Does Forms Rb have any unpatched vulnerabilities?

No. All known vulnerabilities in Forms Rb have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Forms Rb compatible with WordPress 6.8.5?

According to WordPress.org data, Forms Rb 1.1.9 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Forms Rb compatible with PHP 5.6.20+?

Forms Rb requires PHP 5.6.20 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Forms Rb updated?

Forms Rb was last updated on Sep 25, 2025. Frequent updates are generally a positive security signal.

What is Forms Rb's security score?

Forms Rb has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Forms Rb Security & Risk Analysis

wordpress.org/plugins/forms-rb

Forms Rb - the most simple way to create a hosted form, contact form, order form, support form. Simple contact form setup and form fields management

100 active installs v1.1.9 PHP 5.6.20+ WP 5.3+ Updated Sep 25, 2025

contactcontact-formemailform-builderforms

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Forms Rb Safe to Use in 2026?

Generally Safe

Score 100/100

Forms Rb has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6mo ago

Risk Assessment

The 'forms-rb' plugin v1.1.9 exhibits a generally strong security posture based on the provided static analysis and vulnerability history. The plugin has a small attack surface, with only one shortcode and no unprotected entry points identified. Crucially, there are no dangerous functions, no raw SQL queries, and no external HTTP requests, all of which are excellent security indicators. The output escaping is also reasonably good at 72%.

However, a significant concern is the complete absence of nonce checks across all identified entry points. While the plugin does have one capability check, the lack of nonce validation on the shortcode could potentially expose it to cross-site request forgery (CSRF) attacks if the shortcode's functionality is sensitive. The taint analysis showing zero flows is positive, but the absence of nonce checks remains a notable weakness that could be exploited.

With no recorded vulnerabilities or CVEs, the plugin's historical security record is clean. This suggests a diligent development process. Overall, 'forms-rb' v1.1.9 is likely a secure plugin, but the lack of nonce checks on its shortcode is a weakness that warrants attention to mitigate potential CSRF risks.

Key Concerns

Missing nonce checks on shortcode
Output escaping not 100%

Vulnerabilities

None known

Forms Rb Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Forms Rb Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

18 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

72% escaped25 total outputs

Attack Surface

Forms Rb Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[rbform] app\form\form.php:35

WordPress Hooks 15

actionrest_api_initapp\api.php:44

filtercron_schedulesapp\cron.php:38

filterthe_contentapp\form\form.php:36

actionwp_headapp\form\form.php:39

filterpost_row_actionsapp\listing.php:35

actionadmin_headapp\listing.php:37

filtermanage_posts_columnsapp\listing.php:45

actionposts_clausesapp\listing.php:53

actionadmin_bar_menuapp\notification.php:40

actionadmin_headapp\notification.php:41

actionadmin_menuapp\notification.php:42

actionrbforms_cron_hookapp\notification.php:44

actionadd_meta_boxesapp\records\records.php:34

actioninitapp\type.post.php:36

actionwp_loadedapp\update.php:37

Scheduled Events 1

rbforms_cron_hook

Maintenance & Trust

Forms Rb Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedSep 25, 2025

PHP min version5.6.20

Downloads5K

Community Trust

Rating100/100

Number of ratings5

Active installs100

Alternatives

Forms Rb Alternatives

WPZOOM Forms – Drag & Drop Contact Form Builder for WordPress

wpzoom-forms

100

Drag & drop contact form builder for WordPress. Create contact forms, custom forms, email forms with spam protection. Works with Elementor, shortcodes

10K No CVEs