WP-Safety

Forms Bridge – Infinite integrations Security & Risk Analysis

wordpress.org/plugins/forms-bridge

Seamlessly connect WordPress forms to CRMs, ERPs, and APIs — no coding required. Automate data flow with field mappers, custom fields, and workflows.

90 active installs v4.4.4 PHP 8.0+ WP 6.7+ Updated Mar 1, 2026
api-integrationautomationcrmerphttp-api
99
A · Safe
CVEs total1
Unpatched0
Last CVEJan 27, 2026
Plugin page Download
Safety Verdict

Is Forms Bridge – Infinite integrations Safe to Use in 2026?

Generally Safe

Score 99/100

Forms Bridge – Infinite integrations has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Jan 27, 2026Updated 2mo ago
Risk Assessment

The forms-bridge plugin exhibits a generally good security posture with some notable strengths, including a lack of dangerous functions and all SQL queries utilizing prepared statements. The high percentage of properly escaped output also indicates a conscious effort towards secure coding practices. However, the presence of one REST API route without permission callbacks presents a significant risk, as it could potentially be accessed and exploited by unauthenticated users. Additionally, the taint analysis revealed a flow with an unsanitized path, which, while not classified as critical or high in this analysis, warrants attention as it could lead to vulnerabilities if not properly handled. The plugin's vulnerability history shows one medium-severity CVE related to Cross-site Scripting, which has since been patched. While the current version appears clean of past vulnerability types, the historical presence of XSS highlights the need for ongoing vigilance in input sanitization and output escaping, especially concerning the identified unsanitized path.

Key Concerns

  • REST API route without permission callbacks
  • Taint flow with unsanitized path
  • Past medium CVE for XSS
Vulnerabilities
1 published

Forms Bridge – Infinite integrations Security Vulnerabilities

CVEs by Year

1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2026-1244medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Forms Bridge <= 4.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute

Jan 27, 2026 Patched in 4.3.0 (1d)
Version History

Forms Bridge – Infinite integrations Release Timeline

v4.4.4Current
v4.4.3
v4.4.2
v4.4.1
v4.4.0
v4.3.2
v4.3.1
v4.3.0
v4.2.51 CVE
CVE-2026-1244
v4.2.41 CVE
CVE-2026-1244
v4.2.31 CVE
CVE-2026-1244
v4.2.21 CVE
CVE-2026-1244
v4.2.11 CVE
CVE-2026-1244
v4.2.01 CVE
CVE-2026-1244
v4.1.21 CVE
CVE-2026-1244
v4.1.11 CVE
CVE-2026-1244
v4.1.01 CVE
CVE-2026-1244
v4.0.61 CVE
CVE-2026-1244
v4.0.51 CVE
CVE-2026-1244
v4.0.41 CVE
CVE-2026-1244
Code Analysis
Analyzed Mar 16, 2026

Forms Bridge – Infinite integrations Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
9
140 escaped
Nonce Checks
0
Capability Checks
2
File Operations
24
External Requests
17
Bundled Libraries
0

Output Escaping

94% escaped149 total outputs
Data Flows · Security
1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths
<class-wpforms-integration> (integrations\wpforms\class-wpforms-integration.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Forms Bridge – Infinite integrations Attack Surface

Entry Points9
Unprotected1

REST API Routes 8

GET/wp-json/forms-bridge/v1/jwt/authdeps\http\includes\jwt.php:25
GET/wp-json/forms-bridge/v1/jwt/validatedeps\http\includes\jwt.php:35
GET/wp-json/forms-bridge/v1/oauth/grantdeps\http\includes\oauth.php:23
GET/wp-json/forms-bridge/v1/oauth/revokedeps\http\includes\oauth.php:34
GET/wp-json/forms-bridge/v1/oauth/redirectdeps\http\includes\oauth.php:45
GET/wp-json/forms-bridge/v1/logs/includes\class-logger.php:264
GET/wp-json/forms-bridge/v1/formsincludes\class-rest-settings-controller.php:51
GET/wp-json/forms-bridge/v1/http/schemasincludes\class-rest-settings-controller.php:87

