WP-Safety

Forminator Forms – Contact Form, Payment Form & Custom Form Builder Security & Risk Analysis

wordpress.org/plugins/forminator

Best WordPress form builder plugin. Create contact forms, payment forms & order forms with 1000+ integrations.

600K active installs v1.51.1 PHP 7.4+ WP 6.4+ Updated Feb 27, 2026
contact-formcustom-formformspayment-formwordpress-form-plugin
76
B · Generally Safe
CVEs total36
Unpatched0
Last CVEFeb 16, 2026
Plugin page Download
Safety Verdict

Is Forminator Forms – Contact Form, Payment Form & Custom Form Builder Safe to Use in 2026?

Mostly Safe

Score 76/100

Forminator Forms – Contact Form, Payment Form & Custom Form Builder is generally safe to use. 36 past CVEs were resolved. Keep it updated.

36 known CVEsLast CVE: Feb 16, 2026Updated 1mo ago
Risk Assessment

Forminator v1.51.1 exhibits a mixed security posture. While a high percentage of SQL queries utilize prepared statements and output escaping is generally robust, significant concerns arise from its attack surface. The plugin exposes 121 AJAX handlers, with a substantial 110 of these lacking authentication checks, creating a large potential entry point for unauthorized actions. The presence of a dangerous function like `preg_replace(/e)`, even if only one, warrants careful scrutiny. Taint analysis shows some flows with unsanitized paths, though thankfully no critical or high severity issues were identified in this specific analysis.

The plugin's vulnerability history is a major red flag. With 36 known CVEs, including 3 critical and 6 high severity vulnerabilities in the past, it indicates a recurring pattern of security weaknesses. The common vulnerability types listed, such as Missing Authorization, SQL Injection, and Cross-Site Scripting, are consistent with the observed attack surface and coding practices. While there are currently no unpatched CVEs, the historical prevalence of severe vulnerabilities suggests a diligent patching effort is required, and the underlying causes may not be fully addressed. Forminator's strengths lie in its high rate of prepared SQL statements and proper output escaping, demonstrating some good security practices. However, the sheer volume of unprotected AJAX endpoints and the historical track record of critical vulnerabilities present a significant and ongoing risk that requires robust mitigation strategies and continuous monitoring.

Key Concerns

  • Large attack surface without auth checks
  • Dangerous function: preg_replace(/e)
  • Flows with unsanitized paths in taint analysis
  • History of 3 critical CVEs
  • History of 6 high CVEs
  • Bundled library: Select2
Vulnerabilities
36

Forminator Forms – Contact Form, Payment Form & Custom Form Builder Security Vulnerabilities

CVEs by Year

2 CVEs in 2019
2019
3 CVEs in 2021
2021
8 CVEs in 2023
2023
12 CVEs in 2024
2024
9 CVEs in 2025
2025
2 CVEs in 2026
2026
Patched Has unpatched

Severity Breakdown

Critical
3
High
6
Medium
27

36 total CVEs

CVE-2026-2002medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.50.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

Feb 16, 2026 Patched in 1.50.3 (1d)
CVE-2025-14782medium · 5.3Missing Authorization

Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.49.1 - Missing Authorization to Authenticated (Forminator User+) CSV Export

Jan 8, 2026 Patched in 1.49.2 (1d)
CVE-2025-7638medium · 4.9Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.45.0 - Authenticated (Administrator+) SQL Injection via `order_by` Parameter

Jul 17, 2025 Patched in 1.45.1 (1d)
CVE-2025-6464high · 7.5Deserialization of Untrusted Data

Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.44.2 - Unauthenticated PHP Object Injection (PHAR) Triggered via Administrator Form Submission Deletion

Jul 1, 2025 Patched in 1.44.3 (1d)
CVE-2025-6463high · 8.8External Control of File Name or Path

Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.44.2 - Unauthenticated Arbitrary File Deletion Triggered via Administrator Form Submission Deletion

Jul 1, 2025 Patched in 1.44.3 (1d)
CVE-2025-5341medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Forminator <= 1.44.1 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via id and data-size Parameters

Jun 4, 2025 Patched in 1.44.2 (1d)
CVE-2025-3487medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Forminator <= 1.42.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'limit'

Apr 16, 2025 Patched in 1.42.1 (1d)
CVE-2025-3479medium · 5.3Improper Validation of Integrity Check Value

Forminator <= 1.42.0 - Order Replay Vulnerability

Apr 16, 2025 Patched in 1.42.1 (1d)
CVE-2025-0469medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Forminator <= 1.39.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Feb 26, 2025 Patched in 1.39.3 (1d)
CVE-2025-0470medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Forminator <= 1.38.2 - Reflected Cross-Site Scripting via Title Parameter

Jan 30, 2025 Patched in 1.38.3 (1d)
CVE-2024-7052medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.38.2 - Authenticated (Admin+) Stored Cross-Site Scripting

Jan 24, 2025 Patched in 1.38.3 (29d)
CVE-2024-9700medium · 5.3Authorization Bypass Through User-Controlled Key

Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.36.0 - Insecure Direct Object Reference to Submission Manipulation

Oct 30, 2024 Patched in 1.36.1 (1d)
CVE-2024-10402high · 7.5Missing Authorization

Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.35.1 - Missing Authorization to Authenticated (Contributor+) Form Update and Creation

Oct 25, 2024 Patched in 1.36.0 (1d)
CVE-2024-9352medium · 4.3Cross-Site Request Forgery (CSRF)

Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.35.1 - Cross-Site Request Forgery to Draft Custom Form Creation

Oct 16, 2024 Patched in 1.36.0 (1d)
CVE-2024-9351medium · 4.3Cross-Site Request Forgery (CSRF)

Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.35.1 - Cross-Site Request Forgery to Draft Quiz Creation

Oct 16, 2024 Patched in 1.36.0 (1d)
CVE-2024-45625medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.34.0 - Reflected Cross-Site Scripting

Sep 9, 2024 Patched in 1.34.1 (4d)
CVE-2024-7389high · 7.5Insufficiently Protected Credentials

Forminator <= 1.29.1 - HubSpot Developer API Key Sensitive Information Exposure

Aug 1, 2024 Patched in 1.29.2 (1d)
CVE-2024-31077critical · 9.1Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Forminator <= 1.29.2 - Authenticated (Admin+) SQL Injection

Apr 18, 2024 Patched in 1.29.3 (7d)
CVE-2024-31857medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Forminator <= 1.15.2 - Reflected Cross-Site Scripting

Apr 18, 2024 Patched in 1.15.4 (7d)
CVE-2024-28890critical · 9.8Unrestricted Upload of File with Dangerous Type

Forminator <= 1.28.1 - Unauthenticated Arbitrary File Upload

Apr 18, 2024 Patched in 1.29.0 (7d)
CVE-2024-3053medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Forminator – Contact Form, Payment Form & Custom Form Builder <= 1.29.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via forminator_form Shortcode

Apr 8, 2024 Patched in 1.29.3 (2d)
CVE-2024-1794high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Forminator <= 1.29.0 - Unauthenticated Stored Cross-Site Scripting via File Upload

Mar 29, 2024 Patched in 1.29.1 (12d)
CVE-2024-29777medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Forminator <= 1.29.0 - Reflected Cross-Site Scripting

Mar 25, 2024 Patched in 1.29.1 (7d)
CVE-2023-6133medium · 6.6Unrestricted Upload of File with Dangerous Type

Forminator <= 1.27.0 - Authenticated (Administrator+) Arbitrary File Upload

Nov 14, 2023 Patched in 1.28.0 (70d)
CVE-2023-5119medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Forminator – Contact Form, Payment Form & Custom Form Builder <= 1.27.0 - Authenticated (Admin+) Stored Cross-Site Scripting

Oct 27, 2023 Patched in 1.27.0 (88d)
CVE-2023-4596critical · 9.8Unrestricted Upload of File with Dangerous Type

Forminator <= 1.24.6 - Unauthenticated Arbitrary File Upload

Aug 29, 2023 Patched in 1.25.0 (147d)
CVE-2023-3134medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Forminator <= 1.24.1 - Reflected Cross-Site Scripting

Jul 10, 2023 Patched in 1.24.4 (197d)
CVE-2023-2010medium · 5.3Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Forminator <= 1.23.3 - Race Condition to Multiple Poll Voting

Jun 12, 2023 Patched in 1.24.1 (225d)
WF-2ef15cb1-b320-42d9-a2fd-afff2ec8a93b-forminatormedium · 4.3Missing Authorization

Forminator <= 1.22.1 - Missing Authorization on 'load_hcaptcha_preview' AJAX function

Apr 12, 2023 Patched in 1.23.3 (286d)
WF-718e54f5-f040-42d6-958d-255d905615d5-forminatormedium · 4.3Missing Authorization

Forminator <= 1.22.1 - Missing Authorization on 'load_recaptcha_preview' AJAX function

Apr 12, 2023 Patched in 1.23.3 (286d)
WF-d0cb4434-94c5-42a9-bd86-869058dcbf67-forminatormedium · 4.3Missing Authorization

Forminator <= 1.22.1 - Missing Authorization on 'hubspot_support_request' AJAX function

Apr 12, 2023 Patched in 1.23.3 (286d)
CVE-2021-24700medium · 4.8Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Forminator <= 1.15.2 - Admin+ Stored Cross-Site Scripting

Oct 20, 2021 Patched in 1.15.4 (825d)
CVE-2021-36821high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Forminator <= 1.14.11 - Unauthenticated Stored Cross-Site Scripting

Jul 14, 2021 Patched in 1.14.12 (923d)
CVE-2021-4417medium · 5.4Cross-Site Request Forgery (CSRF)

Forminator – Contact Form, Payment Form & Custom Form Builder <= 1.13.4 - Cross-Site Request Forgery Bypass

Mar 1, 2021 Patched in 1.13.5 (1058d)
CVE-2019-9567medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Forminator Plugin <= 1.5.4 - Cross-Site Scripting

Feb 6, 2019 Patched in 1.6 (1812d)
CVE-2019-9568medium · 6.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Forminator Plugin <= 1.5.3.1 - SQL Injection

Feb 6, 2019 Patched in 1.6 (1812d)
Code Analysis
Analyzed Mar 16, 2026

Forminator Forms – Contact Form, Payment Form & Custom Form Builder Code Analysis

