WP-Safety

Ninja Forms – The Contact Form Builder That Grows With You Security & Risk Analysis

wordpress.org/plugins/ninja-forms

The 100% beginner friendly WordPress form builder. Drag & drop form fields to build beautiful, professional contact forms in minutes.

600K active installs v3.14.1 PHP 7.4+ WP 6.7+ Updated Feb 5, 2026
contact-formform-builderformslead-formregistration-form
76
B · Generally Safe
CVEs total74
Unpatched0
Last CVEFeb 9, 2026
Plugin page Download
Safety Verdict

Is Ninja Forms – The Contact Form Builder That Grows With You Safe to Use in 2026?

Mostly Safe

Score 76/100

Ninja Forms – The Contact Form Builder That Grows With You is generally safe to use. 74 past CVEs were resolved. Keep it updated.

74 known CVEsLast CVE: Feb 9, 2026Updated 1mo ago
Risk Assessment

Ninja Forms v3.14.1 presents a mixed security posture. While the plugin demonstrates some good security practices, such as a high percentage of SQL queries using prepared statements and a significant number of nonce and capability checks, several concerning areas require attention. The large attack surface, with 16 unprotected entry points out of 49 total, including AJAX handlers and REST API routes lacking proper authentication or permission checks, is a significant risk. Furthermore, the presence of dangerous functions like `unserialize` and the high number of flows with unsanitized paths, particularly the 6 identified as high severity in taint analysis, indicate potential vulnerabilities related to deserialization and path traversal. The plugin's historical vulnerability data, with a substantial number of past CVEs across various severity levels and common vulnerability types like code injection and SQL injection, suggests a pattern of recurring security issues, even though no unpatched CVEs are currently listed. The last reported vulnerability in February 2026, while in the future, is noted for its recency and type, warranting continued vigilance.

Key Concerns

  • Unprotected AJAX handlers
  • REST API routes without permission callbacks
  • Dangerous function: unserialize
  • Taint flows with unsanitized paths (High severity)
  • High number of historically known CVEs
  • Frequent vulnerability types: XSS, SQLi, Deserialization
Vulnerabilities
74

Ninja Forms – The Contact Form Builder That Grows With You Security Vulnerabilities

CVEs by Year

3 CVEs in 2014
2014
5 CVEs in 2015
2015
3 CVEs in 2016
2016
2 CVEs in 2017
2017
7 CVEs in 2018
2018
1 CVE in 2019
2019
5 CVEs in 2020
2020
8 CVEs in 2021
2021
7 CVEs in 2022
2022
8 CVEs in 2023
2023
14 CVEs in 2024
2024
10 CVEs in 2025
2025
1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

Critical
3
High
18
Medium
53

74 total CVEs

CVE-2026-2268high · 7.5Exposure of Sensitive Information to an Unauthorized Actor

Ninja Forms <= 3.14.0 - Unauthenticated Information Disclosure in nf_ajax_submit AJAX Action

Feb 9, 2026 Patched in 3.14.1 (1d)
CVE-2025-11924high · 7.5Authorization Bypass Through User-Controlled Key

Ninja Forms – The Contact Form Builder That Grows With You <= 3.13.2 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Exposure via Unscoped Bearer Token

Dec 16, 2025 Patched in 3.13.3 (1d)
CVE-2025-14072high · 7.5Missing Authorization

Ninja Forms <= 3.13.2 - Missing Authorization to Unauthenticated Submission Disclosure

Dec 12, 2025 Patched in 3.13.3 (41d)
CVE-2025-10499medium · 4.3Cross-Site Request Forgery (CSRF)

Ninja Forms – The Contact Form Builder That Grows With You <= 3.12.0 - Cross-Site Request Forgery to Plugin Settings Update

Sep 26, 2025 Patched in 3.12.1 (1d)
CVE-2025-10498medium · 4.3Cross-Site Request Forgery (CSRF)

Ninja Forms – The Contact Form Builder That Grows With You <= 3.12.0 - Cross-Site Request Forgery to Limited File Deletion

Sep 26, 2025 Patched in 3.12.1 (1d)
CVE-2025-9083high · 8.1Deserialization of Untrusted Data

Ninja Forms <= 3.11.0 - Unauthenticated PHP Object Injection

Aug 28, 2025 Patched in 3.11.1 (13d)
CVE-2025-5398medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Ninja Forms <= 3.10.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via CSTI

Jun 26, 2025 Patched in 3.10.2.2 (1d)
CVE-2025-2561medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Ninja Forms – The Contact Form Builder That Grows With You <= 3.10.0 - Authenticated (Admin+) Stored Cross-Site Scripting

Apr 28, 2025 Patched in 3.10.1 (26d)
CVE-2025-2560medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Ninja Forms – The Contact Form Builder That Grows With You <= 3.10.0 - Authenticated (Admin+) Stored Cross-Site Scripting

Apr 28, 2025 Patched in 3.10.1 (47d)
CVE-2025-2524medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Ninja Forms – The Contact Form Builder That Grows With You <= 3.10.0 - Authenticated (Admin+) Stored Cross-Site Scripting

Apr 28, 2025 Patched in 3.10.1 (47d)
CVE-2024-13470medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Ninja Forms – The Contact Form Builder That Grows With You <= 3.8.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Jan 29, 2025 Patched in 3.8.25 (1d)
CVE-2024-12238medium · 6.3Improper Control of Generation of Code ('Code Injection')

Ninja Forms – The Contact Form Builder That Grows With You <= 3.8.22 - Authenticated (Subscriber+) Arbitrary Shortcode Execution

Dec 28, 2024 Patched in 3.8.23 (1d)
CVE-2024-11052high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Ninja Forms – The Contact Form Builder That Grows With You <= 3.8.19 - Unauthenticated Stored Cross-Site Scripting via Form Calculations

Dec 11, 2024 Patched in 3.8.20 (1d)
CVE-2024-50515medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Ninja Forms – The Contact Form Builder That Grows With You <= 3.8.17 - Authenticated (Admin+) Stored Cross-Site Scripting

Oct 28, 2024 Patched in 3.8.18 (46d)
CVE-2024-50514medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Ninja Forms – The Contact Form Builder That Grows With You <= 3.8.17 - Authenticated (Admin+) Stored Cross-Site Scripting

