WP-Safety

FormLift for Infusionsoft Web Forms Security & Risk Analysis

wordpress.org/plugins/formlift

Import Infusionsoft Web Forms into WordPress and easily customize their style. Display with short-codes.

400 active installs v7.5.21 PHP + WP 4.9+ Updated Jun 27, 2025
editorforminfusionsoftofficialoptin
93
A · Safe
CVEs total3
Unpatched0
Last CVEJun 18, 2025
Plugin page Download
Safety Verdict

Is FormLift for Infusionsoft Web Forms Safe to Use in 2026?

Generally Safe

Score 93/100

FormLift for Infusionsoft Web Forms has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Jun 18, 2025Updated 9mo ago
Risk Assessment

The "formlift" plugin v7.5.21 presents a mixed security profile. While it demonstrates some positive security practices, such as a good percentage of properly escaped outputs and a decent number of nonce checks, significant concerns remain. The presence of 3 unprotected AJAX handlers is a notable weakness, creating direct entry points for potential attackers. Additionally, the taint analysis revealing 7 flows with unsanitized paths, though not resulting in critical or high severity vulnerabilities in this static scan, indicates a potential for issues if exploited. The plugin's history of 3 known CVEs, including a past critical SQL injection vulnerability, is a significant red flag. Although there are no currently unpatched vulnerabilities, the recurring types of vulnerabilities (XSS and SQL Injection) suggest persistent coding flaws that attackers might still be able to leverage. The recent vulnerability in June 2025 is particularly concerning, suggesting that even recent versions may have exploitable weaknesses.

Key Concerns

  • Unprotected AJAX handlers detected
  • Significant number of unsanitized taint flows
  • History of critical SQL injection vulnerability
  • History of XSS vulnerabilities
  • Half of SQL queries not using prepared statements
Vulnerabilities
3

FormLift for Infusionsoft Web Forms Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
2 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

Critical
1
Medium
2

3 total CVEs

CVE-2025-47654medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

FormLift for Infusionsoft Web Forms <= 7.5.20 - Reflected Cross-Site Scripting

Jun 18, 2025 Patched in 7.5.21 (24d)
CVE-2025-31434medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

FormLift for Infusionsoft Web Forms <= 7.5.19 - Authenticated (Contributor+) Stored Cross-Site Scripting

Mar 28, 2025 Patched in 7.5.20 (6d)
CVE-2024-38773critical · 10Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

FormLift for Infusionsoft Web Forms <= 7.5.17 - Unauthenticated SQL Injection

Jul 19, 2024 Patched in 7.5.18 (7d)
Code Analysis
Analyzed Mar 16, 2026

FormLift for Infusionsoft Web Forms Code Analysis

Dangerous Functions
0
Raw SQL Queries
6
6 prepared
Unescaped Output
31
130 escaped
Nonce Checks
11
Capability Checks
19
File Operations
3
External Requests
8
Bundled Libraries
0

SQL Query Safety

50% prepared12 total queries

Output Escaping

81% escaped161 total outputs
Data Flows
7 unsanitized

Data Flow Analysis

14 flows7 with unsanitized paths
sanitize_headers (modules\personalization\user.php:143)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

FormLift for Infusionsoft Web Forms Attack Surface

Entry Points11
Unprotected3

AJAX Handlers 6

authwp_ajax_formlift_get_field_htmlmodules\editor\editor.php:230
authwp_ajax_formlift_get_option_htmlmodules\editor\editor.php:231
noprivwp_ajax_formlift_submit_formmodules\form\submit.php:129
authwp_ajax_formlift_submit_formmodules\form\submit.php:130
authwp_ajax_formlift_groundhogg_remote_installmodules\groundhogg.php:22
authwp_ajax_dismiss_formlift_noticemodules\notices\notice-manager.php:16