Dangerous Functions
1
Raw SQL Queries
26
157 prepared
Unescaped Output
173
3747 escaped
Nonce Checks
30
Capability Checks
33
File Operations
11
External Requests
3
Bundled Libraries
1

Dangerous Functions Found

preg_replace(/e)preg_replace( '/elibrary\abstracts\abstract-class-form-result.php:164

Bundled Libraries

Select2

SQL Query Safety

86% prepared183 total queries

Output Escaping

96% escaped3920 total outputs
Data Flows
4 unsanitized

Data Flow Analysis

12 flows4 with unsanitized paths
get_submit (library\modules\quizzes\front\front-render.php:765)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
110 unprotected

Forminator Forms – Contact Form, Payment Form & Custom Form Builder Attack Surface

Entry Points121
Unprotected110

AJAX Handlers 121

authwp_ajax_forminator_hubspot_support_requestaddons\pro\hubspot\class-forminator-addon-hubspot.php:98
authwp_ajax_forminator_mailchimp_get_group_interestsaddons\pro\mailchimp\class-forminator-addon-mailchimp.php:104
authwp_ajax_forminator_dismiss_welcomeadmin\classes\class-admin-ajax.php:27
noprivwp_ajax_forminator_dismiss_welcomeadmin\classes\class-admin-ajax.php:28
authwp_ajax_forminator_load_google_fontsadmin\classes\class-admin-ajax.php:31
authwp_ajax_forminator_load_recaptcha_previewadmin\classes\class-admin-ajax.php:34
authwp_ajax_forminator_load_hcaptcha_previewadmin\classes\class-admin-ajax.php:35
authwp_ajax_forminator_load_turnstile_previewadmin\classes\class-admin-ajax.php:36
authwp_ajax_forminator_save_builderadmin\classes\class-admin-ajax.php:39
authwp_ajax_forminator_revert_builderadmin\classes\class-admin-ajax.php:40
authwp_ajax_forminator_save_polladmin\classes\class-admin-ajax.php:41
authwp_ajax_forminator_save_quiz_nowrongadmin\classes\class-admin-ajax.php:42
authwp_ajax_forminator_save_quiz_knowledgeadmin\classes\class-admin-ajax.php:43
authwp_ajax_forminator_load_captcha_popupadmin\classes\class-admin-ajax.php:46
authwp_ajax_forminator_save_captcha_popupadmin\classes\class-admin-ajax.php:47
authwp_ajax_forminator_load_currency_popupadmin\classes\class-admin-ajax.php:49
authwp_ajax_forminator_save_currency_popupadmin\classes\class-admin-ajax.php:50
authwp_ajax_forminator_load_pagination_entries_popupadmin\classes\class-admin-ajax.php:52
authwp_ajax_forminator_save_pagination_entries_popupadmin\classes\class-admin-ajax.php:53
authwp_ajax_forminator_load_pagination_listings_popupadmin\classes\class-admin-ajax.php:55
authwp_ajax_forminator_save_pagination_listings_popupadmin\classes\class-admin-ajax.php:56
authwp_ajax_forminator_load_email_settings_popupadmin\classes\class-admin-ajax.php:58
authwp_ajax_forminator_load_uninstall_settings_popupadmin\classes\class-admin-ajax.php:60
authwp_ajax_forminator_save_uninstall_settings_popupadmin\classes\class-admin-ajax.php:61
authwp_ajax_forminator_load_preview_cforms_popupadmin\classes\class-admin-ajax.php:63
authwp_ajax_forminator_load_preview_polls_popupadmin\classes\class-admin-ajax.php:64
authwp_ajax_forminator_load_preview_quizzes_popupadmin\classes\class-admin-ajax.php:65
authwp_ajax_forminator_load_exports_popupadmin\classes\class-admin-ajax.php:68
authwp_ajax_forminator_clear_exports_popupadmin\classes\class-admin-ajax.php:69
authwp_ajax_forminator_builder_search_emailsadmin\classes\class-admin-ajax.php:72
authwp_ajax_forminator_create_module_from_templateadmin\classes\class-admin-ajax.php:74
authwp_ajax_forminator_load_privacy_settings_popupadmin\classes\class-admin-ajax.php:76
authwp_ajax_forminator_save_privacy_settings_popupadmin\classes\class-admin-ajax.php:77
authwp_ajax_forminator_load_export_form_popupadmin\classes\class-admin-ajax.php:79
authwp_ajax_forminator_load_import_form_popupadmin\classes\class-admin-ajax.php:80
authwp_ajax_forminator_save_import_form_popupadmin\classes\class-admin-ajax.php:81
authwp_ajax_forminator_load_import_form_cf7_popupadmin\classes\class-admin-ajax.php:83
authwp_ajax_forminator_save_import_form_cf7_popupadmin\classes\class-admin-ajax.php:84
authwp_ajax_forminator_load_import_form_ninja_popupadmin\classes\class-admin-ajax.php:86
authwp_ajax_forminator_save_import_form_ninja_popupadmin\classes\class-admin-ajax.php:87
authwp_ajax_forminator_load_import_form_gravity_popupadmin\classes\class-admin-ajax.php:89
authwp_ajax_forminator_save_import_form_gravity_popupadmin\classes\class-admin-ajax.php:90
authwp_ajax_forminator_load_export_poll_popupadmin\classes\class-admin-ajax.php:92
authwp_ajax_forminator_load_import_poll_popupadmin\classes\class-admin-ajax.php:93
authwp_ajax_forminator_save_import_poll_popupadmin\classes\class-admin-ajax.php:94
authwp_ajax_forminator_delete_poll_submissionsadmin\classes\class-admin-ajax.php:96
authwp_ajax_forminator_load_export_quiz_popupadmin\classes\class-admin-ajax.php:98
authwp_ajax_forminator_load_import_quiz_popupadmin\classes\class-admin-ajax.php:99
