Sliced Invoices & Formidable Forms Security & Risk Analysis
wordpress.org/plugins/sliced-invoices-formidable-formsCreate an invoice or quote request form using Formidable Forms Or Formidable Forms Pro. Each form entry then creates a quote (or an invoice) using the …
Is Sliced Invoices & Formidable Forms Safe to Use in 2026?
Generally Safe
Score 85/100Sliced Invoices & Formidable Forms has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "sliced-invoices-formidable-forms" plugin v1.0.2 exhibits a concerning security posture due to its limited attack surface being entirely unprotected. Both AJAX handlers lack authentication checks, creating a significant entry point for malicious actors. While the static analysis did not reveal dangerous functions, raw SQL queries, or critical taint flows, the high percentage of improperly escaped output (68%) suggests a risk of Cross-Site Scripting (XSS) vulnerabilities. The complete absence of nonce checks and capability checks further exacerbates these risks, as there are no mechanisms to verify user intent or permissions for these unprotected entry points. The plugin's vulnerability history is clean, with no recorded CVEs. This could indicate either a well-developed plugin or that it hasn't been extensively targeted or audited. However, relying solely on this history is imprudent given the identified code weaknesses. The strengths lie in the absence of file operations, external HTTP requests, and the fact that a majority of SQL queries use prepared statements. Nevertheless, the unprotected AJAX handlers and poor output escaping present immediate and actionable security concerns.
Key Concerns
- AJAX handlers without authentication
- High percentage of unescaped output
- No nonce checks
- No capability checks
Sliced Invoices & Formidable Forms Security Vulnerabilities
Sliced Invoices & Formidable Forms Code Analysis
SQL Query Safety
Output Escaping
Sliced Invoices & Formidable Forms Attack Surface
AJAX Handlers 2
WordPress Hooks 7
Maintenance & Trust
Sliced Invoices & Formidable Forms Maintenance & Trust
Maintenance Signals
Community Trust
Sliced Invoices & Formidable Forms Alternatives
WP Contact Slider – Contact Form Slider Widget
wp-contact-slider
Helps you to show slide out contact form to display CF7, Gravity forms, Ninja Forms, WP Forms, display random text/HTML and support some other forms.
BSK Forms Blacklist
bsk-gravityforms-blacklist
Checks field content and block submitting base on your keywords. Blocking IP, Country is only supported in the Pro version.
Formidable Forms Signature Online Contract Automation
forms-signature-formidable-online-contract-automation
Instantly produce a legally enforceable & court recognized contract from a Formidable Forms submission. Legal contracts. UETA/ESIGN Compliant.
Formidable Forms + Sprout Invoices – Easy Invoice & Estimate Submissions
sprout-invoices-formidable-forms
Dynamic invoicing (and estimates/quotes) from Formidable Form submissions.
WP Mautic Form Integrator
wp-mautic-form-integrator
Mautic is a marketing automation software and WP Mautic Form Integrator plugin is a bridge between Mautic and several highly used form plugins.
Sliced Invoices & Formidable Forms Developer Profile
4 plugins · 5K total installs
How We Detect Sliced Invoices & Formidable Forms
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/sliced-invoices-formidable-forms/assets/css/sliced-ff-style.css/wp-content/plugins/sliced-invoices-formidable-forms/assets/js/sliced-ff-custom.js/wp-content/plugins/sliced-invoices-formidable-forms/assets/js/sliced-ff-custom.jssliced-invoices-formidable-forms/assets/css/sliced-ff-style.css?ver=sliced-invoices-formidable-forms/assets/js/sliced-ff-custom.js?ver=HTML / DOM Fingerprints
name="sliced_ff_type"window.SIFF