Does Formentor – Elementor Form Plus have any unpatched vulnerabilities?

No. All known vulnerabilities in Formentor – Elementor Form Plus have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Formentor – Elementor Form Plus compatible with WordPress 4.9.29?

According to WordPress.org data, Formentor – Elementor Form Plus 1 has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

Is Formentor – Elementor Form Plus compatible with PHP 5.2.4+?

Formentor – Elementor Form Plus requires PHP 5.2.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Formentor – Elementor Form Plus updated?

Formentor – Elementor Form Plus was last updated on Oct 21, 2018. Frequent updates are generally a positive security signal.

What is Formentor – Elementor Form Plus's security score?

Formentor – Elementor Form Plus has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Formentor – Elementor Form Plus Security & Risk Analysis

wordpress.org/plugins/formentor-elementor-form-plus

Send forms directly to Google Sheets, an elementor plugin

200 active installs v1 PHP 5.2.4+ WP 4.1+ Updated Oct 21, 2018

contact-form-7elementorformgoogle-sheetgoogle-spreadsheets

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Formentor – Elementor Form Plus Safe to Use in 2026?

Generally Safe

Score 85/100

Formentor – Elementor Form Plus has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago

Risk Assessment

The "formentor-elementor-form-plus" v1 plugin exhibits a concerning security posture, primarily due to a significant attack surface with no authentication checks on its AJAX handlers. While the plugin demonstrates good practices in SQL query handling and avoids dangerous functions and file operations, the lack of authorization on its entry points is a major weakness. The static analysis reveals 4 AJAX handlers, all of which lack authentication, presenting a direct pathway for unauthorized actions if vulnerabilities exist within them. Taint analysis, while not revealing critical or high severity issues, did identify flows with unsanitized paths, which, when combined with unprotected entry points, could potentially lead to exploitation. The plugin's vulnerability history is clean, with no recorded CVEs. This absence of historical vulnerabilities could indicate diligent development or simply a lack of past discovery. However, the current code analysis strongly suggests that the unprotected AJAX endpoints are the most significant risk, potentially allowing attackers to trigger plugin functionality without proper authorization.

Key Concerns

Unprotected AJAX handlers
Unsanitized paths in taint flows
Low output escaping coverage
No nonce checks on AJAX handlers
No capability checks on AJAX handlers

Vulnerabilities

None known

Formentor – Elementor Form Plus Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Formentor – Elementor Form Plus Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

4 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

24% escaped17 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths

send_cf7_to_google_sheet (google_api_modol.php:140)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

4 unprotected

Formentor – Elementor Form Plus Attack Surface

Entry Points4

Unprotected4

AJAX Handlers 4

authwp_ajax_askAccsesTokengoogle_api_modol.php:65

noprivwp_ajax_askAccsesTokengoogle_api_modol.php:66

authwp_ajax_savetokebgoogle_api_modol.php:67

noprivwp_ajax_savetokebgoogle_api_modol.php:68

WordPress Hooks 14

actionelementor/controls/controls_registeredcf7-form\cf7-form.php:18

actionelementor/widgets/widgets_registeredcf7-form\cf7-form.php:19

actionwp_enqueue_scriptscf7-form\cf7-form.php:20

actionelementor/frontend/after_register_scriptscf7-form\cf7-form.php:21

actionwp_enqueue_scriptsgoogle_api_modol.php:60

actionelementor/frontend/widget/before_rendergoogle_api_modol.php:61

actionadmin_initgoogle_api_modol.php:62

actionelementor_pro/forms/validationgoogle_api_modol.php:63

actionelementor/element/form/section_form_style/before_section_startgoogle_api_modol.php:64

actionplugins_loadedgoogle_api_modol.php:69

actionwp_footergoogle_api_modol.php:70

actionwpcf7_before_send_mailgoogle_api_modol.php:72

actionadmin_menuoption_page.php:10

actionadmin_initoption_page.php:24

Maintenance & Trust

Formentor – Elementor Form Plus Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedOct 21, 2018

PHP min version5.2.4

Downloads83K

Community Trust

Rating100/100

Number of ratings4

Active installs200

Alternatives

Formentor – Elementor Form Plus Alternatives

EntryDashboard – Database Addon & Sync for WPForms, CF7, Elementor & More

entries-manager

100

Saves, manages, and sync all form submissions to your WordPress database. The most powerful Database Addon for WPForms, Contact Form 7, and Elementor …

30 No CVEs