Does FormShield have any unpatched vulnerabilities?

No. All known vulnerabilities in FormShield have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is FormShield compatible with WordPress 6.9.4?

According to WordPress.org data, FormShield 1.1.6 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is FormShield compatible with PHP 7.4+?

FormShield requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is FormShield updated?

FormShield was last updated on Jan 13, 2026. Frequent updates are generally a positive security signal.

What is FormShield's security score?

FormShield has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

FormShield Security & Risk Analysis

wordpress.org/plugins/formshield

FormShield protects your forms from bot spam using advanced pattern matching and behavioral analysis. No annoying captchas, unlimited forms.

10 active installs v1.1.6 PHP 7.4+ WP 4.7+ Updated Jan 13, 2026

anti-spambot-protectionform-protectionformssecurity

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is FormShield Safe to Use in 2026?

Generally Safe

Score 100/100

FormShield has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago

Risk Assessment

The Formshield plugin v1.1.6 exhibits a mixed security posture. On the positive side, the plugin demonstrates strong coding practices in several key areas. It achieves 100% output escaping for all outputs, a critical defense against cross-site scripting (XSS) vulnerabilities. The extensive use of prepared statements (83%) for SQL queries significantly mitigates SQL injection risks. Furthermore, the plugin has a clean vulnerability history with zero recorded CVEs, suggesting a generally secure development process and diligent patching over time. The absence of dangerous functions and file operations is also a positive indicator.

However, the plugin's attack surface is a notable concern. A significant number of entry points, particularly AJAX handlers (11 out of 29) and REST API routes (2 out of 2), lack proper authentication or permission checks. This exposes these functionalities to potential unauthorized access and manipulation by unauthenticated users. While the taint analysis did not reveal critical or high-severity issues in the analyzed flows, the presence of a flow with unsanitized paths warrants attention, as it could lead to vulnerabilities if not properly handled. The plugin also makes an external HTTP request, which, while not inherently a vulnerability, represents a potential vector for further attacks if the external service is compromised or insecure. The absence of vulnerabilities in its history is a strength, but the open entry points represent an inherent risk that needs mitigation.

Key Concerns

AJAX handlers without auth checks
REST API routes without permission callbacks
Flow with unsanitized paths (taint analysis)
External HTTP request

Vulnerabilities

None known

FormShield Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

FormShield Code Analysis

Dangerous Functions

Raw SQL Queries

10 prepared

Unescaped Output

271 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

83% prepared12 total queries

Output Escaping

100% escaped272 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths

<class-formshield-settings> (classes\class-formshield-settings.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

13 unprotected

FormShield Attack Surface

Entry Points31

Unprotected13

AJAX Handlers 29

authwp_ajax_formshield_log_validationclasses\class-formshield-advanced-logging.php:34

noprivwp_ajax_formshield_log_validationclasses\class-formshield-advanced-logging.php:35

authwp_ajax_formshield_check_divi_submissionclasses\class-formshield-divi-spam-detection.php:56

noprivwp_ajax_formshield_check_divi_submissionclasses\class-formshield-divi-spam-detection.php:57

authwp_ajax_et_pb_contact_form_submitclasses\class-formshield-divi-spam-detection.php:68

noprivwp_ajax_et_pb_contact_form_submitclasses\class-formshield-divi-spam-detection.php:69

authwp_ajax_formshield_save_email_settingsclasses\class-formshield-email-notifications.php:29

authwp_ajax_formsh_test_emailclasses\class-formshield-email-notifications.php:30

authwp_ajax_formshield_save_whitelistclasses\class-formshield-ip-whitelist.php:31

authwp_ajax_formshield_add_ip_to_whitelistclasses\class-formshield-ip-whitelist.php:32

authwp_ajax_formshield_remove_ip_from_whitelistclasses\class-formshield-ip-whitelist.php:33

authwp_ajax_formsh_test_ipclasses\class-formshield-ip-whitelist.php:34

authwp_ajax_formshield_form_enabled_changeclasses\class-formshield-settings.php:45

