Does Katorymnd Contact Form have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Katorymnd Contact Form compatible with WordPress 6.9.4?

According to WordPress.org data, Katorymnd Contact Form 1.3 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Katorymnd Contact Form updated?

Katorymnd Contact Form was last updated on Dec 13, 2025. Frequent updates are generally a positive security signal.

What is Katorymnd Contact Form's security score?

Katorymnd Contact Form has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Katorymnd Contact Form Security & Risk Analysis

wordpress.org/plugins/katorymnd-contact-form

Katorymnd Contact Form is a simple but secure contact form Verified and ready to use.

0 active installs v1.3 PHP + WP 6.0+ Updated Dec 13, 2025

anti-spamcontactformsecurityspam

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Katorymnd Contact Form Safe to Use in 2026?

Generally Safe

Score 100/100

Katorymnd Contact Form has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5mo ago

Risk Assessment

The katorymnd-contact-form plugin v1.3 exhibits a mixed security posture. On the positive side, there are no known vulnerabilities (CVEs) associated with this plugin, nor are there any reported dangerous functions or file operations. The absence of external HTTP requests and bundled libraries is also a good sign. However, the static analysis reveals significant areas for concern. A notable issue is the lack of proper output escaping, with over half of the outputs not being properly escaped, which could lead to cross-site scripting (XSS) vulnerabilities. Furthermore, the presence of 3 taint flows with unsanitized paths, although not flagged as critical or high severity, indicates potential for data manipulation or unintended behavior if these paths are triggered by malicious input. The absence of nonce and capability checks on the single shortcode entry point is also a major weakness, as it leaves this functionality potentially open to unauthorized access or abuse.

Key Concerns

Unsanitized taint flows
Insufficient output escaping
Missing capability checks on shortcode
Missing nonce checks on shortcode

Vulnerabilities

None known

Katorymnd Contact Form Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Katorymnd Contact Form Release Timeline

v1.4

v1.3Current

v1.2

v1.1

v1.0

Code Analysis

Analyzed Mar 17, 2026

Katorymnd Contact Form Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

22 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

52% escaped42 total outputs

Data Flows · Security

3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths

katorymnd_cfm_zspr (katorymnd_contact_form.php:35)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Katorymnd Contact Form Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[katorymnd_lob_contact_form] katorymnd_contact_form.php:236

WordPress Hooks 1

actionadmin_menukatorymnd_contact_form.php:28

Maintenance & Trust

Katorymnd Contact Form Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 13, 2025

PHP min version

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Katorymnd Contact Form Alternatives

Spam Protect for Contact Form 7

wp-contact-form-7-spam-blocker

Spam Protect for Contact-Form7 protects from spam and bots. Customize defense strategies and monitor blocked attempts. Protect your time effectively!

10K 2 CVEs

OOPSpam Anti-Spam: Spam Protection for WordPress Forms & Comments (No CAPTCHA)

oopspam-anti-spam

Protect your forms from spam with 99.9% accuracy - no CAPTCHA, no JavaScript, no tracking. Trusted by 3.5M+ websites.

6K 4 CVEs

Akismet Anti-spam: Spam Protection

akismet

The best anti-spam protection to block spam comments and spam in a contact form. The most trusted antispam solution for WordPress and WooCommerce.

6.0M 2 CVEs

WP Armour – Honeypot Anti Spam

honeypot

Fastest growing Anti Spam plugin. No API calls, subscriptions, captcha or puzzle. Full GDPR complaint. For comments, contact form, login, registration

300K 2 CVEs

$WP Advanced Math Captcha$

WP Advanced Math Captcha

wp-advanced-math-captcha

100

Protect your WordPress site with a powerful and user-friendly Math Captcha. Now with seamless WooCommerce, WPForms, and Formidable Forms integration!

7K No CVEs

Developer Profile

Katorymnd Contact Form Developer Profile

Raymond

2 plugins · 0 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Katorymnd Contact Form

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/katorymnd-contact-form/katorymnd_contact_form.php

HTML / DOM Fingerprints

CSS Classes

esmhnebjnekyjxwerrorgcyd

HTML Comments

Data Attributes

data-minlength

JS Globals

window.katorymnd_cfm_zefl_sec_code

Shortcode Output

<formname="katorymnd_cfm_name"name="katorymnd_cfm_email"name="katorymnd_cfm_subject"

FAQ