Shortcodes 5

[infusion_form] modules\form\form.php:379
[formlift] modules\form\form.php:380
[infusion_field] modules\personalization\user.php:305
[formlift_user] modules\personalization\user.php:306
[formlift_data] modules\personalization\user.php:307
WordPress Hooks 64
filtersingle_templateFormLift.php:32
actionadmin_noticesFormLift.php:70
actionplugins_loadedmodules\api\infusionsoft-manager.php:218
actionplugins_loadedmodules\api\infusionsoft-manager.php:219
actionplugins_loadedmodules\api\infusionsoft-manager.php:220
actionplugins_loadedmodules\api\infusionsoft-manager.php:221
actionformlift_loadedmodules\api\infusionsoft-manager.php:222
actionplugins_loadedmodules\awards\awards.php:25
actionadmin_enqueue_scriptsmodules\editor\editor.php:232
actionadd_meta_boxesmodules\editor\editor.php:233
actionformlift_before_save_formmodules\editor\form-builder.php:445
actionformlift_before_save_formmodules\editor\form-builder.php:446
actionformlift_before_save_formmodules\editor\form-builder.php:447
actionadd_meta_boxesmodules\editor\form-settings.php:85
filterformlift_import_settingsmodules\editor\form-settings.php:86
actionformlift_after_save_formmodules\editor\form-settings.php:87
actionformlift_after_save_formmodules\editor\form-settings.php:88
actionadmin_enqueue_scriptsmodules\editor\modal.php:34
actionadd_meta_boxesmodules\editor\preview.php:36
actionadmin_enqueue_scriptsmodules\form\form.php:376
actionwp_enqueue_scriptsmodules\form\form.php:377
actioninitmodules\form\post-type.php:268
filtermanage_infusion_form_posts_columnsmodules\form\post-type.php:269
actionmanage_infusion_form_posts_custom_columnmodules\form\post-type.php:273
filterpost_row_actionsmodules\form\post-type.php:277
filtermanage_edit-infusion_form_sortable_columnsmodules\form\post-type.php:278
actionpre_get_postsmodules\form\post-type.php:282
actionsave_postmodules\form\post-type.php:283
actiontemplate_redirectmodules\form\submit.php:111
actioninitmodules\form\submit.php:128
actionadmin_noticesmodules\notices\notice-manager.php:15
actionformlift_loadedmodules\notices\notice-manager.php:144
actionadmin_enqueue_scriptsmodules\notices\notice-manager.php:145
actioninitmodules\personalization\sessions.php:95
actioninitmodules\personalization\sessions.php:138
actionplugins_loadedmodules\personalization\user.php:22
actionplugins_loadedmodules\personalization\user.php:304
actionadmin_menumodules\premium-modules\module-manager.php:245
actioninitmodules\premium-modules\module-manager.php:246
actioninitmodules\premium-modules\module-manager.php:247
actionadmin_enqueue_scriptsmodules\premium-modules\module-manager.php:248
filterget_formlift_module_extensionsmodules\premium-modules\updater\example.php:15
actionformlift_loadedmodules\premium-modules\updater\example.php:53
filterpre_set_site_transient_update_pluginsmodules\premium-modules\updater\FORMLIFT_EDD_SL_Plugin_Updater.php:64
filterplugins_apimodules\premium-modules\updater\FORMLIFT_EDD_SL_Plugin_Updater.php:65
actionadmin_initmodules\premium-modules\updater\FORMLIFT_EDD_SL_Plugin_Updater.php:68
filterpre_set_site_transient_update_pluginsmodules\premium-modules\updater\FORMLIFT_EDD_SL_Plugin_Updater.php:196
filterformlift_sanitize_style_settingsmodules\settings\defaults.php:156
actionplugins_loadedmodules\settings\defaults.php:174
actioninitmodules\settings\form\settings.php:293
filterformlift_sanitize_form_settingsmodules\settings\form\settings.php:294
actioninitmodules\settings\form\settings.php:295
actioninitmodules\settings\form\settings.php:296
actioninitmodules\settings\form\settings.php:297
filterformlift_sanitize_style_settingsmodules\settings\style\style-settings.php:391
actioninitmodules\settings\style\style-settings.php:392
actioninitmodules\settings\style\style-settings.php:393
actioninitmodules\settings\style\style-settings.php:394
actionadmin_menumodules\settings-page\settings-page.php:101
actionadmin_enqueue_scriptsmodules\settings-page\settings-page.php:102
actionadmin_enqueue_scriptsmodules\settings-page\settings-page.php:103
actionformlift_after_get_form_codemodules\tracking\tracking.php:27
actionformlift_success_submitmodules\tracking\tracking.php:43
actionwp_enqueue_scriptsmodules\tracking\tracking.php:49
Maintenance & Trust

FormLift for Infusionsoft Web Forms Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedJun 27, 2025
PHP min version
Downloads37K

Community Trust

Rating92/100
Number of ratings12
Active installs400
Alternatives

FormLift for Infusionsoft Web Forms Alternatives

Advanced Editor Tools

Advanced Editor Tools

tinymce-advanced

A
100

Extends and enhances the block editor (Gutenberg) and the classic editor (TinyMCE).

2.0M 1 CVE
Hustle – Email Marketing, Lead Generation, Optins, Popups

Hustle – Email Marketing, Lead Generation, Optins, Popups

wordpress-popup

A
88

Setup email optin forms, popups, newsletter forms & subscription forms to generate email leads with the best marketing popup builder

90K 8 CVEs
Checkout Field Editor for WooCommerce – Checkout Manager

Checkout Field Editor for WooCommerce – Checkout Manager

checkout-field-editor-and-manager-for-woocommerce

A
100

WooCommerce checkout field editor and manager helps to manage checkout fields in WooCommerce

20K No CVEs
Advanced Image Styles

Advanced Image Styles

advanced-image-styles

A
85

Adjust an image's margins and border with ease in the Visual editor.

10K No CVEs
TinyMCE Clear Float

TinyMCE Clear Float

tinymce-clear-buttons

A
85

Adds a button to the WordPress TinyMCE editor to clear floats.

10K No CVEs
Developer Profile

FormLift for Infusionsoft Web Forms Developer Profile

Adrian Tobey

7 plugins · 6K total installs

73
trust score
Avg Security Score
91/100
Avg Patch Time
275 days
View full developer profile
Detection Fingerprints

How We Detect FormLift for Infusionsoft Web Forms

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

FAQ

Frequently Asked Questions about FormLift for Infusionsoft Web Forms