Does Formative have any unpatched vulnerabilities?

No. All known vulnerabilities in Formative have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Formative compatible with WordPress 6.9.4?

According to WordPress.org data, Formative 1.1.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Formative compatible with PHP 7.4+?

Formative requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Formative updated?

Formative was last updated on Jan 19, 2026. Frequent updates are generally a positive security signal.

What is Formative's security score?

Formative has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Formative Security & Risk Analysis

wordpress.org/plugins/formative

Powerful form builder with multi-step, conditional logic, styling, and 12+ integrations. Drag-and-drop interface for professional forms.

0 active installs v1.1.0 PHP 7.4+ WP 6.0+ Updated Jan 19, 2026

contact-formform-builderformssubmissions

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Formative Safe to Use in 2026?

Generally Safe

Score 100/100

Formative has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago

Risk Assessment

The "formative" v1.1.0 plugin exhibits a strong security posture based on the provided static analysis. The plugin demonstrates excellent practices, particularly in its use of prepared statements for SQL queries and its high percentage of properly escaped output. The absence of dangerous functions, external HTTP requests, and critical or high-severity taint flows is highly encouraging. Furthermore, the plugin implements nonce and capability checks appropriately on its entry points, minimizing the risk of unauthorized actions.

Key Concerns

No critical or high severity taint flows found.
No raw SQL queries found.
High percentage of output properly escaped.
Nonce checks present on entry points.
Capability checks present on entry points.
No known CVEs in vulnerability history.
No bundled libraries.
File operations present, but not analyzed for risk.
Limited attack surface with all entry points protected.

Vulnerabilities

None known

Formative Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Formative Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

254 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

97% escaped262 total outputs

Data Flows

All sanitized

Data Flow Analysis

5 flows

handle_form_preview (includes\Shortcode.php:276)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Formative Attack Surface

Entry Points3

Unprotected0

AJAX Handlers 2

authwp_ajax_formative_dismiss_ratingformative.php:219

authwp_ajax_formative_save_themeincludes\ThemeSettings.php:97

Shortcodes 1

[formative] includes\Shortcode.php:18

WordPress Hooks 15

actionplugins_loadedformative.php:76

actionadmin_noticesformative.php:186

actionadmin_initformative.php:205

filterplugin_row_metaformative.php:258

actionadmin_noticesformative.php:301

actionadmin_menuincludes\Admin.php:18

actionrest_api_initincludes\API\Entries_Controller.php:37

actionrest_api_initincludes\API\Forms_Controller.php:34

actionrest_api_initincludes\API\Settings_Controller.php:34

actionadmin_enqueue_scriptsincludes\Assets.php:18

actionwp_enqueue_scriptsincludes\Assets.php:19

actioninitincludes\PostTypes.php:18

actiontemplate_redirectincludes\Shortcode.php:19

actionadmin_initincludes\ThemeSettings.php:95

actionadmin_enqueue_scriptsincludes\ThemeSettings.php:96

Maintenance & Trust

Formative Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 19, 2026

PHP min version7.4

Downloads210

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Formative Alternatives

Kreebi Forms

kreebi-forms

100

Kreebi Forms makes it simple to build flexible forms using Drag and Drop as well as JSON definition from the WordPress admin.

0 No CVEs

WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More

wpforms-lite

The best WordPress contact form plugin. Drag & Drop form builder to create beautiful contact forms, payment forms, & other custom forms.

6.0M 14 CVEs

Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder

fluentform

Get a fast contact form plugin. Create advanced forms using drag and drop form builder with all smart features.

600K 27 CVEs

Ninja Forms – The Contact Form Builder That Grows With You

ninja-forms

The 100% beginner friendly WordPress form builder. Drag & drop form fields to build beautiful, professional contact forms in minutes.

600K 75 CVEs

SureForms – Contact Form, Payment Form & Other Custom Form Builder

sureforms

The most beginner-friendly, AI Form Builder for WordPress to create contact forms, payment forms & other custom forms with advanced features, with …

400K 16 CVEs

Developer Profile

Formative Developer Profile

Eunito

1 plugin · 0 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Formative

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/formative/build/admin.css/wp-content/plugins/formative/build/admin.js/wp-content/plugins/formative/build/frontend.css/wp-content/plugins/formative/build/frontend.js

Script Paths

/wp-content/plugins/formative/build/admin.js/wp-content/plugins/formative/build/frontend.js

Version Parameters

formative/build/admin.css?ver=formative/build/admin.js?ver=formative/build/frontend.css?ver=formative/build/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

formative-rating-notice

HTML Comments

+1 more

Data Attributes

formative_rating_dismiss=1formative_rating_dismiss=permanentformative_rating_dismiss=1formative_rating_dismiss=permanent

JS Globals

ajaxurlformative_dismiss_ratingformative_dismiss_rating

FAQ