authwp_ajax_forminator_save_import_quiz_popupadmin\classes\class-admin-ajax.php:100
authwp_ajax_forminator_save_pdfadmin\classes\class-admin-ajax.php:103
authwp_ajax_forminator_fetch_pdfsadmin\classes\class-admin-ajax.php:104
authwp_ajax_forminator_delete_pdfadmin\classes\class-admin-ajax.php:105
authwp_ajax_forminator_save_accessibility_settings_popupadmin\classes\class-admin-ajax.php:107
authwp_ajax_forminator_save_dashboard_settings_popupadmin\classes\class-admin-ajax.php:115
authwp_ajax_forminator_stripe_settings_modaladmin\classes\class-admin-ajax.php:117
authwp_ajax_forminator_stripe_update_pageadmin\classes\class-admin-ajax.php:118
authwp_ajax_forminator_disconnect_stripeadmin\classes\class-admin-ajax.php:119
authwp_ajax_forminator_set_encryption_keyadmin\classes\class-admin-ajax.php:120
authwp_ajax_forminator_paypal_settings_modaladmin\classes\class-admin-ajax.php:122
authwp_ajax_forminator_paypal_update_pageadmin\classes\class-admin-ajax.php:123
authwp_ajax_forminator_disconnect_paypaladmin\classes\class-admin-ajax.php:124
authwp_ajax_forminator_save_payments_settings_popupadmin\classes\class-admin-ajax.php:126
authwp_ajax_forminator_dismiss_notificationadmin\classes\class-admin-ajax.php:127
authwp_ajax_forminator_dismiss_noticeadmin\classes\class-admin-ajax.php:128
authwp_ajax_forminator_usage_trackingadmin\classes\class-admin-ajax.php:129
authwp_ajax_forminator_promote_remind_lateradmin\classes\class-admin-ajax.php:131
authwp_ajax_forminator_later_notificationadmin\classes\class-admin-ajax.php:133
authwp_ajax_forminator_reset_tracking_dataadmin\classes\class-admin-ajax.php:135
authwp_ajax_forminator_save_appearance_presetadmin\classes\class-admin-ajax.php:137
authwp_ajax_forminator_create_appearance_presetadmin\classes\class-admin-ajax.php:138
authwp_ajax_forminator_apply_appearance_presetadmin\classes\class-admin-ajax.php:139
authwp_ajax_forminator_delete_appearance_presetadmin\classes\class-admin-ajax.php:140
authwp_ajax_forminator_module_searchadmin\classes\class-admin-ajax.php:142
authwp_ajax_forminator_filter_report_dataadmin\classes\class-admin-ajax.php:157
authwp_ajax_forminator_search_usersadmin\classes\class-admin-ajax.php:158
authwp_ajax_forminator_get_avataradmin\classes\class-admin-ajax.php:159
authwp_ajax_forminator_save_reportadmin\classes\class-admin-ajax.php:160
authwp_ajax_forminator_fetch_reportadmin\classes\class-admin-ajax.php:161
authwp_ajax_forminator_report_update_statusadmin\classes\class-admin-ajax.php:162
authwp_ajax_forminator_save_permissionsadmin\classes\class-admin-ajax.php:165
authwp_ajax_forminator_share_feedbackadmin\classes\class-admin-ajax.php:168
authwp_ajax_forminator_deactivation_surveyadmin\classes\class-admin-ajax.php:171
authwp_ajax_forminator_update_payment_amountlibrary\abstracts\abstract-class-front-action.php:132
noprivwp_ajax_forminator_update_payment_amountlibrary\abstracts\abstract-class-front-action.php:133
authwp_ajax_forminator_2fa_fallback_emaillibrary\abstracts\abstract-class-front-action.php:135
noprivwp_ajax_forminator_2fa_fallback_emaillibrary\abstracts\abstract-class-front-action.php:136
authwp_ajax_forminator_get_noncelibrary\abstracts\abstract-class-front-action.php:139
noprivwp_ajax_forminator_get_noncelibrary\abstracts\abstract-class-front-action.php:140
authwp_ajax_forminator_addon_get_addonslibrary\addon\admin\class-integration-admin-ajax.php:74
authwp_ajax_forminator_addon_deactivatelibrary\addon\admin\class-integration-admin-ajax.php:75
authwp_ajax_forminator_addon_settingslibrary\addon\admin\class-integration-admin-ajax.php:76
authwp_ajax_forminator_addon_get_module_addonslibrary\addon\admin\class-integration-admin-ajax.php:78
authwp_ajax_forminator_addon_module_settingslibrary\addon\admin\class-integration-admin-ajax.php:79
authwp_ajax_forminator_addon_deactivate_for_modulelibrary\addon\admin\class-integration-admin-ajax.php:80
authwp_ajax_forminator_refresh_email_listslibrary\addon\admin\class-integration-admin-ajax.php:82
authwp_ajax_forminator_get_cloud_templateslibrary\modules\custom-forms\admin\admin-loader.php:39
authwp_ajax_forminator_save_templatelibrary\modules\custom-forms\admin\admin-loader.php:40
authwp_ajax_forminator_delete_templatelibrary\modules\custom-forms\admin\admin-loader.php:41
authwp_ajax_forminator_rename_templatelibrary\modules\custom-forms\admin\admin-loader.php:42
authwp_ajax_forminator_duplicate_templatelibrary\modules\custom-forms\admin\admin-loader.php:43
authwp_ajax_forminator_disconnect_hublibrary\modules\custom-forms\admin\admin-loader.php:44
authwp_ajax_forminator_pp_create_orderlibrary\modules\custom-forms\front\front-action.php:97
noprivwp_ajax_forminator_pp_create_orderlibrary\modules\custom-forms\front\front-action.php:98
authwp_ajax_forminator_multiple_file_uploadlibrary\modules\custom-forms\front\front-action.php:100
