Tectite Forms Security & Risk Analysis

wordpress.org/plugins/tectite-forms

Install a secure anti-spam form. Use our sample forms or easily design your own form.

20 active installs v1.3 PHP + WP 3.4+ Updated Mar 31, 2019
anti-spam-formcontact-formemailfeedbackform
63
C · Use Caution
CVEs total1
Unpatched1
Last CVEJun 1, 2026
Safety Verdict

Is Tectite Forms Safe to Use in 2026?

Use With Caution

Score 63/100

Tectite Forms has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Jun 1, 2026Updated 7yr ago
Risk Assessment

The static analysis of tectite-forms v1.3 reveals a seemingly strong security posture at first glance, with no identified entry points, dangerous functions, or external HTTP requests. The use of prepared statements for all SQL queries is a positive indicator of secure database interaction. However, the analysis also flags significant concerns. Notably, 100% of the identified outputs are not properly escaped, posing a high risk of Cross-Site Scripting (XSS) vulnerabilities. The presence of file operations without further context also warrants caution.

The vulnerability history for this plugin is entirely clean, with no recorded CVEs. This, combined with the lack of identified critical or high-severity issues in the static analysis, might suggest a history of secure development. However, the critical finding of unescaped output significantly undermines this positive outlook. The absence of nonce and capability checks on the identified entry points (though none were found) is a potential weakness that could become exploitable if entry points are introduced or discovered later.

In conclusion, while tectite-forms v1.3 benefits from the absence of known vulnerabilities and secure SQL practices, the universal lack of output escaping presents a substantial and immediate risk. The plugin's security is compromised by this fundamental oversight, making it vulnerable to XSS attacks despite a clean record and limited attack surface in other areas. Further investigation into the nature of the file operations is also recommended.

Key Concerns

  • Unescaped output detected
  • File operations present without further context
  • No nonce checks on identified entry points
  • No capability checks on identified entry points
Vulnerabilities
1 published

Tectite Forms Security Vulnerabilities

CVEs by Year

1 CVE in 2026 · unpatched
2026
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2026-9599medium · 4.3Cross-Site Request Forgery (CSRF)

Tectite Forms <= 1.3 - Cross-Site Request Forgery to Settings Update

Jun 1, 2026Unpatched
Version History

Tectite Forms Release Timeline

v1.3Current1 CVE
v1.21 CVE
v1.11 CVE
Code Analysis
Analyzed Mar 16, 2026

Tectite Forms Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
3
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
3
External Requests
0
Bundled Libraries
0

Output Escaping

0% escaped3 total outputs
Attack Surface

Tectite Forms Attack Surface

Entry Points0
Unprotected0
Maintenance & Trust

Tectite Forms Maintenance & Trust

Maintenance Signals

WordPress version tested5.1.22
Last updatedMar 31, 2019
PHP min version
Downloads6K

Community Trust

Rating0/100
Number of ratings0
Active installs20
Developer Profile

Tectite Forms Developer Profile

russellr

1 plugin · 20 total installs

68
trust score
Avg Security Score
63/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Tectite Forms

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/tectite-forms/css/adminstyles.css/wp-content/plugins/tectite-forms/css/styles.css/wp-content/plugins/tectite-forms/css/formdesigneruser.css/wp-content/plugins/tectite-forms/js/admin.js/wp-content/plugins/tectite-forms/js/formval.js
Script Paths
/wp-content/plugins/tectite-forms/js/admin.js/wp-content/plugins/tectite-forms/js/formval.js
Version Parameters
tectite-forms/css/formdesigneruser.css?ver=9tectite-forms/js/formval.js?ver=7

HTML / DOM Fingerprints

CSS Classes
TectiteFormerror
JS Globals
tectite_form_environ
Shortcode Output
[tectiteform=
FAQ

Frequently Asked Questions about Tectite Forms