RackForms Express Web Form Builder Security & Risk Analysis
wordpress.org/plugins/rackforms-expressRackForms Express For WordPress is a FREE and UNLIMITED web form builder.
Is RackForms Express Web Form Builder Safe to Use in 2026?
Generally Safe
Score 85/100RackForms Express Web Form Builder has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The plugin "rackforms-express" v1.5 exhibits a generally positive security posture based on the static analysis, with no identified dangerous functions, no external HTTP requests, and all SQL queries utilizing prepared statements. The absence of known vulnerabilities in its history further suggests a commitment to security. However, a significant concern arises from the 100% of outputs not being properly escaped, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities. While the plugin has capability checks, the lack of nonce checks on any entry points, coupled with the absence of taint analysis data, leaves potential for exploitation if user-supplied data is not handled with extreme caution. The small attack surface is a strength, but the lack of proper output sanitization is a critical weakness that could be easily exploited by attackers.
Key Concerns
- Output escaping not implemented
- No nonce checks on entry points
RackForms Express Web Form Builder Security Vulnerabilities
RackForms Express Web Form Builder Code Analysis
SQL Query Safety
Output Escaping
RackForms Express Web Form Builder Attack Surface
WordPress Hooks 6
Maintenance & Trust
RackForms Express Web Form Builder Maintenance & Trust
Maintenance Signals
Community Trust
RackForms Express Web Form Builder Alternatives
Custom Contact Forms
custom-contact-forms
Build beautiful custom forms and manage submissions the WordPress way. View live previews of your forms while you build them.
Lead Form Data Collection to CRM
wp-leads-builder-any-crm
Convert contact forms data into leads or contacts directly to one of your favourite CRM.
A Capture Contact Form (and tab) by AWebVoice.com
a-lead-capture-contact-form-and-tab-button-by-awebvoicecom
Get a contact form and a contact button. Capture your visitors and turn them into customers!
Corymbus Forms
corymbus-forms
Corymbus Forms provides the [corymbus-forms] shortcode which lets you easily embed in your website a web form/page published from the Corymbus CRM.
First Contact Form
first-contact-form
Manage multiple forms in a few clicks away, and way more flexible and User Friendly than other form plugins.
RackForms Express Web Form Builder Developer Profile
1 plugin · 10 total installs
How We Detect RackForms Express Web Form Builder
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/rackforms-express/post-integration/rackforms-express.js/wp-content/plugins/rackforms-express/post-integration/rackforms-express.csshttp://www.rackforms.com/documentation/rackforms/wordpress/express.phpHTML / DOM Fingerprints
rackforms-iframeRackForms - Replace.rackforms-iframeset_widthset_heightwidth_offsetheight_offsetgetObj+5 more