Formsite | Embed online forms to collect orders, registrations, leads, and surveys Security & Risk Analysis
wordpress.org/plugins/formsiteEmbed online forms and surveys from Formsite into pages, posts, and sidebars with an easy shortcode.
Is Formsite | Embed online forms to collect orders, registrations, leads, and surveys Safe to Use in 2026?
Mostly Safe
Score 84/100Formsite | Embed online forms to collect orders, registrations, leads, and surveys is generally safe to use though it hasn't been updated recently. 1 past CVE were resolved. Keep it updated.
The Forms site plugin v1.7 exhibits a generally good security posture based on the static analysis, with no identified dangerous functions, proper SQL prepared statements, and 100% output escaping. The attack surface is minimal, consisting of a single shortcode with no apparent authentication checks, which presents a low immediate risk. Taint analysis also shows no concerning unsanitized flows.
However, the plugin's history of one medium-severity Cross-Site Scripting (XSS) vulnerability, though currently patched, is a significant concern. The fact that an XSS vulnerability was present indicates a potential weakness in input sanitization or output encoding that could be reintroduced in future updates if not carefully managed. The last vulnerability was recorded as recent as April 2024, suggesting ongoing security attention might be needed.
While the current static analysis results are positive, the past vulnerability history necessitates a degree of caution. The plugin's strength lies in its limited attack surface and well-implemented prepared statements and output escaping. The weakness lies in the recurring possibility of XSS, highlighting the importance of thorough security testing for any input handled by the shortcode.
Key Concerns
- Medium severity CVE present historically
- Shortcode without auth check
Formsite | Embed online forms to collect orders, registrations, leads, and surveys Security Vulnerabilities
CVEs by Year
Severity Breakdown
1 total CVE
Formsite | Embed online forms to collect orders, registrations, leads, and surveys <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
Formsite | Embed online forms to collect orders, registrations, leads, and surveys Code Analysis
Formsite | Embed online forms to collect orders, registrations, leads, and surveys Attack Surface
Shortcodes 1
Maintenance & Trust
Formsite | Embed online forms to collect orders, registrations, leads, and surveys Maintenance & Trust
Maintenance Signals
Community Trust
Formsite | Embed online forms to collect orders, registrations, leads, and surveys Alternatives
Formstack Online Forms
formstack
This plugin allows you to easily embed Web forms built with Formstack's online form builder into your sidebar, pages, and posts.
Yay! Forms
yayforms
Embed custom forms, surveys, and quizzes into your WordPress site with ease.
GoZen Engage
gozen-engage
GoZen Engage is a AI-Powered Interactive Content And Gamification
Chatterbug Forms – Fast, Flexible WordPress Form Builder
chatterbug-forms
Free unlimited forms and submissions. Create your forms on wp.ChatterbugForms.com for free with easy drag and drop then import them into your site.
WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More
wpforms-lite
The best WordPress contact form plugin. Drag & Drop form builder to create beautiful contact forms, payment forms, & other custom forms.
Formsite | Embed online forms to collect orders, registrations, leads, and surveys Developer Profile
1 plugin · 900 total installs
How We Detect Formsite | Embed online forms to collect orders, registrations, leads, and surveys
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/formsite/embedManager.jshttps://.formsite.com/include/form/embedManager.jsHTML / DOM Fingerprints
EmbedManager<a name="formid="formAnchor<script src="https://EmbedManager.embed({