Om Contact Form Security & Risk Analysis
wordpress.org/plugins/om-contact-formVersion 01.0.06 Requires at least: 3.0.1 Author URI http://sanditsolution.com/about.html Tested up to: 4.6.0 Stable tag: 4.6.
Is Om Contact Form Safe to Use in 2026?
Generally Safe
Score 85/100Om Contact Form has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
This plugin exhibits a concerning security posture, primarily due to a significant lack of input validation and access control across its entry points. The static analysis reveals a substantial attack surface with 4 out of 5 entry points (AJAX handlers and shortcodes) lacking any authentication or capability checks. Furthermore, all SQL queries are executed without prepared statements, posing a high risk of SQL injection vulnerabilities. The complete absence of output escaping is equally alarming, indicating that any data processed by the plugin could be directly reflected in the user's browser, leading to cross-site scripting (XSS) attacks.
The taint analysis shows 4 flows with unsanitized paths, which, when combined with the lack of escaping and authentication, strongly suggests potential vulnerabilities that could be exploited. The absence of any recorded historical vulnerabilities, while seemingly positive, does not negate the current risks. It may indicate that the plugin has not been thoroughly audited or has not been targeted previously. Therefore, despite the lack of known CVEs, the plugin's current implementation presents significant security weaknesses that require immediate attention.
Key Concerns
- AJAX handlers without auth checks
- SQL queries without prepared statements
- Output escaping not properly handled
- Flows with unsanitized paths (total)
- Missing nonce checks on AJAX
- Missing capability checks
Om Contact Form Security Vulnerabilities
Om Contact Form Code Analysis
SQL Query Safety
Output Escaping
Data Flow Analysis
Om Contact Form Attack Surface
AJAX Handlers 4
Shortcodes 1
WordPress Hooks 5
Maintenance & Trust
Om Contact Form Maintenance & Trust
Maintenance Signals
Community Trust
Om Contact Form Alternatives
Front End PM
front-end-pm
Front End PM is a Private Messaging system and a secure contact form to your WordPress site.This is full functioning messaging system from front end.
Fast Secure Contact Form Newsletter
contact-form-newsletter
Easily add your Fast Secure Contact Form submissions to Constant Contact email marketing lists.
Whistleblowing & Contact Form – Secure, Anonymous, Drag & Drop Builder
whistleblowing-system
Create anonymous whistleblowing or standard contact forms with free conditional logic and secure two-way messaging. GDPR-compliant and responsive.
BeepMate – Forms to your messaging app
beepmate
Automatically send WordPress form submissions to WhatsApp instead of or alongside emails. Get instant notifications and respond to inquiries quickly.
Business Messaging for WbizTool
business-messaging-for-wbiztool
Send automated business messages for WooCommerce orders, Contact Form 7 submissions, WP Amelia bookings, and more. Professional templates included.
Om Contact Form Developer Profile
5 plugins · 40 total installs
How We Detect Om Contact Form
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/om-contact-form/js/om_script.js/wp-content/plugins/om-contact-form/css/om_style.css/wp-content/plugins/om-contact-form/js/om_admin_script.js/wp-content/plugins/om-contact-form/css/om_admin_style.css/wp-content/plugins/om-contact-form/css/jquery-ui.css/wp-content/plugins/om-contact-form/js/om_script.js/wp-content/plugins/om-contact-form/js/om_admin_script.jsom-contact-form/js/om_script.js?ver=1.0.0om-contact-form/css/om_style.css?ver=1.0.1om-contact-form/js/om_admin_script.js?ver=1.0.0om-contact-form/css/om_admin_style.css?ver=1.0.0om-contact-form/css/jquery-ui.css?ver=1.0.0HTML / DOM Fingerprints
om_from_ajax_scriptom_admin_pagination_call[om_contact_form]