Oct 28, 2024 Patched in 3.8.18 (46d)
CVE-2024-3866medium · 4.7Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Ninja Forms Contact Form <= 3.8.15 - Reflected Self-Based Cross-Site Scripting via Referer

Sep 24, 2024 Patched in 3.8.16 (1d)
CVE-2024-43999medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Ninja Forms <= 3.8.11 - Authenticated (Administrator+) Stored Cross-Site Scripting

Aug 28, 2024 Patched in 3.8.12 (8d)
CVE-2024-7354medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Ninja Forms – The Contact Form Builder That Grows With You <= 3.8.10 - Reflected Cross-Site Scripting

Aug 12, 2024 Patched in 3.8.11 (32d)
CVE-2024-39628medium · 4.3Cross-Site Request Forgery (CSRF)

Ninja Forms <= 3.8.6 - Cross-Site Request Forgery

Jul 24, 2024 Patched in 3.8.7 (9d)
CVE-2024-37934medium · 4.3Missing Authorization

Ninja Forms <= 3.8.4 - Authenticated (Subscriber+) Arbitrary Shortcode Execution

Jul 4, 2024 Patched in 3.8.5 (7d)
CVE-2024-26019medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Ninja Forms – The Contact Form Builder That Grows With You <= 3.8.0 - Authenticated (Admin+) Stored Cross-Site Scripting

Apr 8, 2024 Patched in 3.8.1 (30d)
CVE-2024-29220medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Ninja Forms – The Contact Form Builder That Grows With You <= 3.8.0 - Authenticated (Admin+) Stored Cross-Site Scripting

Apr 8, 2024 Patched in 3.8.1 (30d)
CVE-2024-2113medium · 4.3Cross-Site Request Forgery (CSRF)

Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.8.0 - Cross-Site Request Forgery to Publicly Accessible Form Submission Export

Mar 28, 2024 Patched in 3.8.1 (1d)
CVE-2024-2108medium · 4.6Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.8.0 - Authenticated (Author+) Stored Cross-Site Scripting

Mar 28, 2024 Patched in 3.8.1 (1d)
CVE-2024-0685medium · 5.9Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Ninja Forms Contact Form <= 3.7.1 - Unauthenticated Second Order SQL Injection

Feb 1, 2024 Patched in 3.7.2 (180d)
CVE-2023-5530medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Ninja Forms Contact Form <= 3.6.33 - Authenticated (Admin+) Stored Cross-Site Scripting

Oct 16, 2023 Patched in 3.6.34 (235d)
CVE-2023-4109medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Ninja Forms <= 3.6.25 - Authenticated (Administrator+) Stored HTML Injection

Aug 7, 2023 Patched in 3.6.26 (299d)
CVE-2023-37979medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Ninja Forms <= 3.6.25 - Reflected Cross-Site Scripting via 'data'

Jul 25, 2023 Patched in 3.6.26 (182d)
CVE-2023-38386medium · 5.3Missing Authorization

Ninja Forms <= 3.6.25 - Missing Authorization to Contributor+ Form Submission Export

Jul 25, 2023 Patched in 3.6.26 (182d)
CVE-2023-38393medium · 4.3Missing Authorization

Ninja Forms <= 3.6.25 - Missing Authorization to Form Submission Export

Jul 25, 2023 Patched in 3.6.26 (182d)
CVE-2023-35909medium · 5.3Uncontrolled Resource Consumption

Ninja Forms <= 3.6.25 - Denial of Service via Large Form Submissions

Jul 7, 2023 Patched in 3.6.26 (200d)
CVE-2023-36505medium · 6.5External Control of File Name or Path

Ninja Forms <= 3.6.24 - Authenticated (Admin+) Arbitrary File Deletion

Jun 22, 2023 Patched in 3.6.25 (215d)
CVE-2023-1835medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Ninja Forms Contact Form <= 3.6.21 - Reflected Cross-Site Scripting via 'title'

Apr 24, 2023 Patched in 3.6.22 (274d)
CVE-2022-2903high · 7.2Deserialization of Untrusted Data

Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.6.12 - Authenticated (Administrator+) PHP Objection Injection

Sep 5, 2022 Patched in 3.6.13 (505d)
WF-df46b3d5-a433-47b5-99b8-117591f7dd16-ninja-formscritical · 9.8Improper Control of Generation of Code ('Code Injection')

Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.6.10 - Code Injection

Jun 15, 2022 Patched in 3.0.34.2 (587d)
CVE-2021-25056medium · 4.8Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Ninja Forms Contact Form <= 3.6.9 - Cross-Site Scripting via field label

Jun 13, 2022 Patched in 3.6.10 (589d)
CVE-2021-25066medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Ninja Ninja Forms Contact Form <= 3.6.10 - Authenticated (Admin+) Stored Cross-Site Scripting via import

Jun 10, 2022 Patched in 3.6.11 (592d)
CVE-2021-36827medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Ninja Forms Contact Form <= 3.6.9 - Authenticated (Admin+) Cross-Site Scripting via label

Jun 7, 2022 Patched in 3.6.10 (594d)
WF-488970f0-3120-4f4a-9915-2ae1708bd86a-ninja-formshigh · 8.8Cross-Site Request Forgery (CSRF)

Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.6.9 - Cross-Site Request Forgery to Field Import and PHP Object Injection

Jun 7, 2022 Patched in 3.6.10 (595d)
WF-cda2465e-b17e-4b5c-ad86-3c3c7a354d03-ninja-formsmedium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.6.7 - Email Address Disclosure

Mar 22, 2022 Patched in 3.6.8 (672d)
CVE-2021-24889high · 7.2Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Ninja Forms Contact Form <= 3.6.3 - Authenticated SQL Injection

Oct 26, 2021 Patched in 3.6.4 (819d)
CVE-2021-24381medium · 4.8Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Ninja Forms <= 3.5.8.1 - Cross-Site Scripting

Sep 27, 2021 Patched in 3.5.8.2 (848d)
CVE-2021-34647medium · 6.5Incorrect Authorization

Ninja Forms <= 3.5.7 - Unprotected REST-API to Sensitive Information Disclosure

Sep 22, 2021 Patched in 3.5.8 (852d)
CVE-2021-34648medium · 6.4Incorrect Authorization

