Does PDF for WPForms + Drag and Drop Template Builder have any unpatched vulnerabilities?

No. All known vulnerabilities in PDF for WPForms + Drag and Drop Template Builder have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is PDF for WPForms + Drag and Drop Template Builder compatible with WordPress 6.9.4?

According to WordPress.org data, PDF for WPForms + Drag and Drop Template Builder 6.5.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is PDF for WPForms + Drag and Drop Template Builder compatible with PHP 5.6+?

PDF for WPForms + Drag and Drop Template Builder requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

What is PDF for WPForms + Drag and Drop Template Builder's security score?

PDF for WPForms + Drag and Drop Template Builder has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

PDF for WPForms + Drag and Drop Template Builder Security & Risk Analysis

wordpress.org/plugins/pdf-for-wpforms

The plugin helps you create PDF for WPForms you can builder PDF template

1K active installs v6.5.1 PHP 5.6+ WP 2.0+ Updated Feb 5, 2026

contact-form-pdfform-pdfpdf-contact-formpdf-wpformswpforms-pdf

A · Safe

CVEs total6

Unpatched0

Last CVEFeb 11, 2026

Plugin page Download

Safety Verdict

Is PDF for WPForms + Drag and Drop Template Builder Safe to Use in 2026?

Generally Safe

Score 92/100

PDF for WPForms + Drag and Drop Template Builder has a strong security track record. Known vulnerabilities have been patched promptly.

6 known CVEsLast CVE: Feb 11, 2026Updated 1mo ago

Risk Assessment

The pdf-for-wpforms plugin v6.5.1 exhibits a mixed security posture. While it demonstrates good practices such as utilizing prepared statements for all SQL queries and a high percentage of proper output escaping, there are notable areas of concern. The presence of an AJAX handler without authentication checks represents a direct attack vector that could be exploited by unauthenticated users. Additionally, the taint analysis reveals a flow with unsanitized paths and a high-severity issue, indicating a potential risk of arbitrary file access or manipulation.

The plugin's vulnerability history is a significant red flag. With a total of six known CVEs, including one high-severity and five medium-severity vulnerabilities, and a pattern of issues involving missing authorization, cross-site scripting, deserialization, and code injection, it suggests a recurring struggle with secure coding practices. Although there are currently no unpatched vulnerabilities, the historical trend indicates a need for more robust and consistent security measures. The last reported vulnerability in 2026 is also a concerning detail, though its context is unclear from the provided data.

In conclusion, the plugin has strengths in its database query and output handling. However, the identified unprotected AJAX endpoint, the high-severity taint flow, and the history of diverse and serious vulnerabilities present significant risks. These factors necessitate caution and highlight the importance of continuous security auditing and prompt patching for this plugin.

Key Concerns

Unprotected AJAX handler found
High severity taint flow with unsanitized path
History of 1 high severity vulnerability
History of 5 medium severity vulnerabilities
History indicates recurring common vulnerability types

Vulnerabilities

PDF for WPForms + Drag and Drop Template Builder Security Vulnerabilities

CVEs by Year

5 CVEs in 2025

2025

1 CVE in 2026

2026

Patched Has unpatched

Severity Breakdown

High

Medium

6 total CVEs

CVE-2025-68534medium · 4.3Missing Authorization

PDF for WPForms <= 6.3.0 - Missing Authorization

Feb 11, 2026 Patched in 6.3.1 (6d)

CVE-2025-58620medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

PDF for WPForms <= 6.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Sep 3, 2025 Patched in 6.3.0 (8d)

CVE-2025-60082high · 8.8Deserialization of Untrusted Data

PDF for WPForms <= 6.5.0 - Authenticated (Subscriber+) PHP Object Injection

Aug 23, 2025 Patched in 6.5.1 (161d)

CVE-2025-49289medium · 4.3Missing Authorization

PDF for WPForms <= 5.5.0 - Missing Authorization

Jun 5, 2025 Patched in 5.6.1 (6d)

CVE-2025-30767medium · 6.3Improper Control of Generation of Code ('Code Injection')

PDF for WPForms <= 5.3.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Execution

Mar 26, 2025 Patched in 5.3.1 (8d)

CVE-2024-12593medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

PDF for WPForms + Drag and Drop Template Builder <= 4.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via yeepdf_dotab Shortcode

Jan 14, 2025 Patched in 4.8.0 (1d)