Shortcodes 1

[financoop_campaign] addons\financoop\shortcodes.php:14
WordPress Hooks 112
filterforms_bridge_template_defaultsaddons\airtable\hooks.php:16
filterforms_bridge_template_dataaddons\airtable\hooks.php:111
filterforms_bridge_template_schemaaddons\bigin\hooks.php:12
filterforms_bridge_template_defaultsaddons\bigin\hooks.php:25
filterforms_bridge_template_dataaddons\bigin\hooks.php:62
filterforms_bridge_bridge_schemaaddons\brevo\hooks.php:12
filterforms_bridge_template_defaultsaddons\brevo\hooks.php:26
filterforms_bridge_template_dataaddons\brevo\hooks.php:82
filterforms_bridge_template_defaultsaddons\dolibarr\hooks.php:12
filterforms_bridge_template_dataaddons\dolibarr\hooks.php:58
actionforms_bridge_after_submissionaddons\dolibarr\jobs\validate-order.php:59
filterforms_bridge_http_backend_headersaddons\financoop\class-financoop-form-bridge.php:65
filterforms_bridge_http_requestaddons\financoop\class-financoop-form-bridge.php:90
filterforms_bridge_bridge_schemaaddons\financoop\hooks.php:15
filterforms_bridge_template_defaultsaddons\financoop\hooks.php:29
filterforms_bridge_template_dataaddons\financoop\hooks.php:126
filterforms_bridge_bridge_schemaaddons\gcalendar\hooks.php:12
filterforms_bridge_template_defaultsaddons\gcalendar\hooks.php:32
filterforms_bridge_template_dataaddons\gcalendar\hooks.php:182
filterforms_bridge_http_oauth_urladdons\gcalendar\hooks.php:196
filterforms_bridge_template_defaultsaddons\grist\hooks.php:16
filterforms_bridge_template_dataaddons\grist\hooks.php:120
filterforms_bridge_prune_emptiesaddons\gsheets\class-gsheets-addon.php:53
filterforms_bridge_bridge_schemaaddons\gsheets\hooks.php:15
filterforms_bridge_template_defaultsaddons\gsheets\hooks.php:44
filterforms_bridge_template_dataaddons\gsheets\hooks.php:170
filterforms_bridge_http_oauth_urladdons\gsheets\hooks.php:224
filterforms_bridge_bridge_schemaaddons\holded\hooks.php:12
filterforms_bridge_template_defaultsaddons\holded\hooks.php:26
filterforms_bridge_template_dataaddons\holded\hooks.php:82
filterforms_bridge_template_defaultsaddons\listmonk\hooks.php:12
filterforms_bridge_template_dataaddons\listmonk\hooks.php:109
filterforms_bridge_template_defaultsaddons\mailchimp\hooks.php:7
filterforms_bridge_template_dataaddons\mailchimp\hooks.php:129
filterforms_bridge_prune_emptiesaddons\nextcloud\class-nextcloud-addon.php:54
filterhttp_request_argsaddons\nextcloud\class-nextcloud-addon.php:281
filterforms_bridge_bridge_schemaaddons\nextcloud\hooks.php:16
filterforms_bridge_template_defaultsaddons\nextcloud\hooks.php:42
filterforms_bridge_template_dataaddons\nextcloud\hooks.php:133
filterforms_bridge_http_requestaddons\odoo\class-odoo-form-bridge.php:209
filterforms_bridge_http_backend_headersaddons\odoo\class-odoo-form-bridge.php:221
filterforms_bridge_bridge_schemaaddons\odoo\hooks.php:12
filterforms_bridge_template_defaultsaddons\odoo\hooks.php:50
filterforms_bridge_template_dataaddons\odoo\hooks.php:155
actionforms_bridge_after_submissionaddons\odoo\jobs\attachments.php:42
filterforms_bridge_template_defaultsaddons\rocketchat\hooks.php:12
filterforms_bridge_bridge_schemaaddons\rocketchat\hooks.php:248
filterforms_bridge_http_requestaddons\slack\class-slack-form-bridge.php:125
filterforms_bridge_template_defaultsaddons\slack\hooks.php:12
filterforms_bridge_bridge_schemaaddons\slack\hooks.php:311
filterforms_bridge_http_oauth_update_tokensaddons\slack\hooks.php:325
filterforms_bridge_http_oauth_urladdons\slack\hooks.php:340
filterforms_bridge_http_requestaddons\suitecrm\class-suitecrm-form-bridge.php:198
filterforms_bridge_bridge_schemaaddons\suitecrm\hooks.php:15
filterforms_bridge_template_defaultsaddons\suitecrm\hooks.php:51
actionforms_bridge_after_submissionaddons\suitecrm\jobs\meeting-invitees.php:53
filterforms_bridge_http_requestaddons\vtiger\class-vtiger-form-bridge.php:227
filterforms_bridge_bridge_schemaaddons\vtiger\hooks.php:15
filterforms_bridge_template_defaultsaddons\vtiger\hooks.php:57
filterforms_bridge_http_backend_headersaddons\zoho\class-zoho-form-bridge.php:54
filterforms_bridge_template_defaultsaddons\zoho\hooks.php:12
filterforms_bridge_template_dataaddons\zoho\hooks.php:197
filterforms_bridge_template_defaultsaddons\zulip\hooks.php:12
filterforms_bridge_http_backendsdeps\http\includes\class-backend.php:74
filterforms_bridge_http_credentialsdeps\http\includes\class-credential.php:275
actioninitdeps\http\includes\class-http-setting.php:135
filterforms_bridge_http_backendsdeps\http\includes\class-http-setting.php:156
filterforms_bridge_http_credentialsdeps\http\includes\class-http-setting.php:157
actiondetermine_current_userdeps\http\includes\jwt.php:17
filterrest_pre_dispatchdeps\http\includes\jwt.php:18
actionrest_api_initdeps\http\includes\jwt.php:19
actionrest_api_initdeps\http\includes\oauth.php:17
actionadmin_menudeps\plugin\class-menu.php:63
actioninitdeps\plugin\class-plugin.php:141
filterplugin_action_linksdeps\plugin\class-plugin.php:149
actionrest_api_initdeps\plugin\class-rest-settings-controller.php:144
actionforms_bridge_plugin_registered_settingsdeps\plugin\class-rest-settings-controller.php:151
actionadmin_initdeps\plugin\class-settings-form.php:90
actionadmin_enqueue_scriptsdeps\plugin\class-settings-form.php:120
filterforms_bridge_plugin_register_settingsdeps\plugin\class-settings-store.php:115
filterforms_bridge_plugin_registered_settingsdeps\plugin\class-settings-store.php:145
actioninitdeps\plugin\class-settings-store.php:174
actioninitincludes\class-addon.php:383
filterforms_bridge_templatesincludes\class-addon.php:392
filterforms_bridge_jobsincludes\class-addon.php:413
filterforms_bridge_bridgesincludes\class-addon.php:434
actionadmin_enqueue_scriptsincludes\class-forms-bridge.php:71
filterplugin_action_linksincludes\class-forms-bridge.php:80
actionforms_bridge_on_failureincludes\class-forms-bridge.php:102
actioninitincludes\class-forms-bridge.php:111
actionin_plugin_update_message-forms-bridge/forms-bridge.phpincludes\class-forms-bridge.php:113
actionforms_bridge_http_before_requestincludes\class-forms-bridge.php:417
filterforms_bridge_load_templatesincludes\class-integration.php:257
actioninitincludes\class-integration.php:323
filterforms_bridge_formsincludes\class-integration.php:331
filterforms_bridge_formincludes\class-integration.php:350
filterforms_bridge_submissionincludes\class-integration.php:381
filterforms_bridge_submission_idincludes\class-integration.php:390
filterforms_bridge_uploadsincludes\class-integration.php:400
actionrest_api_initincludes\class-logger.php:219
actionfrm_process_entryintegrations\formidable\class-formidable-integration.php:47
actiongform_after_submissionintegrations\gf\class-gf-integration.php:48
filtergform_field_contentintegrations\gf\class-gf-integration.php:1201
actionninja_forms_after_submissionintegrations\ninja\class-ninja-integration.php:49
actionwoocommerce_order_status_changedintegrations\woo\class-woo-integration.php:426
actionforms_bridge_after_submissionintegrations\woo\class-woo-integration.php:447
filterwpcf7_submitintegrations\wpcf7\class-wpcf7-integration.php:42
actionwpforms_process_completeintegrations\wpforms\class-wpforms-integration.php:50
filterwpforms_create_form_argsintegrations\wpforms\class-wpforms-integration.php:142
actionpost_updatedintegrations\wpforms\class-wpforms-integration.php:175
actioninitpost_types\bridge-template.php:14
actioninitpost_types\job.php:14
Maintenance & Trust