Ninja Forms <= 3.5.7 - Unprotected REST-API to Email Injection

Sep 22, 2021 Patched in 3.5.8 (852d)
CVE-2021-24165medium · 6.1URL Redirection to Untrusted Site ('Open Redirect')

Ninja Forms Contact Form <= 3.4.33 - Administrator Open Redirect

Feb 16, 2021 Patched in 3.4.34 (1071d)
CVE-2021-24163high · 8.8Exposure of Sensitive Information to an Unauthorized Actor

Ninja Forms Contact Form <= 3.4.33 - Authenticated SendWP Plugin Installation and Client Secret Key Disclosure

Feb 16, 2021 Patched in 3.4.34 (1071d)
CVE-2021-24164medium · 4.3Exposure of Sensitive Information to an Unauthorized Actor

Ninja Forms <= 3.4.34 - Authenticated OAuth Connection Key Disclosure

Feb 16, 2021 Patched in 3.4.34.1 (1071d)
CVE-2021-24166medium · 5.4Cross-Site Request Forgery (CSRF)

Ninja Forms Contact Form <= 3.4.33 - Cross-Site Request Forgery to OAuth Service Disconnection

Feb 16, 2021 Patched in 3.4.34 (1071d)
CVE-2020-36175medium · 5.3Improper Input Validation

Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.4.27 - Validation Bypass via Email Field

Sep 22, 2020 Patched in 3.4.27.1 (1218d)
CVE-2020-36174high · 8.8Cross-Site Request Forgery (CSRF)

Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.4.27 - Cross-Site Request Forgery to Plugin Installation

Sep 22, 2020 Patched in 3.4.27.1 (1218d)
CVE-2020-36173medium · 6.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.4.27.1 - Stored Cross-Site Scripting

Sep 20, 2020 Patched in 3.4.28 (1220d)
CVE-2020-12462medium · 6.1Cross-Site Request Forgery (CSRF)

Ninja Forms Contact Form <= 3.4.24.1 - Cross-Site Request Forgery leading to Stored Cross-Site Scripting

Apr 28, 2020 Patched in 3.4.24.2 (1365d)
CVE-2020-8594medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Ninja Forms Contact Form <= 3.4.22 - Stored Cross-Site Scripting

Feb 3, 2020 Patched in 3.4.23 (1450d)
CVE-2019-15025critical · 9.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Ninja Forms Contact Form <= 3.3.21.1 - SQL Injection

Jan 7, 2019 Patched in 3.3.21.2 (1842d)
CVE-2018-19796medium · 4.7URL Redirection to Untrusted Site ('Open Redirect')

Ninja Forms Contact Form <= 3.3.19 - Authenticated Open Redirect

Dec 1, 2018 Patched in 3.3.19.1 (1879d)
CVE-2018-19287medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Ninja Forms Contact Form <= 3.3.17 - Cross-Site Scripting via begin_date, end_date, or form_id Parameter

Nov 15, 2018 Patched in 3.3.18 (1895d)
WF-aa735320-f7fe-4e51-9f9a-f4c8f3ddc2e7-ninja-formshigh · 8.3Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.3.13 - Cross-Site Scripting

Aug 27, 2018 Patched in 3.3.14 (1975d)
CVE-2018-16308high · 8.6Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Ninja Forms Contact Form <= 3.3.13 - CSV Injection

Aug 19, 2018 Patched in 3.3.14 (1983d)
CVE-2018-20981critical · 9.1Improper Input Validation

Ninja Forms <= 3.3.8 - Insufficient Restrictions during Export Personal Data requests

Jul 6, 2018 Patched in 3.3.9 (2027d)
CVE-2018-20980high · 7.5Improper Input Validation

Ninja Forms Contact Form <= 3.2.14 - Parameter Tampering

Feb 26, 2018 Patched in 3.2.15 (2157d)
CVE-2018-7280medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Ninja Forms Contact Form <= 3.2.13 - Cross-Site Scripting

Feb 20, 2018 Patched in 3.2.14 (2163d)
WF-f3ebaf25-1bd3-4770-b4bd-30de83b31add-ninja-formsmedium · 5.3Improper Control of Generation of Code ('Code Injection')

Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.0.31 - Arbitrary Wordpress Shortcode Injection

Apr 17, 2017 Patched in 3.0.32 (2472d)
CVE-2017-18574medium · 6.1Improper Input Validation

Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.0.30 - HTML Injection

Mar 7, 2017 Patched in 3.0.31 (2513d)
WF-89a44d42-a110-4f55-ad27-2be4ccb41a16-ninja-formshigh · 8.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Ninja Forms Contact Form <= 2.9.55.1 - Authenticated SQL Injection

Aug 16, 2016 Patched in 2.9.55.2 (2716d)
WF-e01532bb-3011-4efe-b072-d0df5708f8e9-ninja-formsmedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Ninja Forms Contact Form <= 2.9.51 - Multiple Reflected Cross-Site Scripting

Jul 19, 2016 Patched in 2.9.52 (2744d)
CVE-2016-1209high · 8.1Improper Input Validation

Ninja Forms Contact Form 2.9.36 - 2.9.42 - PHP Object Injection

May 13, 2016 Patched in 2.9.42.1 (2811d)
WF-7bd89bd9-4f99-4828-bacc-15d2cfe13066-ninja-formshigh · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Ninja Forms Contact Form <= 2.9.28 - Stored Cross-Site Scripting

Dec 8, 2015 Patched in 2.9.29 (2968d)
WF-39b6a1c7-2f8a-49e9-8807-a53a25524018-ninja-formshigh · 8.4Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Ninja Forms Contact Form <= 2.9.27 - CSV Injection

Sep 30, 2015 Patched in 2.9.28 (3037d)
WF-ee74d229-499e-4f9a-ad7d-c707f6eeac6e-ninja-formsmedium · 5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Ninja Forms Contact Form <= 2.9.21 - Reflected Cross-Site Scripting

Aug 4, 2015 Patched in 2.9.22 (3094d)
WF-69435cb6-9591-45bb-86e3-eaf1a9bc46f9-ninja-formsmedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Ninja Forms Contact Form <= 2.9.18 - Cross-Site Scripting

Jun 5, 2015 Patched in 2.9.19 (3154d)
WF-dba01dc2-c73b-461a-bcbd-86daa0bf0ad0-ninja-formsmedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Ninja Forms <= 2.9.10 - Reflected Cross-Site Scripting

