Does Formidable Forms Signature Online Contract Automation have any unpatched vulnerabilities?

No. All known vulnerabilities in Formidable Forms Signature Online Contract Automation have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Formidable Forms Signature Online Contract Automation compatible with WordPress 6.9.4?

According to WordPress.org data, Formidable Forms Signature Online Contract Automation 1.8.6 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Formidable Forms Signature Online Contract Automation Security & Risk Analysis

wordpress.org/plugins/forms-signature-formidable-online-contract-automation

Instantly produce a legally enforceable & court recognized contract from a Formidable Forms submission. Legal contracts. UETA/ESIGN Compliant.

200 active installs v1.8.6 PHP + WP 4.5+ Updated Jan 8, 2026

formdiable-formformidableformidable-forms

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Formidable Forms Signature Online Contract Automation Safe to Use in 2026?

Generally Safe

Score 100/100

Formidable Forms Signature Online Contract Automation has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago

Risk Assessment

The plugin "forms-signature-formidable-online-contract-automation" v1.8.6 exhibits a generally good security posture based on the provided static analysis and vulnerability history. A strong emphasis on prepared statements for SQL queries and a high percentage of properly escaped output are positive indicators. The presence of nonce and capability checks on entry points also suggests an effort to protect against common web vulnerabilities. Furthermore, the absence of known CVEs and a clean vulnerability history indicate a stable and well-maintained plugin.

However, a significant concern arises from the presence of the `unserialize` function. While not immediately tied to a specific vulnerability in the static analysis, `unserialize` is notoriously dangerous if used with untrusted input, as it can lead to object injection vulnerabilities. The single file operation also warrants cautious review, though without further context, its risk is unquantifiable. The plugin also has a small attack surface, which is a positive, but the absence of authentication checks on all AJAX handlers, even if there are none found to be unprotected, is a potential area for future oversight.

Overall, the plugin appears to be developed with security in mind, as evidenced by its robust use of prepared statements and output escaping, and its clean vulnerability record. The primary area for improvement and attention is the safe handling of any data processed by the `unserialize` function to mitigate potential object injection risks.

Key Concerns

Presence of unserialize function

Vulnerabilities

None known

Formidable Forms Signature Online Contract Automation Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Formidable Forms Signature Online Contract Automation Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

225 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$metaValue = unserialize(FrmDb::get_var('frm_item_metas', array('field_id' => $fieldId, 'item_id' =>admin\includes\esig-formidableform-settings.php:232

Output Escaping

89% escaped253 total outputs

Attack Surface

Formidable Forms Signature Online Contract Automation Attack Surface

Entry Points3

Unprotected0

AJAX Handlers 2

authwp_ajax_esig_formidableform_fieldsadmin\esig-formidable-forms-admin.php:47

authwp_ajax_esig_formidable_ratting_widget_removeadmin\rating-widget\esign-rating-widget.php:44