noprivwp_ajax_forminator_multiple_file_uploadlibrary\modules\custom-forms\front\front-action.php:101
authwp_ajax_forminator_email_draft_linklibrary\modules\custom-forms\front\front-action.php:104
noprivwp_ajax_forminator_email_draft_linklibrary\modules\custom-forms\front\front-action.php:105
authwp_ajax_forminator_preset_templateslibrary\modules\custom-forms\loader.php:122
authwp_ajax_forminator_update_live_previewlibrary\modules\custom-forms\loader.php:123
authwp_ajax_forminator_load_formlibrary\modules\custom-forms\loader.php:125
noprivwp_ajax_forminator_load_formlibrary\modules\custom-forms\loader.php:126
authwp_ajax_forminator_approve_user_popuplibrary\modules\custom-forms\user\class-forminator-cform-user-data.php:26
authwp_ajax_forminator_delete_unconfirmed_user_popuplibrary\modules\custom-forms\user\class-forminator-cform-user-data.php:27
authwp_ajax_forminator_resend_activation_linklibrary\modules\custom-forms\user\class-forminator-cform-user-data.php:31
authwp_ajax_forminator_resend_notification_emaillibrary\modules\custom-forms\user\class-forminator-cform-user-data.php:33
authwp_ajax_forminator_load_polllibrary\modules\polls\loader.php:82
noprivwp_ajax_forminator_load_polllibrary\modules\polls\loader.php:83
authwp_ajax_forminator_load_quizlibrary\modules\quizzes\loader.php:80
noprivwp_ajax_forminator_load_quizlibrary\modules\quizzes\loader.php:81
authwp_ajax_forminator_reload_quizlibrary\modules\quizzes\loader.php:83
noprivwp_ajax_forminator_reload_quizlibrary\modules\quizzes\loader.php:84
WordPress Hooks 182
actioninitaddons\pro\gutenberg\gutenberg.php:16
actioninitaddons\pro\gutenberg\library\class-forminator-gfblock-abstract.php:42
actionrest_api_initaddons\pro\gutenberg\library\class-forminator-gfblock-abstract.php:45
actionenqueue_block_editor_assetsaddons\pro\gutenberg\library\class-forminator-gfblock-abstract.php:48
actionelementor/preview/enqueue_scriptsaddons\pro\gutenberg\library\class-forminator-gfblock-abstract.php:51
actionenqueue_block_assetsaddons\pro\gutenberg\library\class-forminator-gfblock-abstract.php:63
actionforminator_after_activated_addons_removedaddons\pro\hubspot\class-forminator-addon-hubspot.php:100
filterforminator_addon_slack_api_request_headersaddons\pro\slack\class-forminator-addon-slack.php:109
actionadmin_menuadmin\abstracts\class-admin-module.php:65
actionadmin_headadmin\abstracts\class-admin-module.php:66
actionwp_loadedadmin\abstracts\class-admin-module.php:68
actionadmin_menu_editor-menu_replacedadmin\abstracts\class-admin-module.php:71
filterforminator_dataadmin\abstracts\class-admin-module.php:73
filterforminator_l10nadmin\abstracts\class-admin-module.php:74
filtersubmenu_fileadmin\abstracts\class-admin-module.php:75
filterforminator_form_admin_dataadmin\abstracts\class-admin-module.php:77
filterforminator_poll_admin_dataadmin\abstracts\class-admin-module.php:78
filterforminator_quiz_admin_dataadmin\abstracts\class-admin-module.php:79
filterremovable_query_argsadmin\abstracts\class-admin-page.php:89
filterforminator_dataadmin\abstracts\class-admin-page.php:115
actionin_admin_headeradmin\abstracts\class-admin-page.php:117
filteruser_can_richeditadmin\abstracts\class-admin-page.php:195
actionadmin_enqueue_scriptsadmin\abstracts\class-admin-page.php:196
filteradmin_body_classadmin\abstracts\class-admin-page.php:197
actioninitadmin\abstracts\class-admin-page.php:198
actionadmin_menuadmin\classes\class-admin.php:33
actionadmin_noticesadmin\classes\class-admin.php:35
actionadmin_noticesadmin\classes\class-admin.php:36
actionadmin_noticesadmin\classes\class-admin.php:37
actionadmin_noticesadmin\classes\class-admin.php:38
actionadmin_noticesadmin\classes\class-admin.php:48
actionadmin_enqueue_scriptsadmin\classes\class-admin.php:49
actionadmin_noticesadmin\classes\class-admin.php:52
actionadmin_noticesadmin\classes\class-admin.php:53
actionadmin_noticesadmin\classes\class-admin.php:55
actionadmin_noticesadmin\classes\class-admin.php:57
actionadmin_enqueue_scriptsadmin\classes\class-admin.php:59
actionadmin_footer-plugins.phpadmin\classes\class-admin.php:60
filterplugin_row_metaadmin\classes\class-admin.php:75
actionprofile_updateadmin\classes\class-admin.php:78
actionsave_postadmin\classes\class-admin.php:81
actiondelete_postadmin\classes\class-admin.php:82
actiontrash_postadmin\classes\class-admin.php:83
actionuntrash_postadmin\classes\class-admin.php:84
actionadmin_menuadmin\classes\class-admin.php:216
actionadmin_menuadmin\classes\class-admin.php:250
actionadmin_menuadmin\classes\class-admin.php:268
actionadmin_menuadmin\classes\class-admin.php:288
actionadmin_menuadmin\classes\class-admin.php:312
actionadmin_menuadmin\classes\class-admin.php:336
actionadmin_menuadmin\classes\class-admin.php:360
filterforminator_l10nadmin\pages\entries-page.php:269
