Giraforms – Contact Form, Booking Form, Survey & Custom Form Builder for Block Editor Security & Risk Analysis

Build fast, GDPR-friendly forms in Gutenberg. Create contact, booking and survey forms with native blocks, local submissions, CSV export and strong an …

0 active installs v1.5.0 PHP 7.4+ WP 6.2+ Updated Mar 11, 2026

booking-formcontact-formform-buildergutenbergsurvey

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Giraforms – Contact Form, Booking Form, Survey & Custom Form Builder for Block Editor Safe to Use in 2026?

Generally Safe

Score 100/100

Giraforms – Contact Form, Booking Form, Survey & Custom Form Builder for Block Editor has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 23d ago

Risk Assessment

The giraforms plugin v1.5.0 demonstrates a generally strong security posture with excellent adherence to best practices regarding output escaping and prepared statements. The plugin utilizes nonces and capability checks effectively on its AJAX handlers, indicating a conscious effort to prevent common WordPress vulnerabilities. The absence of reported CVEs and a clean vulnerability history further bolsters this positive assessment.

However, the static analysis reveals a critical concern within the taint analysis. Three high-severity taint flows with unsanitized paths have been identified. While no specific exploit vectors are detailed, unsanitized paths in taint flows are a significant indicator of potential vulnerabilities that could lead to path traversal or information disclosure if exploited. The presence of file operations and external HTTP requests, while not inherently insecure, warrants careful consideration in conjunction with these taint flows, as they could serve as attack vectors.

Overall, giraforms v1.5.0 is well-developed from a secure coding practices perspective, especially concerning SQL injection and XSS prevention. The primary weakness lies in the identified unsanitized paths in taint flows. Addressing these specific flows should be the immediate priority to fully secure the plugin.

Key Concerns

High severity taint flow with unsanitized path
High severity taint flow with unsanitized path
High severity taint flow with unsanitized path
Bundled library (Freemius v1.0) may be outdated

Vulnerabilities

None known

Giraforms – Contact Form, Booking Form, Survey & Custom Form Builder for Block Editor Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Giraforms – Contact Form, Booking Form, Survey & Custom Form Builder for Block Editor Code Analysis

Dangerous Functions

Raw SQL Queries

46 prepared

Unescaped Output

366 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Freemius1.0

SQL Query Safety

85% prepared54 total queries

Output Escaping

97% escaped376 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

6 flows3 with unsanitized paths

render_form_submissions (includes\admin\class-admin-menu.php:430)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Giraforms – Contact Form, Booking Form, Survey & Custom Form Builder for Block Editor Attack Surface

Entry Points3

Unprotected0

AJAX Handlers 3

authwp_ajax_giraforms_send_test_emailincludes\class-email-notifications.php:40

authwp_ajax_giraForms_submitincludes\class-form-handler.php:39

noprivwp_ajax_giraForms_submitincludes\class-form-handler.php:40

WordPress Hooks 21

actionplugins_loadedgiraforms.php:102

actionafter_uninstallgiraforms.php:238

actionadmin_menuincludes\admin\class-admin-menu.php:39

actionadmin_enqueue_scriptsincludes\admin\class-admin-menu.php:40

actionadmin_initincludes\admin\class-admin-menu.php:41

actionadmin_initincludes\admin\class-admin-menu.php:42

actionadmin_menuincludes\admin\class-integrations.php:48

actionadmin_post_giraforms_save_integrationsincludes\admin\class-integrations.php:49

actionadmin_enqueue_scriptsincludes\admin\class-integrations.php:50

actionadmin_initincludes\admin\class-settings.php:46

actionadmin_menuincludes\admin\class-settings.php:47

actionadmin_post_giraforms_delete_submissionsincludes\admin\class-settings.php:48

actionadmin_enqueue_scriptsincludes\admin\class-settings.php:49

actioninitincludes\class-blocks-manager.php:39

actionenqueue_block_editor_assetsincludes\class-blocks-manager.php:40

actionenqueue_block_assetsincludes\class-blocks-manager.php:41

actionwp_enqueue_scriptsincludes\class-blocks-manager.php:42

filterrender_blockincludes\class-blocks-manager.php:44

filterblock_categories_allincludes\class-blocks-manager.php:83

filterwp_mail_content_typeincludes\class-email-notifications.php:333

actioninitincludes\class-form-handler.php:41

Maintenance & Trust

Giraforms – Contact Form, Booking Form, Survey & Custom Form Builder for Block Editor Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 11, 2026

PHP min version7.4

Downloads402

Community Trust

Rating100/100

Number of ratings2

Active installs0

Alternatives

Giraforms – Contact Form, Booking Form, Survey & Custom Form Builder for Block Editor Alternatives

Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder

everest-forms

The best WordPress form builder. Create contact forms, payment forms, conversational forms, custom forms, surveys, & quizzes using drag and drop.

100K 12 CVEs

JetFormBuilder — Dynamic Blocks Form Builder

jetformbuilder

Advanced form builder plugin for Gutenberg. Create forms from the ground up, customize the existing ones, and style them up – all in one editor.

90K 7 CVEs

Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder

form-maker

Form Maker is a user-friendly contact form builder that allows to create forms for any purpose, from a simple contact form to multi page survey forms

40K 31 CVEs

NEX-Forms – Ultimate Forms Plugin for WordPress

nex-forms-express-wp-form-builder

Build beautiful responsive forms for WordPress. Contact forms, surveys, quizzes, booking forms, payments, popups & more with NEX-Forms...

7K 30 CVEs

FormCraft – Form Builder

formcraft-form-builder

Create gorgeous forms for your site using this drag-and-drop form builder.

3K 10 CVEs

Developer Profile

Giraforms – Contact Form, Booking Form, Survey & Custom Form Builder for Block Editor Developer Profile

Mickaël Larguier

2 plugins · 400 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Giraforms – Contact Form, Booking Form, Survey & Custom Form Builder for Block Editor

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/giraforms/assets/css/giraforms.css/wp-content/plugins/giraforms/assets/js/giraforms.js/wp-content/plugins/giraforms/assets/css/giraforms-editor.css/wp-content/plugins/giraforms/assets/js/giraforms-editor.js/wp-content/plugins/giraforms/assets/js/giraforms-frontend.js

Version Parameters

giraforms/assets/css/giraforms.css?ver=giraforms/assets/js/giraforms.js?ver=giraforms/assets/css/giraforms-editor.css?ver=giraforms/assets/js/giraforms-editor.js?ver=giraforms/assets/js/giraforms-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

giraforms-formgiraforms-fieldgiraforms-submitgiraforms-editorgiraforms-editor-block

Data Attributes

data-giraforms-field-iddata-giraforms-form-id

JS Globals

GiraformsFrontendgiraforms_data

REST Endpoints

/wp-json/giraforms/v1/submit

Shortcode Output

[giraforms id="

FAQ