Does iSMS Contact Form have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is iSMS Contact Form compatible with WordPress 5.7.15?

According to WordPress.org data, iSMS Contact Form 1.1 has been tested up to WordPress 5.7.15. Check the plugin's changelog for the latest compatibility information.

Is iSMS Contact Form compatible with PHP 5.6+?

iSMS Contact Form requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is iSMS Contact Form updated?

iSMS Contact Form was last updated on May 21, 2021. Frequent updates are generally a positive security signal.

What is iSMS Contact Form's security score?

iSMS Contact Form has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

iSMS Contact Form Security & Risk Analysis

wordpress.org/plugins/isms-contact-form

Contact Form with mobile number field and store form data integration for your WordPress website.

0 active installs v1.1 PHP 5.6+ WP 5.2+ Updated May 21, 2021

customer-contact-buildercustomer-enquiry-formtags-contact-form

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is iSMS Contact Form Safe to Use in 2026?

Generally Safe

Score 85/100

iSMS Contact Form has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago

Risk Assessment

The 'isms-contact-form' v1.1 plugin presents a significant security risk primarily due to its large unprotected attack surface. With 10 out of 12 entry points lacking authentication checks, a substantial portion of the plugin's functionality is exposed to unauthenticated users. The presence of two 'unserialize' functions, a known vector for remote code execution if data is not properly sanitized, is a critical concern, especially when combined with a high-severity taint flow identified. While the plugin's SQL query preparation and output escaping rates are reasonably good, these strengths are overshadowed by the fundamental security flaws in access control.

The plugin's vulnerability history is a notable strength, showing zero recorded CVEs. This could indicate diligent development practices in the past or simply a lack of targeted exploitation. However, the absence of historical vulnerabilities does not negate the present risks identified in the static analysis. The plugin's overall security posture is therefore concerning, as it exhibits critical vulnerabilities in its access control and data handling that could be exploited despite its clean CVE record. Further investigation into the specific 'unserialize' usage and the high-severity taint flow is strongly recommended.

Key Concerns

Unprotected AJAX handlers
High severity taint flow
Dangerous function: unserialize
SQL queries without prepared statements
Output escaping below 80%
No capability checks
Flows with unsanitized paths

Vulnerabilities

None known

iSMS Contact Form Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

iSMS Contact Form Release Timeline

No version history available.

Code Analysis

Analyzed Mar 17, 2026

iSMS Contact Form Code Analysis

Dangerous Functions

Raw SQL Queries

16 prepared

Unescaped Output

102 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserializeif (@unserialize($option) !== false) {includes\Plugin.php:642

unserializereturn unserialize($option);includes\Plugin.php:643

Bundled Libraries

jQuery

SQL Query Safety

59% prepared27 total queries

Output Escaping

76% escaped134 total outputs

Data Flows · Security

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

search_box (includes\WPListTable.php:348)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

10 unprotected

iSMS Contact Form Attack Surface

Entry Points12

Unprotected10

AJAX Handlers 10

authwp_ajax_get_contact_listincludes\iSMSContact.php:21

noprivwp_ajax_get_contact_listincludes\iSMSContact.php:22

authwp_ajax_get_mail_sent_listincludes\iSMSContact.php:24

noprivwp_ajax_get_mail_sent_listincludes\iSMSContact.php:25

authwp_ajax_add_formincludes\iSMSContact.php:27

noprivwp_ajax_add_formincludes\iSMSContact.php:28

authwp_ajax_update_formincludes\iSMSContact.php:30

noprivwp_ajax_update_formincludes\iSMSContact.php:31

authwp_ajax_send_emailincludes\iSMSContact.php:35

noprivwp_ajax_send_emailincludes\iSMSContact.php:36

Shortcodes 2

[isms-contact-form] includes\iSMSContact.php:212

[isms-field] includes\iSMSContact.php:213

WordPress Hooks 8

actionadmin_menuincludes\iSMSContact.php:11

actionadmin_initincludes\iSMSContact.php:12

actionadmin_enqueue_scriptsincludes\iSMSContact.php:13

actionwp_enqueue_scriptsincludes\iSMSContact.php:14

actioninitincludes\iSMSContact.php:33

filtermce_external_pluginsincludes\Plugin.php:214

filtermce_buttonsincludes\Plugin.php:215

actionadmin_footerincludes\WPListTable.php:166

Maintenance & Trust

iSMS Contact Form Maintenance & Trust

Maintenance Signals

WordPress version tested5.7.15

Last updatedMay 21, 2021

PHP min version5.6

Downloads944

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

iSMS Contact Form Alternatives

iSMS Contact Form with 2 Factor Authenticator

isms-contact-form-with-2-factor-authenticator

iSMS Contact Form with 2 Factor Authenticator integration and store form's data entries for your WordPress website.

0 No CVEs

Contact Form Monster

contact-form-monster

Contact form plugin is a simple contact form builder tool, which allows the user to create and edit different contact forms.

200 No CVEs

Developer Profile

iSMS Contact Form Developer Profile

mobiweb

3 plugins · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect iSMS Contact Form

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/isms-contact-form/includes/js/custom.js/wp-content/plugins/isms-contact-form/includes/css/style.css/wp-content/plugins/isms-contact-form/includes/css/bootstrap.min.css/wp-content/plugins/isms-contact-form/includes/css/responsive.css/wp-content/plugins/isms-contact-form/includes/js/bootstrap.min.js

Script Paths

/wp-content/plugins/isms-contact-form/includes/js/custom.js/wp-content/plugins/isms-contact-form/includes/js/bootstrap.min.js

Version Parameters

isms-contact-form/includes/js/custom.js?ver=isms-contact-form/includes/css/style.css?ver=isms-contact-form/includes/css/bootstrap.min.css?ver=isms-contact-form/includes/css/responsive.css?ver=isms-contact-form/includes/js/bootstrap.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

isms-contact-form-wrapper

Data Attributes

data-form-iddata-mail-todata-mail-fromdata-mail-subjectdata-mail-headerdata-mail-body+2 more

JS Globals

isms_contact_ajax_object

REST Endpoints

/wp-json/isms-contact-form/v1/send-email

Shortcode Output

[isms_contact_form]

FAQ

iSMS Contact Form Security & Risk Analysis

Is iSMS Contact Form Safe to Use in 2026?

Generally Safe

Key Concerns

iSMS Contact Form Security Vulnerabilities

iSMS Contact Form Release Timeline

iSMS Contact Form Code Analysis

Dangerous Functions Found

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

iSMS Contact Form Attack Surface

AJAX Handlers 10

Shortcodes 2

iSMS Contact Form Maintenance & Trust

Maintenance Signals

Community Trust

iSMS Contact Form Alternatives

iSMS Contact Form with 2 Factor Authenticator

Contact Form Monster

iSMS Contact Form Developer Profile

How We Detect iSMS Contact Form

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about iSMS Contact Form