Does Ultra Addons for WPForms have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Ultra Addons for WPForms compatible with WordPress 6.9.4?

According to WordPress.org data, Ultra Addons for WPForms 1.0.16 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Ultra Addons for WPForms compatible with PHP 7.4+?

Ultra Addons for WPForms requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Ultra Addons for WPForms updated?

Ultra Addons for WPForms was last updated on Apr 7, 2026. Frequent updates are generally a positive security signal.

What is Ultra Addons for WPForms's security score?

Ultra Addons for WPForms has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Ultra Addons for WPForms Security & Risk Analysis

wordpress.org/plugins/ultra-addons-for-wpforms

25+ Essential Addons for WPForms - Conditional Fields, Multi Step, Redirection, Columns, Repeater, Webhooks, Zapier & more

30 active installs v1.0.16 PHP 7.4+ WP 5.5+ Updated Apr 7, 2026

contact-formcustom-formform-builderformswpforms

A · Safe

CVEs total1

Unpatched0

Last CVEApr 16, 2026

Plugin page Download

Safety Verdict

Is Ultra Addons for WPForms Safe to Use in 2026?

Generally Safe

Score 99/100

Ultra Addons for WPForms has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Apr 16, 2026Updated 1mo ago

Risk Assessment

The plugin 'ultra-addons-for-wpforms' v1.0.13 exhibits a generally good security posture, with a high percentage of SQL queries using prepared statements and properly escaped output. The plugin also demonstrates robust use of nonces and capability checks across its functionality. However, a significant concern lies in the presence of 4 AJAX handlers that lack authentication checks, presenting a direct attack vector for unauthorized actions. Additionally, the use of the `unserialize` function three times, while not immediately critical given the static analysis results, warrants caution as it can be a vector for deserialization vulnerabilities if user-controlled data is passed to it without proper validation. The lack of any recorded CVEs or past vulnerabilities is a positive indicator, suggesting diligent development practices or limited exposure. Overall, the plugin is well-developed with strong adherence to secure coding practices, but the unprotected AJAX endpoints and potential for deserialization vulnerabilities introduce a measurable risk that needs to be addressed.

Key Concerns

Unprotected AJAX handlers
Dangerous function: unserialize

Vulnerabilities

1 published

Ultra Addons for WPForms Security Vulnerabilities

CVEs by Year

1 CVE in 2026

2026

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2026-39594medium · 4.3Missing Authorization

Ultra Addons for WPForms <= 1.0.11 - Missing Authorization

Apr 16, 2026 Patched in 1.0.12 (6d)

Version History

Ultra Addons for WPForms Release Timeline

v1.0.16Current

v1.0.15

v1.0.14

v1.0.13

v1.0.12

v1.0.111 CVE

v1.0.101 CVE

v1.0.91 CVE

v1.0.81 CVE

v1.0.71 CVE

v1.0.61 CVE

v1.0.51 CVE

v1.0.41 CVE

v1.0.31 CVE

v1.0.21 CVE

v1.0.11 CVE

v1.0.01 CVE

Code Analysis

Analyzed Mar 16, 2026

Ultra Addons for WPForms Code Analysis

Dangerous Functions

Raw SQL Queries

10 prepared

Unescaped Output

144

1067 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$mapdata = unserialize( $mapdata );app\Admin\Options\fields\map\ULTRAWPF_map.php:18

unserialize$data = unserialize( $ultrawpf_rep_value );app\Admin\Options\fields\repeater\ULTRAWPF_repeater.php:26

unserialize$data = ( ! is_array( $this->value ) ) ? unserialize( $this->value ) : $this->value;app\Admin\Options\fields\tab\ULTRAWPF_tab.php:44

Bundled Libraries

DataTablesSelect2

SQL Query Safety

91% prepared11 total queries

Output Escaping

88% escaped1211 total outputs

Data Flows · Security

2 unsanitized

Data Flow Analysis

12 flows2 with unsanitized paths

maybe_handle_oauth_redirect (app\Addons\GoogleSheets\Provider\Account.php:17)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

