Does Supple Forms have any unpatched vulnerabilities?

No. All known vulnerabilities in Supple Forms have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Supple Forms compatible with WordPress 2.7.1?

According to WordPress.org data, Supple Forms 0.1.62 has been tested up to WordPress 2.7.1. Check the plugin's changelog for the latest compatibility information.

How often is Supple Forms updated?

Supple Forms was last updated on Mar 8, 2009. Frequent updates are generally a positive security signal.

What is Supple Forms's security score?

Supple Forms has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Supple Forms Security & Risk Analysis

wordpress.org/plugins/supple-forms

Supple Forms - a CMS plugin for WordPress to create custom write panels, and format and insert values into Posts.

10 active installs v0.1.62 PHP + WP 2.5+ Updated Mar 8, 2009

cmscustom-fieldscustom-write-panelformsshortcode

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Supple Forms Safe to Use in 2026?

Generally Safe

Score 85/100

Supple Forms has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 17yr ago

Risk Assessment

The supple-forms plugin v0.1.62 exhibits a mixed security posture. While it boasts no known CVEs and a generally low number of entry points, several concerning code signals warrant attention. The high percentage of flows with unsanitized paths, particularly those flagged as high severity in taint analysis, suggests potential for vulnerabilities if user input is not handled rigorously. Additionally, the extremely low rate of properly escaped output (2%) is a significant concern, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities.

The plugin's lack of documented vulnerabilities is a positive sign, suggesting either a history of secure development or a lack of widespread testing. However, the static analysis reveals underlying weaknesses that could lead to exploitable issues. The presence of numerous SQL queries (48) with only 79% using prepared statements also introduces a minor risk of SQL injection, though the taint analysis didn't flag these specifically. The strong use of nonce and capability checks on its limited entry points is a positive practice.

In conclusion, while the plugin has a clean vulnerability history and good intentions regarding authentication and nonces, the identified issues with unsanitized paths and especially output escaping pose considerable risks. These factors, if left unaddressed, could significantly undermine the plugin's security.

Key Concerns

High percentage of unsanitized paths in taint analysis
Very low rate of properly escaped output
SQL queries not using prepared statements
High severity taint flows identified

Vulnerabilities

None known

Supple Forms Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Supple Forms Code Analysis

Dangerous Functions

Raw SQL Queries

38 prepared

Unescaped Output

1 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

79% prepared48 total queries

Output Escaping

2% escaped41 total outputs

Data Flows

7 unsanitized

Data Flow Analysis

8 flows7 with unsanitized paths

printEditFieldsPage (supple-admin.php:490)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Supple Forms Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[supple] supple-forms.php:659

WordPress Hooks 7

actionadmin_print_scriptssupple-forms.php:662

actionadmin_menusupple-forms.php:665

actionactivate_supple-forms/supple-forms.phpsupple-forms.php:669

actionadmin_noticessupple-forms.php:672

actionadmin_menusupple-forms.php:676

actionsave_postsupple-forms.php:680

actionadmin_headsupple-forms.php:683

Maintenance & Trust

Supple Forms Maintenance & Trust

Maintenance Signals

WordPress version tested2.7.1

Last updatedMar 8, 2009

PHP min version

Downloads17K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Supple Forms Alternatives

Conditional Custom Fields Shortcode

conditional-custom-fields-shortcode

Use custom field values in you pages or posts. With conditional supports which enables basic templating with custom fields.

20 No CVEs

Advanced Custom Fields: Gravity Forms Add-on

acf-gravityforms-add-on

100

Provides an Advanced Custom Field which allows a WordPress user to select a Gravity Form as part of a field group configuration.

30K No CVEs

Custom Shortcodes

custom-shortcodes

Manage custom fields using the insert shortcodes or HTML comment in text of post.

6K No CVEs

Get Custom Field Values

get-custom-field-values

Use widgets, shortcodes, and/or template tags to easily retrieve and display custom field values for posts or pages.

1K 4 CVEs

Blog-in-Blog

blog-in-blog

This plugin shows posts from a category on any page you like using shortcodes. Create multiple blogs within a blog using a category.

900 2 CVEs

Developer Profile

Supple Forms Developer Profile

Byron

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Supple Forms

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/supple-forms/css/ui.core.css/wp-content/plugins/supple-forms/css/ui.datepicker.css/wp-content/plugins/supple-forms/js/ui.datepicker.js/wp-content/plugins/supple-forms/js/supple-admin.js

Script Paths

wp-content/plugins/supple-forms/js/ui.datepicker.jswp-content/plugins/supple-forms/js/supple-admin.js

HTML / DOM Fingerprints

CSS Classes

supple-forms

FAQ