Does Simple Coherent Form have any unpatched vulnerabilities?

No. All known vulnerabilities in Simple Coherent Form have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Simple Coherent Form compatible with WordPress 6.8.5?

According to WordPress.org data, Simple Coherent Form 2.4.11 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Simple Coherent Form compatible with PHP 7.4+?

Simple Coherent Form requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Simple Coherent Form updated?

Simple Coherent Form was last updated on Unknown. Frequent updates are generally a positive security signal.

What is Simple Coherent Form's security score?

Simple Coherent Form has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Simple Coherent Form Security & Risk Analysis

wordpress.org/plugins/simple-coherent-form

A simple plugin to create coherent inputs between themes and plugins. Light, efficient, accessible and compatible with CF7. Best for developers.

20 active installs v2.4.11 PHP 7.4+ WP 6.4.2+ Updated Unknown

coherentforminputsimplestyle

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Simple Coherent Form Safe to Use in 2026?

Generally Safe

Score 100/100

Simple Coherent Form has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs

Risk Assessment

The "simple-coherent-form" v2.4.11 plugin demonstrates generally good security practices with a strong emphasis on prepared SQL statements and proper output escaping. The absence of known vulnerabilities in its history is a positive indicator of past security diligence. However, a significant concern arises from the static analysis, specifically the presence of 4 AJAX handlers that lack authentication checks. This creates a substantial attack surface that could be exploited by unauthenticated users to trigger potentially sensitive actions within the plugin.

The code analysis does not reveal any critical or high-severity taint flows, nor does it flag dangerous functions or raw SQL queries, which are all positive signs. The file operations and external HTTP requests are also not flagged as immediate risks based on this data. The limited number of cron events is also not a significant concern. The main weakness lies in the exposed AJAX endpoints, which could be a primary vector for exploitation if any of those handlers perform actions that could be misused without proper authorization.

In conclusion, while the plugin benefits from robust SQL and output sanitization and has a clean vulnerability history, the unprotected AJAX endpoints represent a clear and present risk. Addressing these unprotected entry points should be the highest priority to improve the plugin's security posture and mitigate potential unauthorized access or manipulation.

Key Concerns

Unprotected AJAX handlers

Vulnerabilities

None known

Simple Coherent Form Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Simple Coherent Form Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

