WP-Safety

Formidable Customizations Security & Risk Analysis

wordpress.org/plugins/formidable-customizations

A compendium of useful customizations and extensions for Formidable Pro. Easily customize your form fields from one location.

10 active installs v1.0 PHP + WP 3.3+ Updated Nov 16, 2013
customizeformidableformidable-promasksplus
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Formidable Customizations Safe to Use in 2026?

Generally Safe

Score 85/100

Formidable Customizations has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 12yr ago
Risk Assessment

The "formidable-customizations" v1.0 plugin exhibits a mixed security posture. On the positive side, there are no known CVEs, and the static analysis shows a limited attack surface with no identified critical or high severity taint flows. The plugin also implements capability checks for its functions. However, several concerning areas require attention. A significant portion of the plugin's output is not properly escaped, posing a risk of cross-site scripting (XSS) vulnerabilities. Additionally, the single SQL query found is not using prepared statements, which is a major vulnerability that could lead to SQL injection attacks. The absence of nonce checks, while not directly tied to an unprotected entry point in this analysis, is a common security practice that is missed.

Key Concerns

  • SQL query not using prepared statements
  • Low percentage of output properly escaped
  • Missing nonce checks
Vulnerabilities
None known

Formidable Customizations Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Formidable Customizations Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
0 prepared
Unescaped Output
26
9 escaped
Nonce Checks
0
Capability Checks
5
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

0% prepared1 total queries

Output Escaping

26% escaped35 total outputs
Attack Surface

Formidable Customizations Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[frm_updated_by] includes\ssfc-functions.php:246
WordPress Hooks 16
actionadmin_menuadmin\class.ssfc-options.php:16
actionadmin_initadmin\class.ssfc-options.php:17
filterplugin_action_linksadmin\ssfc-admin.php:10
actionadmin_initadmin\ssfc-admin.php:17
filterfrm_setup_new_fields_varsincludes\ssfc-functions.php:3
filterfrm_setup_edit_fields_varsincludes\ssfc-functions.php:4
actionfrm_field_input_htmlincludes\ssfc-functions.php:87
filterfrm_validate_field_entryincludes\ssfc-functions.php:135
filterfrm_validate_field_entryincludes\ssfc-functions.php:152
filterfrmreg_new_roleincludes\ssfc-functions.php:173
filterget_avatarincludes\ssfc-functions.php:190
filterget_avatarincludes\ssfc-functions.php:219
actionfrm_field_input_htmlincludes\ssfc-functions.php:233
actionfrm_after_update_fieldincludes\ssfc-functions.php:256
filterfrm_table_classesincludes\ssfc-functions.php:264
filterfrm_table_classesincludes\ssfc-functions.php:278
Maintenance & Trust

Formidable Customizations Maintenance & Trust

Maintenance Signals

WordPress version tested3.7.41
Last updatedNov 16, 2013
PHP min version
Downloads4K

Community Trust

Rating60/100
Number of ratings2
Active installs10
Alternatives

Formidable Customizations Alternatives

Formidable Kinetic

Formidable Kinetic

formidable-kinetic

A
85

Dynamically display any Formidable Form and form fields. One page. One shortcode. Infinite possibilities.

30 No CVEs
Formidable Anti-Spam

Formidable Anti-Spam

formidable-anti-spam

A
85

A lightweight Formidable Pro anti-spam add-on that requires no interaction with the user.

70 No CVEs
Formidable Pro Color Picker

Formidable Pro Color Picker

formidable-pro-add-color-picker-field

A
85

Adds a Color Picker Field type to the Advanced Fields in Formidable Pro

50 No CVEs
Formidable A/B Tests

Formidable A/B Tests

formidable-ab-tests

A
85

Easily A/B test your Formidable Pro created forms.

10 No CVEs
Formidable Email Shortcodes

Formidable Email Shortcodes

formidable-email-shortcodes

A
85

Create shortcodes with unique identifiers to use in your Formidable Email Notification Settings. Change email addresses globally from one location.

10 No CVEs
Developer Profile

Formidable Customizations Developer Profile

thomstark

5 plugins · 130 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Formidable Customizations

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/formidable-customizations/admin/css/style.css/wp-content/plugins/formidable-customizations/admin/js/ssfc-admin.js/wp-content/plugins/formidable-customizations/admin/js/jquery-ui.min.js
Script Paths
/wp-content/plugins/formidable-customizations/admin/js/ssfc-admin.js/wp-content/plugins/formidable-customizations/admin/js/jquery-ui.min.js
Version Parameters
formidable-customizations/admin/css/style.css?ver=formidable-customizations/admin/js/ssfc-admin.js?ver=formidable-customizations/admin/js/jquery-ui.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
ssfc-ui-tabsssfc-ui-tabs-navssfc-ui-tabs-panelssfc-ui-tabs-hidessfc-saving-backdropssfc-savingssfc-settings-saved
Data Attributes
data-section
JS Globals
ssfc_admin_url
FAQ

Frequently Asked Questions about Formidable Customizations