WP-Safety

Multi Step Registration Form Plugin Security & Risk Analysis

wordpress.org/plugins/multipress-lite

MultiPress is an all in one wordpress plugin to create multistep registration forms with intersting features in wordpress websites.

10 active installs v1.1 PHP + WP 4.8+ Updated Aug 8, 2018
drag-drop-fieldfront-end-registrationregistration-formwp-multistep-registrationwp-registration
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Multi Step Registration Form Plugin Safe to Use in 2026?

Generally Safe

Score 85/100

Multi Step Registration Form Plugin has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago
Risk Assessment

The Multipress Lite plugin v1.1 presents a mixed security posture. On the positive side, it demonstrates good practices by using prepared statements for all SQL queries and has no recorded vulnerability history, suggesting a history of secure development. However, significant concerns arise from its attack surface and output escaping. The plugin exposes 5 AJAX handlers without authentication checks, representing a considerable risk of unauthorized access or execution of potentially harmful actions. Additionally, a low percentage (20%) of properly escaped outputs indicates a high likelihood of cross-site scripting (XSS) vulnerabilities, where malicious scripts could be injected and executed in user browsers. The absence of nonce checks on AJAX handlers further exacerbates this risk by allowing attackers to bypass these critical security mechanisms.

While the lack of known CVEs and critical taint flows is encouraging, the identified issues in the attack surface and output handling are substantial. The plugin's strengths lie in its secure database interactions and absence of past vulnerabilities. Its weaknesses are primarily in its handling of user-facing interactions and data validation/sanitization for output. The risk is moderate, leaning towards high, due to the number of unprotected entry points and the likely prevalence of XSS, which can have severe consequences if exploited.

Key Concerns

  • AJAX handlers without auth checks
  • Insufficient output escaping (80% not escaped)
  • Missing nonce checks on AJAX handlers
  • Capability check not on all entry points
Vulnerabilities
None known

Multi Step Registration Form Plugin Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Multi Step Registration Form Plugin Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
1 prepared
Unescaped Output
39
10 escaped
Nonce Checks
0
Capability Checks
1
File Operations
0
External Requests
1
Bundled Libraries
0

SQL Query Safety

100% prepared1 total queries

Output Escaping

20% escaped49 total outputs
Attack Surface
5 unprotected

Multi Step Registration Form Plugin Attack Surface

Entry Points6
Unprotected5

AJAX Handlers 5

authwp_ajax_action_number_of_fields_to_repeatincludes\class-multi_step_reg.php:173
authwp_ajax_save_section_formincludes\class-multi_step_reg.php:174
authwp_ajax_delete_section_formincludes\class-multi_step_reg.php:175
authwp_ajax_is_field_existsincludes\class-multi_step_reg.php:213
noprivwp_ajax_is_field_existsincludes\class-multi_step_reg.php:214

Shortcodes 1

[multi_step_reg] includes\class-multi_step_reg.php:215
WordPress Hooks 26
actionplugins_loadedincludes\class-multi_step_reg.php:139
actioninitincludes\class-multi_step_reg.php:156
actionadmin_enqueue_scriptsincludes\class-multi_step_reg.php:157
actionadmin_enqueue_scriptsincludes\class-multi_step_reg.php:158
actionadd_meta_boxesincludes\class-multi_step_reg.php:159
actionsave_postincludes\class-multi_step_reg.php:160
actionadmin_noticesincludes\class-multi_step_reg.php:162
actionshow_user_profileincludes\class-multi_step_reg.php:166
actionedit_user_profileincludes\class-multi_step_reg.php:167
actionpersonal_options_updateincludes\class-multi_step_reg.php:168
actionedit_user_profile_updateincludes\class-multi_step_reg.php:169
actionprofile_updateincludes\class-multi_step_reg.php:176
filterwidget_textincludes\class-multi_step_reg.php:181
filterwidget_textincludes\class-multi_step_reg.php:182
filterthe_excerptincludes\class-multi_step_reg.php:184
filterthe_excerptincludes\class-multi_step_reg.php:185
filterterm_descriptionincludes\class-multi_step_reg.php:187
filterterm_descriptionincludes\class-multi_step_reg.php:188
filtercomment_textincludes\class-multi_step_reg.php:190
filtercomment_textincludes\class-multi_step_reg.php:191
actionadmin_noticesincludes\class-multi_step_reg.php:196
actionwp_enqueue_scriptsincludes\class-multi_step_reg.php:208
actionwp_enqueue_scriptsincludes\class-multi_step_reg.php:209
actionwp_enqueue_scriptsincludes\class-multi_step_reg.php:210
actionwpincludes\class-multi_step_reg.php:211
actionwp_footerincludes\class-multi_step_reg.php:212
Maintenance & Trust

Multi Step Registration Form Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29
Last updatedAug 8, 2018
PHP min version
Downloads3K

Community Trust

Rating90/100
Number of ratings2
Active installs10
Alternatives

Multi Step Registration Form Plugin Alternatives

Simple User Registration

Simple User Registration

wp-registration

D
48

WordPress Simple Registration Form Plugin

200 1 unpatched
WP CUSTOM USER REGISTRATION

WP CUSTOM USER REGISTRATION

wp-custom-user-registration

A
85

Add Custom Fields to Default Registration Form

0 No CVEs
Ninja Forms – The Contact Form Builder That Grows With You

Ninja Forms – The Contact Form Builder That Grows With You

ninja-forms

B
76

The 100% beginner friendly WordPress form builder. Drag & drop form fields to build beautiful, professional contact forms in minutes.

600K 75 CVEs
User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor

User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor

profile-builder

B
76

Powerful user profile plugin to create front-end user registration forms, login & user profile forms. Includes user role editor & content restriction.

50K 33 CVEs
UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP

UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP

userswp

A
89

Light weight Front-end login form, User Registration, User Profile and Members Directory plugin.

20K 14 CVEs
Developer Profile

Multi Step Registration Form Plugin Developer Profile

Rakessh

3 plugins · 20 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Multi Step Registration Form Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/multipress-lite/admin/css/multi_step_reg-admin.css/wp-content/plugins/multipress-lite/admin/js/form-builder.min.js/wp-content/plugins/multipress-lite/admin/js/form-render.min.js/wp-content/plugins/multipress-lite/admin/js/vendor.js/wp-content/plugins/multipress-lite/admin/js/multi_step_reg-admin.js
Script Paths
admin/js/multi_step_reg-admin.jsadmin/js/demo.jsadmin/js/form-builder.min.jsadmin/js/form-render.min.jsadmin/js/vendor.js
Version Parameters
multipress-lite/admin/css/multi_step_reg-admin.css?ver=multipress-lite/admin/js/form-builder.min.js?ver=multipress-lite/admin/js/form-render.min.js?ver=multipress-lite/admin/js/vendor.js?ver=multipress-lite/admin/js/multi_step_reg-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
msf-generate_shortcodemsf-settingsmsr-default-form
Data Attributes
data-form-sections
JS Globals
all_steps
Shortcode Output
[multipress_lite id=
FAQ

Frequently Asked Questions about Multi Step Registration Form Plugin