Does Smart Forms for Contractors have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Smart Forms for Contractors compatible with WordPress 6.9.4?

According to WordPress.org data, Smart Forms for Contractors 1.2.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Smart Forms for Contractors compatible with PHP 7.4+?

Smart Forms for Contractors requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Smart Forms for Contractors updated?

Smart Forms for Contractors was last updated on Apr 5, 2026. Frequent updates are generally a positive security signal.

What is Smart Forms for Contractors's security score?

Smart Forms for Contractors has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Smart Forms for Contractors Security & Risk Analysis

wordpress.org/plugins/smart-forms-for-contractors

Capture leads, generate quotes, and manage jobs — all from one form. Built specifically for contractors.

0 active installs v1.2.0 PHP 7.4+ WP 5.5+ Updated Apr 5, 2026

contact-formcrmestimate-formlead-generationquote-form

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Smart Forms for Contractors Safe to Use in 2026?

Generally Safe

Score 100/100

Smart Forms for Contractors has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The "smart-forms-for-contractors" plugin v1.2.0 exhibits a generally strong security posture, with notable strengths in its handling of SQL queries and output escaping. The complete absence of raw SQL queries and the 100% proper escaping of all output are excellent security practices. Furthermore, the plugin demonstrates good security awareness by implementing nonce and capability checks on its entry points, and the lack of file operations or external HTTP requests reduces potential attack vectors. The vulnerability history is also a significant positive, showing no recorded CVEs, which suggests a mature and well-maintained codebase. However, a minor concern arises from the taint analysis, which identified 3 flows with unsanitized paths. While these are not classified as critical or high severity in this analysis, they represent potential areas for attackers to exploit if further vulnerabilities exist or if the plugin's usage patterns change. The presence of unsanitized paths, even without immediate critical impact, warrants careful monitoring and potential refinement in future versions.

Key Concerns

Flows with unsanitized paths found

Vulnerabilities

None known

Smart Forms for Contractors Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Smart Forms for Contractors Release Timeline

No version history available.

Code Analysis

Analyzed Apr 16, 2026

Smart Forms for Contractors Code Analysis

Dangerous Functions

Raw SQL Queries

14 prepared

Unescaped Output

548 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared14 total queries

Output Escaping

100% escaped549 total outputs

Data Flows · Security

3 unsanitized

Data Flow Analysis

5 flows3 with unsanitized paths

render_forms_page (includes/class-admin.php:329)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Smart Forms for Contractors Attack Surface

Entry Points6

Unprotected0

AJAX Handlers 5

authwp_ajax_sfco_update_lead_statusincludes/class-admin.php:18

authwp_ajax_sfco_delete_leadincludes/class-admin.php:19

authwp_ajax_sfco_send_test_emailincludes/class-admin.php:20

authwp_ajax_sfco_submitincludes/class-form-handler.php:13

noprivwp_ajax_sfco_submitincludes/class-form-handler.php:14

Shortcodes 1

[sfco_quote] includes/class-shortcode.php:13

WordPress Hooks 6

actionadmin_menuincludes/class-admin.php:13

actionadmin_enqueue_scriptsincludes/class-admin.php:14

actionadmin_initincludes/class-admin.php:15

actionplugins_loadedsmart-forms-for-contractors.php:57

actionplugins_loadedsmart-forms-for-contractors.php:58

actionwp_enqueue_scriptssmart-forms-for-contractors.php:59

Maintenance & Trust

Smart Forms for Contractors Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedApr 5, 2026

PHP min version7.4

Downloads19

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Smart Forms for Contractors Alternatives

Lead Sync – WPForms to Jetpack CRM

sync-wpforms-jetcrm

100

Seamlessly sync WPForms submissions to Jetpack CRM. Automate lead capture with smart field mapping, retry logic, and per-form controls.

30 No CVEs

Form for Capsule CRM

form-capsule-crm

Easily integrate lead capture forms for Capsule CRM into your WordPress site using a simple shortcode.

0 No CVEs

LeadMachine Connector

leadmachine-connector

100

Connect your WordPress site to LeadMachine to capture and manage leads seamlessly. Supports native forms and Gravity Forms.

0 No CVEs

Lead Sync – Divi 5 to Jetpack CRM

sync-divi-jetcrm

100

Automatically sync Divi 5 Contact Form submissions to Jetpack CRM as leads. Streamline your lead generation and customer management.

0 No CVEs

Taiwan Web Designs Quote Popup

taiwanweb-quote-popup

100

A powerful multi-step popup form to capture leads and quotes. Easy setup, beautiful design, CSV export for email marketing.

0 No CVEs

Developer Profile

Smart Forms for Contractors Developer Profile

tagglefish

1 plugin · 0 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Smart Forms for Contractors

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/smart-forms-for-contractors/assets/css/frontend.css/wp-content/plugins/smart-forms-for-contractors/assets/js/frontend.js

Script Paths

/wp-content/plugins/smart-forms-for-contractors/assets/js/frontend.js

Version Parameters

smart-forms-for-contractors/assets/css/frontend.css?ver=smart-forms-for-contractors/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

sfco-form

Data Attributes

data-sfco-form-id

JS Globals

sfcoData

Shortcode Output

[smart_form id=

FAQ

Smart Forms for Contractors Security & Risk Analysis

Is Smart Forms for Contractors Safe to Use in 2026?

Generally Safe

Key Concerns

Smart Forms for Contractors Security Vulnerabilities

Smart Forms for Contractors Release Timeline

Smart Forms for Contractors Code Analysis

SQL Query Safety

Output Escaping

Data Flow Analysis

Smart Forms for Contractors Attack Surface

AJAX Handlers 5

Shortcodes 1

Smart Forms for Contractors Maintenance & Trust

Maintenance Signals

Community Trust

Smart Forms for Contractors Alternatives

Lead Sync – WPForms to Jetpack CRM

Form for Capsule CRM

LeadMachine Connector

Lead Sync – Divi 5 to Jetpack CRM

Taiwan Web Designs Quote Popup

Smart Forms for Contractors Developer Profile

How We Detect Smart Forms for Contractors

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Smart Forms for Contractors