Does neoForms have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is neoForms compatible with WordPress 4.9.29?

According to WordPress.org data, neoForms 1.0.2 has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

How often is neoForms updated?

neoForms was last updated on Aug 18, 2018. Frequent updates are generally a positive security signal.

What is neoForms's security score?

neoForms has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

neoForms Security & Risk Analysis

wordpress.org/plugins/neoforms

Now you can build form in easiest, simplest and fastest ever way however you want without coding.

0 active installs v1.0.2 PHP + WP 3.0.1+ Updated Aug 18, 2018

contact-formformformsregistration-formwp-contact-form

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is neoForms Safe to Use in 2026?

Generally Safe

Score 85/100

neoForms has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago

Risk Assessment

The neoforms plugin v1.0.2 exhibits a mixed security posture. On the positive side, it demonstrates good practices by not using dangerous functions, implementing prepared statements for all SQL queries, and not bundling external libraries. The absence of known vulnerabilities in its history is also a positive indicator. However, significant concerns arise from the attack surface. A substantial portion of its AJAX handlers (5 out of 13) lack authentication checks, creating potential entry points for unauthorized actions. Furthermore, only 23% of output escaping is properly implemented, which, combined with the unsanitized path identified in the taint analysis, poses a risk of Cross-Site Scripting (XSS) vulnerabilities. The complete lack of nonce checks on AJAX handlers is a critical oversight that exacerbates the risk associated with unprotected entry points.

Key Concerns

AJAX handlers without authentication
Low percentage of properly escaped output
Flow with unsanitized path
No nonce checks on AJAX

Vulnerabilities

None known

neoForms Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

neoForms Release Timeline

No version history available.

Code Analysis

Analyzed Mar 17, 2026

neoForms Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

5 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared1 total queries

Output Escaping

23% escaped22 total outputs

Data Flows · Security

1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths

save_global_settings (ajax-actions.php:361)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

5 unprotected

neoForms Attack Surface

Entry Points14

Unprotected5

AJAX Handlers 13

authwp_ajax_neoforms_update_formajax-actions.php:5

authwp_ajax_neoforms_update_entryajax-actions.php:6

authwp_ajax_neoforms_get_formsajax-actions.php:7

authwp_ajax_neoforms_get_formajax-actions.php:8

authwp_ajax_neoforms_get_entryajax-actions.php:9

authwp_ajax_neoforms_delete_formajax-actions.php:10

authwp_ajax_neoforms_delete_entryajax-actions.php:11

authwp_ajax_neoforms_buck_deleteajax-actions.php:12

authwp_ajax_neoforms_save_global_settingsajax-actions.php:13

authwp_ajax_neoforms_get_global_settingsajax-actions.php:14

authwp_ajax_neo_recaptcha_validateajax-actions.php:15

authwp_ajax_neoforms_submit_formajax-actions.php:16

authwp_ajax_neoforms_get_entriesajax-actions.php:17

Shortcodes 1

[neoforms] shortcode.php:9

WordPress Hooks 9

filterneoforms_form_typesdata.php:2

actionadmin_menuform-builder-admin.php:22

actionadmin_footerform-builder-admin.php:23

actionneoforms_prepend_scripts_stylesform-builder-admin.php:24

actioninitneoforms.php:42

actionwp_enqueue_scriptsshortcode.php:10

actionwp_footershortcode.php:11

actionwp_headshortcode.php:12

actioninitshortcode.php:333

Maintenance & Trust

neoForms Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedAug 18, 2018

PHP min version

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

neoForms Alternatives

Ninja Forms – The Contact Form Builder That Grows With You

ninja-forms

The 100% beginner friendly WordPress form builder. Drag & drop form fields to build beautiful, professional contact forms in minutes.

600K 75 CVEs

Affiliate Contact Form 7 Integration For WooCommerce

affiliate-contact-form-7-integration-for-woocommerce

100

Recruit better affiliates for your affiliate program by gathering detailed insights through Contact Form 7 (CF7) powered custom registration forms.

30 No CVEs

Vedrixa Forms – Contact Form, Registration Form & Drag-and-Drop Form Builder

vedrixa-forms-registration-builder

100

Build contact and registration forms with a drag-and-drop WordPress form builder and submission manager.

0 No CVEs

WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More

wpforms-lite

The best WordPress contact form plugin. Drag & Drop form builder to create beautiful contact forms, payment forms, & other custom forms.

6.0M 16 CVEs

Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder

fluentform

Get a fast contact form plugin. Create advanced forms using drag and drop form builder with all smart features.

700K 33 CVEs

Developer Profile

neoForms Developer Profile

Mithu A Quayium

17 plugins · 490 total installs

trust score

Avg Security Score

86/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect neoForms

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/neoforms/assets/js/neoforms-admin.js/wp-content/plugins/neoforms/assets/css/neoforms-admin.css/wp-content/plugins/neoforms/assets/js/neoforms-front.js/wp-content/plugins/neoforms/assets/css/neoforms-front.css

Script Paths

/wp-content/plugins/neoforms/assets/js/neoforms-admin.js/wp-content/plugins/neoforms/assets/js/neoforms-front.js

Version Parameters

neoforms/assets/css/neoforms-admin.css?ver=neoforms/assets/js/neoforms-admin.js?ver=neoforms/assets/css/neoforms-front.css?ver=neoforms/assets/js/neoforms-front.js?ver=

HTML / DOM Fingerprints

CSS Classes

neoforms-form-builder-wrapperneoforms-admin-menu-wrapperneoforms-form-elementneoforms-field-wrapper

Data Attributes

data-neoforms-field-typedata-neoforms-field-id

JS Globals

neoforms_global_data

Shortcode Output

[neoforms-form id=""]

FAQ