Does Oumma Contact – Drag & Drop Contact Form Builder have any unpatched vulnerabilities?

No. All known vulnerabilities in Oumma Contact – Drag & Drop Contact Form Builder have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Oumma Contact – Drag & Drop Contact Form Builder compatible with WordPress 6.9.4?

According to WordPress.org data, Oumma Contact – Drag & Drop Contact Form Builder 10.1.2 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Oumma Contact – Drag & Drop Contact Form Builder compatible with PHP 7.4+?

Oumma Contact – Drag & Drop Contact Form Builder requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Oumma Contact – Drag & Drop Contact Form Builder updated?

Oumma Contact – Drag & Drop Contact Form Builder was last updated on Mar 12, 2026. Frequent updates are generally a positive security signal.

What is Oumma Contact – Drag & Drop Contact Form Builder's security score?

Oumma Contact – Drag & Drop Contact Form Builder has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Oumma Contact – Drag & Drop Contact Form Builder Security & Risk Analysis

wordpress.org/plugins/oumma-contact

Lightweight contact form plugin with drag & drop form builder. Anti-spam, beautiful design, 30+ field types, 11 languages. Fast & easy.

0 active installs v10.1.2 PHP 7.4+ WP 5.0+ Updated Mar 12, 2026

contactcontact-formdrag-and-dropemail-formform-builder

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Oumma Contact – Drag & Drop Contact Form Builder Safe to Use in 2026?

Generally Safe

Score 100/100

Oumma Contact – Drag & Drop Contact Form Builder has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 22d ago

Risk Assessment

The "oumma-contact" plugin v10.1.2 presents a mixed security posture. It demonstrates good practices in terms of output escaping, with an exceptionally high rate of properly escaped outputs, and a respectable number of nonce and capability checks. The absence of known vulnerabilities in its history is a positive indicator of past security diligence.

However, the static analysis reveals significant security concerns. The presence of two AJAX handlers lacking authentication checks represents a direct vulnerability that could allow unauthorized users to trigger plugin functionality. Furthermore, the taint analysis identified two flows with unsanitized paths, both classified as high severity. These unsanitized paths, combined with the unprotected AJAX endpoints, suggest a potential for cross-site scripting (XSS) or other injection vulnerabilities if user-supplied data is not properly validated and sanitized before being used in sensitive operations.

While the plugin's history of zero CVEs is a strong point, the immediate findings from the static and taint analysis cannot be ignored. The critical risk stems from the unprotected entry points and the high-severity taint flows, indicating potential for exploitation. A balanced conclusion is that the plugin has some foundational security practices in place, but the identified weaknesses in authentication and input sanitization on specific entry points require immediate attention.

Key Concerns

Unprotected AJAX handlers
High severity unsanitized taint flows

Vulnerabilities

None known

Oumma Contact – Drag & Drop Contact Form Builder Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Oumma Contact – Drag & Drop Contact Form Builder Code Analysis

Dangerous Functions

Raw SQL Queries

6 prepared

Unescaped Output

840 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

38% prepared16 total queries

Output Escaping

98% escaped860 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

9 flows2 with unsanitized paths

activate_license (includes\class-oumc-license.php:214)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Oumma Contact – Drag & Drop Contact Form Builder Attack Surface

