WP-Safety

Snow Monkey Forms Security & Risk Analysis

wordpress.org/plugins/snow-monkey-forms

The Snow Monkey Forms is a mail form plugin for the block editor.

20K active installs v12.0.6 PHP 7.4+ WP 6.8+ Updated Feb 26, 2026
blockblockseditorgutenberggutenberg-blocks
93
A · Safe
CVEs total2
Unpatched0
Last CVEJan 27, 2026
Download
Safety Verdict

Is Snow Monkey Forms Safe to Use in 2026?

Generally Safe

Score 93/100

Snow Monkey Forms has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Jan 27, 2026Updated 1mo ago
Risk Assessment

The "snow-monkey-forms" plugin v12.0.6 exhibits a generally good security posture based on the static analysis, with no critical or high-severity issues identified in the provided code signals. The absence of dangerous functions, the use of prepared statements for all SQL queries, and a high percentage of properly escaped output are positive indicators. The attack surface is also relatively small and appears to be protected by default, with no unprotected entry points found in the static analysis.

However, the plugin's vulnerability history raises significant concerns. The presence of two known CVEs, including one critical and one medium severity vulnerability, despite none being currently unpatched, suggests a recurring pattern of security weaknesses. The common vulnerability type being 'Improper Limitation of a Pathname to a Restricted Directory' indicates a potential for path traversal vulnerabilities, which can be serious if exploited. While the static analysis did not find any overt path traversal issues in this specific version, the historical context warrants caution.

In conclusion, while the current version shows improved code practices, the past critical vulnerability and the nature of historical issues suggest that the plugin may have inherent architectural weaknesses that have led to past exploits. Users should remain vigilant and ensure they are always running the latest patched version of the plugin to mitigate risks.

Key Concerns

  • Past critical unpatched CVE
  • Past medium unpatched CVE
  • 0 Nonce checks
  • 0 Capability checks
  • Output escaping below 100%
Vulnerabilities
2

Snow Monkey Forms Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

Critical
1
Medium
1

2 total CVEs

CVE-2026-1056critical · 9.8Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Snow Monkey Forms <= 12.0.3 - Unauthenticated Arbitrary File Deletion via Path Traversal

Jan 27, 2026 Patched in 12.0.4 (2d)
CVE-2023-28413medium · 5.3Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Snow Monkey Forms <= 5.1.1 - Directory Traversal via 'view' REST endpiont

May 8, 2023 Patched in 5.1.2 (260d)
Code Analysis
Analyzed Mar 16, 2026

Snow Monkey Forms Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
10
120 escaped
Nonce Checks
0
Capability Checks
0
File Operations
5
External Requests
2
Bundled Libraries
0

Output Escaping

92% escaped130 total outputs
Attack Surface

Snow Monkey Forms Attack Surface

Entry Points2
Unprotected0

REST API Routes 2

GET/wp-json/snow-monkey-form/v1/viewsnow-monkey-forms.php:176
POST/wp-json/snow-monkey-form/v1/viewsnow-monkey-forms.php:213
WordPress Hooks 24
filterwp_mail_fromApp\Model\Mailer.php:126
filterwp_mail_from_nameApp\Model\Mailer.php:127
actionadmin_initApp\Service\ReCaptcha\Controller\Controller.php:30
actionadmin_menuApp\Service\ReCaptcha\Controller\Controller.php:31
actionwp_enqueue_scriptsApp\Service\ReCaptcha\ReCaptcha.php:42
filtersnow_monkey_forms/spam/validateApp\Service\ReCaptcha\ReCaptcha.php:43
actionsnow_monkey_forms/form/appendApp\Service\ReCaptcha\ReCaptcha.php:44
actionadmin_initApp\Service\Turnstile\Controller\Controller.php:36
actionadmin_menuApp\Service\Turnstile\Controller\Controller.php:37
actionwp_enqueue_scriptsApp\Service\Turnstile\Turnstile.php:41
filtersnow_monkey_forms/spam/validateApp\Service\Turnstile\Turnstile.php:42
actionsnow_monkey_forms/form/prependApp\Service\Turnstile\Turnstile.php:47
actionsnow_monkey_forms/form/appendApp\Service\Turnstile\Turnstile.php:49
actionplugins_loadedsnow-monkey-forms.php:54
filterload_textdomain_mofilesnow-monkey-forms.php:61
actionrest_api_initsnow-monkey-forms.php:63
actioninitsnow-monkey-forms.php:64
actioninitsnow-monkey-forms.php:65
actioninitsnow-monkey-forms.php:66
actioninitsnow-monkey-forms.php:67
actionwp_enqueue_scriptssnow-monkey-forms.php:68
actionenqueue_block_assetssnow-monkey-forms.php:69
filterblock_categories_allsnow-monkey-forms.php:70
actiontemplate_redirectsnow-monkey-forms.php:72
Maintenance & Trust

