WP-Safety

Forms Rb Security & Risk Analysis

wordpress.org/plugins/forms-rb

Forms Rb - the most simple way to create a hosted form, contact form, order form, support form. Simple contact form setup and form fields management

100 active installs v1.1.9 PHP 5.6.20+ WP 5.3+ Updated Sep 25, 2025
contactcontact-formemailform-builderforms
78
B · Generally Safe
CVEs total1
Unpatched1
Last CVEMay 11, 2026
Download
Safety Verdict

Is Forms Rb Safe to Use in 2026?

Mostly Safe

Score 78/100

Forms Rb is generally safe to use. 1 past CVE were resolved.

1 known CVE 1 unpatched Last CVE: May 11, 2026Updated 7mo ago
Risk Assessment

The 'forms-rb' plugin v1.1.9 exhibits a generally strong security posture based on the provided static analysis and vulnerability history. The plugin has a small attack surface, with only one shortcode and no unprotected entry points identified. Crucially, there are no dangerous functions, no raw SQL queries, and no external HTTP requests, all of which are excellent security indicators. The output escaping is also reasonably good at 72%.

However, a significant concern is the complete absence of nonce checks across all identified entry points. While the plugin does have one capability check, the lack of nonce validation on the shortcode could potentially expose it to cross-site request forgery (CSRF) attacks if the shortcode's functionality is sensitive. The taint analysis showing zero flows is positive, but the absence of nonce checks remains a notable weakness that could be exploited.

With no recorded vulnerabilities or CVEs, the plugin's historical security record is clean. This suggests a diligent development process. Overall, 'forms-rb' v1.1.9 is likely a secure plugin, but the lack of nonce checks on its shortcode is a weakness that warrants attention to mitigate potential CSRF risks.

Key Concerns

  • Missing nonce checks on shortcode
  • Output escaping not 100%
Vulnerabilities
1 published

Forms Rb Security Vulnerabilities

CVEs by Year

1 CVE in 2026 · unpatched
2026
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2026-7050medium · 4.3Missing Authorization

Forms Rb <= 1.1.9 - Missing Authorization to Authenticated (Contributor+) Arbitrary Modification via 'form_id' Parameter

May 11, 2026Unpatched
Version History

Forms Rb Release Timeline

v1.1.9Current1 CVE
CVE-2026-7050
v1.1.81 CVE
CVE-2026-7050
v1.1.71 CVE
CVE-2026-7050
v1.1.61 CVE
CVE-2026-7050
v1.1.51 CVE
CVE-2026-7050
v1.0.81 CVE
CVE-2026-7050
v1.0.71 CVE
CVE-2026-7050
v1.0.61 CVE
CVE-2026-7050
v1.0.51 CVE
CVE-2026-7050
v1.0.41 CVE
CVE-2026-7050
v1.0.31 CVE
CVE-2026-7050
v1.0.21 CVE
CVE-2026-7050
v1.0.11 CVE
CVE-2026-7050
v1.0.01 CVE
CVE-2026-7050
Code Analysis
Analyzed Mar 16, 2026

Forms Rb Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
7
18 escaped
Nonce Checks
0
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

72% escaped25 total outputs
Attack Surface

Forms Rb Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[rbform] app\form\form.php:35
WordPress Hooks 15
actionrest_api_initapp\api.php:44
filtercron_schedulesapp\cron.php:38
filterthe_contentapp\form\form.php:36
actionwp_headapp\form\form.php:39
filterpost_row_actionsapp\listing.php:35
actionadmin_headapp\listing.php:37
filtermanage_posts_columnsapp\listing.php:45
actionposts_clausesapp\listing.php:53
actionadmin_bar_menuapp\notification.php:40
actionadmin_headapp\notification.php:41
actionadmin_menuapp\notification.php:42
actionrbforms_cron_hookapp\notification.php:44
actionadd_meta_boxesapp\records\records.php:34
actioninitapp\type.post.php:36
actionwp_loadedapp\update.php:37

Scheduled Events 1

rbforms_cron_hook
Maintenance & Trust

Forms Rb Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedSep 25, 2025
PHP min version5.6.20
Downloads6K

Community Trust

Rating100/100
Number of ratings5
Active installs100
Alternatives

Forms Rb Alternatives

WPZOOM Forms – Drag & Drop Contact Form Builder for WordPress

WPZOOM Forms – Drag & Drop Contact Form Builder for WordPress

wpzoom-forms

A
100

Drag & drop contact form builder for WordPress. Create contact forms, custom forms, email forms with spam protection. Works with Elementor, shortcodes

10K No CVEs
VPSUForm – Drag & Drop Contact Form Builder with Email Automation

VPSUForm – Drag & Drop Contact Form Builder with Email Automation

v-form

A
92

A lightweight drag-and-drop WordPress form builder with email automation, conditional logic, spam protection, and full lead management.

200 7 CVEs
OmniForm

OmniForm

omniform

A
100

Easily create and manage custom forms with the block editor, customizable fields, and form submission management for your website.

50 No CVEs
GenForm – Drag & Drop Form Builder

GenForm – Drag & Drop Form Builder

genform

A
100

The lightweight drag-and-drop form builder for WordPress. Create contact forms, feedback forms, bookings, and more — no coding required.

20 No CVEs
Weavely – Build Forms in Figma

Weavely – Build Forms in Figma

weavely

A
85

Turn Figma designs into custom forms, effortlessly embed in WordPress. Elevate user experience with unique designs.

10 No CVEs
Developer Profile

Forms Rb Developer Profile

rbplugins

8 plugins · 108K total installs

92
trust score
Avg Security Score
97/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Forms Rb

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/forms-rb/assets/main.js
Script Paths
/wp-content/plugins/forms-rb/assets/main.js
Version Parameters
forms-rb/assets/main.js?ver=

HTML / DOM Fingerprints

CSS Classes
rb_contact_form
Data Attributes
rbform_id
JS Globals
rbforms_config_formid_
Shortcode Output
[rbform
FAQ

Frequently Asked Questions about Forms Rb