Gutenverse Form – Contact Form Builder, Booking, Reservation, Subscribe for Block Editor Security & Risk Analysis

The best WordPress contact form builder plugin. Create advanced contact forms, booking forms, conditional, payment, multi-step forms, & more.

10K active installs v2.5.1 PHP 7.0+ WP + Updated Mar 13, 2026

block-formcontact-formcustom-formform-builderwordpress-form-plugin

A · Safe

CVEs total3

Unpatched0

Last CVEJan 7, 2026

Plugin page Download

Safety Verdict

Is Gutenverse Form – Contact Form Builder, Booking, Reservation, Subscribe for Block Editor Safe to Use in 2026?

Generally Safe

Score 96/100

Gutenverse Form – Contact Form Builder, Booking, Reservation, Subscribe for Block Editor has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Jan 7, 2026Updated 22d ago

Risk Assessment

The Gutenverse Form plugin version 2.5.1 exhibits a mixed security posture. On the positive side, the static analysis reveals excellent adherence to secure coding practices in several key areas. There are no identified dangerous functions, all SQL queries utilize prepared statements, and a high percentage of output is properly escaped, indicating a strong defense against common injection vulnerabilities. Furthermore, the presence of nonce and capability checks, along with a lack of bundled libraries, reduces the attack surface and reliance on potentially vulnerable third-party code. However, significant concerns arise from the plugin's vulnerability history, which includes three previously discovered medium-severity vulnerabilities. The nature of these past vulnerabilities, specifically Cross-site Scripting and Missing Authorization, suggests potential recurring weaknesses in input sanitization and access control. The fact that these vulnerabilities are marked as 'currently unpatched' in the historical data, despite the most recent one being in the future, is a temporal anomaly that warrants attention, suggesting a pattern of past security oversights.

While the current version's code analysis doesn't show immediate critical flaws like unsanitized taint flows or a large attack surface, the historical context of medium-severity vulnerabilities, particularly XSS and authorization issues, cannot be ignored. This history implies that the plugin's developers may struggle with consistently implementing robust input validation and authorization checks. The absence of any identified vulnerabilities in the current static analysis is positive, but it's crucial to consider the historical trend. The plugin's strengths lie in its diligent use of prepared statements and output escaping, but its past vulnerabilities in XSS and authorization present a persistent risk that requires ongoing vigilance and thorough code review. The presence of file operations and external HTTP requests, while not flagged as problematic in the static analysis, are always potential vectors for exploitation if not handled with extreme care.

Key Concerns

Total known CVEs: 3 (medium severity)
Common vulnerability types: XSS, Missing Authorization
Output escaping: 87% properly escaped (13% unescaped)
File operations present
External HTTP requests present

Vulnerabilities

Gutenverse Form – Contact Form Builder, Booking, Reservation, Subscribe for Block Editor Security Vulnerabilities

CVEs by Year

2 CVEs in 2025

2025

1 CVE in 2026

2026

Patched Has unpatched

Severity Breakdown

Medium

3 total CVEs

CVE-2025-14984medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Gutenverse Form <= 2.3.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

Jan 7, 2026 Patched in 2.4.0 (1d)

CVE-2025-68511medium · 4.3Missing Authorization

Gutenverse Form <= 2.3.1 - Missing Authorization

Dec 20, 2025 Patched in 2.3.2 (18d)

CVE-2025-66079medium · 4.3Missing Authorization

Gutenverse Form <= 2.2.0 - Missing Authorization

Nov 28, 2025 Patched in 2.3.0 (4d)

Code Analysis

Analyzed Mar 16, 2026

Gutenverse Form – Contact Form Builder, Booking, Reservation, Subscribe for Block Editor Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

45 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

87% escaped52 total outputs

Attack Surface

Gutenverse Form – Contact Form Builder, Booking, Reservation, Subscribe for Block Editor Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 37