Entry Points7

Unprotected2

AJAX Handlers 6

authwp_ajax_oumc_saveincludes\oumc-admin.php:112

authwp_ajax_oumc_rename_formincludes\oumc-admin.php:113

authwp_ajax_oumc_sendincludes\oumc-admin.php:114

noprivwp_ajax_oumc_sendincludes\oumc-admin.php:115

authwp_ajax_oumc_test_smtpincludes\oumc-admin.php:116

authwp_ajax_oumc_reset_design_settingsincludes\oumc-admin.php:117

Shortcodes 1

[oumma-contact] public\class-oumc-shortcode.php:35

WordPress Hooks 33

actionadmin_menuincludes\class-oumc-license.php:71

actionadmin_initincludes\class-oumc-license.php:72

actionadmin_post_oumc_activate_licenseincludes\class-oumc-license.php:73

actionadmin_post_oumc_deactivate_licenseincludes\class-oumc-license.php:74

actionadmin_noticesincludes\class-oumc-license.php:77

actionphpmailer_initincludes\class-oumc-smtp.php:34

actionadmin_menuincludes\oumc-admin.php:98

actionadmin_enqueue_scriptsincludes\oumc-admin.php:99

actionwp_dashboard_setupincludes\oumc-admin.php:100

actionadmin_headincludes\oumc-admin.php:103

actioninitincludes\oumc-admin.php:109

actionadmin_post_oumc_save_settingsincludes\oumc-admin.php:118

actionadmin_post_oumc_send_bugincludes\oumc-admin.php:119

actionadmin_post_oumc_send_supportincludes\oumc-admin.php:120

actionadmin_post_oumc_clear_smtp_logsincludes\oumc-admin.php:121

actionadmin_post_oumc_clear_security_logsincludes\oumc-admin.php:122

actionadmin_post_oumc_export_csvincludes\oumc-admin.php:123

actionadmin_post_oumc_del_oneincludes\oumc-admin.php:124

actionadmin_post_oumc_del_allincludes\oumc-admin.php:125

actionadmin_post_oumc_bulk_deleteincludes\oumc-admin.php:126

actionadmin_post_oumc_del_pjincludes\oumc-admin.php:127

actionadmin_post_oumc_del_formincludes\oumc-admin.php:128

actionadmin_post_oumc_duplicateincludes\oumc-admin.php:129

filterload_textdomain_mofileoumma-contact.php:42

filterload_textdomain_mofileoumma-contact.php:54

actionplugins_loadedoumma-contact.php:112

actioninitoumma-contact.php:114

actionadmin_initoumma-contact.php:116

filterall_pluginsoumma-contact.php:152

actionplugins_loadedoumma-contact.php:187

actioninitoumma-contact.php:219

actionelementor/widgets/registeroumma-contact.php:234

actionwp_enqueue_scriptspublic\class-oumc-shortcode.php:38

Maintenance & Trust

Oumma Contact – Drag & Drop Contact Form Builder Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 12, 2026

PHP min version7.4

Downloads344

Community Trust

Rating100/100

Number of ratings1

Active installs0

Alternatives

Oumma Contact – Drag & Drop Contact Form Builder Alternatives

WPZOOM Forms – Drag & Drop Contact Form Builder for WordPress

wpzoom-forms

100

Drag & drop contact form builder for WordPress. Create contact forms, custom forms, email forms with spam protection. Works with Elementor, shortcodes

10K No CVEs

HT Contact Form – Drag & Drop Form Builder for WordPress

ht-contactform

The easiest drag & drop form builder for WordPress. Create contact forms, surveys, and lead capture forms in minutes with 38+ fields and 21+ integ …

9K 6 CVEs

Hash Form – Drag & Drop Form Builder

hash-form

Create any kind of forms effortlessly with Hash Form – the ultimate drag & drop form builder plugin for WordPress.

4K 5 CVEs

Contact Form Widget

new-contact-form-widget

Create contact forms with query table management. Simple setup, secure submissions, and easy customization for your site.

1K 1 unpatched

Quick Contact Form

quick-contact-form

An easy to set up, plug and play contact form with a huge range of options and styles. A beginner friendly WordPress contact form plugin.

1K 7 CVEs

Developer Profile

Oumma Contact – Drag & Drop Contact Form Builder Developer Profile

oummapro

1 plugin · 0 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Oumma Contact – Drag & Drop Contact Form Builder

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/oumma-contact/css/style.css/wp-content/plugins/oumma-contact/css/jquery-ui.css/wp-content/plugins/oumma-contact/css/select2.min.css/wp-content/plugins/oumma-contact/css/intlTelInput.css/wp-content/plugins/oumma-contact/css/oumma-contact-admin.css/wp-content/plugins/oumma-contact/js/jquery-ui.min.js/wp-content/plugins/oumma-contact/js/select2.min.js/wp-content/plugins/oumma-contact/js/intlTelInput.min.js+2 more

Version Parameters

/wp-content/plugins/oumma-contact/css/style.css?ver=/wp-content/plugins/oumma-contact/css/jquery-ui.css?ver=/wp-content/plugins/oumma-contact/css/select2.min.css?ver=/wp-content/plugins/oumma-contact/css/intlTelInput.css?ver=/wp-content/plugins/oumma-contact/css/oumma-contact-admin.css?ver=/wp-content/plugins/oumma-contact/js/jquery-ui.min.js?ver=/wp-content/plugins/oumma-contact/js/select2.min.js?ver=/wp-content/plugins/oumma-contact/js/intlTelInput.min.js?ver=/wp-content/plugins/oumma-contact/js/oumma-contact.js?ver=/wp-content/plugins/oumma-contact/js/oumma-contact-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

oumma-contact-form-wrapperoumc-field-wrapoumc-radio-groupoumc-checkbox-groupoumc-dropdownoumc-tel-input-containeroumma-contact-title

HTML Comments

Data Attributes

data-oumc-field-typedata-oumc-form-id

JS Globals

oumma_contact_paramsoumma_contact_fields

REST Endpoints

/wp-json/oumma-contact/v1/submit/wp-json/oumma-contact/v1/get-forms

Shortcode Output

<form class="oumma-contact-form"<div class="oumma-contact-form-wrapper"

FAQ