WP-Safety

Quform Zapier Security & Risk Analysis

wordpress.org/plugins/quform-zapier

Easily integrate Zapier with Quform forms.

1K active installs v1.1.1 PHP 5.2.4+ WP 4.6+ Updated Dec 1, 2025
form-builderformsquformzapier
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Quform Zapier Safe to Use in 2026?

Generally Safe

Score 100/100

Quform Zapier has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago
Risk Assessment

The quform-zapier plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by making extensive use of prepared statements for SQL queries and properly escaping a high percentage of its output. The absence of known CVEs and bundled libraries further contributes to a relatively stable security history. However, a significant concern arises from the attack surface. All 7 identified AJAX handlers lack authentication checks, presenting a clear risk of unauthorized access and execution of plugin functionalities. While the taint analysis did not reveal critical or high severity issues, the presence of one flow with unsanitized paths warrants attention as it could potentially lead to vulnerabilities if exploited. The plugin's strengths lie in its robust data handling and clean vulnerability history, but the unprotected AJAX endpoints are a notable weakness that requires immediate remediation.

Key Concerns

  • 7 unprotected AJAX handlers
  • 1 unsanitized path in taint analysis
Vulnerabilities
None known

Quform Zapier Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Quform Zapier Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
16 prepared
Unescaped Output
17
98 escaped
Nonce Checks
11
Capability Checks
28
File Operations
0
External Requests
1
Bundled Libraries
0

SQL Query Safety

89% prepared18 total queries

Output Escaping

85% escaped115 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths
search_box (library\Quform\Zapier\Integration\List\Table.php:439)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
7 unprotected

Quform Zapier Attack Surface

Entry Points7
Unprotected7

AJAX Handlers 7

authwp_ajax_quform_zapier_save_integrations_table_settingslibrary\Quform\Zapier\Dispatcher.php:33
authwp_ajax_quform_zapier_add_integrationlibrary\Quform\Zapier\Dispatcher.php:34
authwp_ajax_quform_zapier_save_integrationlibrary\Quform\Zapier\Dispatcher.php:35
authwp_ajax_quform_zapier_get_additional_field_elementslibrary\Quform\Zapier\Dispatcher.php:36
authwp_ajax_quform_zapier_get_logic_sourceslibrary\Quform\Zapier\Dispatcher.php:37
authwp_ajax_quform_zapier_save_settingslibrary\Quform\Zapier\Dispatcher.php:40
authwp_ajax_quform_zapier_uninstall_pluginlibrary\Quform\Zapier\Dispatcher.php:41
WordPress Hooks 12
filterremovable_query_argslibrary\Quform\Zapier\Admin\Page\Integrations\List.php:97
actionadmin_noticeslibrary\Quform\Zapier\Dispatcher.php:14
actioninitlibrary\Quform\Zapier\Dispatcher.php:18
actionquform_admin_menulibrary\Quform\Zapier\Dispatcher.php:24
actionquform_admin_menu_icon_colorlibrary\Quform\Zapier\Dispatcher.php:25
actioncurrent_screenlibrary\Quform\Zapier\Dispatcher.php:26
filteradmin_titlelibrary\Quform\Zapier\Dispatcher.php:27
filteradmin_body_classlibrary\Quform\Zapier\Dispatcher.php:28
actionadmin_enqueue_scriptslibrary\Quform\Zapier\Dispatcher.php:29
filterquform_zapier_mdi_icon_prefixlibrary\Quform\Zapier\Dispatcher.php:30
actionquform_container_setupquform-zapier.php:28
actionquform_bootstrapquform-zapier.php:29
Maintenance & Trust

Quform Zapier Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 1, 2025
PHP min version5.2.4
Downloads11K

Community Trust

Rating100/100
Number of ratings4
Active installs1K
Alternatives

Quform Zapier Alternatives

Quform Mailchimp

Quform Mailchimp

quform-mailchimp

A
100

Easily add contacts to Mailchimp from Quform forms.

900 No CVEs
Quform WPML

Quform WPML

quform-wpml

A
100

Translate Quform forms into multiple languages using WPML.

600 No CVEs
NEX-Forms ADD ON – Zapier Integration

NEX-Forms ADD ON – Zapier Integration

nex-forms-zapier-add-on

A
100

The NEX-Forms Zapier Integration Add-on enables you to seamlessly connect your form submissions to over 10,000 apps.

200 No CVEs
WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More

WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More

wpforms-lite

A
90

The best WordPress contact form plugin. Drag & Drop form builder to create beautiful contact forms, payment forms, & other custom forms.

6.0M 13 CVEs
Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder

Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder

fluentform

B
82

Get a fast contact form plugin. Create advanced forms using drag and drop form builder with all smart features.

600K 27 CVEs
Developer Profile

Quform Zapier Developer Profile

ThemeCatcher

3 plugins · 3K total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Quform Zapier

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/quform-zapier/library/css/admin.min.css/wp-content/plugins/quform-zapier/library/js/integrations.edit.min.js
Script Paths
/wp-content/plugins/quform-zapier/library/js/integrations.edit.min.js
Version Parameters
quform-zapier/library/css/admin.min.css?ver=quform-zapier/library/js/integrations.edit.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
qfb-nav-zapier-icon
Data Attributes
data-quform-zapier-integration-id
JS Globals
quformZapierIntegrationsEditL10n
REST Endpoints
/wp-json/quform-zapier/v1/integrations
FAQ

Frequently Asked Questions about Quform Zapier