Code Analysis

Analyzed Mar 16, 2026

PDF for WPForms + Drag and Drop Template Builder Code Analysis

Dangerous Functions

Raw SQL Queries

14 prepared

Unescaped Output

292 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

TinyMCETCPDF

SQL Query Safety

100% prepared14 total queries

Output Escaping

95% escaped307 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

6 flows1 with unsanitized paths

yeepdf_import_template (backend\ajax.php:15)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

PDF for WPForms + Drag and Drop Template Builder Attack Surface

Entry Points14

Unprotected1

AJAX Handlers 8

authwp_ajax_yeepdf_builder_textbackend\ajax.php:8

authwp_ajax_yeepdf_builder_export_htmlbackend\ajax.php:9

authwp_ajax_pdf_reset_templatebackend\ajax.php:10

authwp_ajax_yeepdf_import_templatebackend\ajax.php:11

authwp_ajax_yeepdf_remove_fontbackend\settings.php:10

authwp_ajax_yeepdf_dropbox_client_id_validatebackend\settings.php:13

authwp_ajax_yeepdf_wp_get_entrieswpforms\index.php:32

authwp_ajax_yeekit_dismiss_notyyeekit\document.php:13

Shortcodes 6

[yeepdf_barcode] backend\shortcode.php:5

[yeepdf_barcode_new] backend\shortcode.php:6

[yeepdf_qrcode] backend\shortcode.php:7

[yeepdf_qrcode_new] backend\shortcode.php:8

[pdf_download] backend\shortcode.php:9

[yeepdf_download_wpforms] wpforms\index.php:31

WordPress Hooks 110

actionadmin_initbackend\ajax.php:12

actionadd_meta_boxesbackend\ajax.php:13

actionbuilder_yeepdfsbackend\demo\templates_demo.php:5

actionyeepdf_builder_block_formsbackend\forms\checkbox.php:5

filteryeepdf_builder_block_htmlbackend\forms\checkbox.php:6

actionyeepdf_builder_tab_block_addonsbackend\forms\index.php:5

actionyeepdf_builder_block_formsbackend\forms\index.php:6

filteryeepdf_builder_block_htmlbackend\forms\index.php:7

actionyeepdf_builder_tab__editor_beforebackend\forms\index.php:8

actionyeepdf_builder_block_formsbackend\forms\radio.php:5

filteryeepdf_builder_block_htmlbackend\forms\radio.php:6

actionyeepdf_builder_block_formsbackend\forms\select.php:5

filteryeepdf_builder_block_htmlbackend\forms\select.php:6

actionyeepdf_builder_block_formsbackend\forms\textarea.php:5

filteryeepdf_builder_block_htmlbackend\forms\textarea.php:6

actionadmin_enqueue_scriptsbackend\index.php:8

actionadmin_headbackend\index.php:9

actioninitbackend\index.php:10

actionadd_meta_boxesbackend\index.php:11

filterget_sample_permalink_htmlbackend\index.php:12

actionsave_post_yeepdfbackend\index.php:13

filteradmin_body_classbackend\index.php:14

actionadmin_footerbackend\index.php:15

filterpost_row_actionsbackend\index.php:16

actionyeepdf_builder_tab__editor_beforebackend\index.php:17

actionyeepdf_header_settingsbackend\index.php:18

actionyeepdf_footer_settingsbackend\index.php:19

actionyeepdf_watermark_text_settingsbackend\index.php:20

actionyeepdf_watermark_img_settingsbackend\index.php:21

actionadmin_menubackend\settings.php:9

actionyeepdf_custom_sizesbackend\settings.php:11

actionadmin_initbackend\settings.php:12

actionyeepdf_after_settingsbackend\settings.php:14

filterupload_mimesbackend\settings.php:15

actionadmin_noticesbackend\settings.php:152

actionadmin_initbackend\settings.php:296

actionadmin_footerbackend\setup.php:5

filteryeepdf_builder_shortcodebackend\shortcode.php:24

filteryeepdf_builder_block_htmlbackend\templates\barcode_qrcode.php:6

actionyeepdf_builder_blockbackend\templates\barcode_qrcode.php:7

actionyeepdf_builder_tab_block_addonsbackend\templates\block_templates.php:3

actionyeepdf_builder_blockbackend\templates\breakpoint.php:3

filteryeepdf_builder_block_htmlbackend\templates\breakpoint.php:14

filteryeepdf_builder_block_htmlbackend\templates\button.php:14

actionyeepdf_builder_blockbackend\templates\divider.php:3

filteryeepdf_builder_block_htmlbackend\templates\divider.php:14

