Does NM Contact Forms have any unpatched vulnerabilities?

No. All known vulnerabilities in NM Contact Forms have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is NM Contact Forms compatible with WordPress 5.2.24?

According to WordPress.org data, NM Contact Forms 2.0 has been tested up to WordPress 5.2.24. Check the plugin's changelog for the latest compatibility information.

How often is NM Contact Forms updated?

NM Contact Forms was last updated on Mar 1, 2020. Frequent updates are generally a positive security signal.

What is NM Contact Forms's security score?

NM Contact Forms has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

NM Contact Forms Security & Risk Analysis

wordpress.org/plugins/nm-contact-forms

Contact form plugin. NM contact forms allow you simple contact form integration with two built-in anti-spam solutions. Supports get variable.

200 active installs v2.0 PHP + WP 3.0.1+ Updated Mar 1, 2020

contact-formcontact-form-buildercontact-form-plugincontact-formscontact-us

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is NM Contact Forms Safe to Use in 2026?

Generally Safe

Score 85/100

NM Contact Forms has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago

Risk Assessment

The nm-contact-forms v2.0 plugin exhibits a mixed security posture. While it has a small attack surface and no recorded vulnerabilities or critical taint flows, there are significant concerns regarding output escaping and a lack of capability checks. The plugin's 100% unescaped output presents a high risk of Cross-Site Scripting (XSS) vulnerabilities, as user-supplied data displayed on the frontend is not being properly sanitized. The absence of capability checks is also a major weakness, potentially allowing unauthorized users to perform actions they shouldn't be able to. Despite the positive aspects like the absence of dangerous functions and the use of prepared statements for SQL queries, these critical oversight in output handling and access control greatly undermine the plugin's overall security. The lack of historical vulnerabilities is positive but doesn't mitigate the current, identified risks.

Key Concerns

Output escaping: 0% properly escaped
Capability checks: 0

Vulnerabilities

None known

NM Contact Forms Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

NM Contact Forms Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

206

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped206 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

nm_send (index.php:213)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

NM Contact Forms Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[nm_forms] index.php:43

WordPress Hooks 3

actionadmin_menuindex.php:37

actioninitindex.php:38

actionadmin_initindex.php:42

Maintenance & Trust

NM Contact Forms Maintenance & Trust

Maintenance Signals

WordPress version tested5.2.24

Last updatedMar 1, 2020

PHP min version

Downloads36K

Community Trust

Rating96/100

Number of ratings24

Active installs200

Alternatives

NM Contact Forms Alternatives

Contact Form by Supsystic

contact-form-by-supsystic

Contact Form Builder with drag-and-drop editor to create responsive, mobile ready contact forms in a second. Custom fields and contact form templates

7K 1 unpatched

DigitSix Simple Contact Form

digitsix-simple-contact-form

DigitSix Simple Contact Form is a simple solution for those who need simple contact forms for their website.

30 No CVEs

Contact Form Generator : Creative form builder for WordPress

contact-form-generator

Contact Form Generator is a creative and powerful contact form builder! You will get ready-to-use forms in 5 minutes!

900 3 CVEs

Contact Form Monster

contact-form-monster

Contact form plugin is a simple contact form builder tool, which allows the user to create and edit different contact forms.

200 No CVEs

EngageBay Add-on For Contact Form 7

engagebay-add-on-for-contact-form-7

Send Contact Form 7 submissions to EngageBay automcatically using this plugin. Link any field type with EngageBay including custom fields.

60 No CVEs

Developer Profile

NM Contact Forms Developer Profile

Aidas

1 plugin · 200 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect NM Contact Forms

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/nm-contact-forms/css/front.css

HTML / DOM Fingerprints

CSS Classes

nm_hide

Shortcode Output

[nm_forms

FAQ