authwp_ajax_formsh_scan_formsclasses\class-formshield-settings.php:46

authwp_ajax_formshield_check_form_statusclasses\class-formshield-settings.php:48

authwp_ajax_formshield_check_spamclasses\class-formshield-spam-protection.php:26

noprivwp_ajax_formshield_check_spamclasses\class-formshield-spam-protection.php:27

authwp_ajax_formshield_record_activityformshield.php:170

noprivwp_ajax_formshield_record_activityformshield.php:171

authwp_ajax_formshield_log_validationformshield.php:174

noprivwp_ajax_formshield_log_validationformshield.php:175

authwp_ajax_formshield_auto_save_settingformshield.php:178

authwp_ajax_formshield_rescan_diviformshield.php:192

authwp_ajax_formshield_scan_all_formsformshield.php:195

authwp_ajax_formshield_update_protected_formsformshield.php:198

authwp_ajax_formshield_toggle_protectionformshield.php:203

authwp_ajax_formshield_save_toggle_changesformshield.php:206

authwp_ajax_formshield_get_form_statsformshield.php:207

authwp_ajax_formsh_rescan_formsformshield.php:210

REST API Routes 2

GET/wp-json/formshield/v1/has-formformshield.php:661

GET/wp-json/formshield/v1/locationsformshield.php:679

WordPress Hooks 137

actioninitclasses\class-formshield-advanced-logging.php:33

actionadmin_menuclasses\class-formshield-advanced-logging.php:36

actionwp_enqueue_scriptsclasses\class-formshield-advanced-protection.php:20

actionwp_footerclasses\class-formshield-advanced-protection.php:21

filtercomments_openclasses\class-formshield-comments-control.php:26

filterpings_openclasses\class-formshield-comments-control.php:27

filterget_comments_numberclasses\class-formshield-comments-control.php:28

filterpre_comment_approvedclasses\class-formshield-comments-control.php:31

actioncomment_form_beforeclasses\class-formshield-comments-control.php:34

actioncomment_form_afterclasses\class-formshield-comments-control.php:35

filtercomment_form_defaultsclasses\class-formshield-comments-control.php:36

actionwp_headclasses\class-formshield-comments-control.php:37

actionadmin_initclasses\class-formshield-comments-control.php:40

actionadmin_footerclasses\class-formshield-comments-control.php:75

actioninitclasses\class-formshield-divi-spam-detection.php:60

actionet_pb_contact_form_submitclasses\class-formshield-divi-spam-detection.php:64

filteret_pb_contact_form_submit_messageclasses\class-formshield-divi-spam-detection.php:65

actionformshield_attack_detectedclasses\class-formshield-email-notifications.php:31

actionformshield_new_form_detectedclasses\class-formshield-email-notifications.php:32

actionwpclasses\class-formshield-email-notifications.php:35

actionformshield_send_periodic_reportclasses\class-formshield-email-notifications.php:36

