WP-Safety

GenForm – Drag & Drop Form Builder Security & Risk Analysis

wordpress.org/plugins/genform

The lightweight drag-and-drop form builder for WordPress. Create contact forms, feedback forms, bookings, and more — no coding required.

20 active installs v1.2.0 PHP 8.3+ WP 6.0+ Updated Feb 21, 2026
contact-formdrag-and-dropemailform-builderforms
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is GenForm – Drag & Drop Form Builder Safe to Use in 2026?

Generally Safe

Score 100/100

GenForm – Drag & Drop Form Builder has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The genform plugin v1.2.0 appears to have a strong security posture based on the provided static analysis. The plugin demonstrates good practices by implementing nonce checks and capability checks for its entry points, and the vast majority of its SQL queries and output operations are properly handled with prepared statements and escaping, respectively. There are no known CVEs associated with this plugin, which is a positive indicator of its past security maintenance.

However, the taint analysis reveals four high-severity flows with unsanitized paths. While these are not classified as critical, they represent a potential avenue for attackers to inject malicious code or manipulate data. The presence of unsanitized paths, even if not exploited in known vulnerabilities, warrants attention. Additionally, while the overall attack surface is protected, the total number of AJAX handlers suggests a significant interaction point that, if any flaws were introduced in the future, could be a target.

In conclusion, genform v1.2.0 is generally well-secured with a focus on common WordPress security practices. The lack of historical vulnerabilities is commendable. The primary concern lies within the high-severity taint flows, which should be thoroughly investigated and remediated to ensure the plugin's continued security. The plugin's strengths in prepared statements and output escaping significantly outweigh its weaknesses, but the taint analysis points to areas requiring immediate developer focus.

Key Concerns

  • High severity unsanitized paths in taint flows
  • Moderate number of AJAX handlers
Vulnerabilities
None known

GenForm – Drag & Drop Form Builder Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

GenForm – Drag & Drop Form Builder Code Analysis

Dangerous Functions
0
Raw SQL Queries
11
46 prepared
Unescaped Output
7
282 escaped
Nonce Checks
13
Capability Checks
16
File Operations
1
External Requests
0
Bundled Libraries
0

SQL Query Safety

81% prepared57 total queries

Output Escaping

98% escaped289 total outputs
Data Flows
4 unsanitized

Data Flow Analysis

12 flows4 with unsanitized paths
<entries-list> (admin\views\entries-list.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

GenForm – Drag & Drop Form Builder Attack Surface

Entry Points8
Unprotected0

AJAX Handlers 7

authwp_ajax_genform_submitincludes\Handlers\FormHandler.php:29
noprivwp_ajax_genform_submitincludes\Handlers\FormHandler.php:30
authwp_ajax_genform_delete_entryincludes\Handlers\FormHandler.php:31
authwp_ajax_genform_trash_entryincludes\Handlers\FormHandler.php:32
authwp_ajax_genform_delete_formincludes\Handlers\FormHandler.php:33
authwp_ajax_genform_mark_as_readincludes\Handlers\FormHandler.php:34
authwp_ajax_genform_create_from_templateincludes\Templates\Manager.php:187

Shortcodes 1

[genform] includes\Integrations\Shortcode.php:26
WordPress Hooks 14
actionplugins_loadedgenform.php:42
actionadmin_initincludes\Admin\Builder.php:24
actionadmin_initincludes\Admin\Builder.php:25
actionadmin_initincludes\Admin\Builder.php:26
actionadmin_initincludes\Admin\Settings.php:22
actionadmin_menuincludes\Core.php:55
actionadmin_enqueue_scriptsincludes\Core.php:56
actionwp_enqueue_scriptsincludes\Core.php:57
actionwp_dashboard_setupincludes\Core.php:58
actionadmin_bar_menuincludes\Core.php:59
actionadmin_footerincludes\Core.php:60
actionadmin_initincludes\Handlers\ExportHandler.php:24
actionadmin_initincludes\Handlers\FormHandler.php:35
actioninitincludes\Integrations\Block.php:24
Maintenance & Trust

