Nino contact form Security & Risk Analysis
wordpress.org/plugins/nino-contact-formThe easiest way to get contact form to your site.
Is Nino contact form Safe to Use in 2026?
Generally Safe
Score 85/100Nino contact form has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The 'nino-contact-form' plugin version 1.0.2 exhibits a concerning security posture despite having no recorded vulnerabilities. The static analysis reveals a significant lack of security controls, particularly in the handling of its AJAX endpoint, which lacks any authentication or capability checks. This direct entry point, combined with the use of the `create_function` dangerous function, presents a substantial risk of arbitrary code execution or other malicious actions if an attacker can control the input to this endpoint. Furthermore, the extremely low percentage of properly escaped output (1%) indicates a high likelihood of Cross-Site Scripting (XSS) vulnerabilities across the plugin's functionality, even if not directly evident in the limited taint analysis provided.
While the plugin's vulnerability history is clean, this is likely a reflection of its limited exposure or recent release rather than robust security. The presence of critical security weaknesses in the code itself, such as the unprotected AJAX handler and widespread output escaping issues, far outweighs the absence of historical CVEs. The plugin has several critical weaknesses that require immediate attention to mitigate the risk of exploitation. The plugin's strength lies in its use of prepared statements for SQL queries and lack of file operations or external HTTP requests, but these are overshadowed by the critical security flaws.
Key Concerns
- AJAX handler without auth checks
- Dangerous function: create_function
- Very low output escaping percentage
- No nonce checks on AJAX
- No capability checks
Nino contact form Security Vulnerabilities
Nino contact form Release Timeline
Nino contact form Code Analysis
Dangerous Functions Found
Output Escaping
Data Flow Analysis
Nino contact form Attack Surface
AJAX Handlers 1
Shortcodes 1
WordPress Hooks 6
Maintenance & Trust
Nino contact form Maintenance & Trust
Maintenance Signals
Community Trust
Nino contact form Alternatives
Lana Contact Form
lana-contact-form
Easy to use contact form with captcha
FreeContactFormDotCom
freecontactformdotcom
A simple free contact form with text-based spam prevention.
Modern-I Contact Form
modern-i-infotech-contact-form
Moderni contact form plugin gives a WP most flexible and usable contact form.WP-admin can use either captcha or simple contact form.
woo-shortcode-popup
woo-shortcode-popup
Creates a popup button on woocommerce shop page
Code Sample Contact Form
code-sample-contact-form
This is plugin to create simple contact form.
Nino contact form Developer Profile
1 plugin · 30 total installs
How We Detect Nino contact form
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/nino-contact-form/includes/assets/css/style.css/wp-content/plugins/nino-contact-form/includes/assets/css/nino-contact-form.css/wp-content/plugins/nino-contact-form/includes/assets/js/nino-contact-form.js/wp-content/plugins/nino-contact-form/includes/assets/js/bootstrap.min.js/wp-content/plugins/nino-contact-form/includes/assets/js/contact-form-render-form.jsincludes/assets/js/nino-contact-form.jsincludes/assets/js/bootstrap.min.jsincludes/assets/js/contact-form-render-form.jsHTML / DOM Fingerprints
nino-contactFormnino-alert-successnino-alert-errornino-inputGroupnino-labelnino-requirednino-contact-label-hiddenname="nino-contact-id="nino-contactForm"class="nino-contactForm"class="nino-alert-success"class="nino-alert-error"class="nino-inputGroup"+2 morenino_contact_ajax_object