4 unprotected

Ultra Addons for WPForms Attack Surface

Entry Points16

Unprotected4

AJAX Handlers 16

authwp_ajax_ultrawpfdb_get_table_dataapp\Addons\Database\ULTRAWPF_Database.php:23

authwp_ajax_ultrawpfdb_mark_all_data_as_readapp\Addons\Database\ULTRAWPF_Database.php:24

authwp_ajax_ultrawpfdb_delete_all_dataapp\Addons\Database\ULTRAWPF_Database.php:25

authwp_ajax_ultrawpfdb_view_table_dataapp\Addons\Database\ULTRAWPF_Database.php:28

authwp_ajax_ultrawpfdb_deleted_table_datasapp\Addons\Database\ULTRAWPF_Database.php:30

authwp_ajax_ultrawpf_ajax_database_export_csvapp\Addons\Database\ULTRAWPF_Database.php:32

authwp_ajax_uawpf_google_sheets_get_auth_urlapp\Addons\GoogleSheets\Provider\Settings\PageIntegrations.php:28

authwp_ajax_uawpf_hubspot_popup_oauthapp\Addons\Hubspot\Includes\Provider\Account.php:13

authwp_ajax_ultrawpf_options_saveapp\Admin\Options\Classes\ULTRAWPF_Settings.php:39

authwp_ajax_ultrawpf_themefic_manage_pluginapp\Admin\Options\Classes\ULTRAWPF_Settings.php:41

authwp_ajax_ultrawpf_option_importapp\Admin\Options\ULTRAWPF_Options.php:48

authwp_ajax_tf_black_friday_notice_dismiss_callbackapp\Includes\PromoNotice.php:76

authwp_ajax_uawpf_promo_side_notice_dismiss_callbackapp\Includes\PromoNotice.php:97

authwp_ajax_uawpf_dashboard_widget_dismissapp\Includes\PromoNotice.php:112

authwp_ajax_ultrawpf_onclick_ajax_activate_pluginapp\Includes\SetupWizard.php:36

authwp_ajax_wpform_ajax_install_pluginapp\Includes\SetupWizard.php:39

WordPress Hooks 108

actioninitapp\Addons\AdvancedPhone\AdvancedPhone.php:13

filterultrawpf_settings_optionsapp\Addons\AdvancedPhone\AdvancedPhone.php:14

actionwp_headapp\Addons\AdvancedPhone\AdvancedPhone.php:15

filterwpforms_field_properties_uawpf_phoneapp\Addons\AdvancedPhone\Includes\AdvancedPhoneFiled.php:19

actionwpforms_builder_enqueuesapp\Addons\AdvancedPhone\Includes\AdvancedPhoneFiled.php:20

actionwpforms_frontend_cssapp\Addons\AdvancedPhone\Includes\AdvancedPhoneFiled.php:21

actionwpforms_frontend_jsapp\Addons\AdvancedPhone\Includes\AdvancedPhoneFiled.php:22

actionadmin_menuapp\Addons\Database\ULTRAWPF_Database.php:12

actionadmin_enqueue_scriptsapp\Addons\Database\ULTRAWPF_Database.php:13

actionadmin_initapp\Addons\Database\ULTRAWPF_Database.php:15

actioninitapp\Addons\Database\ULTRAWPF_Database.php:17

actionwpforms_process_entry_saveapp\Addons\Database\ULTRAWPF_Database.php:21

actionadmin_menuapp\Addons\Database\ULTRAWPF_Database.php:34

actioninitapp\Addons\DateTime\DateTime.php:14

actionwpforms_builder_enqueuesapp\Addons\DateTime\DateTime.php:15

filterwpforms_builder_field_option_classapp\Addons\DateTime\Includes\DateTimeField.php:57

actionwpforms_frontend_cssapp\Addons\DateTime\Includes\DateTimeField.php:62

actionwpforms_frontend_jsapp\Addons\DateTime\Includes\DateTimeField.php:63

filterwpforms_frontend_stringsapp\Addons\DateTime\Includes\DateTimeField.php:64

actionwpforms_process_entry_saveapp\Addons\FileUpload\Includes\Move_Upload.php:25

filterwpforms_get_form_fields_allowedapp\Addons\FileUpload\Includes\Upload_File_Field.php:32