Apr 20, 2015 Patched in 2.9.11 (3200d)
CVE-2014-9688medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 2.8.8 - Reflected Cross-Site Scripting

Dec 2, 2014 Patched in 2.8.10 (3339d)
CVE-2015-2220high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Ninja Forms Contact Form <= 2.8.8 - Stored Cross-Site Scripting

Nov 20, 2014 Patched in 2.8.9 (3351d)
CVE-2014-8815medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 2.8.6 - Reflected Cross-Site Scripting

Nov 6, 2014 Patched in 2.8.7 (3365d)
Code Analysis
Analyzed Mar 16, 2026

Ninja Forms – The Contact Form Builder That Grows With You Code Analysis

Dangerous Functions
8
Raw SQL Queries
37
221 prepared
Unescaped Output
161
471 escaped
Nonce Checks
40
Capability Checks
58
File Operations
34
External Requests
13
Bundled Libraries
0

Dangerous Functions Found

unserialize$unserialized = unserialize($value, ['allowed_classes' => false]);blocks\views\includes\DataBuilder\SubmissionsBuilder.php:63
unserialize$value =implode('<br />',array_column(unserialize($sub->get_field_value($column)),'value'));includes\Admin\CPT\Submission.php:239
unserialize$optionsByRepetition = array_column(unserialize($sub->get_field_value($column)),'value');includes\Admin\CPT\Submission.php:241
unserialize$return = unserialize($serializedValue,['allowed_classes'=>false]);includes\Admin\Menus\ImportExport.php:128
unserialize$calculationsForForm = unserialize($metaArray['value'],['allowed_classes'=>false]);includes\Factories\ConstructUsageEntity.php:554
unserialize$fieldSubmissionValue = unserialize($fieldSubmissionValue,['allowed_classes' => false]);includes\Handlers\FieldsetRepeater.php:384
unserialize$parsed = @unserialize( $parsed );includes\Helper.php:333
unserializereturn ( $parsed ) ? $parsed : unserialize( $original ); // Fallback if parse error.includes\Helper.php:335

SQL Query Safety

86% prepared258 total queries

Output Escaping

75% escaped632 total outputs
Data Flows
8 unsanitized

Data Flow Analysis

17 flows8 with unsanitized paths
bulk_admin_footer (includes\Admin\CPT\DownloadAllSubmissions.php:153)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
16 unprotected

Ninja Forms – The Contact Form Builder That Grows With You Attack Surface

Entry Points49
Unprotected16

AJAX Handlers 29

authwp_ajax_nf_hide_columnsincludes\Admin\CPT\Submission.php:43
authwp_ajax_nf_delete_all_dataincludes\AJAX\Controllers\DeleteAllData.php:8
authwp_ajax_nf_maybe_delete_fieldincludes\AJAX\Controllers\Fields.php:10
authwp_ajax_nf_ajax_get_new_nonceincludes\AJAX\Controllers\Form.php:12
noprivwp_ajax_nf_ajax_get_new_nonceincludes\AJAX\Controllers\Form.php:13
authwp_ajax_nf_save_formincludes\AJAX\Controllers\Form.php:14
authwp_ajax_nf_delete_formincludes\AJAX\Controllers\Form.php:15
authwp_ajax_nf_remove_maintenance_modeincludes\AJAX\Controllers\Form.php:16
authwp_ajax_nf_log_js_errorincludes\AJAX\Controllers\JSError.php:8
noprivwp_ajax_nf_log_js_errorincludes\AJAX\Controllers\JSError.php:9
authwp_ajax_nf_onboarding_dismissincludes\AJAX\Controllers\Onboarding.php:10
authwp_ajax_nf_onboarding_startincludes\AJAX\Controllers\Onboarding.php:11
authwp_ajax_nf_onboarding_nextincludes\AJAX\Controllers\Onboarding.php:12
authwp_ajax_nf_onboarding_completeincludes\AJAX\Controllers\Onboarding.php:13
authwp_ajax_nf_preview_updateincludes\AJAX\Controllers\Preview.php:10
authwp_ajax_nf_create_saved_fieldincludes\AJAX\Controllers\SavedFields.php:11
authwp_ajax_nf_update_saved_fieldincludes\AJAX\Controllers\SavedFields.php:12
authwp_ajax_nf_delete_saved_fieldincludes\AJAX\Controllers\SavedFields.php:13
authwp_ajax_nf_ajax_submitincludes\AJAX\Controllers\Submission.php:29
noprivwp_ajax_nf_ajax_submitincludes\AJAX\Controllers\Submission.php:30
authwp_ajax_nf_ajax_resumeincludes\AJAX\Controllers\Submission.php:37
noprivwp_ajax_nf_ajax_resumeincludes\AJAX\Controllers\Submission.php:38
authwp_ajax_ninja_forms_sendwp_remote_installincludes\Integrations\sendwp.php:4
authwp_ajax_nf_servicesservices\bootstrap.php:13
authwp_ajax_nf_services_installservices\bootstrap.php:22
authwp_ajax_nf_update_cache_modeservices\bootstrap.php:136
authwp_ajax_nf_oauthservices\oauth.php:37
authwp_ajax_nf_oauth_connectservices\oauth.php:51
authwp_ajax_nf_oauth_disconnectservices\oauth.php:52

REST API Routes 16

GET/wp-json/ninja-forms-viewsformsblocks\bootstrap.php:200
GET/wp-json/ninja-forms-viewsforms/(?P<id>\d+)/fieldsblocks\bootstrap.php:236
GET/wp-json/ninja-forms-viewsforms/(?P<id>\d+)/submissionsblocks\bootstrap.php:255
POST/wp-json/ninja-forms-viewstoken/refreshblocks\bootstrap.php:303
GET/wp-json/ninja-forms-submissionssubmissions/getincludes\Routes\Submissions.php:28
POST/wp-json/ninja-forms-submissionssubmissions/deleteincludes\Routes\Submissions.php:42
POST/wp-json/ninja-forms-submissionssubmissions/updateincludes\Routes\Submissions.php:56
POST/wp-json/ninja-forms-submissionssubmissions/restoreincludes\Routes\Submissions.php:70
POST/wp-json/ninja-forms-submissionssubmissions/handle-extraincludes\Routes\Submissions.php:90
POST/wp-json/ninja-forms-submissionsexportincludes\Routes\Submissions.php:110
POST/wp-json/ninja-forms-submissionsdownload-allincludes\Routes\Submissions.php:148
POST/wp-json/ninja-forms-submissionsdelete-download-fileincludes\Routes\Submissions.php:165
POST/wp-json/ninja-forms-submissionsset-submissions-settingsincludes\Routes\Submissions.php:180
GET/wp-json/ninja-forms-submissionsget-submissions-settingsincludes\Routes\Submissions.php:206
POST/wp-json/ninja-forms-submissionsemail-actionincludes\Routes\Submissions.php:212
POST/wp-json/nf-be-datastoreincludes\Routes\Telemetry.php:20

