LW Simple Forms Security & Risk Analysis
wordpress.org/plugins/lw-simple-formsA flexible form plugin that implements the flow of input → confirmation → completion screen, while also supporting simple one-step submissions.
Is LW Simple Forms Safe to Use in 2026?
Generally Safe
Score 100/100LW Simple Forms has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The 'lw-simple-forms' v1.0.0 plugin demonstrates several good security practices, including the exclusive use of prepared statements for all SQL queries and a high percentage of properly escaped output. The absence of dangerous functions, file operations, and external HTTP requests further strengthens its security posture. The plugin also incorporates a decent number of nonce and capability checks. However, a significant concern arises from the presence of one REST API route that lacks permission callbacks, creating an unprotected entry point that could be exploited. Additionally, the taint analysis revealed one flow with unsanitized paths, classified as high severity, indicating a potential pathway for malicious data to be processed without proper sanitization. The plugin's clean vulnerability history is positive, suggesting a good development track record, but it doesn't negate the immediate risks identified in the static analysis. Overall, while the plugin has a solid foundation, the unprotected REST API route and the high-severity taint flow represent actionable security risks that require immediate attention.
Key Concerns
- REST API route without permission callbacks
- High severity taint flow with unsanitized paths
LW Simple Forms Security Vulnerabilities
LW Simple Forms Code Analysis
SQL Query Safety
Output Escaping
Data Flow Analysis
LW Simple Forms Attack Surface
REST API Routes 1
Shortcodes 7
WordPress Hooks 13
Scheduled Events 1
Maintenance & Trust
LW Simple Forms Maintenance & Trust
Maintenance Signals
Community Trust
LW Simple Forms Alternatives
Quick Contact Form
quick-contact-form
An easy to set up, plug and play contact form with a huge range of options and styles. A beginner friendly WordPress contact form plugin.
Form – Contact Form
form-forms
Form is advanced solution for WordPress users. Contact Form Is awesome WordPress plugin with many useful features and effects.
IAKPress – Quiz Maker, Form Builder, Photo Gallery, Custom Post UI
iakpress
IAKPress is an innovative add-ons kit to create forms, exam quiz, pages and many more.
Weavely – Build Forms in Figma
weavely
Turn Figma designs into custom forms, effortlessly embed in WordPress. Elevate user experience with unique designs.
Form Plant
form-plant
A form plugin with built-in confirmation screen, submission data storage, and external site embedding — ready to use right out of the box.
LW Simple Forms Developer Profile
1 plugin · 10 total installs
How We Detect LW Simple Forms
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/lw-simple-forms/assets/css/lw-simple-forms.css/wp-content/plugins/lw-simple-forms/assets/js/lw-simple-forms.js/wp-content/plugins/lw-simple-forms/assets/js/lw-simple-forms.jslw-simple-forms/assets/css/lw-simple-forms.css?ver=lw-simple-forms/assets/js/lw-simple-forms.js?ver=HTML / DOM Fingerprints
lwsf-form-wrapLW Simple Forms Plugindata-form-idlwsf_params/wp-json/lw-simple-forms/v1/submit[lwsf_input][lwsf_error][lwsf_confirm][lwsf_complete]