Does Quform WPML have any unpatched vulnerabilities?

No. All known vulnerabilities in Quform WPML have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Quform WPML compatible with WordPress 6.9.4?

According to WordPress.org data, Quform WPML 1.0.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Quform WPML compatible with PHP 5.2.4+?

Quform WPML requires PHP 5.2.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Quform WPML updated?

Quform WPML was last updated on Dec 1, 2025. Frequent updates are generally a positive security signal.

What is Quform WPML's security score?

Quform WPML has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Quform WPML Security & Risk Analysis

wordpress.org/plugins/quform-wpml

Translate Quform forms into multiple languages using WPML.

600 active installs v1.0.1 PHP 5.2.4+ WP 4.6+ Updated Dec 1, 2025

form-builderformsquformtranslationswpml

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Quform WPML Safe to Use in 2026?

Generally Safe

Score 100/100

Quform WPML has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago

Risk Assessment

The "quform-wpml" v1.0.1 plugin exhibits a generally strong security posture based on the provided static analysis. The absence of any identified dangerous functions, file operations, external HTTP requests, or untainted flows is commendable. The high percentage of SQL queries utilizing prepared statements and 100% output escaping indicate good development practices for handling data. Furthermore, the plugin has no recorded vulnerability history, which suggests a history of secure development or thorough vetting.

However, the complete lack of identified entry points (AJAX handlers, REST API routes, shortcodes, cron events) is unusual and could indicate an incomplete analysis or a plugin that doesn't interact with WordPress in standard ways. More importantly, the absence of any nonce checks or capability checks across all code signals a significant potential weakness. While the attack surface is reported as zero, any future additions or modifications to these entry points without proper authorization checks would create immediate vulnerabilities. The lack of taint analysis results is also noteworthy, as it might imply that the analysis tools did not find any data flows to analyze, which, while potentially good, could also be a limitation of the analysis itself.

Key Concerns

No nonce checks detected
No capability checks detected

Vulnerabilities

None known

Quform WPML Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Quform WPML Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

67% prepared3 total queries

Attack Surface

Quform WPML Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 11

actionadmin_noticeslibrary\Quform\WPML\Dispatcher.php:11

actionadmin_noticeslibrary\Quform\WPML\Dispatcher.php:18

actionadmin_noticeslibrary\Quform\WPML\Dispatcher.php:23

filterquform_localelibrary\Quform\WPML\Dispatcher.php:27

filterquform_active_localeslibrary\Quform\WPML\Dispatcher.php:28

filterquform_form_factory_pre_createlibrary\Quform\WPML\Dispatcher.php:29

actionquform_add_formlibrary\Quform\WPML\Dispatcher.php:32

actionquform_save_formlibrary\Quform\WPML\Dispatcher.php:33

actionquform_form_deletedlibrary\Quform\WPML\Dispatcher.php:34

actionquform_container_setupquform-wpml.php:26

actionquform_bootstrapquform-wpml.php:27

Maintenance & Trust

Quform WPML Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 1, 2025

PHP min version5.2.4

Downloads6K

Community Trust

Rating100/100

Number of ratings1

Active installs600

Alternatives

Quform WPML Alternatives

Quform Zapier

quform-zapier

100

Easily integrate Zapier with Quform forms.

1K No CVEs

Quform Mailchimp

quform-mailchimp

100

Easily add contacts to Mailchimp from Quform forms.

900 No CVEs

WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More

wpforms-lite

The best WordPress contact form plugin. Drag & Drop form builder to create beautiful contact forms, payment forms, & other custom forms.

6.0M 13 CVEs

Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder

fluentform

Get a fast contact form plugin. Create advanced forms using drag and drop form builder with all smart features.

600K 27 CVEs

Ninja Forms – The Contact Form Builder That Grows With You

ninja-forms

The 100% beginner friendly WordPress form builder. Drag & drop form fields to build beautiful, professional contact forms in minutes.

600K 74 CVEs

Developer Profile

Quform WPML Developer Profile

ThemeCatcher

3 plugins · 3K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Quform WPML

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Version Parameters

quform-wpml/style.css?ver=1.0.1quform-wpml/script.js?ver=1.0.1

HTML / DOM Fingerprints

FAQ