actionwpforms_ajax_submit_before_processingapp\Addons\FileUpload\Includes\Upload_File_Field.php:33

filterwpforms_emails_send_email_dataapp\Addons\FileUpload\Includes\Upload_File_Field.php:34

actioninitapp\Addons\FileUpload\ULTRAWPF_File_Upload.php:14

actioninitapp\Addons\FileUpload\ULTRAWPF_File_Upload.php:15

actionadmin_enqueue_scriptsapp\Addons\FileUpload\ULTRAWPF_File_Upload.php:16

actionwp_enqueue_scriptsapp\Addons\FileUpload\ULTRAWPF_File_Upload.php:17

actioninitapp\Addons\GoogleSheets\GoogleSheets.php:27

actionwpforms_builder_enqueuesapp\Addons\GoogleSheets\GoogleSheets.php:28

filterwpforms_builder_settings_sectionsapp\Addons\GoogleSheets\GoogleSheets.php:87

actionwpforms_form_settings_panel_contentapp\Addons\GoogleSheets\GoogleSheets.php:88

actionadmin_initapp\Addons\GoogleSheets\Provider\Account.php:13

filterwpforms_save_form_argsapp\Addons\GoogleSheets\Provider\Settings\FormBuilder.php:34

filterwpforms_providers_status_is_connectedapp\Addons\GoogleSheets\Provider\Settings\FormBuilder.php:35

actionadmin_enqueue_scriptsapp\Addons\GoogleSheets\Provider\Settings\PageIntegrations.php:34

actionwpforms_admin_stringsapp\Addons\GoogleSheets\Provider\Settings\PageIntegrations.php:35

filterwpforms_helpers_templates_include_html_locatedapp\Addons\GoogleSheets\Provider\Template.php:18

actioninitapp\Addons\Hubspot\Hubspot.php:27

actionwpforms_builder_enqueuesapp\Addons\Hubspot\Hubspot.php:28

actionwpforms_settings_enqueueapp\Addons\Hubspot\Hubspot.php:29

filterwpforms_save_form_argsapp\Addons\Hubspot\Includes\Provider\Settings\FormBuilder.php:37

filterwpforms_builder_save_form_response_dataapp\Addons\Hubspot\Includes\Provider\Settings\FormBuilder.php:39

filterwpforms_helpers_templates_include_html_locatedapp\Addons\Hubspot\Includes\Provider\Template.php:13

actioninitapp\Addons\Mailchimp\Mailchimp.php:23

actionwpforms_builder_enqueuesapp\Addons\Mailchimp\Mailchimp.php:24

filterwpforms_save_form_argsapp\Addons\Mailchimp\Provider\Settings\FormBuilder.php:51

filterwpforms_helpers_templates_include_html_locatedapp\Addons\Mailchimp\Provider\Template.php:18

filterwpforms_frontend_form_dataapp\Addons\Multistep\Includes\MultistepField.php:33

actionwpforms_frontend_outputapp\Addons\Multistep\Includes\MultistepField.php:36

actionwpforms_display_fields_beforeapp\Addons\Multistep\Includes\MultistepField.php:37

actionwpforms_display_field_afterapp\Addons\Multistep\Includes\MultistepField.php:38

actionwpforms_display_fields_afterapp\Addons\Multistep\Includes\MultistepField.php:39

actionwpforms_processapp\Addons\Multistep\Includes\MultistepField.php:40

actionwpforms_frontend_cssapp\Addons\Multistep\Includes\MultistepField.php:42

actionwpforms_frontend_jsapp\Addons\Multistep\Includes\MultistepField.php:43

actioninitapp\Addons\Multistep\Multistep.php:15

actionwpforms_builder_enqueuesapp\Addons\Multistep\Multistep.php:16

filterwpforms_entry_single_dataapp\Addons\Multistep\Multistep.php:17

actioninitapp\Addons\Password\Password.php:13

actionwpforms_frontend_jsapp\Addons\Repeater\Includes\Repeater_End.php:24

actionwpforms_frontend_cssapp\Addons\Repeater\Includes\Repeater_End.php:25

filterwpforms_process_before_form_dataapp\Addons\Repeater\Includes\Repeater_End.php:26