filterforminator_dataadmin\pages\integrations-page.php:69
filterforminator_l10nadmin\pages\reports-page.php:162
filterforminator_dataadmin\pages\settings-page.php:49
filterforminator_dataadmin\pages\settings-page.php:278
filterforminator_dataadmin\pages\templates-page.php:35
filterforminator_dataadmin\pages\templates-page.php:71
actionadmin_initforminator.php:106
actionadmin_initforminator.php:107
actionsite_transient_update_pluginsforminator.php:160
actionplugins_loadedforminator.php:590
actionaction_scheduler_pre_initforminator.php:599
actioninitfunctions.php:28
actionadmin_initlibrary\abstracts\abstract-class-field.php:191
actioninitlibrary\abstracts\abstract-class-form-result.php:45
actionwp_headlibrary\abstracts\abstract-class-form-result.php:46
actionwp_print_scriptslibrary\abstracts\abstract-class-form-result.php:47
actionwp_print_styleslibrary\abstracts\abstract-class-form-result.php:48
actionwplibrary\abstracts\abstract-class-front-action.php:125
actionwp_footerlibrary\abstracts\abstract-class-front-action.php:349
actionadmin_initlibrary\abstracts\abstract-class-general-data-protection.php:71
filterwp_privacy_personal_data_exporterslibrary\abstracts\abstract-class-general-data-protection.php:72
filterwp_privacy_personal_data_eraserslibrary\abstracts\abstract-class-general-data-protection.php:73
actioninitlibrary\abstracts\abstract-class-general-data-protection.php:75
actionforminator_general_data_protection_cleanuplibrary\abstracts\abstract-class-general-data-protection.php:76
filterforminator_cform_process_purchaselibrary\abstracts\abstract-class-payment-gateway.php:53
filterforminator_spam_protectionlibrary\abstracts\abstract-class-spam-protection.php:28
actionforminator_custom_form_build_fields_mapperslibrary\abstracts\abstract-class-user.php:13
actionforminator_custom_form_filter_fieldslibrary\abstracts\abstract-class-user.php:14
filterforminator_builder_data_settings_before_savinglibrary\abstracts\abstract-class-user.php:16
filterforminator_custom_form_before_form_fieldslibrary\abstracts\abstract-class-user.php:18
filterforminator_custom_form_mail_datalibrary\abstracts\abstract-class-user.php:32
actionwp_headlibrary\class-core.php:100
actioninitlibrary\class-core.php:155
actioninitlibrary\class-core.php:158
actioninitlibrary\class-core.php:162
actionforminator_action_scheduler_cleanuplibrary\class-core.php:163
actionadd_meta_boxeslibrary\class-core.php:448
filterwp_kses_allowed_htmllibrary\class-core.php:606
actionwp_loadedlibrary\class-export.php:79
actionwp_loadedlibrary\class-export.php:80
actioninitlibrary\class-export.php:83
actionforminator_send_exportlibrary\class-export.php:84
actioninitlibrary\class-form-fields.php:51
actionforminator_daily_cronlibrary\class-form-fields.php:53
actionforminator_update_versionlibrary\class-form-fields.php:55
filterforminator_datalibrary\class-forminator-hub-connector.php:39
filterwpmudev_hub_connector_localize_text_varslibrary\class-forminator-hub-connector.php:45
actionforminator_addons_loadedlibrary\class-integration-loader.php:151
actionclean_post_cachelibrary\class-page-cache.php:45
actiontransition_post_statuslibrary\class-page-cache.php:48
actioninitlibrary\class-reports.php:57
actionforminator_process_reportlibrary\class-reports.php:58
actionmedia_buttonslibrary\class-shortcode-generator.php:33
actionadmin_footerlibrary\class-shortcode-generator.php:34
actionadmin_footerlibrary\class-shortcode-generator.php:36
actionforminator_update_versionlibrary\class-upgrade.php:62
actionadmin_initlibrary\class-upgrade.php:64
actionforminator_loadedlibrary\class-upgrade.php:69
filterwp_kses_allowed_htmllibrary\fields\html.php:141
filterforminator_is_subfield_enabledlibrary\fields\slider.php:39
actionforminator_custom_form_mail_before_send_maillibrary\fields\stripe.php:1139
filterupload_mimeslibrary\fields\upload.php:579
filterscript_loader_srclibrary\gateways\class-paypal-express.php:150
actionforminator_share_deactivation_survey_to_mixpanellibrary\mixpanel\class-deactivation-survey.php:19
actionforminator_share_feedback_to_mixpanellibrary\mixpanel\class-feedback.php:19
actionforminator_after_form_importlibrary\mixpanel\class-general.php:19
actionforminator_after_form_exportlibrary\mixpanel\class-general.php:20
actionforminator_before_manual_export_downloadlibrary\mixpanel\class-general.php:21
actionforminator_after_export_schedule_savelibrary\mixpanel\class-general.php:22
actionforminator_before_rating_dismiss_noticelibrary\mixpanel\class-general.php:23
actionforminator_share_hub_deactivation_survey_to_mixpanellibrary\mixpanel\class-hub-deactivation-survey.php:19
actionforminator_custom_form_action_updatelibrary\mixpanel\class-modules.php:27
actionforminator_poll_action_updatelibrary\mixpanel\class-modules.php:28
actionforminator_quiz_action_updatelibrary\mixpanel\class-modules.php:29
