Does OmniForm have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is OmniForm compatible with WordPress 6.9.4?

According to WordPress.org data, OmniForm 1.3.3 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is OmniForm compatible with PHP 7.4+?

OmniForm requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is OmniForm updated?

OmniForm was last updated on Jan 7, 2026. Frequent updates are generally a positive security signal.

What is OmniForm's security score?

OmniForm has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

OmniForm Security & Risk Analysis

wordpress.org/plugins/omniform

Easily create and manage custom forms with the block editor, customizable fields, and form submission management for your website.

50 active installs v1.3.3 PHP 7.4+ WP 6.3+ Updated Jan 7, 2026

block-editorcontact-formemailform-builderforms

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is OmniForm Safe to Use in 2026?

Generally Safe

Score 100/100

OmniForm has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago

Risk Assessment

The plugin "omniform" v1.3.3 exhibits a strong security posture based on the provided static analysis and vulnerability history. The absence of any identified critical or high-severity taint flows, dangerous functions, or known CVEs is highly encouraging. The code demonstrates excellent adherence to best practices, with 100% output escaping and a high percentage of SQL queries utilizing prepared statements. The plugin also correctly implements nonce and capability checks for its identified code signals. The limited attack surface and lack of direct file operations further contribute to its positive security profile.

While the overall security is robust, there are no specific vulnerabilities indicated in the static analysis. The presence of file operations and external HTTP requests, although seemingly handled securely based on the absence of taint flows, could theoretically present attack vectors if implemented without proper sanitization. However, with no recorded historical vulnerabilities and all current indicators pointing to secure coding practices, the risk associated with these elements appears minimal.

In conclusion, "omniform" v1.3.3 appears to be a well-secured plugin. The lack of any vulnerabilities, coupled with the diligent implementation of security features like output escaping and prepared statements, suggests a proactive approach to security by the developers. The minimal remaining areas of concern, such as file operations and external requests, are likely handled securely given the overall analysis. This plugin can be considered low risk.

Vulnerabilities

None known

OmniForm Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

OmniForm Release Timeline

v1.3.4

v1.3.3Current

v1.3.2

v1.3.1

v1.3.0

v1.2.1

v1.2.0

v1.1.0

v1.0.5

v1.0.4

v1.0.3

v1.0.2

Code Analysis

Analyzed Mar 16, 2026

OmniForm Code Analysis

Dangerous Functions

Raw SQL Queries

5 prepared

Unescaped Output

80 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

83% prepared6 total queries

Output Escaping

100% escaped80 total outputs

Attack Surface

OmniForm Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 38

actionomniform_activateincludes\Analytics\AnalyticsServiceProvider.php:64

actionadmin_initincludes\Analytics\AnalyticsServiceProvider.php:65

actiondelete_postincludes\Analytics\AnalyticsServiceProvider.php:67

actioninitincludes\BlockLibrary\BlockLibraryServiceProvider.php:45

actionadmin_initincludes\BlockLibrary\BlockLibraryServiceProvider.php:46

filterblock_categories_allincludes\BlockLibrary\BlockLibraryServiceProvider.php:48

filterblock_type_metadata_settingsincludes\BlockLibrary\BlockLibraryServiceProvider.php:49

filterwp_theme_json_data_blocksincludes\BlockLibrary\BlockLibraryServiceProvider.php:51

filteromniform_filtered_request_paramsincludes\BlockLibrary\Blocks\Captcha.php:34

actioninitincludes\FormTypes\FormTypesServiceProvider.php:47

actioninitincludes\FormTypes\FormTypesServiceProvider.php:48

filterblock_editor_settings_allincludes\FormTypes\FormTypesServiceProvider.php:50

filterrender_blockincludes\Plugin\Form.php:269

actionadmin_enqueue_scriptsincludes\Plugin\PluginServiceProvider.php:100

actioninitincludes\Plugin\PluginServiceProvider.php:101

actioninitincludes\Plugin\PluginServiceProvider.php:102

actioninitincludes\Plugin\PluginServiceProvider.php:103

actionrest_api_initincludes\Plugin\PluginServiceProvider.php:104

filterthe_contentincludes\Plugin\PluginServiceProvider.php:105

actionadmin_initincludes\Plugin\PluginServiceProvider.php:107

actionomniform_response_createdincludes\Plugin\PluginServiceProvider.php:110

actionomniform_response_createdincludes\Plugin\PluginServiceProvider.php:124

actionomniform_form_renderincludes\Plugin\PluginServiceProvider.php:139

filtermanage_omniform_posts_columnsincludes\Plugin\PluginServiceProvider.php:154

actionmanage_omniform_posts_custom_columnincludes\Plugin\PluginServiceProvider.php:173