Shortcodes 4

[nf_preview] includes\Display\Shortcodes.php:7
[ninja_form] includes\Display\Shortcodes.php:8
[ninja_forms] includes\Display\Shortcodes.php:9
[ninja_forms_display_form] includes\Display\Shortcodes.php:10
WordPress Hooks 229
actioninitblocks\bootstrap.php:6
actionadmin_enqueue_scriptsblocks\bootstrap.php:104
actionrest_api_initblocks\bootstrap.php:152
actionwp_headblocks\bootstrap.php:419
actioninitblocks\bootstrap.php:484
actionninja_forms_views_check_rotationblocks\bootstrap.php:493
actionadmin_noticesblocks\ninja-forms-blocks.php:9
actionwp_abilities_api_initincludes\Abilities\Abilities.php:2024
actionwp_abilities_api_categories_initincludes\Abilities\Categories.php:53
actionplugins_loadedincludes\Abilities\Integration.php:39
actionmcp_adapter_initincludes\Abilities\Integration.php:42
filtermcp_adapter_default_server_configincludes\Abilities\Integration.php:45
filterninja_forms_custom_columnsincludes\Abstracts\List.php:26
filterninja_forms_render_optionsincludes\Abstracts\List.php:28
actionadmin_menuincludes\Abstracts\Menu.php:64
filterkbj_testincludes\Abstracts\MergeTags.php:45
filterninja_forms_render_default_valueincludes\Abstracts\MergeTags.php:47
filterninja_forms_run_action_settingsincludes\Abstracts\MergeTags.php:49
filterninja_forms_run_action_settings_previewincludes\Abstracts\MergeTags.php:50
filterninja_forms_calc_settingincludes\Abstracts\MergeTags.php:52
filterninja_forms_merge_tagsincludes\Abstracts\MergeTags.php:55
actioninitincludes\Abstracts\Metabox.php:25
actionsave_postincludes\Abstracts\Metabox.php:27
actionadd_meta_boxesincludes\Abstracts\Metabox.php:29
filterninja_forms_collect_payment_processincludes\Abstracts\PaymentGateway.php:16
actionrest_api_initincludes\Abstracts\Routes.php:14
actioninitincludes\Abstracts\SotAction.php:49
actioninitincludes\Abstracts\SotActionNewsletter.php:47
actionadmin_menuincludes\Abstracts\Submenu.php:72
actioninitincludes\Abstracts\SubmissionMetabox.php:21
actionadd_meta_boxesincludes\Abstracts\SubmissionMetabox.php:27
actionsave_postincludes\Abstracts\SubmissionMetabox.php:28
filterninja_forms_render_default_valueincludes\Abstracts\UserInfo.php:43
actioninitincludes\Actions\Akismet.php:37
filterninja_forms_action_type_settingsincludes\Actions\Akismet.php:38
actioninitincludes\Actions\CollectPayment.php:42
actionninja_forms_loadedincludes\Actions\CollectPayment.php:47
filterninja_forms_action_type_settingsincludes\Actions\CollectPayment.php:49
actioninitincludes\Actions\CollectPayment.php:113
actioninitincludes\Actions\Custom.php:34
actioninitincludes\Actions\DeleteDataRequest.php:34
actioninitincludes\Actions\Email.php:34
filterninja_forms_sub_csv_delimiterincludes\Actions\Email.php:452
filterninja_sub_csv_enclosureincludes\Actions\Email.php:453
filterninja_sub_csv_terminatorincludes\Actions\Email.php:454
filterninja_forms_action_email_attachmentsincludes\Actions\Email.php:455
actioninitincludes\Actions\ExportDataRequest.php:34
actioninitincludes\Actions\GoogleAnalytics.php:34
actioninitincludes\Actions\Recaptcha.php:60
filterninja_forms_action_type_settingsincludes\Actions\Recaptcha.php:62
actionnf_get_form_idincludes\Actions\Recaptcha.php:64
filterninja_forms_display_fieldsincludes\Actions\Recaptcha.php:66
filterninja_forms_form_fieldsincludes\Actions\Recaptcha.php:67
filterninja_forms_field_show_in_builderincludes\Actions\Recaptcha.php:68
actionninja_forms_output_templatesincludes\Actions\Recaptcha.php:69
filternf_display_enqueue_scriptsincludes\Actions\Recaptcha.php:70
actioninitincludes\Actions\Redirect.php:34
actioninitincludes\Actions\Save.php:34
actioninitincludes\Actions\SuccessMessage.php:34
actionnf_before_import_formincludes\Actions\SuccessMessage.php:36
actionmedia_buttonsincludes\Admin\AddFormModal.php:13
actionadmin_footerincludes\Admin\AddFormModal.php:83
actionadmin_footer-edit.phpincludes\Admin\CPT\DownloadAllSubmissions.php:16
actioninitincludes\Admin\CPT\Submission.php:17
actionadmin_print_stylesincludes\Admin\CPT\Submission.php:19
filterpost_row_actionsincludes\Admin\CPT\Submission.php:22
filtermanage_nf_sub_posts_columnsincludes\Admin\CPT\Submission.php:25
actionmanage_posts_custom_columnincludes\Admin\CPT\Submission.php:28
actionsave_postincludes\Admin\CPT\Submission.php:31
actionadd_meta_boxesincludes\Admin\CPT\Submission.php:33
actionadd_meta_boxesincludes\Admin\CPT\Submission.php:34
filteruser_has_capincludes\Admin\CPT\Submission.php:37
actionwpincludes\Admin\CPT\Submission.php:40
actiontrashed_postincludes\Admin\CPT\Submission.php:45
filteradmin_footer_textincludes\Admin\FooterMessage.php:26
actionadmin_initincludes\Admin\Menus\AddNew.php:17
actionadmin_initincludes\Admin\Menus\Addons.php:18