actionforminator_form_action_deletelibrary\mixpanel\class-modules.php:32
actionforminator_poll_action_deletelibrary\mixpanel\class-modules.php:33
actionforminator_quiz_action_deletelibrary\mixpanel\class-modules.php:34
actionforminator_after_template_savelibrary\mixpanel\class-modules.php:37
actionforminator_after_notification_updatelibrary\mixpanel\class-notifications.php:19
actionforminator_after_notification_status_updatelibrary\mixpanel\class-notifications.php:20
actionforminator_after_notification_deletelibrary\mixpanel\class-notifications.php:29
actionforminator_disable_usage_trackinglibrary\mixpanel\class-settings.php:19
actionforminator_enable_usage_trackinglibrary\mixpanel\class-settings.php:20
actionforminator_before_reset_settingslibrary\mixpanel\class-settings.php:21
actionforminator_before_uninstalllibrary\mixpanel\class-settings.php:22
actiondeactivated_pluginlibrary\mixpanel\class-settings.php:23
actionforminator_before_stripe_connectedlibrary\mixpanel\class-settings.php:24
actionforminator_after_stripe_migratedlibrary\mixpanel\class-settings.php:25
actionforminator_auto_save_settinglibrary\mixpanel\class-settings.php:26
filterforminator_import_modellibrary\model\class-base-form-model.php:1331
filterforminator_submission_successlibrary\model\class-form-entry-model.php:2866
filterforminator_submission_errorlibrary\model\class-form-entry-model.php:2873
filterforminator_form_import_datalibrary\modules\custom-forms\admin\admin-loader.php:516
actionwp_footerlibrary\modules\custom-forms\front\front-render.php:492
actionwp_footerlibrary\modules\custom-forms\front\front-render.php:608
actionwp_footerlibrary\modules\custom-forms\front\front-render.php:613
actionadmin_footerlibrary\modules\custom-forms\front\front-render.php:616
filterforminator_render_form_submit_markuplibrary\modules\custom-forms\front\front-render.php:3159
actionforminator_cform_render_fieldslibrary\modules\custom-forms\front\front-user-login.php:13
filterauth_cookie_expirationlibrary\modules\custom-forms\front\front-user-login.php:52
actionwd_forced_reset_password_urllibrary\modules\custom-forms\front\front-user-login.php:53
actionforminator_cform_user_registration_validationlibrary\modules\custom-forms\front\front-user-registration.php:42
actionforminator_cform_user_registeredlibrary\modules\custom-forms\front\front-user-registration.php:43
filterforminator_custom_registration_form_errorslibrary\modules\custom-forms\front\front-user-registration.php:45
filterforminator_custom_form_after_render_valuelibrary\modules\custom-forms\front\front-user-registration.php:47
actionafter_signup_sitelibrary\modules\custom-forms\front\front-user-registration.php:196
actionafter_signup_userlibrary\modules\custom-forms\front\front-user-registration.php:204
actionforminator_update_versionlibrary\modules\custom-forms\loader.php:64
actioninitlibrary\modules\custom-forms\loader.php:158
filterforminator_custom_form_entries_iteratorlibrary\modules\custom-forms\user\class-forminator-cform-user-data.php:29
actiondelete_userlibrary\modules\custom-forms\user\class-forminator-cform-user-data.php:36
actionwplibrary\modules\custom-forms\user\class-forminator-cform-user-data.php:40
filterwpmu_signup_user_notification_emaillibrary\modules\custom-forms\user\class-forminator-cform-user-signups.php:313
filterwpmu_signup_blog_notification_emaillibrary\modules\custom-forms\user\class-forminator-cform-user-signups.php:314
filterwpmu_signup_user_notificationlibrary\modules\custom-forms\user\class-forminator-cform-user-signups.php:317
filterwpmu_signup_blog_notificationlibrary\modules\custom-forms\user\class-forminator-cform-user-signups.php:318
filterwpmu_signup_user_notificationlibrary\modules\custom-forms\user\class-forminator-cform-user-signups.php:320
filterwpmu_signup_user_notification_subjectlibrary\modules\custom-forms\user\class-forminator-cform-user-signups.php:321
filtersite_option_site_namelibrary\modules\custom-forms\user\class-forminator-cform-user-signups.php:441
actionadmin_footerlibrary\modules\polls\admin\admin-page-entries.php:39
actionadmin_footerlibrary\modules\polls\admin\admin-page-entries.php:40
actionwp_footerlibrary\modules\polls\front\front-render.php:103
actionwp_footerlibrary\modules\polls\front\front-render.php:104
actionwp_footerlibrary\modules\quizzes\front\front-render.php:124
filterget_canonical_urllibrary\modules\quizzes\front\front-result.php:302
filterforminator_field_descriptionlibrary\render\class-render-form.php:364
actionwp_footerlibrary\render\class-render-form.php:503
actionwidgets_initlibrary\render\functions.php:17
actionforminator_addons_loadedsamples\forminator-simple-addon-plugin\forminator-simple-addon-plugin.php:26
actionforminator_register_autofill_providersamples\forminator-simple-autofill-plugin\forminator-simple-autofill-plugin.php:14
Maintenance & Trust