actioninitincludes\class-blocks.php:22

filtergutenverse_block_categoriesincludes\class-blocks.php:23

filtergutenverse_dashboard_configincludes\class-dashboard.php:22

filtergutenverse_include_dashboardincludes\class-dashboard.php:23

filtergutenverse_block_configincludes\class-editor-assets.php:22

actiongutenverse_include_blockincludes\class-editor-assets.php:23

actioninitincludes\class-entries.php:29

actionadmin_enqueue_scriptsincludes\class-entries.php:30

actionadd_meta_boxesincludes\class-entries.php:31

actionpre_get_postsincludes\class-entries.php:33

actionrestrict_manage_postsincludes\class-entries.php:34

filterpost_row_actionsincludes\class-entries.php:38

filterhidden_meta_boxesincludes\class-entries.php:39

filterposts_joinincludes\class-entries.php:40

filterposts_whereincludes\class-entries.php:41

filterposts_groupbyincludes\class-entries.php:42

actionwp_enqueue_scriptsincludes\class-form-validation.php:54

filtergutenverse_bypass_generate_styleincludes\class-form-validation.php:55

actiongutenverse_loop_blocksincludes\class-form-validation.php:56

actiongutenverse_after_style_loop_blocksincludes\class-form-validation.php:57

actioninitincludes\class-form.php:32

actionadmin_enqueue_scriptsincludes\class-form.php:33

actionadmin_footerincludes\class-form.php:34

actionadmin_menuincludes\class-form.php:36

filterpost_row_actionsincludes\class-form.php:37

filtergutenverse_include_frontendincludes\class-frontend-assets.php:22

filtergutenverse_include_frontendincludes\class-frontend-assets.php:23

filtergutenverse_conditional_script_attributesincludes\class-frontend-assets.php:24

actiongutenverse_setting_toolbarincludes\class-frontend-toolbar.php:22

actionplugins_loadedincludes\class-init.php:121

actionplugins_loadedincludes\class-init.php:123

filtergutenverse_companion_plugin_listincludes\class-init.php:124

actionrest_api_initincludes\class-init.php:247

filtergutenverse_dashboard_configincludes\class-init.php:319

actiongutenverse_check_updateincludes\class-meta-option.php:24

actiongutenverse_initial_meta_optionincludes\class-meta-option.php:25

filtergutenverse_block_style_instanceincludes\class-style-generator.php:51

Maintenance & Trust

Gutenverse Form – Contact Form Builder, Booking, Reservation, Subscribe for Block Editor Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 13, 2026

PHP min version7.0

Downloads212K

Community Trust

Rating100/100

Number of ratings1

Active installs10K

Alternatives

Gutenverse Form – Contact Form Builder, Booking, Reservation, Subscribe for Block Editor Alternatives

Online Forms — Customizable Payment, Contact, Quiz, Survey Form Builder – Jotform

embed-form

Create and embed secure online forms in WordPress using Jotform’s drag-and-drop builder, with PCI and HIPAA compliance and full data-security support.

20K 1 CVE

Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder

gutena-forms

WordPress form builder to create lightweight contact forms, survey forms, feedback forms, booking forms, etc., right inside the Gutenberg editor.

20K 2 CVEs

Happyforms – Form Builder for WordPress: Drag & Drop Contact Forms, Surveys, Payments & Multipurpose Forms

happyforms

Best WordPress contact form, newsletter form and payment form builder without the sucky stuff — lost emails, pesky spam, leaky privacy and outsourced …

20K 5 CVEs

WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More

wpforms-lite

The best WordPress contact form plugin. Drag & Drop form builder to create beautiful contact forms, payment forms, & other custom forms.

6.0M 14 CVEs

Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder

fluentform

Get a fast contact form plugin. Create advanced forms using drag and drop form builder with all smart features.

600K 27 CVEs

Developer Profile

Gutenverse Form – Contact Form Builder, Booking, Reservation, Subscribe for Block Editor Developer Profile

Jegstudio

6 plugins · 57K total installs

trust score

Avg Security Score

98/100

Avg Patch Time

25 days

View full developer profile

Detection Fingerprints

How We Detect Gutenverse Form – Contact Form Builder, Booking, Reservation, Subscribe for Block Editor

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/gutenverse-form/assets/js/blocks.js/wp-content/plugins/gutenverse-form/assets/js/dashboard.js/wp-content/plugins/gutenverse-form/assets/css/update-notice.css/wp-content/plugins/gutenverse-form/assets/css/blocks.css/wp-content/plugins/gutenverse-form/assets/css/form.css

Script Paths

/wp-content/plugins/gutenverse-form/assets/js/blocks.js/wp-content/plugins/gutenverse-form/assets/js/dashboard.js

Version Parameters

gutenverse-form/assets/js/blocks.js?ver=gutenverse-form/assets/js/dashboard.js?ver=gutenverse-form/assets/css/update-notice.css?ver=gutenverse-form/assets/css/blocks.css?ver=gutenverse-form/assets/css/form.css?ver=

HTML / DOM Fingerprints

CSS Classes

gutenverse-form-blocksgutenverse-form-dashboardgutenverse-entries

Data Attributes

gutenverseFormAssetURLgutenverseFormImgDir

JS Globals