WP-Safety

RioForms – Drag & Drop Contact Form Builder Security & Risk Analysis

wordpress.org/plugins/rioforms

Create stunning, responsive forms in minutes with the next-gen WordPress drag-and-drop contact form builder plugin.

0 active installs v1.1.1 PHP 7.0+ WP 6.5+ Updated Unknown
blockcontact-formformform-buildergutenberg-form
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is RioForms – Drag & Drop Contact Form Builder Safe to Use in 2026?

Generally Safe

Score 100/100

RioForms – Drag & Drop Contact Form Builder has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs
Risk Assessment

The plugin "rioforms" v1.1.1 exhibits a generally good security posture based on the provided static analysis and vulnerability history. The plugin has a very small attack surface with only one shortcode and no AJAX handlers or REST API routes, all of which appear to be protected. Furthermore, the absence of known vulnerabilities (CVEs) and a clean taint analysis suggest a well-developed and secure codebase. The code also demonstrates good practices by utilizing prepared statements for all SQL queries and a high percentage of properly escaped output, along with implementing nonce and capability checks.

Key Concerns

  • Presence of unserialize function
Vulnerabilities
None known

RioForms – Drag & Drop Contact Form Builder Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

RioForms – Drag & Drop Contact Form Builder Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
0 prepared
Unescaped Output
1
9 escaped
Nonce Checks
2
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$this->notification = unserialize( $this->form_data['form_notification'][0] );includes\Submission\FormData.php:20

Output Escaping

90% escaped10 total outputs
Data Flows
All sanitized

Data Flow Analysis

1 flows
<rioform-preview> (template\rioform-preview.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

RioForms – Drag & Drop Contact Form Builder Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[rioform] includes\ShortCodes\ShortCodes.php:9
WordPress Hooks 25
actionrest_api_initincludes\Apis\Endpoints.php:11
actionwp_enqueue_scriptsincludes\Assets\Assets.php:9
actionwp_enqueue_scriptsincludes\Assets\Assets.php:10
actionwp_enqueue_scriptsincludes\Assets\Assets.php:12
actionwp_enqueue_scriptsincludes\Assets\Assets.php:13
actionadmin_enqueue_scriptsincludes\Assets\Assets.php:15
actionadmin_enqueue_scriptsincludes\Assets\Assets.php:16
actionenqueue_block_assetsincludes\Assets\Assets.php:18
filterrender_block_dataincludes\Assets\StyleGenerator.php:13
actionwp_enqueue_scriptsincludes\Assets\StyleGenerator.php:14
actionenqueue_block_assetsincludes\Assets\StyleGenerator.php:15
actioninitincludes\Blocks\Blocks.php:40
filterblock_categories_allincludes\Blocks\Blocks.php:41
actionwp_enqueue_scriptsincludes\Blocks\Blocks.php:42
filterallowed_block_types_allincludes\Blocks\Blocks.php:43
actioninitincludes\Meta\Meta.php:10
actioninitincludes\PostType\Form.php:8
filterallowed_block_types_allincludes\PostType\Form.php:9
actionmanage_rioform_posts_columnsincludes\PostType\Form.php:10
actionmanage_rioform_posts_custom_columnincludes\PostType\Form.php:11
actiontemplate_includeincludes\PostType\Form.php:12
filterwp_insert_post_dataincludes\PostType\Form.php:13
filterenter_title_hereincludes\PostType\Form.php:14
actionplugin_loadedincludes\RioForms.php:20
actioninitincludes\RioForms.php:38
Maintenance & Trust

RioForms – Drag & Drop Contact Form Builder Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedUnknown
PHP min version7.0
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

RioForms – Drag & Drop Contact Form Builder Alternatives

JetFormBuilder — Dynamic Blocks Form Builder

JetFormBuilder — Dynamic Blocks Form Builder

jetformbuilder

A
88

Advanced form builder plugin for Gutenberg. Create forms from the ground up, customize the existing ones, and style them up – all in one editor.

90K 8 CVEs
Gutenverse Form – Contact Form Builder, Booking, Reservation, Subscribe for Block Editor

Gutenverse Form – Contact Form Builder, Booking, Reservation, Subscribe for Block Editor

gutenverse-form

A
96

The best WordPress contact form builder plugin. Create advanced contact forms, booking forms, conditional, payment, multi-step forms, & more.

10K 3 CVEs
Fluent Forms Block

Fluent Forms Block

fluentform-block

A
92

Fluent forms block is the extension of Fluent forms plugin. You can build advanced Contact form by Fluent form block.

2K No CVEs
Gutenberg Forms Add-on for MailPoet

Gutenberg Forms Add-on for MailPoet

guten-forms-mailpoet

A
85

MailPoet add-on for Gutenberg Forms. Connect with MailPoet and send leads/subscribers to your MailPoet list with the form submissions.

100 No CVEs
Contact form builder for Gutenberg – Formello

Contact form builder for Gutenberg – Formello

formello

A
100

Light-weight and easy plugin create forms inside the block editor.

60 No CVEs
Developer Profile

RioForms – Drag & Drop Contact Form Builder Developer Profile

wprio

2 plugins · 1K total installs

71
trust score
Avg Security Score
88/100
Avg Patch Time
130 days
View full developer profile
Detection Fingerprints

How We Detect RioForms – Drag & Drop Contact Form Builder

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/rioforms/assets/css/deps/intlTelInput.min.css/wp-content/plugins/rioforms/assets/js/deps/intl/intlTelInput.min.js/wp-content/plugins/rioforms/assets/js/deps/intl/intlTelInputWithUtils.min.js/wp-content/plugins/rioforms/assets/css/rio-forms-styles.css/wp-content/plugins/rioforms/assets/js/deps/tom-select.min.js/wp-content/plugins/rioforms/assets/js/blocks/dropdown.js/wp-content/plugins/rioforms/assets/css/deps/tom-select.min.css/wp-content/plugins/rioforms/assets/js/copy-shortcode.js+2 more
Script Paths
/wp-content/plugins/rioforms/assets/js/deps/intl/intlTelInput.min.js/wp-content/plugins/rioforms/assets/js/deps/intl/intlTelInputWithUtils.min.js/wp-content/plugins/rioforms/assets/js/deps/tom-select.min.js/wp-content/plugins/rioforms/assets/js/blocks/dropdown.js/wp-content/plugins/rioforms/assets/js/copy-shortcode.js/wp-content/plugins/rioforms/assets/js/form-editor-script.js
Version Parameters
rioforms/assets/css/deps/intlTelInput.min.css?ver=rioforms/assets/js/deps/intl/intlTelInput.min.js?ver=rioforms/assets/js/deps/intl/intlTelInputWithUtils.min.js?ver=rioforms/assets/css/rio-forms-styles.css?ver=rioforms/assets/js/deps/tom-select.min.js?ver=rioforms/assets/js/blocks/dropdown.js?ver=rioforms/assets/css/deps/tom-select.min.css?ver=rioforms/assets/js/copy-shortcode.js?ver=rioforms/assets/js/form-editor-script.js?ver=rioforms/assets/css/admin.css?ver=

HTML / DOM Fingerprints

CSS Classes
rio-forms-styles
Data Attributes
data-rioform-iddata-rioform-builderdata-form-id
JS Globals
rioFormApipreviewDatarioFormData
REST Endpoints
/wp-json/rioforms/v1/builder
Shortcode Output
[rioform id=
FAQ

Frequently Asked Questions about RioForms – Drag & Drop Contact Form Builder