Does Mango Contact Form have any unpatched vulnerabilities?

No. All known vulnerabilities in Mango Contact Form have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Mango Contact Form compatible with WordPress 4.9.29?

According to WordPress.org data, Mango Contact Form 1.0.0 has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

Is Mango Contact Form compatible with PHP 5.0+?

Mango Contact Form requires PHP 5.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Mango Contact Form updated?

Mango Contact Form was last updated on Feb 12, 2018. Frequent updates are generally a positive security signal.

What is Mango Contact Form's security score?

Mango Contact Form has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Mango Contact Form Security & Risk Analysis

wordpress.org/plugins/mango-contact-form

Simple and powerfull contact form plugin, send field to admin email.

0 active installs v1.0.0 PHP 5.0+ WP 4.9.2+ Updated Feb 12, 2018

ajax-contact-formcontact-formcontact-to-admin-email

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Mango Contact Form Safe to Use in 2026?

Generally Safe

Score 85/100

Mango Contact Form has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago

Risk Assessment

The mango-contact-form plugin v1.0.0 presents a mixed security posture. On the positive side, the plugin demonstrates good practices by using prepared statements for all SQL queries, avoiding file operations and external HTTP requests, and having no known vulnerabilities in its history. This suggests a developer who is conscious of common security pitfalls. However, significant concerns arise from its attack surface. The plugin exposes two AJAX handlers, and critically, both lack any form of authentication or authorization checks. This creates a direct pathway for unauthenticated users to interact with potentially sensitive plugin functionalities, posing a substantial risk. While taint analysis and code signals like dangerous functions show no immediate threats, the lack of capability checks on the AJAX endpoints means that any user, regardless of their WordPress role, could trigger these actions. The presence of a single nonce check is noted but is insufficient to cover all entry points.

Key Concerns

AJAX handlers without auth checks
Missing capability checks on entry points

Vulnerabilities

None known

Mango Contact Form Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Mango Contact Form Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

3 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

75% escaped4 total outputs

Attack Surface

2 unprotected

Mango Contact Form Attack Surface

Entry Points3

Unprotected2

AJAX Handlers 2

authwp_ajax_mango_contact_form_actionincludes\class-mango-contact-form-plugin.php:182

noprivwp_ajax_mango_contact_form_actionincludes\class-mango-contact-form-plugin.php:183

Shortcodes 1

[contact-form] public\class-mango-contact-form-public.php:154

WordPress Hooks 6

actionplugins_loadedincludes\class-mango-contact-form-plugin.php:151

actionadmin_enqueue_scriptsincludes\class-mango-contact-form-plugin.php:166

actionadmin_enqueue_scriptsincludes\class-mango-contact-form-plugin.php:167

actionwp_enqueue_scriptsincludes\class-mango-contact-form-plugin.php:184

actionwp_enqueue_scriptsincludes\class-mango-contact-form-plugin.php:185

actioninitincludes\class-mango-contact-form-plugin.php:186

Maintenance & Trust

Mango Contact Form Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedFeb 12, 2018

PHP min version5.0

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Mango Contact Form Alternatives

Just Contact Form

just-contact-form

Just ajax contact form with captcha, one shortcode and easy to use, without options and without complexity.

100 No CVEs

Ajax Contact Form

ajax-contact-form

This plugin sends mail using ajax and gather email list, have options page, custom css and form design usability.

20 No CVEs

Ajax Contact Forms (ACF SP)

ajax-contact-forms

Simple and friendly contact form plugin with button widget.

10 No CVEs

WPxon Ajax Contact Form

wpxon-ajax-contact-form

Ajax contact form is a simple and clean deisnged contact form.

10 No CVEs

Contact Form 7

contact-form-7

Just another contact form plugin. Simple but flexible.

10.0M 8 CVEs

Developer Profile

Mango Contact Form Developer Profile

jjvasquez

1 plugin · 0 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Mango Contact Form

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/mango-contact-form/css/mango-contact-form-admin.css/wp-content/plugins/mango-contact-form/js/mango-contact-form-admin.js

Script Paths

/wp-content/plugins/mango-contact-form/js/mango-contact-form-admin.js

Version Parameters

mango-contact-form-admin.css?ver=mango-contact-form-admin.js?ver=

HTML / DOM Fingerprints

FAQ