350 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

96% escaped365 total outputs

Attack Surface

4 unprotected

Simple Coherent Form Attack Surface

Entry Points12

Unprotected4

AJAX Handlers 12

authwp_ajax_scf_file_uploadincludes\fields\file.php:38

noprivwp_ajax_scf_file_uploadincludes\fields\file.php:39

authwp_ajax_scf_get_id_uploadincludes\fields\file.php:40

noprivwp_ajax_scf_get_id_uploadincludes\fields\file.php:41

authwp_ajax_scf_remove_file_uploadincludes\fields\file.php:42

noprivwp_ajax_scf_remove_file_uploadincludes\fields\file.php:43

authwp_ajax_scf_check_files_existsincludes\fields\file.php:44

noprivwp_ajax_scf_check_files_existsincludes\fields\file.php:45

authwp_ajax_scf_check_unicityincludes\front\front.php:71

noprivwp_ajax_scf_check_unicityincludes\front\front.php:72

authwp_ajax_scf_check_existenceincludes\front\front.php:73

noprivwp_ajax_scf_check_existenceincludes\front\front.php:74

WordPress Hooks 121

filterscf_default_argsincludes\fields\checkbox.php:21

filterscf_types_availablesincludes\fields\checkbox.php:22

filterscf_types_with_group_blockincludes\fields\checkbox.php:23

actionscf_field_checkboxincludes\fields\checkbox.php:24

filterscf_default_argsincludes\fields\date.php:23

filterscf_argsincludes\fields\date.php:24

filterscf_types_availablesincludes\fields\date.php:25

filterscf_types_with_group_labelincludes\fields\date.php:26

filterscf_wrapper_classesincludes\fields\date.php:27

actionscf_enqueue_scripts_dateincludes\fields\date.php:28

actionscf_field_dateincludes\fields\date.php:29

actionscf_field_dateincludes\fields\date.php:30

filterscf_types_availablesincludes\fields\email.php:21

filterscf_types_with_group_labelincludes\fields\email.php:22

actionscf_field_emailincludes\fields\email.php:23

actionscf_field_emailincludes\fields\email.php:24

filterscf_default_argsincludes\fields\file.php:25

filterscf_types_availablesincludes\fields\file.php:26

filterscf_types_with_group_labelincludes\fields\file.php:27

actionscf_field_fileincludes\fields\file.php:28

actionscf_field_fileincludes\fields\file.php:29

actionscf_before_description_fileincludes\fields\file.php:30

actionplugins_loadedincludes\fields\file.php:31

actionscf_deleting_fileincludes\fields\file.php:32

actionscf_generate_cron_deletingincludes\fields\file.php:33

filterscf_script_inlineincludes\fields\file.php:34

filterscf_i18nincludes\fields\file.php:35

filterupload_dirincludes\fields\file.php:1443

filterscf_types_availablesincludes\fields\message.php:21

filterscf_types_with_group_blockincludes\fields\message.php:22

actionscf_field_messageincludes\fields\message.php:23

actionscf_after_field_messageincludes\fields\message.php:24

actionscf_labelincludes\fields\message.php:25

actionscf_wrapper_argsincludes\fields\message.php:26

actionscf_wrapper_classesincludes\fields\message.php:27

filterscf_default_argsincludes\fields\number.php:21

filterscf_types_availablesincludes\fields\number.php:22

filterscf_types_with_group_labelincludes\fields\number.php:23

actionscf_field_numberincludes\fields\number.php:24

actionscf_field_numberincludes\fields\number.php:25

filterscf_default_argsincludes\fields\password.php:22

filterscf_script_inlineincludes\fields\password.php:23

filterscf_types_availablesincludes\fields\password.php:24

filterscf_types_with_group_labelincludes\fields\password.php:25

actionscf_enqueue_scripts_passwordincludes\fields\password.php:26

actionscf_field_passwordincludes\fields\password.php:27

actionscf_field_passwordincludes\fields\password.php:28

actionscf_field_passwordincludes\fields\password.php:29

actionscf_before_description_passwordincludes\fields\password.php:30

filterscf_default_argsincludes\fields\radio.php:22

filterscf_types_availablesincludes\fields\radio.php:23

filterscf_types_with_group_blockincludes\fields\radio.php:24

actionscf_field_radioincludes\fields\radio.php:25

filterscf_default_argsincludes\fields\select.php:21

filterscf_types_availablesincludes\fields\select.php:22

filterscf_types_with_group_blockincludes\fields\select.php:23

filterscf_wrapper_classesincludes\fields\select.php:24

actionscf_field_selectincludes\fields\select.php:25

filterscf_default_argsincludes\fields\tel.php:21

filterscf_types_availablesincludes\fields\tel.php:22

filterscf_types_with_group_blockincludes\fields\tel.php:23

actionscf_before_field_telincludes\fields\tel.php:24

actionscf_after_field_telincludes\fields\tel.php:25

filterscf_wrapper_classesincludes\fields\tel.php:26

actionscf_enqueue_scripts_telincludes\fields\tel.php:27

actionscf_field_telincludes\fields\tel.php:28

actionscf_field_telincludes\fields\tel.php:29

actionplugins_loadedincludes\fields\tel.php:30

filterscf_select_2_option_classesincludes\fields\tel.php:238

filterscf_select_input_argsincludes\fields\tel.php:248