actionadmin_initclasses\class-formshield-settings.php:34

actionadmin_initclasses\class-formshield-settings.php:40

actionformshield_upgradeclasses\class-formshield-settings.php:41

actionadmin_initclasses\class-formshield-settings.php:42

filterpreprocess_commentclasses\class-formshield-spam-protection.php:23

actionadmin_noticesclasses\class-formshield-utils.php:73

actionadmin_noticesclasses\class-formshield-utils.php:120

filterformshield_badge_allowed_rolesexamples\badge-customization.php:20

filterformshield_badge_textexamples\badge-customization.php:36

filterformshield_badge_textexamples\badge-customization.php:45

filterformshield_badge_allowed_rolesexamples\badge-customization.php:62

filterformshield_badge_css_classesexamples\badge-customization.php:82

filterformshield_badge_textexamples\badge-customization.php:94

filterformshield_badge_allowed_rolesexamples\badge-customization.php:112

actionwp_enqueue_scriptsexamples\badge-customization.php:141

actionadmin_menuformshield.php:168

actionadmin_enqueue_scriptsformshield.php:181

actionrest_api_initformshield.php:184

actionadmin_enqueue_scriptsformshield.php:213

actionwp_enqueue_scriptsformshield.php:220

actionwp_enqueue_scriptsformshield.php:221

actionwp_headformshield.php:840

filterformshield_forms_listintegrations\contact-form-7-forms.php:13

filterwpcf7_spamintegrations\contact-form-7-forms.php:14

actionformshield_autoprotect_formsintegrations\contact-form-7-forms.php:15

actionwpcf7_after_createintegrations\contact-form-7-forms.php:20

actionwpcf7_after_updateintegrations\contact-form-7-forms.php:21

actionwp_footerintegrations\contact-form-7-forms.php:26

filterwpcf7_form_elementsintegrations\contact-form-7-forms.php:29

filterwpcf7_form_elementsintegrations\contact-form-7-forms.php:265

actionplugins_loadedintegrations\contact-form-7-forms.php:286

filterformshield_forms_listintegrations\divi-forms-improved.php:104

actionwp_footerintegrations\divi-forms-improved.php:105

actionformshield_autoprotect_formsintegrations\divi-forms-improved.php:106

actionwp_footerintegrations\divi-forms-improved.php:111

actionplugins_loadedintegrations\divi-forms-improved.php:196

filterformshield_forms_listintegrations\divi-forms.php:159

actionwp_footerintegrations\divi-forms.php:160

actionformshield_autoprotect_formsintegrations\divi-forms.php:161

actionwp_footerintegrations\divi-forms.php:166

actionplugins_loadedintegrations\divi-forms.php:536

filterformshield_forms_listintegrations\elementor-forms.php:14

actionelementor_pro/forms/validationintegrations\elementor-forms.php:15

actionformshield_autoprotect_formsintegrations\elementor-forms.php:16

actionwp_footerintegrations\elementor-forms.php:21

actionplugins_loadedintegrations\elementor-forms.php:150

filterformshield_forms_listintegrations\fluent-forms.php:14

filterfluentform/validation_errorsintegrations\fluent-forms.php:15

actionformshield_autoprotect_formsintegrations\fluent-forms.php:16

actionwp_footerintegrations\fluent-forms.php:21

actionplugins_loadedintegrations\fluent-forms.php:150

filterformshield_forms_listintegrations\formidable-forms.php:14

filterfrm_validate_entryintegrations\formidable-forms.php:15

actionformshield_autoprotect_formsintegrations\formidable-forms.php:16

actionfrm_update_formintegrations\formidable-forms.php:23

actionfrm_after_duplicate_formintegrations\formidable-forms.php:24

actionwp_footerintegrations\formidable-forms.php:29

actionplugins_loadedintegrations\formidable-forms.php:168

filterformshield_forms_listintegrations\gravity-forms.php:13

filtergform_validationintegrations\gravity-forms.php:14

actionformshield_autoprotect_formsintegrations\gravity-forms.php:15

filtergform_validation_messageintegrations\gravity-forms.php:16

actiongform_after_save_formintegrations\gravity-forms.php:21

actiongform_after_duplicate_formintegrations\gravity-forms.php:22

actionwp_footerintegrations\gravity-forms.php:27

actionplugins_loadedintegrations\gravity-forms.php:184

filterformshield_forms_listintegrations\happy-forms.php:14

filterhappyforms_validate_submissionintegrations\happy-forms.php:15

actionformshield_autoprotect_formsintegrations\happy-forms.php:16

actionwp_footerintegrations\happy-forms.php:22

actionplugins_loadedintegrations\happy-forms.php:171

actionadmin_noticesintegrations\ninja-forms.php:16

filterformshield_forms_listintegrations\ninja-forms.php:27

filterninja_forms_submit_dataintegrations\ninja-forms.php:28

actionformshield_autoprotect_formsintegrations\ninja-forms.php:29

actionninja_forms_save_formintegrations\ninja-forms.php:34

