms, & other custom forms.

6.0M 16 CVEs
Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder

Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder

fluentform

B
82

Get a fast contact form plugin. Create advanced forms using drag and drop form builder with all smart features.

700K 33 CVEs
SureForms – Contact Form, Payment Form & Other Custom Form Builder

SureForms – Contact Form, Payment Form & Other Custom Form Builder

sureforms

A
88

The most beginner-friendly AI Form Builder for WordPress. Create contact, payment, quiz & custom forms with advanced features in minutes.

500K 16 CVEs
Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder

Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder

everest-forms

B
77

The best WordPress form builder. Create contact forms, payment forms, conversational forms, custom forms, surveys, & quizzes using drag and drop.

100K 15 CVEs
Ultra Addons for Contact Form 7

Ultra Addons for Contact Form 7

ultimate-addons-for-contact-form-7

B
82

50+ Essential Addons for Contact Form 7 - Conditional Fields, Multi Step, Redirection, Columns, WooCommerce, Mailchimp & more

60K 14 CVEs
Developer Profile

Formation Forms – Contact Form, 200 Form Designs, Powerful Builder Developer Profile

Harnani

1 plugin · 20 total installs

88
trust score
Avg Security Score
92/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Formation Forms – Contact Form, 200 Form Designs, Powerful Builder

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/formation/assets/css/formation-admin.css/wp-content/plugins/formation/assets/css/formation-front.css/wp-content/plugins/formation/assets/js/formation-admin.js/wp-content/plugins/formation/assets/js/formation-front.js
Script Paths
/wp-content/plugins/formation/assets/js/formation-admin.js/wp-content/plugins/formation/assets/js/formation-front.js
Version Parameters
formation/assets/css/formation-admin.css?ver=formation/assets/css/formation-front.css?ver=formation/assets/js/formation-admin.js?ver=formation/assets/js/formation-front.js?ver=

HTML / DOM Fingerprints

CSS Classes
formation-formformation-custom-formsformation-entriesformation-settingsformation-import
Data Attributes
data-form-id
JS Globals
formation_vars
REST Endpoints
/wp-json/formation/v1/forms/wp-json/formation/v1/entries
Shortcode Output
[formation_form id=]
FAQ

Frequently Asked Questions about Formation Forms – Contact Form, 200 Form Designs, Powerful Builder