Forminator Forms – Contact Form, Payment Form & Custom Form Builder Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 27, 2026
PHP min version7.4
Downloads17.2M

Community Trust

Rating96/100
Number of ratings2,040
Active installs600K
Alternatives

Forminator Forms – Contact Form, Payment Form & Custom Form Builder Alternatives

SureForms – Contact Form, Payment Form & Other Custom Form Builder

SureForms – Contact Form, Payment Form & Other Custom Form Builder

sureforms

A
88

The most beginner-friendly, AI Form Builder for WordPress to create contact forms, payment forms & other custom forms with advanced features, with &hellip;

400K 15 CVEs
Online Forms — Customizable Payment, Contact, Quiz, Survey Form Builder – Jotform

Online Forms — Customizable Payment, Contact, Quiz, Survey Form Builder – Jotform

embed-form

A
99

Create and embed secure online forms in WordPress using Jotform’s drag-and-drop builder, with PCI and HIPAA compliance and full data-security support.

20K 1 CVE
Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder

Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder

gutena-forms

A
99

WordPress form builder to create lightweight contact forms, survey forms, feedback forms, booking forms, etc., right inside the Gutenberg editor.

20K 1 CVE
Happyforms – Form Builder for WordPress: Drag & Drop Contact Forms, Surveys, Payments & Multipurpose Forms

Happyforms – Form Builder for WordPress: Drag & Drop Contact Forms, Surveys, Payments & Multipurpose Forms

happyforms

A
97

Best WordPress contact form, newsletter form and payment form builder without the sucky stuff — lost emails, pesky spam, leaky privacy and outsourced &hellip;

20K 5 CVEs
WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More

WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More

wpforms-lite

A
90

The best WordPress contact form plugin. Drag & Drop form builder to create beautiful contact forms, payment forms, & other custom forms.

6.0M 13 CVEs
Developer Profile

Forminator Forms – Contact Form, Payment Form & Custom Form Builder Developer Profile

WPMU DEV - Your All-in-One WordPress Platform

9 plugins · 2.4M total installs

73
trust score
Avg Security Score
91/100
Avg Patch Time
396 days
View full developer profile
Detection Fingerprints

How We Detect Forminator Forms – Contact Form, Payment Form & Custom Form Builder

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/forminator/admin/assets/css/forminator-admin.css/wp-content/plugins/forminator/admin/assets/js/forminator-admin.js/wp-content/plugins/forminator/assets/css/forminator-frontend.css/wp-content/plugins/forminator/assets/js/forminator-frontend.js/wp-content/plugins/forminator/assets/js/libs/grecaptcha.js/wp-content/plugins/forminator/assets/js/libs/forminator-recaptcha.js/wp-content/plugins/forminator/assets/js/libs/forminator-hcaptcha.js/wp-content/plugins/forminator/assets/js/libs/forminator-turnstile.js
Script Paths
/wp-content/plugins/forminator/assets/js/forminator-frontend.js/wp-content/plugins/forminator/admin/assets/js/forminator-admin.js
Version Parameters
forminator/admin/assets/css/forminator-admin.css?ver=forminator/admin/assets/js/forminator-admin.js?ver=forminator/assets/css/forminator-frontend.css?ver=forminator/assets/js/forminator-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
forminator-uiforminator-rowforminator-fieldforminator-has-labelforminator-column
Data Attributes
data-forminator-id
JS Globals
ForminatorFrontendForminator
REST Endpoints
/wp-json/forminator/v1/forms/wp-json/forminator/v1/submissions
Shortcode Output
<div class="forminator-form">
FAQ

Frequently Asked Questions about Forminator Forms – Contact Form, Payment Form & Custom Form Builder