Shortcodes 1

[esigformidable] admin\esig-formidable-forms-admin.php:50

WordPress Hooks 36

actionadmin_noticesadmin\about\autoload.php:27

actionesig_admin_noticesadmin\about\autoload.php:29

actionin_admin_headeradmin\about\autoload.php:85

actionadmin_menuadmin\about\includes\esig-about-load.php:30

actioninitadmin\esig-formidable-forms-admin.php:41

actioninitadmin\esig-formidable-forms-admin.php:42

actionadmin_enqueue_scriptsadmin\esig-formidable-forms-admin.php:44

filteresig_sif_buttons_filteradmin\esig-formidable-forms-admin.php:45

filteresig_text_editor_sif_menuadmin\esig-formidable-forms-admin.php:46

filteresig_admin_more_document_contentsadmin\esig-formidable-forms-admin.php:49

actionadmin_initadmin\esig-formidable-forms-admin.php:51

actionfrm_registered_form_actionsadmin\esig-formidable-forms-admin.php:52

actionfrm_trigger_esig_create_actionadmin\esig-formidable-forms-admin.php:54

actionfrm_trigger_esig_update_actionadmin\esig-formidable-forms-admin.php:55

filtershow_sad_invite_linkadmin\esig-formidable-forms-admin.php:57

actionadmin_menuadmin\esig-formidable-forms-admin.php:59

filteresig_invite_not_sentadmin\esig-formidable-forms-admin.php:60

actionmedia_buttonsadmin\esig-formidable-forms-admin.php:64

actionwp_esignature_loadedadmin\esig-formidable-forms-admin.php:67

actionesig_signature_loadedadmin\esig-formidable-forms-admin.php:68

actionwp_esignature_loadedadmin\esig-formidable-forms-admin.php:69

actionfrm_success_actionadmin\esig-formidable-forms-admin.php:72

filteresig_document_title_filteradmin\esig-formidableform-filters.php:16

filteresig_strip_shortcodes_tagnamesadmin\esig-formidableform-filters.php:17

filterfrm_contentadmin\esig-formidableform-filters.php:18

filteresig_document_clone_render_contentadmin\esig-formidableform-filters.php:20

filterinitadmin\esig-formidableform-filters.php:22

filteresig_document_clone_render_contentadmin\esig-formidableform-filters.php:23

actioninitadmin\includes\esig-formidableform.php:49

actionadmin_initadmin\includes\esig-formidableform.php:50

actionesig_admin_noticesadmin\rating-widget\esign-rating-widget.php:41

actionadmin_enqueue_scriptsadmin\rating-widget\esign-rating-widget.php:42

actionadmin_enqueue_scriptsadmin\rating-widget\esign-rating-widget.php:43

actionplugins_loadedformidable-forms-approveme-digital-signature.php:79

actionplugins_loadedformidable-forms-approveme-digital-signature.php:80

actionplugins_loadedformidable-forms-approveme-digital-signature.php:85

Maintenance & Trust

Formidable Forms Signature Online Contract Automation Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 8, 2026

PHP min version

Downloads23K

Community Trust

Rating80/100

Number of ratings2

Active installs200

Alternatives

Formidable Forms Signature Online Contract Automation Alternatives

WP Contact Slider – Contact Form Slider Widget

wp-contact-slider

Helps you to show slide out contact form to display CF7, Gravity forms, Ninja Forms, WP Forms, display random text/HTML and support some other forms.

10K 2 CVEs

BSK Forms Blacklist

bsk-gravityforms-blacklist

Checks field content and block submitting base on your keywords. Blocking IP, Country is only supported in the Pro version.

1K 5 CVEs

Formidable Forms + Sprout Invoices – Easy Invoice & Estimate Submissions

sprout-invoices-formidable-forms

100

Dynamic invoicing (and estimates/quotes) from Formidable Form submissions.

200 No CVEs

WP Mautic Form Integrator

wp-mautic-form-integrator

Mautic is a marketing automation software and WP Mautic Form Integrator plugin is a bridge between Mautic and several highly used form plugins.

200 No CVEs

Blacklist Unwanted Email – Formidable Forms

block-email-formidable-form

This is a free add-on plugin for Formidable Forms , which validates the email field and restrict unwanted email submission as well as allowed only bus …

100 No CVEs

Developer Profile

Formidable Forms Signature Online Contract Automation Developer Profile

approveme

10 plugins · 4K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

15 days

View full developer profile

Detection Fingerprints

How We Detect Formidable Forms Signature Online Contract Automation

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/forms-signature-formidable-online-contract-automation/assets/css/esig-about-alert.css

Version Parameters

forms-signature-formidable-online-contract-automation/style.css?ver=

HTML / DOM Fingerprints

CSS Classes

esig-icon-cssesig-about-alertesig-formidableform-settingsESIG_FORMIDABLEFORM_Admin

HTML Comments

<!--

**
 * Copyright (c)
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License, version 2 or, at
 * your discretion, any later version, as published by the Free
 * Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free
 * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
-->

/* 
 * To change this license header, choose License Headers in Project Properties.
 * To change this template file, choose Tools | Templates
 * and open the template in the editor.
 */

Data Attributes

id="esig-about-alert"class="bangBar error "

JS Globals

esig_formidable_getESIG_FORMIDABLEFORMESIG_FORMIDABLEFORM_AdminesigFormidableFiltersesignRatingWidgetFormidable

FAQ