Forms Bridge – Infinite integrations Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 1, 2026
PHP min version8.0
Downloads5K

Community Trust

Rating100/100
Number of ratings2
Active installs90
Alternatives

Forms Bridge – Infinite integrations Alternatives

Jetpack CRM – Clients, Leads, Invoices, Billing, Email Marketing, & Automation

Jetpack CRM – Clients, Leads, Invoices, Billing, Email Marketing, & Automation

zero-bs-crm

A
89

The CRM for small businesses. Manage leads, invoicing, billing, email marketing, clients, contacts, quotes, automation. Works with WooCommerce too.

30K 8 CVEs
Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails

Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails

mail-mint

A
92

Use Mail Mint, the easiest email marketing automation plugin in WordPress to generate leads, send email campaigns, and run email automation workflows.

5K 8 CVEs
WP Fusion Lite – Marketing Automation and CRM Integration for WordPress

WP Fusion Lite – Marketing Automation and CRM Integration for WordPress

wp-fusion-lite

A
98

WP Fusion Lite synchronizes your WordPress users with contact records in your CRM or marketing automation system.

5K 4 CVEs
Groundhogg — CRM, Newsletters, and Marketing Automation

Groundhogg — CRM, Newsletters, and Marketing Automation

groundhogg

A
88

Groundhogg is the best WordPress CRM & Marketing Automation plugin. Create flows, email campaigns, and have a CRM all within your WordPress site.

2K 25 CVEs
SALESmanago & Leadoo

SALESmanago & Leadoo

salesmanago

A
95

AI-powered Customer Engagement Platform for impact-hungry eCommerce marketing teams

1K 4 CVEs
Developer Profile

Forms Bridge – Infinite integrations Developer Profile

Còdec

3 plugins · 110 total installs

100
trust score
Avg Security Score
100/100
Avg Patch Time
1 days
View full developer profile
Detection Fingerprints

How We Detect Forms Bridge – Infinite integrations

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/forms-bridge/admin-form.js/wp-content/plugins/forms-bridge/admin-form.css
Script Paths
/wp-content/plugins/forms-bridge/admin-form.js
Version Parameters
forms-bridge/admin-form.css?ver=forms-bridge/admin-form.js?ver=

HTML / DOM Fingerprints

Data Attributes
data-action
FAQ

Frequently Asked Questions about Forms Bridge – Infinite integrations