Does Freshworks Forms have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Freshworks Forms compatible with WordPress 5.8.13?

According to WordPress.org data, Freshworks Forms 1.0.0 has been tested up to WordPress 5.8.13. Check the plugin's changelog for the latest compatibility information.

Is Freshworks Forms compatible with PHP 7.0+?

Freshworks Forms requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Freshworks Forms updated?

Freshworks Forms was last updated on May 5, 2022. Frequent updates are generally a positive security signal.

What is Freshworks Forms's security score?

Freshworks Forms has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Freshworks Forms Security & Risk Analysis

wordpress.org/plugins/freshworks-forms

The best WordPress contact form plugin. Drag & Drop online form builder that helps you create beautiful contact forms with just a few clicks.

10 active installs v1.0.0 PHP 7.0+ WP 5.8.1+ Updated May 5, 2022

contact-formcontact-form-plugincustom-formform-buildershort-code

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Freshworks Forms Safe to Use in 2026?

Generally Safe

Score 85/100

Freshworks Forms has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago

Risk Assessment

The Freshworks Forms plugin v1.0.0 exhibits a strong initial security posture based on the provided static analysis and vulnerability history. The absence of any known CVEs, critical taint flows, dangerous functions, raw SQL queries, or unescaped output demonstrates a commitment to secure coding practices. All identified entry points, including AJAX handlers and REST API routes, appear to have proper authorization checks, significantly reducing the attack surface for unauthorized access.

However, a notable concern is the complete lack of nonce checks across all entry points, especially considering the presence of AJAX handlers and REST API routes that could potentially be leveraged for unintended actions. While the static analysis did not reveal any specific vulnerabilities stemming from this, it represents a potential weakness that could be exploited in conjunction with other misconfigurations or vulnerabilities. The plugin also makes external HTTP requests, which, without further analysis, could pose a risk if not handled securely, although the static analysis did not flag any unsanitized paths related to these requests.

Overall, the plugin's security history is clean, which is a very positive sign. Coupled with the static analysis revealing no critical code-level flaws, this suggests a generally well-developed and maintained plugin. The primary area for improvement lies in implementing nonce checks for all applicable entry points to further harden the plugin against CSRF-like attacks.

Key Concerns

Missing nonce checks on AJAX/REST API

Vulnerabilities

None known

Freshworks Forms Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Freshworks Forms Release Timeline

v1.0.0Current

Code Analysis

Analyzed Mar 16, 2026

Freshworks Forms Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

2 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped2 total outputs

Attack Surface

Freshworks Forms Attack Surface

Entry Points18

Unprotected0

REST API Routes 17

GET/wp-json/wprk/v1/settingsclasses\class-create-settings-routes.php:12

POST/wp-json/wprk/v1/settingsclasses\class-create-settings-routes.php:17

DELETE/wp-json/wprk/v1/settingsclasses\class-create-settings-routes.php:22

GET/wp-json/wprk/v1/templates/(?P<id>.+)classes\class-create-settings-routes.php:27

POST/wp-json/wprk/v1/templatesclasses\class-create-settings-routes.php:39

PUT/wp-json/wprk/v1/templatesclasses\class-create-settings-routes.php:44

GET/wp-json/wprk/v1/templatesclasses\class-create-settings-routes.php:49

DELETE/wp-json/wprk/v1/templates/(?P<id>.+)classes\class-create-settings-routes.php:54

DELETE/wp-json/wprk/v1/templatesclasses\class-create-settings-routes.php:59

DELETE/wp-json/wprk/v1/template/bulk_deleteclasses\class-create-settings-routes.php:64

DELETE/wp-json/wprk/v1/submission/bulk_deleteclasses\class-create-settings-routes.php:69

POST/wp-json/wprk/v1/submissionsclasses\class-create-settings-routes.php:74

GET/wp-json/wprk/v1/submissionsclasses\class-create-settings-routes.php:79

GET/wp-json/wprk/v1/submissions/(?P<id>.+)classes\class-create-settings-routes.php:84

DELETE/wp-json/wprk/v1/submissions/(?P<id>.+)classes\class-create-settings-routes.php:89

DELETE/wp-json/wprk/v1/submissionsclasses\class-create-settings-routes.php:94

POST/wp-json/wprk/v1/webhooksclasses\class-create-settings-routes.php:99

Shortcodes 1

[fwforms-id] fw-forms.php:68

WordPress Hooks 4

actionadmin_menuclasses\class-create-admin-menu.php:9

actionrest_api_initclasses\class-create-settings-routes.php:8

actionadmin_enqueue_scriptsfw-forms.php:41

actioninitfw-forms.php:128

Maintenance & Trust

Freshworks Forms Maintenance & Trust

Maintenance Signals

WordPress version tested5.8.13

Last updatedMay 5, 2022

PHP min version7.0

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Freshworks Forms Alternatives

WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More

wpforms-lite

The best WordPress contact form plugin. Drag & Drop form builder to create beautiful contact forms, payment forms, & other custom forms.

6.0M 16 CVEs

Formation Forms – Contact Form, 200 Form Designs, Powerful Builder

formation

Enhance user experience with Formation Login Forms plugin for WordPress. Engaging animations for sleek and intuitive login interactions.

20 No CVEs

Formit – The Ultimate drag and drop WordPress Form Builder

formit

Easily design a dynamic WordPress form Builder using Formit, the top drag-and-drop form builder for contact, and more.

0 No CVEs

Softech Form Builder

softech-form-builder

100

Create simple contact forms with Softech Form Builder. No coding knowledge required.

0 No CVEs

Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder

fluentform

Get a fast contact form plugin. Create advanced forms using drag and drop form builder with all smart features.

700K 33 CVEs

Developer Profile

Freshworks Forms Developer Profile

joekurian

2 plugins · 40 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Freshworks Forms

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/freshworks-forms/build/bundle.c89a1ef9739dc69c5797.css/wp-content/plugins/freshworks-forms/build/shortcode.649d64408b8aea13d457.css/wp-content/plugins/freshworks-forms/build/index.js

Script Paths

/wp-content/plugins/freshworks-forms/build/bundle.js/wp-content/plugins/freshworks-forms/build/shortcode.js

Version Parameters

freshworks-forms/build/bundle.c89a1ef9739dc69c5797.cssfreshworks-forms/build/shortcode.649d64408b8aea13d457.css

HTML / DOM Fingerprints

CSS Classes

wp-reactivate-shortcode

Data Attributes

data-object-iddata-titledata-desc

JS Globals

appLocalizerfw_forms

REST Endpoints

/wprk/v1/settings/wprk/v1/templates/(?P<id>.+)/wprk/v1/templates/wprk/v1/template/bulk_delete/wprk/v1/submission/bulk_delete/wprk/v1/submissions

Shortcode Output

<div class="wp-reactivate-shortcode" data-object-id="

FAQ