Does GB Forms DB have any unpatched vulnerabilities?

No. All known vulnerabilities in GB Forms DB have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is GB Forms DB compatible with WordPress 6.8.1.?

According to WordPress.org data, GB Forms DB 1.0.4 has been tested up to WordPress 6.8.1.. Check the plugin's changelog for the latest compatibility information.

How often is GB Forms DB updated?

GB Forms DB was last updated on Unknown. Frequent updates are generally a positive security signal.

What is GB Forms DB's security score?

GB Forms DB has a WP-Safety security score of 95/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

GB Forms DB Security & Risk Analysis

wordpress.org/plugins/gb-forms-db

One lead collector to rule them all! The best place to save all your leads from all forms in one place! Easily manage, export or post all your leads …

30 active installs v1.0.4 PHP + WP 5.5+ Updated Unknown

contactformlead-collectorleadsmultiple-contact-forms

A · Safe

CVEs total1

Unpatched0

Last CVEJul 10, 2025

Plugin page Download

Safety Verdict

Is GB Forms DB Safe to Use in 2026?

Generally Safe

Score 95/100

GB Forms DB has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jul 10, 2025

Risk Assessment

The gb-forms-db plugin version 1.0.4 presents a mixed security posture. On the positive side, it demonstrates good practices with a significant majority of output being properly escaped and includes nonce checks for its entry points. The attack surface for direct user interaction via AJAX and shortcodes is relatively small and, crucially, appears to be protected by authentication checks, as indicated by zero unprotected entry points.

However, there are notable concerns. The static analysis reveals that 100% of its SQL queries are not using prepared statements, which represents a significant risk for SQL injection vulnerabilities, especially if user-supplied data is ever incorporated into these queries. Furthermore, the presence of two flows with unsanitized paths in the taint analysis, even if not reaching critical or high severity in this specific scan, indicates potential for path traversal or similar issues if not handled carefully.

The plugin's vulnerability history is a major red flag. It has a history of critical vulnerabilities, specifically an 'Improper Control of Generation of Code' (Code Injection) type. While there are no currently unpatched vulnerabilities, the existence of a past critical CVE, especially one related to code injection, suggests that the codebase may have underlying architectural weaknesses that could be exploited in the future, even with seemingly good practices in other areas. The last vulnerability was also very recent, highlighting a pattern of security issues.

Key Concerns

100% of SQL queries are not using prepared statements
Taint analysis found flows with unsanitized paths
Past critical CVE for code injection

Vulnerabilities

GB Forms DB Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Critical

1 total CVE

CVE-2025-5392critical · 9.8Improper Control of Generation of Code ('Code Injection')

GB Forms DB <= 1.0.2 - Unauthenticated Remote Code Execution

Jul 10, 2025 Patched in 1.0.3 (1d)

Code Analysis

Analyzed Mar 16, 2026

GB Forms DB Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

115 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared1 total queries

Output Escaping

88% escaped130 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths

save_admin_data (core\class\GBFDBAdmin.php:340)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

GB Forms DB Attack Surface

Entry Points2

Unprotected0

AJAX Handlers 2

authwp_ajax_gbfdb_talk_to_frontcore\functions.php:377

noprivwp_ajax_gbfdb_talk_to_frontcore\functions.php:378

WordPress Hooks 27

actionadmin_menucore\class\class-start.php:108

actionadmin_enqueue_scriptscore\class\GBFDBAdmin.php:13

actionafter_gbfdb_admin_page_fieldscore\class\GBFDBAdmin.php:14

filtergbfdb_check_lead_fieldscore\class\GBFDBAdmin.php:16

filtergbfdb_check_lead_metacore\class\GBFDBAdmin.php:17

filtergbfdb_check_cf7_fieldscore\class\GBFDBAdmin.php:18

filtergbfdb_check_gravityforms_fieldscore\class\GBFDBAdmin.php:19

actionwp_enqueue_scriptscore\class\GBFDBFront.php:13

actioncurrent_screencore\class\GBFLeads.php:11

actioninitcore\class\GBFLeads.php:161

actioninitcore\class\GBFLeads.php:162

actionadd_meta_boxescore\class\GBFLeads.php:165

actioninitcore\functions.php:25

actiongbfdb_check_new_leadscore\functions.php:28

filtercron_schedulescore\functions.php:130

actionelementor_pro/forms/new_recordcore\functions.php:142

actionwpcf7_mail_sentcore\functions.php:174

actionpojo_forms_mail_sentcore\functions.php:204

actionninja_forms_after_submissioncore\functions.php:237

actiongform_after_submissioncore\functions.php:288

actiongbfdb_form_fieldcore\functions.php:440

filtergbfdb_page_urlcore\functions.php:455

filtervalidate_form_idcore\functions.php:480

filtergbfdb_field_output_datacore\functions.php:491

filtergbfdb_lead_ordercore\functions.php:506

actionadmin_enqueue_scriptscore\gbfdb_notice.php:11

actionshutdowngb-forms-db.php:37

Scheduled Events 2

gbfdb_check_new_leads

Maintenance & Trust

GB Forms DB Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.1.

Last updatedUnknown

PHP min version

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs30

Alternatives

GB Forms DB Alternatives

Lenix Leads Collector

lenix-elementor-leads-addon

Leads Collector, Collects forms entries from Elementor,Cf7,WPForms and more with export to CSV.

10K 1 CVE

CubeWP Forms

cubewp-forms

CubeWP Forms is a 100% free drag-and-drop builder for creating contact forms, lead gen forms, appointment request forms, and newsletter signup forms.

4K 1 unpatched

DoLeads Integrator

doleads-integrator

DoLeads Integrator plugin connects your wordpress website contact form with 'DoLeads' Leads Management System.

2K No CVEs

LeadSnap

leadsnap

Save the leads to our lead management system CRM generated by Contact Form 7

1K 1 CVE

Lead Form Data Collection to CRM

wp-leads-builder-any-crm

Convert contact forms data into leads or contacts directly to one of your favourite CRM.

400 3 CVEs

Developer Profile

GB Forms DB Developer Profile

gb-plugins

4 plugins · 180 total installs

trust score

Avg Security Score

76/100

Avg Patch Time

1727 days

View full developer profile

Detection Fingerprints

How We Detect GB Forms DB

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/gb-forms-db/core/css/gbfdb_admin.css/wp-content/plugins/gb-forms-db/core/js/gbfdb_admin.js

Script Paths

/wp-content/plugins/gb-forms-db/core/js/gbfdb_admin.js

Version Parameters

gb-forms-db/core/css/gbfdb_admin.css?ver=gb-forms-db/core/js/gbfdb_admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

gbfdb_admin_main

Data Attributes

data-gbfdb-settings

JS Globals

GBFDBURL

FAQ