actionyeepdf_builder_tab__editorbackend\templates\editor.php:6

actionyeepdf_condition_settingsbackend\templates\editor.php:7

actionyeepdf_builder_tab_block_templatebackend\templates\image-box.php:3

filteryeepdf_builder_block_htmlbackend\templates\image-box.php:14

actionyeepdf_builder_tab_block_templatebackend\templates\image-list.php:3

filteryeepdf_builder_block_htmlbackend\templates\image-list.php:14

actionyeepdf_builder_blockbackend\templates\image.php:3

actionyeepdf_builder_block_htmlbackend\templates\image.php:14

actionyeepdf_builder_block_htmlbackend\templates\index.php:3

actionyeepdf_builder_blockbackend\templates\rotate-text.php:3

filteryeepdf_builder_block_htmlbackend\templates\rotate-text.php:14

actionyeepdf_builder_tab_block_rowbackend\templates\row.php:3

filteryeepdf_builder_block_htmlbackend\templates\row.php:66

actionyeepdf_builder_blockbackend\templates\signature.php:3

actionyeepdf_builder_block_htmlbackend\templates\signature.php:14

actionyeepdf_builder_blockbackend\templates\spacer.php:3

filteryeepdf_builder_block_htmlbackend\templates\spacer.php:14

actionyeepdf_builder_blockbackend\templates\table.php:6

filteryeepdf_builder_block_htmlbackend\templates\table.php:7

actionyeepdf_builder_tab__editor_beforebackend\templates\table.php:8

actionyeepdf_builder_tab_block_templatebackend\templates\text-list.php:3

filteryeepdf_builder_block_htmlbackend\templates\text-list.php:14

actionyeepdf_builder_blockbackend\templates\text.php:3

filteryeepdf_builder_block_htmlbackend\templates\text.php:14

actionyeepdf_builder_tab_block_templatebackend\templates\title.php:3

filteryeepdf_builder_block_htmlbackend\templates\title.php:14

filterwp_mail_content_typefrontend\index.php:22

filterupload_mimesfrontend\index.php:23

actioninitfrontend\index.php:24

filterpdf_before_render_datasfrontend\index.php:25

filtertemplate_includefrontend\index.php:74

actioninitpdf-for-wpforms.php:52

filteryeepdf_shortcodeswpforms\index.php:12

actionyeepdf_head_settingswpforms\index.php:13

actionsave_post_yeepdfwpforms\index.php:14

filterwpforms_entry_details_sidebar_actions_linkwpforms\index.php:15

actionwpforms_form_settings_panel_contentwpforms\index.php:16

filterwpforms_builder_settings_sectionswpforms\index.php:17

actionwpforms_process_entry_savedwpforms\index.php:18

filterwpforms_emails_send_email_datawpforms\index.php:19

filterwpforms_emails_mailer_get_messagewpforms\index.php:20

filterwpforms_builder_stringswpforms\index.php:21

filterwpforms_smarttags_process_valuewpforms\index.php:22

filteryeepdf_add_libswpforms\index.php:23

filterwpforms_entry_email_before_sendwpforms\index.php:25

actionadmin_enqueue_scriptswpforms\index.php:26

actionyeepdf_add_csswpforms\index.php:27

actionwpforms_entry_details_initwpforms\index.php:29

actionwpforms_email_send_afterwpforms\index.php:30

filteryeepdf_output_htmlwpforms\index.php:33

filteryeepdf_builder_shortcodewpforms\index.php:34

actionwpforms_form_settings_pdf_single_afterwpforms\index.php:35

filteryeepdf_setup_idwpforms\index.php:36

filteryeepdf_setup_typewpforms\index.php:37

filteryeepdf_setup_formswpforms\index.php:38

filterwpforms_frontend_confirmation_messagewpforms\index.php:39

actionadmin_menuyeekit\document.php:10

actionadmin_enqueue_scriptsyeekit\document.php:11

filterfluentform_global_addonsyeekit\document.php:12

actionadmin_noticesyeekit\document.php:14

actionelementor/element/form/section_form_options/after_section_endyeekit\document.php:15

actionadmin_inityeekit\document.php:17

actionelementor/editor/after_enqueue_stylesyeekit\document.php:19

filterhttp_responseyeekit\document.php:208

Maintenance & Trust

PDF for WPForms + Drag and Drop Template Builder Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 5, 2026