actionadmin_enqueue_scriptsincludes\Admin\Menus\Dashboard.php:17
actionadmin_enqueue_scriptsincludes\Admin\Menus\Dashboard.php:21
actioncurrent_screenincludes\Admin\Menus\Forms.php:34
actioncurrent_screenincludes\Admin\Menus\Forms.php:35
actionadmin_body_classincludes\Admin\Menus\Forms.php:38
actionadmin_initincludes\Admin\Menus\Forms.php:39
actioninitincludes\Admin\Menus\ImportExport.php:16
actioninitincludes\Admin\Menus\ImportExport.php:17
actioninitincludes\Admin\Menus\ImportExport.php:19
actioninitincludes\Admin\Menus\ImportExport.php:20
filterninja_forms_before_import_fieldsincludes\Admin\Menus\ImportExport.php:22
actionadmin_initincludes\Admin\Menus\ImportExport.php:26
actionadmin_initincludes\Admin\Menus\Licenses.php:12
actionadmin_initincludes\Admin\Menus\Licenses.php:13
actionadmin_initincludes\Admin\Menus\Licenses.php:14
actionadmin_initincludes\Admin\Menus\MockData.php:18
actionadmin_initincludes\Admin\Menus\Settings.php:18
actionadmin_body_classincludes\Admin\Menus\Settings.php:21
filternf_admin_noticesincludes\Admin\Menus\Settings.php:24
filtermanage_nf_sub_posts_columnsincludes\Admin\Menus\Submissions.php:46
actionmanage_posts_custom_columnincludes\Admin\Menus\Submissions.php:48
filtermonths_dropdown_resultsincludes\Admin\Menus\Submissions.php:50
actionrestrict_manage_postsincludes\Admin\Menus\Submissions.php:52
filterparse_queryincludes\Admin\Menus\Submissions.php:54
filterposts_clausesincludes\Admin\Menus\Submissions.php:56
filterbulk_actions-edit-nf_subincludes\Admin\Menus\Submissions.php:58
actionadmin_footer-edit.phpincludes\Admin\Menus\Submissions.php:60
actionload-edit.phpincludes\Admin\Menus\Submissions.php:62
actionadmin_headincludes\Admin\Menus\Submissions.php:64
actionviews_edit-nf_subincludes\Admin\Menus\Submissions.php:67
filterbulk_actions-edit-nf_subincludes\Admin\Menus\Submissions.php:72
actionadmin_enqueue_scriptsincludes\Admin\Menus\Submissions.php:74
actionadmin_body_classincludes\Admin\Menus\Submissions.php:79
actionadmin_enqueue_scriptsincludes\Admin\Menus\Submissions.php:81
actioncurrent_screenincludes\Admin\Menus\Submissions.php:83
actionadmin_initincludes\Admin\Menus\Welcome.php:17
actionadmin_initincludes\Admin\Menus\Welcome.php:18
actionadmin_enqueue_scriptsincludes\Admin\Menus\Welcome.php:20
filterthe_contentincludes\Admin\Metaboxes\AppendAForm.php:13
filternf_react_table_extra_value_keysincludes\Admin\Metaboxes\Calculations.php:36
actionadmin_initincludes\Admin\Notices.php:34
actionadmin_initincludes\Admin\Notices.php:37
filterwp_privacy_personal_data_exportersincludes\Admin\UserDataRequests.php:34
filterwp_privacy_personal_data_erasersincludes\Admin\UserDataRequests.php:37
actioninitincludes\Admin\VersionCompatibilityCheck.php:44
filternf_admin_noticesincludes\Admin\VersionCompatibilityCheck.php:61
actionplugins_loadedincludes\AJAX\Controllers\Form.php:9
filterheartbeat_receivedincludes\AJAX\Controllers\Onboarding.php:15
filternf_onboarding_step_nowincludes\AJAX\Controllers\Onboarding.php:17
filternf_onboarding_page_nowincludes\AJAX\Controllers\Onboarding.php:18
filterninja_forms_check_setting_show_welcomeincludes\AJAX\Controllers\Onboarding.php:20
actionninja_forms_save_setting_show_welcomeincludes\AJAX\Controllers\Onboarding.php:21
filterninja_forms_current_user_is_onboardingincludes\AJAX\Controllers\Onboarding.php:22
filterninja_forms_run_action_settingsincludes\AJAX\Controllers\Preview.php:12
actioninitincludes\AJAX\Controllers\Submission.php:16
actionninja_forms_before_import_formincludes\Database\Models\Form.php:32
actionadmin_noticesincludes\Database\Models\Form.php:227
actionnf_submission_expiration_cronincludes\Database\SubmissionExpirationCron.php:19
actionpre_get_postsincludes\Display\Preview.php:18
filterthe_titleincludes\Display\Preview.php:20
filterthe_contentincludes\Display\Preview.php:23
filterget_the_excerptincludes\Display\Preview.php:24
filtertemplate_redirectincludes\Display\Preview.php:26
filterpost_thumbnail_htmlincludes\Display\Preview.php:28
actionwp_footerincludes\Display\Render.php:66
actionwp_footerincludes\Display\Render.php:608
filterninja_forms_custom_columnsincludes\Fields\Checkbox.php:38
filternf_sub_hidden_field_typesincludes\Fields\Confirm.php:29
filternf_sub_hidden_field_typesincludes\Fields\CreditCardCVC.php:27
filternf_sub_hidden_field_typesincludes\Fields\CreditCardExpiration.php:28
filternf_sub_hidden_field_typesincludes\Fields\CreditCardFullName.php:27
filternf_sub_hidden_field_typesincludes\Fields\CreditCardNumber.php:27
filternf_sub_hidden_field_typesincludes\Fields\CreditCardZip.php:25
filterninja_forms_localize_field_dateincludes\Fields\Date.php:32