actioninitapp\Addons\Repeater\Repeater.php:16

actionwpforms_builder_enqueuesapp\Addons\Repeater\Repeater.php:17

filterwpforms_entry_single_dataapp\Addons\Repeater\Repeater.php:18

filterwpforms_field_properties_uawpf-richtextapp\Addons\RichText\Includes\RichTextField.php:30

filterwpforms_process_format_fieldapp\Addons\RichText\Includes\RichTextField.php:31

actionwpforms_frontend_cssapp\Addons\RichText\Includes\RichTextField.php:32

actionwpforms_frontend_jsapp\Addons\RichText\Includes\RichTextField.php:33

actioninitapp\Addons\RichText\RichText.php:14

actionwpforms_builder_enqueuesapp\Addons\RichText\RichText.php:15

actionwpforms_frontend_jsapp\Addons\WebsiteUrl\Includes\WebsiteUrlField.php:21

actioninitapp\Addons\WebsiteUrl\WebsiteUrl.php:14

actionadmin_menuapp\Admin\Menu\ULTRAWPF_Menu.php:11

actionadmin_menuapp\Admin\Options\Classes\ULTRAWPF_Settings.php:33

actionadmin_initapp\Admin\Options\Classes\ULTRAWPF_Settings.php:36

actionadmin_footerapp\Admin\Options\fields\icon\ULTRAWPF_icon.php:14

actioninitapp\Admin\Options\ULTRAWPF_Options.php:42

actionadmin_enqueue_scriptsapp\Admin\Options\ULTRAWPF_Options.php:44

actionadmin_enqueue_scriptsapp\Admin\Options\ULTRAWPF_Options.php:45

actionadmin_noticesapp\Admin\ULTRAWPF_Admin.php:26

filterultrawpf_settingsapp\Helpers\helpers.php:7

filterwpforms_builder_fields_buttonsapp\Helpers\helpers.php:49

filterwpforms_builder_fields_buttonsapp\Helpers\helpers.php:63

actionadmin_menuapp\Helpers\helpers.php:87

filterwpforms_builder_field_button_attributesapp\Helpers\helpers.php:116

actionadmin_menuapp\Helpers\helpers.php:151

actionadmin_menuapp\Includes\Changelog.php:27

actionin_admin_headerapp\Includes\Changelog.php:28

actionadmin_menuapp\Includes\GetHelp.php:26

actionin_admin_headerapp\Includes\GetHelp.php:27

filtercron_schedulesapp\Includes\PromoNotice.php:58

actionuawpf_promo__scheduleapp\Includes\PromoNotice.php:64

actionadmin_noticesapp\Includes\PromoNotice.php:75

actionuawpf_sidebar_promo_bannerapp\Includes\PromoNotice.php:96

actioninitapp\Includes\PromoNotice.php:111

actionwp_dashboard_setupapp\Includes\PromoNotice.php:125

actionadmin_menuapp\Includes\SetupWizard.php:33

filterultrawpf_settings_optionsapp\Includes\SetupWizard.php:34

actionadmin_initapp\Includes\SetupWizard.php:35

actionin_admin_headerapp\Includes\SetupWizard.php:37

actioninitultra-addons-for-wpforms.php:46

actionadmin_enqueue_scriptsultra-addons-for-wpforms.php:51

actionwpforms_builder_enqueuesultra-addons-for-wpforms.php:52

actionplugins_loadedultra-addons-for-wpforms.php:54

actionadmin_enqueue_scriptsultra-addons-for-wpforms.php:57

actionadmin_enqueue_scriptsultra-addons-for-wpforms.php:94

actionwp_enqueue_scriptsultra-addons-for-wpforms.php:95

Scheduled Events 1

uawpf_promo__schedule

Maintenance & Trust

Ultra Addons for WPForms Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedApr 7, 2026

PHP min version7.4

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs30

Alternatives

Ultra Addons for WPForms Alternatives

Origami For Contact Form 7 – Visual Form Progress

origami-for-contact-form-7

Tired of boring forms? Enhance your Contact Form 7 with interactive origami animations, making form-filling fun and engaging!

