Does Kreebi Forms have any unpatched vulnerabilities?

No. All known vulnerabilities in Kreebi Forms have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Kreebi Forms compatible with WordPress 6.9.4?

According to WordPress.org data, Kreebi Forms 1.1.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Kreebi Forms compatible with PHP 7.4+?

Kreebi Forms requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Kreebi Forms updated?

Kreebi Forms was last updated on Mar 13, 2026. Frequent updates are generally a positive security signal.

What is Kreebi Forms's security score?

Kreebi Forms has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Kreebi Forms Security & Risk Analysis

wordpress.org/plugins/kreebi-forms

Kreebi Forms makes it simple to build flexible forms using Drag and Drop as well as JSON definition from the WordPress admin.

0 active installs v1.1.1 PHP 7.4+ WP 5.7+ Updated Mar 13, 2026

contact-formform-builderformssubmissions

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Kreebi Forms Safe to Use in 2026?

Generally Safe

Score 100/100

Kreebi Forms has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 22d ago

Risk Assessment

The kreebi-forms plugin v1.1.1 exhibits a mixed security posture. While it demonstrates excellent practices in output escaping and includes a reasonable number of capability checks and nonce checks, there are significant areas of concern. The presence of an unprotected AJAX handler is a critical vulnerability, as it represents an easily exploitable entry point for malicious actors. The fact that 100% of SQL queries are not using prepared statements is also a major red flag, increasing the risk of SQL injection vulnerabilities. The taint analysis, while not revealing critical or high severity flows, did identify two flows with unsanitized paths, which, when combined with the lack of prepared statements, amplifies the danger. The plugin's history of zero known vulnerabilities is a positive sign, suggesting developers may have good security awareness, but it does not mitigate the risks identified in the current static analysis. The plugin needs immediate attention to address the unprotected AJAX endpoint and to implement prepared statements for all database queries.

Key Concerns

AJAX handler without authentication check
SQL queries without prepared statements
Taint flows with unsanitized paths

Vulnerabilities

None known

Kreebi Forms Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Kreebi Forms Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

149 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared2 total queries

Output Escaping

100% escaped149 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

render (admin\class-krefrm-admin-forms-page.php:12)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Kreebi Forms Attack Surface

Entry Points2

Unprotected1

AJAX Handlers 1

authwp_ajax_krefrm_submit_deactivation_surveyadmin\class-krefrm-admin-deactivation.php:16

Shortcodes 1

[kreebi_form] includes\class-krefrm-shortcode.php:53

WordPress Hooks 12

actionadmin_enqueue_scriptsadmin\class-krefrm-admin-assets.php:14

actionadmin_enqueue_scriptsadmin\class-krefrm-admin-deactivation.php:14

actionadmin_footer-plugins.phpadmin\class-krefrm-admin-deactivation.php:15

actionadmin_menuadmin\class-krefrm-admin-menu.php:14

actionadd_meta_boxes_krefrm_formadmin\class-krefrm-form-editor.php:14

actionsave_post_krefrm_formadmin\class-krefrm-form-editor.php:15

actionadmin_post_krefrm_create_formadmin\class-krefrm-form-handler.php:14

actioninitincludes\class-krefrm-post-types.php:14

actionrest_api_initincludes\class-krefrm-rest-api.php:16

actioninitincludes\class-krefrm-shortcode.php:48

actionadmin_post_krefrm_submitincludes\class-krefrm-submission-handler.php:14

actionadmin_post_nopriv_krefrm_submitincludes\class-krefrm-submission-handler.php:15

Maintenance & Trust

Kreebi Forms Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 13, 2026

PHP min version7.4

Downloads190

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Kreebi Forms Alternatives

Formative

formative

100

Powerful form builder with multi-step, conditional logic, styling, and 12+ integrations. Drag-and-drop interface for professional forms.

0 No CVEs

WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More

wpforms-lite

The best WordPress contact form plugin. Drag & Drop form builder to create beautiful contact forms, payment forms, & other custom forms.

6.0M 14 CVEs

Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder

fluentform

Get a fast contact form plugin. Create advanced forms using drag and drop form builder with all smart features.

600K 27 CVEs

Ninja Forms – The Contact Form Builder That Grows With You

ninja-forms

The 100% beginner friendly WordPress form builder. Drag & drop form fields to build beautiful, professional contact forms in minutes.

600K 75 CVEs

SureForms – Contact Form, Payment Form & Other Custom Form Builder

sureforms

The most beginner-friendly, AI Form Builder for WordPress to create contact forms, payment forms & other custom forms with advanced features, with …

400K 16 CVEs

Developer Profile

Kreebi Forms Developer Profile

Bipin Khatri

2 plugins · 0 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Kreebi Forms

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/kreebi-forms/build/index.js/wp-content/plugins/kreebi-forms/build/style-index.css/wp-content/plugins/kreebi-forms/assets/css/admin.css/wp-content/plugins/kreebi-forms/assets/js/admin.js

Script Paths

/wp-content/plugins/kreebi-forms/build/index.js/wp-content/plugins/kreebi-forms/assets/js/admin.js

Version Parameters

/wp-content/plugins/kreebi-forms/build/index.js?ver=/wp-content/plugins/kreebi-forms/build/style-index.css?ver=/wp-content/plugins/kreebi-forms/assets/css/admin.css?ver=1.1.1/wp-content/plugins/kreebi-forms/assets/js/admin.js?ver=1.1.1

HTML / DOM Fingerprints

CSS Classes

toplevel_page_krefrm_formswp-submenucurrent

Data Attributes

href*='#upgrade-to-pro'href*='krefrm_forms'

JS Globals

window.krefrmAdmin

REST Endpoints

/wp-json/kreebi-forms/v1

FAQ