filterninja_forms_localize_field_date_previewincludes\Fields\Date.php:33
filterninja_forms_custom_columnsincludes\Fields\Date.php:34
filternf_sub_hidden_field_typesincludes\Fields\Hcaptcha.php:96
filternf_sub_hidden_field_typesincludes\Fields\hr.php:29
filternf_sub_hidden_field_typesincludes\Fields\HTML.php:43
filterninja_forms_localize_field_htmlincludes\Fields\HTML.php:44
filterninja_forms_localize_field_html_previewincludes\Fields\HTML.php:45
filterninja_forms_custom_columnsincludes\Fields\ListCountry.php:37
filterninja_forms_localize_field_listimageincludes\Fields\ListImage.php:36
filterninja_forms_localize_field_listimage_previewincludes\Fields\ListImage.php:38
filternf_sub_hidden_field_typesincludes\Fields\Note.php:49
filternf_sub_hidden_field_typesincludes\Fields\Password.php:24
filterninja_forms_csv_ignore_fieldsincludes\Fields\Password.php:25
filternf_sub_hidden_field_typesincludes\Fields\PasswordConfirm.php:30
filterninja_forms_csv_ignore_fieldsincludes\Fields\PasswordConfirm.php:31
filterninja_forms_merge_tag_value_productincludes\Fields\Product.php:36
filterninja_forms_custom_columnsincludes\Fields\Product.php:38
filterninja_forms_merge_tag_calc_value_productincludes\Fields\Product.php:39
filternf_sub_hidden_field_typesincludes\Fields\Recaptcha.php:48
filterninja_forms_localize_field_settings_repeaterincludes\Fields\Repeater.php:30
filterninja_forms_custom_columnsincludes\Fields\Repeater.php:32
filterninja-forms-field-settings-groupsincludes\Fields\Shipping.php:32
filterninja_forms_merge_tag_value_shippingincludes\Fields\Shipping.php:34
filterninja_forms_pdf_field_valueincludes\Fields\Signature.php:106
filterninja_forms_pdf_field_value_wpautopincludes\Fields\Signature.php:109
filterninja_forms_get_html_safe_fieldsincludes\Fields\Signature.php:112
filterninja_forms_custom_columnsincludes\Fields\Signature.php:115
filternf_sub_hidden_field_typesincludes\Fields\Spam.php:39
filternf_sub_hidden_field_typesincludes\Fields\Submit.php:30
actionadmin_initincludes\Fields\Terms.php:40
filterninja_forms_display_fieldincludes\Fields\Terms.php:43
filternf_sub_hidden_field_typesincludes\Fields\Turnstile.php:92
filternf_sub_hidden_field_typesincludes\Fields\Unknown.php:42
filterninja_forms_settings_licenses_addonsincludes\Integrations\EDD\class-extension-updater.php:45
filternf_admin_noticesincludes\Integrations\EDD\class-extension-updater.php:94
filterupgrader_pre_installincludes\Integrations\EDD\class-extension-updater.php:174
filterpre_set_site_transient_update_pluginsincludes\Integrations\EDD\EDD_SL_Plugin_Updater.php:63
filterplugins_apiincludes\Integrations\EDD\EDD_SL_Plugin_Updater.php:64
actionadmin_initincludes\Integrations\EDD\EDD_SL_Plugin_Updater.php:67
filterpre_set_site_transient_update_pluginsincludes\Integrations\EDD\EDD_SL_Plugin_Updater.php:204
filtercron_schedulesincludes\Libraries\BackgroundProcessing\classes\wp-background-process.php:64
actionplugins_loadedincludes\Libraries\Session\wp-session.php:84
actionshutdownincludes\Libraries\Session\wp-session.php:119
actionwp_session_garbage_collectionincludes\Libraries\Session\wp-session.php:166
actionwpincludes\Libraries\Session\wp-session.php:176
actionadmin_noticesincludes\Libraries\Whip\NF_Php_Version_Whip.php:20
filterninja_forms_calc_settingincludes\MergeTags\Calcs.php:16
filterninja_forms_calc_settingincludes\MergeTags\Fields.php:28
actionninja_forms_save_subincludes\MergeTags\Form.php:23
actionnf_get_form_idincludes\MergeTags\Form.php:26
actioninitincludes\MergeTags\Other.php:16
filterwp_session_expiration_variantincludes\Session.php:57
filterwp_session_expirationincludes\Session.php:58
actionwidgets_initincludes\Widget.php:118
filtertemplate_includeninja-forms.php:355
actioninitninja-forms.php:451
actionadmin_noticesninja-forms.php:460
actionplugins_loadedninja-forms.php:462
actionninja_forms_available_actionsninja-forms.php:464
actioninitninja-forms.php:466
actioninitninja-forms.php:467
actionadmin_initninja-forms.php:468
actionadmin_enqueue_scriptsninja-forms.php:469
actionnf_weekly_promotion_updateninja-forms.php:476
actionactivated_pluginninja-forms.php:477
actionadmin_initninja-forms.php:482
actionadmin_initninja-forms.php:485
actionadmin_initninja-forms.php:486
filterninja_forms_dashboard_menu_itemsninja-forms.php:548
filterninja_forms_required_updatesninja-forms.php:551
filterninja_forms_required_updatesninja-forms.php:552
actionnf_optin_cronninja-forms.php:1259
filtercron_schedulesninja-forms.php:1279
actionwpninja-forms.php:1287
actionnf_marketing_feed_cronninja-forms.php:1304
actionupgrader_process_completeninja-forms.php:1322
actionin_admin_headerninja-forms.php:1337
actionadmin_enqueue_scriptsservices\bootstrap.php:18