Snow Monkey Forms Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 26, 2026
PHP min version7.4
Downloads386K

Community Trust

Rating100/100
Number of ratings5
Active installs20K
Alternatives

Snow Monkey Forms Alternatives

Spectra Gutenberg Blocks – Website Builder for the Block Editor

Spectra Gutenberg Blocks – Website Builder for the Block Editor

ultimate-addons-for-gutenberg

A
92

Power-up Gutenberg with advanced blocks for faster website creation. Build your WordPress website effortlessly using powerful building blocks!

1.0M 26 CVEs
Kadence Blocks — Page Builder Toolkit for Gutenberg Editor

Kadence Blocks — Page Builder Toolkit for Gutenberg Editor

kadence-blocks

A
86

20+ AI-powered Gutenberg Blocks with endless options, enabling top-notch efficiency for high-performance dynamic website creation.

600K 31 CVEs
Page Builder: Pagelayer – Drag and Drop website builder

Page Builder: Pagelayer – Drag and Drop website builder

pagelayer

A
88

The most advanced frontend drag & drop page builder. Pagelayer is a light weight but extremely powerful Website Builder.

400K 25 CVEs
Superb Addons: Blocks, Patterns & Theme Designer for the Block Editor & FSE

Superb Addons: Blocks, Patterns & Theme Designer for the Block Editor & FSE

superb-blocks

A
100

Create beautiful WordPress websites easily with 10+ blocks, 200+ patterns, 100+ pre-built pages, animations and Theme Designer. No coding needed!

80K No CVEs
GutenKit – Page Builder Blocks, Patterns, and Templates for Gutenberg Block Editor

GutenKit – Page Builder Blocks, Patterns, and Templates for Gutenberg Block Editor

gutenkit-blocks-addon

A
93

GutenKit – Ultimate no-code Gutenberg blocks to design stunning web pages and visually stunning posts in WordPress block editor.

70K 3 CVEs
Developer Profile

Snow Monkey Forms Developer Profile

Takashi Kitajima

11 plugins · 331K total installs

71
trust score
Avg Security Score
89/100
Avg Patch Time
122 days
View full developer profile
Detection Fingerprints

How We Detect Snow Monkey Forms

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/snow-monkey-forms/dist/js/app.js/wp-content/plugins/snow-monkey-forms/dist/css/fallback.css/wp-content/plugins/snow-monkey-forms/dist/css/app.css/wp-content/plugins/snow-monkey-forms/dist/css/editor.css
Script Paths
/wp-content/plugins/snow-monkey-forms/dist/js/app.js
Version Parameters
/wp-content/plugins/snow-monkey-forms/dist/js/app.js?ver=/wp-content/plugins/snow-monkey-forms/dist/css/fallback.css?ver=/wp-content/plugins/snow-monkey-forms/dist/css/app.css?ver=/wp-content/plugins/snow-monkey-forms/dist/css/editor.css?ver=

HTML / DOM Fingerprints

CSS Classes
wp-block-snow-monkey-forms-checkboxeswp-block-snow-monkey-forms-datewp-block-snow-monkey-forms-emailwp-block-snow-monkey-forms-filewp-block-snow-monkey-forms-form-inputwp-block-snow-monkey-forms-form-completewp-block-snow-monkey-forms-itemwp-block-snow-monkey-forms-month+5 more
Data Attributes
data-snow-monkey-forms-fielddata-snow-monkey-forms-input
JS Globals
snowmonkeyforms
REST Endpoints
/snow-monkey-form/v1/view
FAQ

Frequently Asked Questions about Snow Monkey Forms