filterscf_select_native_optionsincludes\fields\tel.php:250

filterscf_types_availablesincludes\fields\text.php:21

filterscf_types_with_group_labelincludes\fields\text.php:22

actionscf_field_textincludes\fields\text.php:23

actionscf_field_textincludes\fields\text.php:24

filterscf_default_argsincludes\fields\textarea.php:21

filterscf_types_availablesincludes\fields\textarea.php:22

filterscf_types_with_group_labelincludes\fields\textarea.php:23

actionscf_field_textareaincludes\fields\textarea.php:24

actionscf_field_textareaincludes\fields\textarea.php:25

filterscf_default_argsincludes\fields\time.php:21

filterscf_types_availablesincludes\fields\time.php:22

filterscf_types_with_group_labelincludes\fields\time.php:23

actionscf_field_timeincludes\fields\time.php:24

actionscf_field_timeincludes\fields\time.php:25

filterscf_types_availablesincludes\fields\url.php:21

filterscf_types_with_group_labelincludes\fields\url.php:22

actionscf_field_urlincludes\fields\url.php:23

actionscf_field_urlincludes\fields\url.php:24

filterscf_default_argsincludes\fields\wysiwyg.php:21

filterscf_types_availablesincludes\fields\wysiwyg.php:22

filterscf_types_with_group_labelincludes\fields\wysiwyg.php:23

actionscf_enqueue_scripts_wysiwygincludes\fields\wysiwyg.php:24

actionscf_field_wysiwygincludes\fields\wysiwyg.php:25

actionscf_field_wysiwygincludes\fields\wysiwyg.php:26

actionwp_enqueue_scriptsincludes\front\front.php:65

actionadmin_enqueue_scriptsincludes\front\front.php:66

filterscript_loader_tagincludes\front\front.php:67

actioninitincludes\front\front.php:68

actionscf_label_groupincludes\front\front.php:77

actionscf_optionalincludes\front\front.php:78

actionscf_field_groupincludes\front\front.php:79

actionscf_descriptionincludes\front\front.php:80

actionscf_after_fieldincludes\front\front.php:81

actionwp_footerincludes\front\front.php:778

filterwpcf7_autop_or_notplugins\cf7.php:7

actionwpcf7_contact_formplugins\cf7.php:8

actioninitplugins\cf7.php:50

actionwpcf7_initplugins\cf7.php:51

actionwpcf7_initplugins\cf7.php:52

actionwpcf7_admin_initplugins\cf7.php:53

actionwpcf7_admin_initplugins\cf7.php:54

actionwpcf7_swv_create_schemaplugins\cf7.php:55

filterwpcf7_mail_tag_replaced_fileplugins\cf7.php:56

filterwpcf7_mail_tag_replaced_file*plugins\cf7.php:57

filterwpcf7_mail_componentsplugins\cf7.php:58

filterwpcf7_validate_dateplugins\cf7.php:203

filterwpcf7_validate_date*plugins\cf7.php:207

filterwpcf7_validate_fileplugins\cf7.php:211

filterwpcf7_validate_file*plugins\cf7.php:215

filterscf2acf_use_scf_uploaded_filesplugins\cf7.php:564

Scheduled Events 3

scf_generate_cron_deleting

scf_deleting_file

Maintenance & Trust

Simple Coherent Form Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedUnknown

PHP min version7.4

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs20

Alternatives

Simple Coherent Form Alternatives

Country & Phone Field Contact Form 7

country-phone-field-contact-form-7

100

Add country drop down with flags and phone number with country phone extension fields in contact form 7.

40K No CVEs

Gravity Booster – Styles & Layouts for Gravity Forms

styles-and-layouts-for-gravity-forms

100

Gravity Booster - Styles and Layouts for Gravity Forms plugin lets you design and style Gravity Forms without CSS coding. You can also use it for addi …

40K No CVEs

Styler Mate for Contact Form 7

cf7-styler-for-divi

100

Style and enhance Contact Form 7 for Divi, Bricks, Elementor, Gutenberg, and more.

30K No CVEs

Utimate Kit ( Styler ) for WPForms

styler-for-wpforms

100

Ultimate Kit for WPForms makes the task of designing WPForms an easy one.

30K No CVEs

Input Mask For Elementor Form Fields

mask-form-elementor

100

Apply input masks in Elementor form widget fields - phone, date, time, credit card, CPF, CNPJ, CEP & more for valid and error-free entries.

20K No CVEs

Developer Profile

Simple Coherent Form Developer Profile

Tom Baumgarten

5 plugins · 160 total installs

trust score

Avg Security Score

95/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Simple Coherent Form

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/simple-coherent-form/assets/css/scf-front.css/wp-content/plugins/simple-coherent-form/assets/js/scf-front.js/wp-content/plugins/simple-coherent-form/assets/js/datepicker.js

Script Paths

/wp-content/plugins/simple-coherent-form/assets/js/scf-front.js/wp-content/plugins/simple-coherent-form/assets/js/datepicker.js

Version Parameters

simple-coherent-form/assets/css/scf-front.css?ver=simple-coherent-form/assets/js/scf-front.js?ver=simple-coherent-form/assets/js/datepicker.js?ver=

HTML / DOM Fingerprints

CSS Classes

scf-datepickerscf-field-wrapper

Data Attributes

data-scf-fielddata-scf-typedata-scf-datepicker-options

JS Globals

scf_data

Shortcode Output

[simple-coherent-form]

FAQ