WP-Safety

Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder Security & Risk Analysis

wordpress.org/plugins/gutena-forms

WordPress form builder to create lightweight contact forms, survey forms, feedback forms, booking forms, etc., right inside the Gutenberg editor.

20K active installs v1.6.1 PHP 5.6+ WP 6.5+ Updated Feb 25, 2026
contact-formcustom-formform-builderformswordpress-form-plugin
99
A · Safe
CVEs total1
Unpatched0
Last CVEMar 3, 2026
Download
Safety Verdict

Is Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder Safe to Use in 2026?

Generally Safe

Score 99/100

Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Mar 3, 2026Updated 1mo ago
Risk Assessment

The plugin 'gutena-forms' v1.6.1 exhibits a mixed security posture. While it demonstrates good practices in areas like SQL query preparation and output escaping, which are strong indicators of secure coding, there are significant concerns related to its attack surface and taint analysis. The presence of two AJAX handlers without authentication checks is a primary vulnerability, potentially allowing unauthorized users to trigger sensitive actions. This is further compounded by taint analysis revealing four flows with unsanitized paths, all classified as high severity, indicating a substantial risk of data manipulation or injection vulnerabilities if these paths are reachable through the unprotected AJAX endpoints. The plugin's vulnerability history, with a single medium CVE last recorded in 2026, suggests a past security issue that has since been addressed, but the recent nature of that vulnerability and the current high-severity taint flows warrant careful attention. Overall, while the developer seems to be making efforts towards secure coding, the current version has exploitable weaknesses that need immediate remediation.

Key Concerns

  • AJAX handlers without auth checks
  • High severity taint flows
  • REST API routes without permission callbacks
  • Past medium CVE (though patched)
Vulnerabilities
1

Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder Security Vulnerabilities

CVEs by Year

1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2026-1674medium · 6.5Missing Authorization

Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder <= 1.6.0 - Authenticated (Contributor+) Limited Options Update in save_gutena_forms_schema()

Mar 3, 2026 Patched in 1.6.1 (1d)
Code Analysis
Analyzed Mar 16, 2026

Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder Code Analysis

Dangerous Functions
0
Raw SQL Queries
3
23 prepared
Unescaped Output
30
221 escaped
Nonce Checks
4
Capability Checks
2
File Operations
0
External Requests
3
Bundled Libraries
1

Bundled Libraries

Freemius1.0

SQL Query Safety

88% prepared26 total queries

Output Escaping

88% escaped251 total outputs
Data Flows
4 unsanitized

Data Flow Analysis

7 flows4 with unsanitized paths
dismiss_notice (includes\admin\class-admin.php:985)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder Attack Surface

Entry Points6
Unprotected2

AJAX Handlers 4

authwp_ajax_gutena_forms_submitgutena-forms.php:193
noprivwp_ajax_gutena_forms_submitgutena-forms.php:194
authwp_ajax_gutena_forms_dismiss_noticeincludes\admin\class-admin.php:45
authwp_ajax_gutena_forms_entries_readincludes\admin\class-manage-store.php:36

REST API Routes 2

GET/wp-json/gutena-forms/v1/forms/get-idsincludes\rest-api\class-rest-api.php:42
GET/wp-json/gutena-forms/v1/forms/getincludes\rest-api\class-rest-api.php:52
WordPress Hooks 49
filterhide_account_tabsgutena-forms.php:186
actioninitgutena-forms.php:188
actioninitgutena-forms.php:189
filterblock_categories_allgutena-forms.php:190
actionsave_postgutena-forms.php:191
actionadded_post_metagutena-forms.php:192
filtergutena_forms__register_fieldsgutena-forms.php:196
actionsave_postgutena-forms.php:475
actionadmin_initincludes\admin\class-activate-deactivate.php:34
actionwp_initialize_siteincludes\admin\class-activate-deactivate.php:36
actionadmin_menuincludes\admin\class-admin.php:35
actionadmin_initincludes\admin\class-admin.php:36
actionadmin_headincludes\admin\class-admin.php:37
actionadmin_noticesincludes\admin\class-admin.php:41
actionadmin_enqueue_scriptsincludes\admin\class-admin.php:43
actionadmin_enqueue_scriptsincludes\admin\class-admin.php:49
actionin_admin_headerincludes\admin\class-admin.php:857
actiongutena_forms_activation_beginsincludes\admin\class-create-store.php:32
actiongutena_forms_activation_endincludes\admin\class-create-store.php:34
actiongutena_forms_dashboard_entries_table_topbarincludes\admin\class-forms-entries-table.php:44
filtergutena_forms_save_form_schemaincludes\admin\class-manage-store.php:31
actiongutena_forms_submitted_dataincludes\admin\class-manage-store.php:33
actionwp_loadedincludes\admin\class-manage-store.php:38
actionwp_enqueue_scriptsincludes\blocks\class-form-block.php:64
actionwp_enqueue_scriptsincludes\blocks\class-form-block.php:79
actioninitincludes\class-gutena-cpt.php:24
actionsave_postincludes\class-gutena-cpt.php:25
actionadmin_headincludes\class-gutena-cpt.php:26
actionadmin_footerincludes\class-gutena-cpt.php:27
filterblock_categories_allincludes\class-gutena-cpt.php:28
actionwp_trash_postincludes\class-gutena-cpt.php:29
actionsave_postincludes\class-gutena-cpt.php:99
actionsave_postincludes\class-gutena-cpt.php:101
actionsave_postincludes\class-gutena-cpt.php:115
actionsave_postincludes\class-gutena-cpt.php:117
actionsave_postincludes\class-gutena-cpt.php:258
actionsave_postincludes\class-gutena-cpt.php:259
actionsave_postincludes\class-gutena-cpt.php:324
actionsave_postincludes\class-gutena-cpt.php:325
filtergutena_forms__register_fieldsincludes\class-gutena-dummy-fields.php:117
actioninitincludes\class-gutena-migration.php:57
actiongutena_forms_migration_cron_eventincludes\class-gutena-migration.php:58
actioninitincludes\email-report\email-reports.php:40
actionadmin_initincludes\email-report\email-reports.php:41
actiongutena_forms_weekly_reportincludes\email-report\email-reports.php:42
actiongutena_forms_entries_load_custom_pageincludes\email-report\email-reports.php:43
filtergutena_forms__get_total_entriesincludes\email-report\email-reports.php:147
filtergutena_forms__get_entriesincludes\email-report\email-reports.php:148
actionrest_api_initincludes\rest-api\class-rest-api.php:32

