Does Free Contact Us Form plugin ( build in accordance to the GDPR ) have any unpatched vulnerabilities?

No. All known vulnerabilities in Free Contact Us Form plugin ( build in accordance to the GDPR ) have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Free Contact Us Form plugin ( build in accordance to the GDPR ) compatible with WordPress 5.0.25?

According to WordPress.org data, Free Contact Us Form plugin ( build in accordance to the GDPR ) 1.2 has been tested up to WordPress 5.0.25. Check the plugin's changelog for the latest compatibility information.

Is Free Contact Us Form plugin ( build in accordance to the GDPR ) compatible with PHP 5.6+?

Free Contact Us Form plugin ( build in accordance to the GDPR ) requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

Free Contact Us Form plugin ( build in accordance to the GDPR ) Security & Risk Analysis

wordpress.org/plugins/free-contact-us

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Sof …

10 active installs v1.2 PHP 5.6+ WP 4.5+ Updated Jul 24, 2019

awebercontact-uscontact-us-formemailgdpr

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Free Contact Us Form plugin ( build in accordance to the GDPR ) Safe to Use in 2026?

Generally Safe

Score 85/100

Free Contact Us Form plugin ( build in accordance to the GDPR ) has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago

Risk Assessment

The "free-contact-us" plugin v1.2 exhibits a mixed security posture. On the positive side, it demonstrates good practices regarding SQL queries, exclusively using prepared statements, and has a clean vulnerability history with no recorded CVEs. This suggests a potentially stable and well-maintained codebase in terms of known exploits.

However, the static analysis reveals significant areas of concern. The presence of an unprotected AJAX handler is a critical weakness, creating a direct entry point for attackers that bypasses authentication. Furthermore, a high percentage (62%) of output escaping is not properly handled, leading to potential cross-site scripting (XSS) vulnerabilities. The taint analysis indicates that a substantial portion of data flows contain unsanitized paths, although no critical or high severity issues were explicitly flagged in this analysis. The limited capability checks and reliance on nonces for some security, but not all, also present potential gaps.

In conclusion, while the plugin benefits from a lack of known vulnerabilities and secure SQL practices, the identified unprotected AJAX endpoint and the prevalence of unescaped output represent immediate and serious security risks. The taint analysis, even without critical flags, points to potential underlying issues in how data is handled. Addressing the unprotected AJAX handler and improving output sanitization should be the top priorities for mitigating risk.

Key Concerns

Unprotected AJAX handler
Low percentage of proper output escaping
Flows with unsanitized paths
No capability checks

Vulnerabilities

None known

Free Contact Us Form plugin ( build in accordance to the GDPR ) Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Free Contact Us Form plugin ( build in accordance to the GDPR ) Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

23 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

38% escaped61 total outputs

Data Flows

4 unsanitized

Data Flow Analysis

5 flows4 with unsanitized paths

<free_contact_us_back_settings> (inc\free_contact_us_back_settings.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Free Contact Us Form plugin ( build in accordance to the GDPR ) Attack Surface

Entry Points4

Unprotected1

AJAX Handlers 3

authwp_ajax_aw_loadinc\free_contact_us_functions.php:14

authwp_ajax_opt_connectioninc\free_contact_us_functions.php:15

authwp_ajax_set_optioninc\free_contact_us_functions.php:16

Shortcodes 1

[free_contact_us_form] free_contact_us.php:179

WordPress Hooks 10

actionadmin_enqueue_scriptsfree_contact_us.php:25

filterplugin_action_linksfree_contact_us.php:141

actionwp_enqueue_scriptsfree_contact_us.php:163

actionfree_contact_us_offers_first_jsfree_contact_us.php:171

actionwpfree_contact_us.php:173

filterpage_templateinc\free_contact_us_functions.php:8

actionadmin_menuinc\free_contact_us_functions.php:10

actionadmin_footerinc\free_contact_us_functions.php:12

actionfree_contact_us_offers_second_jsinc\free_contact_us_functions.php:19

actionwidgets_initinc\free_contact_us_gdpr_wedget.php:7

Maintenance & Trust

Free Contact Us Form plugin ( build in accordance to the GDPR ) Maintenance & Trust

Maintenance Signals

WordPress version tested5.0.25

Last updatedJul 24, 2019

PHP min version5.6

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Free Contact Us Form plugin ( build in accordance to the GDPR ) Alternatives

OweBest Contact Form

ob-contact-form

100

OweBest Contact form is a simple contact form which works out of the box. Use shortcode on posts or pages to generate OweBest Contact Form.

10 No CVEs

Double Opt-In for Contact Form 7 & Avada – Secure, GDPR-Compliant Email Verification

double-opt-in

100

Protect your forms with GDPR-compliant Double Opt-In. Ensure valid emails, prevent fake signups, and stay compliant with Contact Form 7 and Avada.

1K No CVEs

Connect Contact Form 7 and AWeber

integrate-contact-form-7-and-aweber

Integrate AWeber mailing lists with Contact Form 7. Automatically add form subscribers to your AWeber lists.

300 2 CVEs

Porsline

porsline

Porsline | Build eye-catching forms, surveys & quizzes that everybody is willing to engage!

300 1 CVE

Call Now, Email, Messaging, Sharing Buttons for Mobile

social-mobile-messaging-bar

100

Customers can call, message you or share your website on smart phone with our Social Mobile Messaging Bar. Messaging via Messenger, Skype, SMS, email.

300 No CVEs

Developer Profile

Free Contact Us Form plugin ( build in accordance to the GDPR ) Developer Profile

pdtasktrack

4 plugins · 40 total installs

trust score

Avg Security Score

93/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Free Contact Us Form plugin ( build in accordance to the GDPR )

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/free-contact-us/css/free-contact-us-front.css/wp-content/plugins/free-contact-us/js/free-contact-us-tabs.js/wp-content/plugins/free-contact-us/css/free_contact_us_style.css

Script Paths

//www.offerfwd.net/oi/first/

Version Parameters

free-contact-us-tabs.js?v=1.1free_contact_us_style.css?v=1.1

HTML / DOM Fingerprints

CSS Classes

alertalert-danger

Data Attributes

name="_wpnonce"

JS Globals

AWeberAPIException

Shortcode Output

[free_contact_us_form]

FAQ