Scheduled Events 6

ninja_forms_views_check_rotation
nf_submission_expiration_cron
wp_session_garbage_collection
nf_weekly_promotion_update
nf_optin_cron
nf_marketing_feed_cron
Maintenance & Trust

Ninja Forms – The Contact Form Builder That Grows With You Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 5, 2026
PHP min version7.4
Downloads58.7M

Community Trust

Rating88/100
Number of ratings1,384
Active installs600K
Alternatives

Ninja Forms – The Contact Form Builder That Grows With You Alternatives

FormFacade – Embed Google Forms in your website

FormFacade – Embed Google Forms in your website

formfacade

B
72

Embed Google Forms™ in your wordpress site

1K 1 unpatched
WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More

WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More

wpforms-lite

A
90

The best WordPress contact form plugin. Drag & Drop form builder to create beautiful contact forms, payment forms, & other custom forms.

6.0M 13 CVEs
Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder

Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder

fluentform

B
82

Get a fast contact form plugin. Create advanced forms using drag and drop form builder with all smart features.

600K 27 CVEs
SureForms – Contact Form, Payment Form & Other Custom Form Builder

SureForms – Contact Form, Payment Form & Other Custom Form Builder

sureforms

A
88

The most beginner-friendly, AI Form Builder for WordPress to create contact forms, payment forms & other custom forms with advanced features, with &hellip;

400K 15 CVEs
Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder

Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder

everest-forms

B
84

The best WordPress form builder. Create contact forms, payment forms, conversational forms, custom forms, surveys, & quizzes using drag and drop.

100K 12 CVEs
Developer Profile

Ninja Forms – The Contact Form Builder That Grows With You Developer Profile

Kevin Stover

5 plugins · 610K total installs

69
trust score
Avg Security Score
85/100
Avg Patch Time
1017 days
View full developer profile
Detection Fingerprints

How We Detect Ninja Forms – The Contact Form Builder That Grows With You

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/ninja-forms/assets/css/admin-notices.css/wp-content/plugins/ninja-forms/assets/css/admin.css/wp-content/plugins/ninja-forms/assets/css/builder.css/wp-content/plugins/ninja-forms/assets/css/dashboard.css/wp-content/plugins/ninja-forms/assets/css/field.css/wp-content/plugins/ninja-forms/assets/css/form.css/wp-content/plugins/ninja-forms/assets/css/global.css/wp-content/plugins/ninja-forms/assets/css/legacy.css+30 more
Script Paths
/wp-content/plugins/ninja-forms/assets/js/apps/admin/main.js/wp-content/plugins/ninja-forms/assets/js/apps/shared/form-settings.js/wp-content/plugins/ninja-forms/assets/js/apps/shared/form-settings/components/Date.js/wp-content/plugins/ninja-forms/assets/js/apps/shared/form-settings/components/Select.js/wp-content/plugins/ninja-forms/assets/js/apps/shared/form-settings/components/Text.js/wp-content/plugins/ninja-forms/assets/js/components/Date.js+22 more
Version Parameters
/wp-content/plugins/ninja-forms/assets/css/admin-notices.css?ver=/wp-content/plugins/ninja-forms/assets/css/admin.css?ver=/wp-content/plugins/ninja-forms/assets/css/builder.css?ver=/wp-content/plugins/ninja-forms/assets/css/dashboard.css?ver=/wp-content/plugins/ninja-forms/assets/css/field.css?ver=/wp-content/plugins/ninja-forms/assets/css/form.css?ver=/wp-content/plugins/ninja-forms/assets/css/global.css?ver=/wp-content/plugins/ninja-forms/assets/css/legacy.css?ver=/wp-content/plugins/ninja-forms/assets/css/modal.css?ver=/wp-content/plugins/ninja-forms/assets/css/styles.css?ver=/wp-content/plugins/ninja-forms/assets/js/apps/admin/main.js?ver=/wp-content/plugins/ninja-forms/assets/js/apps/shared/form-settings.js?ver=/wp-content/plugins/ninja-forms/assets/js/apps/shared/form-settings/components/Date.js?ver=/wp-content/plugins/ninja-forms/assets/js/apps/shared/form-settings/components/Select.js?ver=/wp-content/plugins/ninja-forms/assets/js/apps/shared/form-settings/components/Text.js?ver=/wp-content/plugins/ninja-forms/assets/js/components/Date.js?ver=/wp-content/plugins/ninja-forms/assets/js/components/Select.js?ver=/wp-content/plugins/ninja-forms/assets/js/components/Text.js?ver=/wp-content/plugins/ninja-forms/assets/js/framework/main.js?ver=/wp-content/plugins/ninja-forms/assets/js/forms/settings/Date.js?ver=/wp-content/plugins/ninja-forms/assets/js/forms/settings/Select.js?ver=/wp-content/plugins/ninja-forms/assets/js/forms/settings/Text.js?ver=/wp-content/plugins/ninja-forms/assets/js/main.js?ver=/wp-content/plugins/ninja-forms/assets/js/plugins/date/Date.js?ver=/wp-content/plugins/ninja-forms/assets/js/plugins/select/Select.js?ver=/wp-content/plugins/ninja-forms/assets/js/plugins/text/Text.js?ver=/wp-content/plugins/ninja-forms/assets/js/ready.js?ver=/wp-content/plugins/ninja-forms/assets/js/repeater.js?ver=/wp-content/plugins/ninja-forms/assets/js/shared/form-settings/components/Date.js?ver=/wp-content/plugins/ninja-forms/assets/js/shared/form-settings/components/Select.js?ver=/wp-content/plugins/ninja-forms/assets/js/shared/form-settings/components/Text.js?ver=/wp-content/plugins/ninja-forms/assets/js/shared/modules/Date.js?ver=/wp-content/plugins/ninja-forms/assets/js/shared/modules/Select.js?ver=/wp-content/plugins/ninja-forms/assets/js/shared/modules/Text.js?ver=/wp-content/plugins/ninja-forms/assets/js/shared/plugins/Date.js?ver=/wp-content/plugins/ninja-forms/assets/js/shared/plugins/Select.js?ver=/wp-content/plugins/ninja-forms/assets/js/shared/plugins/Text.js?ver=/wp-content/plugins/ninja-forms/assets/js/vendor/sweetalert2.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
nf-form-wrapnf-form-titlenf-form-fieldsnf-field-labelnf-field-inputnf-field-wrapnf-submit-wrapnf-errors+12 more
HTML Comments
<!-- Ninja Forms --><!-- Ninja Forms Start Form --><!-- Ninja Forms End Form --><!-- Ninja Forms Settings -->+2 more
Data Attributes
data-field-iddata-form-iddata-nf-field-typedata-nf-settingsdata-nf-repeater-id
JS Globals
nfFormsninjaFormsnfFormsControllerNF_AdminNF_BuilderNF_Date+3 more
REST Endpoints
/wp-json/ninja-forms/v1/forms/wp-json/ninja-forms/v1/settings/wp-json/ninja-forms/v1/fields/wp-json/ninja-forms/v1/actions/wp-json/ninja-forms/v1/submissions
Shortcode Output
[ninja_forms_display_form id=
FAQ

Frequently Asked Questions about Ninja Forms – The Contact Form Builder That Grows With You