0 No CVEs

WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More

wpforms-lite

The best WordPress contact form plugin. Drag & Drop form builder to create beautiful contact forms, payment forms, & other custom forms.

6.0M 16 CVEs

Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder

fluentform

Get a fast contact form plugin. Create advanced forms using drag and drop form builder with all smart features.

700K 33 CVEs

SureForms – Contact Form, Payment Form & Other Custom Form Builder

sureforms

The most beginner-friendly AI Form Builder for WordPress. Create contact, payment, quiz & custom forms with advanced features in minutes.

500K 16 CVEs

Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder

everest-forms

The best WordPress form builder. Create contact forms, payment forms, conversational forms, custom forms, surveys, & quizzes using drag and drop.

100K 15 CVEs

Developer Profile

Ultra Addons for WPForms Developer Profile

Themefic

11 plugins · 97K total installs

trust score

Avg Security Score

93/100

Avg Patch Time

85 days

View full developer profile

Detection Fingerprints

How We Detect Ultra Addons for WPForms

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/ultra-addons-for-wpforms/assets/admin/css/ultrawpf-admin-form-builder.css/wp-content/plugins/ultra-addons-for-wpforms/assets/admin/css/ultrawpf-admin.min.css/wp-content/plugins/ultra-addons-for-wpforms/assets/admin/css/ultrawpf-admin-custom.css/wp-content/plugins/ultra-addons-for-wpforms/assets/admin/js/admin-script.min.js/wp-content/plugins/ultra-addons-for-wpforms/assets/admin/js/setup-wizard.min.js/wp-content/plugins/ultra-addons-for-wpforms/assets/app/libs/notyf/notyf.min.css/wp-content/plugins/ultra-addons-for-wpforms/assets/app/libs/notyf/notyf.min.js/wp-content/plugins/ultra-addons-for-wpforms/assets/public/css/ultrawpf-public.css

Script Paths

/wp-content/plugins/ultra-addons-for-wpforms/assets/admin/js/admin-script.min.js/wp-content/plugins/ultra-addons-for-wpforms/assets/admin/js/setup-wizard.min.js/wp-content/plugins/ultra-addons-for-wpforms/assets/app/libs/notyf/notyf.min.js

Version Parameters

ultra-addons-for-wpforms/assets/admin/css/ultrawpf-admin-form-builder.css?ver=ultra-addons-for-wpforms/assets/admin/css/ultrawpf-admin.min.css?ver=ultra-addons-for-wpforms/assets/admin/css/ultrawpf-admin-custom.css?ver=ultra-addons-for-wpforms/assets/admin/js/admin-script.min.js?ver=ultra-addons-for-wpforms/assets/admin/js/setup-wizard.min.js?ver=ultra-addons-for-wpforms/assets/app/libs/notyf/notyf.min.css?ver=ultra-addons-for-wpforms/assets/app/libs/notyf/notyf.min.js?ver=ultra-addons-for-wpforms/assets/public/css/ultrawpf-public.css?ver=

HTML / DOM Fingerprints

CSS Classes

ultrawpf-admin-styleultrawpf-admin-custom-styleultrawpf-frontend-styleultrawpf-admin-form-builder

JS Globals

ultrawpf_optionsultrawpf_admin_dataultrawpf_admin_params

FAQ

Ultra Addons for WPForms Security & Risk Analysis

Is Ultra Addons for WPForms Safe to Use in 2026?

Generally Safe

Key Concerns

Ultra Addons for WPForms Security Vulnerabilities

CVEs by Year

Severity Breakdown

Ultra Addons for WPForms Release Timeline

Ultra Addons for WPForms Code Analysis

Dangerous Functions Found

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

Ultra Addons for WPForms Attack Surface

AJAX Handlers 16

Scheduled Events 1

Ultra Addons for WPForms Maintenance & Trust

Maintenance Signals

Community Trust

Ultra Addons for WPForms Alternatives

Origami For Contact Form 7 – Visual Form Progress

WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More

Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder

SureForms – Contact Form, Payment Form & Other Custom Form Builder

Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder

Ultra Addons for WPForms Developer Profile

How We Detect Ultra Addons for WPForms

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Ultra Addons for WPForms