Normalized Forms with Captcha Security & Risk Analysis
wordpress.org/plugins/normalized-forms-with-captchaCustom Responsive Contact, Login & Register Forms with Captcha. Redirection of Register and Login links to a theme based Register page.
Is Normalized Forms with Captcha Safe to Use in 2026?
Generally Safe
Score 100/100Normalized Forms with Captcha has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "normalized-forms-with-captcha" v1.0 plugin exhibits a generally good security posture with some notable areas for improvement. The absence of known CVEs and a history free of past vulnerabilities is a strong positive indicator. All identified SQL queries are properly prepared, and there are no external HTTP requests, which significantly reduces common attack vectors. The presence of nonce checks is also commendable.
However, the static analysis reveals potential concerns. While the attack surface of entry points is small and currently unprotected entry points are zero, the 2 identified flows with unsanitized paths in the taint analysis, despite not reaching critical or high severity, warrant attention. These could indicate subtle vulnerabilities if not handled carefully. Furthermore, the output escaping is only 58% properly done, suggesting a moderate risk of cross-site scripting (XSS) vulnerabilities in the unescaped outputs. The lack of capability checks on any of the entry points means that if an entry point were to become vulnerable, it might be accessible to unauthenticated users.
In conclusion, the plugin has a solid foundation with good practices in place regarding SQL and external requests. The primary areas of concern are the unsanitized paths in taint flows and the less than ideal output escaping. Addressing these points would significantly strengthen the plugin's security.
Key Concerns
- Flows with unsanitized paths (taint analysis)
- Low output escaping percentage
- No capability checks on entry points
Normalized Forms with Captcha Security Vulnerabilities
Normalized Forms with Captcha Code Analysis
Output Escaping
Data Flow Analysis
Normalized Forms with Captcha Attack Surface
Shortcodes 3
WordPress Hooks 11
Maintenance & Trust
Normalized Forms with Captcha Maintenance & Trust
Maintenance Signals
Community Trust
Normalized Forms with Captcha Alternatives
Ninja Forms – The Contact Form Builder That Grows With You
ninja-forms
The 100% beginner friendly WordPress form builder. Drag & drop form fields to build beautiful, professional contact forms in minutes.
Spam protection, Honeypot, Anti-Spam by CleanTalk
cleantalk-spam-protect
Blocks spam comments, fake users, contact form spam and more. No impact on SEO. Privacy focused. CAPTCHA free, premium Antispam plugin.
ReCaptcha v2 for Contact Form 7
wpcf7-recaptcha
Adds reCaptcha v2 from Contact Form 7 5.0.5 that was dropped on Contact Form 7 5.1
Contact Form 7 Captcha
contact-form-7-simple-recaptcha
Protect your Contact Form 7 forms with Google reCAPTCHA V2, Google reCAPTCHA V3, hCAPTCHA, or Cloudflare Turnstile.
Invisible reCaptcha for WordPress
invisible-recaptcha
Invisible reCaptcha for WordPress plugin helps you to protect your sites against bad spam bots using the new Invisible reCaptcha by Google.
Normalized Forms with Captcha Developer Profile
1 plugin · 10 total installs
How We Detect Normalized Forms with Captcha
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/normalized-forms-with-captcha/images/textimage.jpgHTML / DOM Fingerprints
gwb_login_submitid="lost-password"id="gwb_login_submit"<form action="" method="post"><input type="hidden" name="gwb_login_nonce"<input type="hidden" name="gwb_register_nonce"