Does Formesign have any unpatched vulnerabilities?

No. All known vulnerabilities in Formesign have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Formesign compatible with WordPress 6.8.5?

According to WordPress.org data, Formesign 0.0.5 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is Formesign updated?

Formesign was last updated on Nov 18, 2025. Frequent updates are generally a positive security signal.

What is Formesign's security score?

Formesign has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Formesign Security & Risk Analysis

wordpress.org/plugins/formesign

Create signature forms

0 active installs v0.0.5 PHP + WP 4.0+ Updated Nov 18, 2025

google-formshipaa-complaintintake-formsignature-form

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Formesign Safe to Use in 2026?

Generally Safe

Score 100/100

Formesign has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago

Risk Assessment

The Formesign plugin v0.0.5 exhibits a generally strong security posture based on the provided static analysis. The code demonstrates excellent adherence to secure coding practices, with 100% of SQL queries using prepared statements and a remarkable 98% of output properly escaped. The absence of dangerous functions, file operations, and external HTTP requests further contributes to its security. The plugin also correctly implements nonce checks and focuses its limited attack surface on a single shortcode, which is a positive sign.

However, a significant concern arises from the lack of capability checks on any entry points. While the total attack surface is small and there are no obvious critical or high-severity taint flows identified, a missing capability check on the shortcode could potentially allow unauthorized users to interact with the plugin's functionality if that shortcode performs sensitive operations. The vulnerability history is completely clean, which is a positive indicator, but it's important to remember this is a very early version (v0.0.5) and might not have been extensively tested or targeted yet.

In conclusion, Formesign v0.0.5 has built a solid foundation with its secure coding practices regarding SQL and output escaping. The absence of known vulnerabilities is encouraging. The primary weakness lies in the complete absence of capability checks, which, despite the small attack surface, represents a potential security oversight that needs to be addressed to ensure true robustness.

Key Concerns

Missing capability checks on entry points

Vulnerabilities

None known

Formesign Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Formesign Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

54 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

98% escaped55 total outputs

Data Flows

All sanitized

Data Flow Analysis

3 flows

formesign_dashboard_page (formesign.php:82)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Formesign Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[formesign] formesign.php:386

WordPress Hooks 2

actionadmin_menuformesign.php:38

actionadmin_initformesign.php:127

Maintenance & Trust

Formesign Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedNov 18, 2025

PHP min version

Downloads269

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Formesign Alternatives

Signature field for Elementor Forms

signature-field-for-elementor-forms

100

Elementor Form Signature field add-on makes it easy for users to sign your forms.

2K No CVEs

FormFacade – Embed Google Forms in your website

formfacade

Embed Google Forms™ in your wordpress site

1K 1 unpatched

Perfect Portal Widgets

perfect-portal-widgets

A set of Gutenberg blocks and Shortcodes to display Perfect Portal website widgets

100 1 CVE

Ultimate Addons for Elementor Forms

ultimate-addons-for-elementor-forms

100

Ultimate Addons for Elementor Forms is the must-have plugin to complement Elementor Forms.

40 No CVEs

Chat Forms

chat-forms

Embeds a Chat Form, in a WordPress post, page, or widget.

0 No CVEs

Developer Profile

Formesign Developer Profile

manidoraisamy

3 plugins · 1K total installs

trust score

Avg Security Score

88/100

Avg Patch Time

14 days

View full developer profile

Detection Fingerprints

How We Detect Formesign

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/formesign/assets/css/bootstrap.min.css/wp-content/plugins/formesign/assets/css/style.css/wp-content/plugins/formesign/assets/js/home.js/wp-content/plugins/formesign/assets/js/lottie.js/wp-content/plugins/formesign/assets/css/onboard.css/wp-content/plugins/formesign/assets/css/inter.css

Script Paths

assets/js/home.jsassets/js/lottie.js

Version Parameters

formesign_styles_bootstrapformesign_styles_customformesign_home_scriptlottie_scriptformesign_onboard_stylesformesign_onboard_fonts

HTML / DOM Fingerprints

CSS Classes

ff-onboard-containerff-onboardform-wrapperform-wrapper-successaction-buttons

Data Attributes

id="myIframe"

FAQ