PHP min version5.6

Downloads22K

Community Trust

Rating92/100

Number of ratings7

Active installs1K

Alternatives

PDF for WPForms + Drag and Drop Template Builder Alternatives

PDF for Contact Form 7 + Drag and Drop Template Builder

pdf-for-contact-form-7

The plugin helps you create PDF for contact form 7 you can builder template pdf

500 2 CVEs

PDF for Gravity Forms + Drag And Drop Template Builder

pdf-for-gravity-forms

The plugin helps you create PDF for Gravity Forms you can builder template pdf

400 1 CVE

PDF for Forminator Forms + Drag and Drop Template Builder

pdf-for-forminator-forms

100

Forminator PDF allows you to automatically generate PDF documents from your Forminator form submissions.

70 No CVEs

PDF for Ninja Forms + Drag and Drop Template Builder

pdf-for-ninja-forms

100

The plugin helps you create PDF for Ninja Form you can builder template pdf

20 No CVEs

PDF for eForm + Drag And Drop Template Builder

eforms-pdf

100

The plugin helps you create PDF for eForm you can builder template pdf

10 No CVEs

Developer Profile

PDF for WPForms + Drag and Drop Template Builder Developer Profile

add-ons.org

55 plugins · 26K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

47 days

View full developer profile

Detection Fingerprints

How We Detect PDF for WPForms + Drag and Drop Template Builder

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/pdf-for-wpforms/frontend/css/bootstrap.min.css/wp-content/plugins/pdf-for-wpforms/frontend/css/style.css/wp-content/plugins/pdf-for-wpforms/frontend/css/pdf_wpforms_styles.css/wp-content/plugins/pdf-for-wpforms/frontend/js/jquery-3.3.1.min.js/wp-content/plugins/pdf-for-wpforms/frontend/js/bootstrap.min.js/wp-content/plugins/pdf-for-wpforms/frontend/js/pdf_wpforms_scripts.js/wp-content/plugins/pdf-for-wpforms/frontend/js/jquery.min.js/wp-content/plugins/pdf-for-wpforms/frontend/js/admin-script.js+1 more

Script Paths

/wp-content/plugins/pdf-for-wpforms/frontend/js/jquery-3.3.1.min.js/wp-content/plugins/pdf-for-wpforms/frontend/js/bootstrap.min.js/wp-content/plugins/pdf-for-wpforms/frontend/js/pdf_wpforms_scripts.js/wp-content/plugins/pdf-for-wpforms/frontend/js/jquery.min.js/wp-content/plugins/pdf-for-wpforms/frontend/js/admin-script.js

Version Parameters

pdf-for-wpforms/frontend/css/bootstrap.min.css?ver=pdf-for-wpforms/frontend/css/style.css?ver=pdf-for-wpforms/frontend/css/pdf_wpforms_styles.css?ver=pdf-for-wpforms/frontend/js/jquery-3.3.1.min.js?ver=pdf-for-wpforms/frontend/js/bootstrap.min.js?ver=pdf-for-wpforms/frontend/js/pdf_wpforms_scripts.js?ver=pdf-for-wpforms/frontend/js/jquery.min.js?ver=pdf-for-wpforms/frontend/js/admin-script.js?ver=pdf-for-wpforms/backend/css/style.css?ver=

HTML / DOM Fingerprints

CSS Classes

pro_disablepro_disable_fffbuilder__editor--itembuilder__editor--item-settingsyeepdf_setting_groupyeepdf_setting_rowyeepdf_settings_group-wrapperyeepdf_checkbox_label+23 more

HTML Comments

Exit if accessed directlyPDF for WPForms + Drag and Drop Template Builder

Data Attributes

data-template-iddata-element-typedata-element-iddata-element-settingsdata-element-positionname="builder_pdf_settings[dpi]"+30 more

JS Globals

Yeepdf_Creator_BuilderYeepdf_Creator_Wpforms_Builderyeepdf_settings_backend_mainYeepdf_Settings_Builder_PDF_BackendYeepdf_Settings_Mainyeepdf_wpforms_setup+5 more

FAQ