actionmanage_omniform_posts_custom_columnincludes\Plugin\PluginServiceProvider.php:201

actionmanage_omniform_posts_custom_columnincludes\Plugin\PluginServiceProvider.php:235

filterpost_row_actionsincludes\Plugin\PluginServiceProvider.php:257

filtermanage_omniform_response_posts_columnsincludes\Plugin\PluginServiceProvider.php:279

actionmanage_omniform_response_posts_custom_columnincludes\Plugin\PluginServiceProvider.php:293

actionmanage_omniform_response_posts_custom_columnincludes\Plugin\PluginServiceProvider.php:327

actionadd_meta_boxes_omniform_responseincludes\Plugin\PluginServiceProvider.php:344

filterparse_queryincludes\Plugin\PluginServiceProvider.php:354

actionedit_form_after_editorincludes\Plugin\PluginServiceProvider.php:384

filterallowed_block_types_allincludes\Plugin\PluginServiceProvider.php:399

filterblock_type_metadataincludes\Plugin\PluginServiceProvider.php:452

actionadmin_noticesincludes\Plugin\PluginServiceProvider.php:730

filtershould_load_remote_block_patternsincludes\Plugin\PluginServiceProvider.php:857

Maintenance & Trust

OmniForm Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 7, 2026

PHP min version7.4

Downloads4K

Community Trust

Rating0/100

Number of ratings0

Active installs50

Alternatives

OmniForm Alternatives

WPZOOM Forms – Drag & Drop Contact Form Builder for WordPress

wpzoom-forms

100

Drag & drop contact form builder for WordPress. Create contact forms, custom forms, email forms with spam protection. Works with Elementor, shortcodes

10K No CVEs

VPSUForm – Drag & Drop Contact Form Builder with Email Automation

v-form

A lightweight drag-and-drop WordPress form builder with email automation, conditional logic, spam protection, and full lead management.

200 7 CVEs

Forms Rb

forms-rb

Forms Rb - the most simple way to create a hosted form, contact form, order form, support form. Simple contact form setup and form fields management

100 1 unpatched

GenForm – Drag & Drop Form Builder

genform

100

The lightweight drag-and-drop form builder for WordPress. Create contact forms, feedback forms, bookings, and more — no coding required.

20 No CVEs

Weavely – Build Forms in Figma

weavely

Turn Figma designs into custom forms, effortlessly embed in WordPress. Elevate user experience with unique designs.

10 No CVEs

Developer Profile

OmniForm Developer Profile

JR Tashjian

6 plugins · 170 total installs

trust score

Avg Security Score

90/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect OmniForm

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/omniform/assets/css/style.css/wp-content/plugins/omniform/assets/css/editor.css/wp-content/plugins/omniform/assets/js/block.js/wp-content/plugins/omniform/assets/js/editor.js

Script Paths

https://js.hcaptcha.com/1/api.jshttps://www.google.com/recaptcha/api.jshttps://challenges.cloudflare.com/turnstile/v0/api.js

Version Parameters

omniform/style.css?ver=omniform/editor.css?ver=omniform/block.js?ver=omniform/editor.js?ver=

HTML / DOM Fingerprints

CSS Classes

wp-block-omniform-formwp-block-omniform-captchaomniform-field-wrapomniform-field-labelomniform-field-inputomniform-submit-buttonh-captchag-recaptcha+1 more

HTML Comments

Field wrapper: %sForm wrapper: %sForm submission: %sOmniForm Block: %s

Data Attributes

data-servicedata-sitekeydata-themedata-sizedata-form-iddata-form-instance-id+1 more

JS Globals

omniformCaptchaOnLoadomniform

REST Endpoints

/wp-json/omniform/v1/forms/wp-json/omniform/v1/settings

FAQ