Does Hsforms have any unpatched vulnerabilities?

No. All known vulnerabilities in Hsforms have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Hsforms compatible with WordPress 5.6.17?

According to WordPress.org data, Hsforms 1.0.0 has been tested up to WordPress 5.6.17. Check the plugin's changelog for the latest compatibility information.

Is Hsforms compatible with PHP 7.2+?

Hsforms requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Hsforms updated?

Hsforms was last updated on Apr 13, 2021. Frequent updates are generally a positive security signal.

What is Hsforms's security score?

Hsforms has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Hsforms Security & Risk Analysis

wordpress.org/plugins/hsforms

hotelsuite FORM (hs FORMS) will show a form to book hotel rooms with some customized configurations.

0 active installs v1.0.0 PHP 7.2+ WP 5.6+ Updated Apr 13, 2021

bookerhotelsuitehsformsibeonm

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Hsforms Safe to Use in 2026?

Generally Safe

Score 85/100

Hsforms has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago

Risk Assessment

The "hsforms" v1.0.0 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by avoiding dangerous functions, exclusively using prepared statements for SQL queries, and having no recorded historical vulnerabilities, suggesting a commitment to secure coding. However, significant concerns arise from the static analysis. A notable portion of the total output is not properly escaped, creating a risk of Cross-Site Scripting (XSS) vulnerabilities. Furthermore, the plugin exposes two AJAX handlers without any authentication or capability checks, presenting a substantial attack vector for unauthorized actions. The absence of nonce checks on these unprotected entry points exacerbates this risk, making it easier for attackers to trigger these functions. The lack of taint analysis findings is a positive sign, but it doesn't negate the immediate risks identified in the attack surface and output escaping.

Key Concerns

Unprotected AJAX handlers present
Significant portion of output unescaped
No nonce checks on AJAX handlers
No capability checks on AJAX handlers

Vulnerabilities

None known

Hsforms Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Hsforms Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

49 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

68% escaped72 total outputs

Attack Surface

2 unprotected

Hsforms Attack Surface

Entry Points3

Unprotected2

AJAX Handlers 2

authwp_ajax_fetch_colorssrc\init.php:507

noprivwp_ajax_fetch_colorssrc\init.php:508

Shortcodes 1

[hsforms] src\Shortcode.php:177

WordPress Hooks 28

actioninitplugin.php:59

actionadmin_menusrc\HsformsAPI.php:11

actionadmin_initsrc\HsformsAPI.php:12

actionadmin_menusrc\HsformsOptions.php:11

actionadmin_initsrc\HsformsOptions.php:12

actioninitsrc\init.php:498

actioninitsrc\init.php:504

actioninitsrc\RateCode\RateCode.php:70

actionadd_meta_boxessrc\RateCode\RateCode.php:71

actionsave_postsrc\RateCode\RateCode.php:107

filtermanage_ratecode_posts_columnssrc\RateCode\RateCode.php:111

actionmanage_ratecode_posts_custom_columnsrc\RateCode\RateCode.php:120

actionrest_api_initsrc\RateCode\RateCode.php:129

actioninitsrc\Segment\Segment.php:70

actionadd_meta_boxessrc\Segment\Segment.php:71

actionsave_postsrc\Segment\Segment.php:107

filtermanage_segment_posts_columnssrc\Segment\Segment.php:111

actionmanage_segment_posts_custom_columnsrc\Segment\Segment.php:120

actionrest_api_initsrc\Segment\Segment.php:129

actioninitsrc\TravelPeriod\TravelPeriod.php:70

actionadd_meta_boxessrc\TravelPeriod\TravelPeriod.php:71

actionsave_postsrc\TravelPeriod\TravelPeriod.php:108

filtermanage_travelperiod_posts_columnssrc\TravelPeriod\TravelPeriod.php:112

actionmanage_travelperiod_posts_custom_columnsrc\TravelPeriod\TravelPeriod.php:122

filtermanage_edit-travelperiod_sortable_columnssrc\TravelPeriod\TravelPeriod.php:166

filterrequestsrc\TravelPeriod\TravelPeriod.php:173

filterrequestsrc\TravelPeriod\TravelPeriod.php:185

actionrest_api_initsrc\TravelPeriod\TravelPeriod.php:198

Maintenance & Trust

Hsforms Maintenance & Trust

Maintenance Signals

WordPress version tested5.6.17

Last updatedApr 13, 2021

PHP min version7.2

Downloads981

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Hsforms Alternatives

MC4WP: Mailchimp for WordPress

mailchimp-for-wp

The #1 Mailchimp plugin for WordPress. Allows you to add a multitude of newsletter sign-up methods to your site.

1.0M 11 CVEs

Creative Mail – Easier WordPress & WooCommerce Email Marketing

creative-mail-by-constant-contact

Creative Mail was designed specifically for WordPress and WooCommerce. Our intelligent (and super fun) email editor simplifies email marketing campaig …

300K 3 CVEs

Cart Abandonment Recovery for WooCommerce – Recover Lost Sales with Automated Emails

woo-cart-abandonment-recovery

100

Every store loses sales to cart abandonment. But with Cart Abandonment Recovery for WooCommerce, you can win them back—automatically.

300K 1 CVE

MailerLite – Signup forms (official)

official-mailerlite-sign-up-forms

Add newsletter signup forms to your WordPress site. Subscribers will be saved directly to your MailerLite account. Super easy to set up!

100K 7 CVEs

FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution

fluent-crm

The easiest and fastest Email Marketing, Newsletter, Marketing Automation Plugin & CRM Solution for WordPress

70K 3 CVEs

Developer Profile

Hsforms Developer Profile

opennewmedia

1 plugin · 0 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Hsforms

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/hsforms/dist/blocks.style.build.css/wp-content/plugins/hsforms/dist/onm/cal/css/cal.min.css/wp-content/plugins/hsforms/dist/MicroModal/css/micromodal.css/wp-content/plugins/hsforms/dist/blocks.build.js/wp-content/plugins/hsforms/dist/toastr/css/toastr.min.css/wp-content/plugins/hsforms/dist/toastr/js/toastr.min.js/wp-content/plugins/hsforms/dist/onm/cal/js/cal.min.js/wp-content/plugins/hsforms/dist/moment/moment-with-locales.min.js+4 more

Script Paths

/wp-content/plugins/hsforms/dist/blocks.build.js/wp-content/plugins/hsforms/dist/toastr/js/toastr.min.js/wp-content/plugins/hsforms/dist/onm/cal/js/cal.min.js/wp-content/plugins/hsforms/dist/moment/moment-with-locales.min.js/wp-content/plugins/hsforms/dist/onm/hsforms/hsforms.js/wp-content/plugins/hsforms/dist/responsive-toolkit/bootstrap-toolkit.min.js+1 more

HTML / DOM Fingerprints

Data Attributes

data-plugin-path

JS Globals

onmGlobal

FAQ