actionwp_footerintegrations\ninja-forms.php:39

actionplugins_loadedintegrations\ninja-forms.php:182

filterformshield_forms_listintegrations\quform-forms.php:14

filterquform_post_validateintegrations\quform-forms.php:15

actionformshield_autoprotect_formsintegrations\quform-forms.php:16

actionplugins_loadedintegrations\quform-forms.php:103

filterformshield_forms_listintegrations\we-forms.php:13

filterweforms_before_entry_submissionintegrations\we-forms.php:14

actionformshield_autoprotect_formsintegrations\we-forms.php:15

actionplugins_loadedintegrations\we-forms.php:295

actionweforms_after_save_formintegrations\we-forms.php:297

filterweforms-get-form-settingsintegrations\we-forms.php:298

filterweforms-get-form-fieldsintegrations\we-forms.php:299

actionweforms_formshield_global_settings_formintegrations\we-forms.php:300

filterformshield_forms_listintegrations\wordpress-comments.php:13

filterpre_comment_approvedintegrations\wordpress-comments.php:14

actionwp_insert_commentintegrations\wordpress-comments.php:15

actionformshield_autoprotect_formsintegrations\wordpress-comments.php:16

filtercomment_form_defaultsintegrations\wordpress-comments.php:21

filtercomments_openintegrations\wordpress-comments.php:26

filterpings_openintegrations\wordpress-comments.php:27

actionadmin_menuintegrations\wordpress-comments.php:28

actionwp_before_admin_bar_renderintegrations\wordpress-comments.php:29

filtercomments_arrayintegrations\wordpress-comments.php:30

filterget_comments_numberintegrations\wordpress-comments.php:31

actionwidgets_initintegrations\wordpress-comments.php:32

filterwp_headersintegrations\wordpress-comments.php:33

actioncomment_form_afterintegrations\wordpress-comments.php:524

actionplugins_loadedintegrations\wordpress-comments.php:648

filterformshield_forms_listintegrations\wp-forms.php:14

filterwpforms_process_initial_errorsintegrations\wp-forms.php:15

actionformshield_autoprotect_formsintegrations\wp-forms.php:16

actionwpforms_create_formintegrations\wp-forms.php:23

actionwpforms_save_formintegrations\wp-forms.php:24

actionwp_footerintegrations\wp-forms.php:29

actionplugins_loadedintegrations\wp-forms.php:161

filterformshield_forms_listintegrations\ws-form.php:13

filterwsf_action_formshield_checkintegrations\ws-form.php:14

actionformshield_autoprotect_formsintegrations\ws-form.php:15

actionplugins_loadedintegrations\ws-form.php:123

Scheduled Events 1

formshield_send_periodic_report

Maintenance & Trust

FormShield Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 13, 2026

PHP min version7.4

Downloads557

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

FormShield Alternatives

OOPSpam Anti-Spam: Spam Protection for WordPress Forms & Comments (No CAPTCHA)

oopspam-anti-spam

Protect your forms from spam with 99.9% accuracy - no CAPTCHA, no JavaScript, no tracking. Trusted by 3.5M+ websites.

6K 4 CVEs

Spam Protect for Contact Form 7

wp-contact-form-7-spam-blocker

Spam Protect for Contact-Form7 protects from spam and bots. Customize defense strategies and monitor blocked attempts. Protect your time effectively!

10K 1 CVE

Universal Honey Pot

universal-honey-pot

100

Universal Honey Pot is a powerful and user-friendly WordPress plugin that provides a plug-and-play solution for protecting your forms against unwanted …

1K No CVEs

Anti-Spam Filter for Gravity Forms

anti-spam-filter-gravity-forms

A lightweight anti-spam solution for Gravity Forms that blocks unwanted submissions using keyword filtering and Cyrillic text detection.

30 No CVEs

Botfaqtor Code

botfaqtor-code

100

Интеграция сервиса Botfaqtor для защиты сайта от ботов.

20 No CVEs

Developer Profile

FormShield Developer Profile

GDimitrov

3 plugins · 10 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect FormShield

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/formshield/assets/css/formshield-admin.css/wp-content/plugins/formshield/assets/js/formshield-admin.js/wp-content/plugins/formshield/assets/js/formshield-frontend.js

Script Paths

/wp-content/plugins/formshield/assets/js/formshield-admin.js/wp-content/plugins/formshield/assets/js/formshield-frontend.js

Version Parameters

formshield/assets/css/formshield-admin.css?ver=formshield/assets/js/formshield-admin.js?ver=formshield/assets/js/formshield-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

formshield-admin-wrap

HTML Comments

FormShield: Protects your forms from spam and malicious bots.

Data Attributes

data-formshield-id

JS Globals

formshield_admin_ajax_objectformshield_frontend_ajax_object

REST Endpoints

/wp-json/formshield/v1/divi-detection

FAQ