Forms by Systemo Security & Risk Analysis
wordpress.org/plugins/forms-by-systemoFully customise WordPress forms with powerful shortcodes.
Is Forms by Systemo Safe to Use in 2026?
Generally Safe
Score 85/100Forms by Systemo has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "forms-by-systemo" plugin version v20150825 exhibits a mixed security posture. On the positive side, it demonstrates good practices by not performing raw SQL queries, utilizing prepared statements exclusively, and having no recorded vulnerability history, including CVEs. The plugin also avoids external HTTP requests and file operations, which are common vectors for exploitation. However, several concerns arise from the static analysis. A significant weakness is the low percentage of properly escaped output (5%), indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities. Furthermore, the absence of nonce checks and capability checks on all entry points, despite the limited attack surface, leaves potential room for unauthorized actions if any of the entry points were to become exploitable through other means. The lack of taint analysis results is also a neutral observation, meaning we cannot confirm the absence of critical taint flows.
Key Concerns
- Low output escaping percentage
- No nonce checks on entry points
- No capability checks on entry points
Forms by Systemo Security Vulnerabilities
Forms by Systemo Release Timeline
Forms by Systemo Code Analysis
Output Escaping
Forms by Systemo Attack Surface
Shortcodes 4
WordPress Hooks 19
Scheduled Events 2
Maintenance & Trust
Forms by Systemo Maintenance & Trust
Maintenance Signals
Community Trust
Forms by Systemo Alternatives
Contact Form & SMTP Plugin for WordPress by PirateForms
pirate-forms
A simple and effective WordPress contact form & SMTP plugin. Compatible with best themes out there, is both a secure and responsive contact form p …
Forms with chart from VAB
vab-forms-with-chart
Simple Plugin for creating forms, inquirer and questionnaires with the ability to display the results in the form of charts.
WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More
wpforms-lite
The best WordPress contact form plugin. Drag & Drop form builder to create beautiful contact forms, payment forms, & other custom forms.
Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder
fluentform
Get a fast contact form plugin. Create advanced forms using drag and drop form builder with all smart features.
Forminator Forms – Contact Form, Payment Form & Custom Form Builder
forminator
Best WordPress form builder plugin. Create contact forms, payment forms & order forms with 1000+ integrations.
Forms by Systemo Developer Profile
8 plugins · 710 total installs
How We Detect Forms by Systemo
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/forms-by-systemo/includes/emailer.php/wp-content/plugins/forms-by-systemo/includes/spam_protect.php/wp-content/plugins/forms-by-systemo/includes/add_message_to_post.php/wp-content/plugins/forms-by-systemo/includes/forms-tmpl.php/wp-content/plugins/forms-by-systemo/includes/shortcodes/form-cp.php/wp-content/plugins/forms-by-systemo/includes/shortcodes/input-cp.php/wp-content/plugins/forms-by-systemo/includes/shortcodes/textarea-cp.phpHTML / DOM Fingerprints
form_wrapper_external_cps_forminput_cpname="meta_data_form_cp[name_form]"name="meta_data_form_cp[email_to]"name="meta_data_form_cp[parent_post_id]"name="meta_data_form_cp[template_post_id]"name="meta_data_form_cp[name="data_form_cp[[form-cp][input-cp][form-s]