GenForm – Drag & Drop Form Builder Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 21, 2026
PHP min version8.3
Downloads196

Community Trust

Rating0/100
Number of ratings0
Active installs20
Alternatives

GenForm – Drag & Drop Form Builder Alternatives

VPSUForm – Drag & Drop Contact Form Builder with Email Automation

VPSUForm – Drag & Drop Contact Form Builder with Email Automation

v-form

A
92

A lightweight drag-and-drop WordPress form builder with email automation, conditional logic, spam protection, and full lead management.

200 7 CVEs
WPZOOM Forms – Drag & Drop Contact Form Builder for WordPress

WPZOOM Forms – Drag & Drop Contact Form Builder for WordPress

wpzoom-forms

A
100

Drag & drop contact form builder for WordPress. Create contact forms, custom forms, email forms with spam protection. Works with Elementor, shortcodes

10K No CVEs
HT Contact Form – Drag & Drop Form Builder for WordPress

HT Contact Form – Drag & Drop Form Builder for WordPress

ht-contactform

A
88

The easiest drag & drop form builder for WordPress. Create contact forms, surveys, and lead capture forms in minutes with 38+ fields and 21+ integ &hellip;

9K 6 CVEs
AFB – Auto Form Builder – Drag & Drop Form Creator

AFB – Auto Form Builder – Drag & Drop Form Creator

auto-form-builder

A
100

Auto Form Builder is the easiest drag-and-drop form builder for WordPress. Create contact forms, surveys, and multi-step forms in minutes.

100 No CVEs
Forms Rb

Forms Rb

forms-rb

A
100

Forms Rb - the most simple way to create a hosted form, contact form, order form, support form. Simple contact form setup and form fields management

100 No CVEs
Developer Profile

GenForm – Drag & Drop Form Builder Developer Profile

Arif Rahman

2 plugins · 50 total installs

89
trust score
Avg Security Score
93/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect GenForm – Drag & Drop Form Builder

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/genform/admin/assets/css/builder.css/wp-content/plugins/genform/admin/assets/css/settings.css/wp-content/plugins/genform/admin/assets/css/entries.css/wp-content/plugins/genform/admin/assets/css/dashboard-widget.css/wp-content/plugins/genform/admin/assets/js/builder.js/wp-content/plugins/genform/admin/assets/js/settings.js/wp-content/plugins/genform/admin/assets/js/entries.js/wp-content/plugins/genform/admin/assets/js/dashboard-widget.js+2 more
Script Paths
/wp-content/plugins/genform/admin/assets/js/builder.js/wp-content/plugins/genform/admin/assets/js/settings.js/wp-content/plugins/genform/admin/assets/js/entries.js/wp-content/plugins/genform/admin/assets/js/dashboard-widget.js/wp-content/plugins/genform/assets/js/frontend.js
Version Parameters
genform/admin/assets/css/builder.css?ver=genform/admin/assets/css/settings.css?ver=genform/admin/assets/css/entries.css?ver=genform/admin/assets/css/dashboard-widget.css?ver=genform/admin/assets/js/builder.js?ver=genform/admin/assets/js/settings.js?ver=genform/admin/assets/js/entries.js?ver=genform/admin/assets/js/dashboard-widget.js?ver=genform/assets/css/frontend.css?ver=genform/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
gfm-dashboard-widgetgfm-db-statsgfm-db-footergfm-view-link
Data Attributes
data-form-iddata-entry-id
JS Globals
genform_editorgenform_settings
REST Endpoints
/wp-json/genform/v1/forms/wp-json/genform/v1/entries/wp-json/genform/v1/settings
Shortcode Output
[genform id=""[genform]
FAQ

Frequently Asked Questions about GenForm – Drag & Drop Form Builder