Scheduled Events 2

gutena_forms_migration_cron_event
gutena_forms_weekly_report
Maintenance & Trust

Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 25, 2026
PHP min version5.6
Downloads334K

Community Trust

Rating92/100
Number of ratings10
Active installs20K
Alternatives

Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder Alternatives

Online Forms — Customizable Payment, Contact, Quiz, Survey Form Builder – Jotform

Online Forms — Customizable Payment, Contact, Quiz, Survey Form Builder – Jotform

embed-form

A
99

Create and embed secure online forms in WordPress using Jotform’s drag-and-drop builder, with PCI and HIPAA compliance and full data-security support.

20K 1 CVE
Happyforms – Form Builder for WordPress: Drag & Drop Contact Forms, Surveys, Payments & Multipurpose Forms

Happyforms – Form Builder for WordPress: Drag & Drop Contact Forms, Surveys, Payments & Multipurpose Forms

happyforms

A
97

Best WordPress contact form, newsletter form and payment form builder without the sucky stuff — lost emails, pesky spam, leaky privacy and outsourced &hellip;

20K 5 CVEs
WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More

WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More

wpforms-lite

A
90

The best WordPress contact form plugin. Drag & Drop form builder to create beautiful contact forms, payment forms, & other custom forms.

6.0M 13 CVEs
Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder

Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder

fluentform

B
82

Get a fast contact form plugin. Create advanced forms using drag and drop form builder with all smart features.

600K 27 CVEs
Forminator Forms – Contact Form, Payment Form & Custom Form Builder

Forminator Forms – Contact Form, Payment Form & Custom Form Builder

forminator

B
76

Best WordPress form builder plugin. Create contact forms, payment forms & order forms with 1000+ integrations.

600K 36 CVEs
Developer Profile

Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder Developer Profile

Saad Iqbal

84 plugins · 1.4M total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
287 days
View full developer profile
Detection Fingerprints

How We Detect Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/gutena-forms/build/form-confirm-msg/wp-content/plugins/gutena-forms/build/form-error-msg/wp-content/plugins/gutena-forms/build/f
Script Paths
/wp-content/plugins/gutena-forms/build/index.js/wp-content/plugins/gutena-forms/build/view.js
Version Parameters
gutena-forms/style.css?ver=gutena-forms/editor.css?ver=gutena-forms/build/index.js?ver=gutena-forms/build/view.js?ver=

HTML / DOM Fingerprints

CSS Classes
gutena-forms-wrappergutena-forms-fieldgutena-forms-blockgutena-forms-submit-buttongutena-forms-input-wrapper
HTML Comments
<!-- wp:gutena-forms/f --><!-- /wp:gutena-forms/f --><!-- wp:gutena-forms/form-confirm-msg --><!-- /wp:gutena-forms/form-confirm-msg -->+2 more
Data Attributes
data-gf-form-iddata-gf-field-iddata-gf-form-submit-url
JS Globals
window.GutenaFormsvar GutenaForms
REST Endpoints
/wp-json/gutena-forms/v1/submit
Shortcode Output
[gutena_forms[/gutena_forms]
FAQ

Frequently Asked Questions about Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder