Does Ultra Addons for WPForms have any unpatched vulnerabilities?

No. All known vulnerabilities in Ultra Addons for WPForms have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Ultra Addons for WPForms compatible with WordPress 6.9.4?

According to WordPress.org data, Ultra Addons for WPForms 1.0.13 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Ultra Addons for WPForms compatible with PHP 7.4+?

Ultra Addons for WPForms requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Ultra Addons for WPForms updated?

Ultra Addons for WPForms was last updated on Mar 14, 2026. Frequent updates are generally a positive security signal.

What is Ultra Addons for WPForms's security score?

Ultra Addons for WPForms has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Ultra Addons for WPForms Security & Risk Analysis

wordpress.org/plugins/ultra-addons-for-wpforms

20+ Essential Addons for WPForms - Conditional Fields, Multi Step, Redirection, Columns, Repeater, Webhooks, Zapier & more

20 active installs v1.0.13 PHP 7.4+ WP 5.5+ Updated Mar 14, 2026

contact-formcustom-formform-builderformswpforms

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Ultra Addons for WPForms Safe to Use in 2026?

Generally Safe

Score 100/100

Ultra Addons for WPForms has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 20d ago

Risk Assessment

The plugin 'ultra-addons-for-wpforms' v1.0.13 exhibits a generally good security posture, with a high percentage of SQL queries using prepared statements and properly escaped output. The plugin also demonstrates robust use of nonces and capability checks across its functionality. However, a significant concern lies in the presence of 4 AJAX handlers that lack authentication checks, presenting a direct attack vector for unauthorized actions. Additionally, the use of the `unserialize` function three times, while not immediately critical given the static analysis results, warrants caution as it can be a vector for deserialization vulnerabilities if user-controlled data is passed to it without proper validation. The lack of any recorded CVEs or past vulnerabilities is a positive indicator, suggesting diligent development practices or limited exposure. Overall, the plugin is well-developed with strong adherence to secure coding practices, but the unprotected AJAX endpoints and potential for deserialization vulnerabilities introduce a measurable risk that needs to be addressed.

Key Concerns

Unprotected AJAX handlers
Dangerous function: unserialize

Vulnerabilities

None known

Ultra Addons for WPForms Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Ultra Addons for WPForms Code Analysis

Dangerous Functions

Raw SQL Queries

10 prepared

Unescaped Output

144

1067 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$mapdata = unserialize( $mapdata );app\Admin\Options\fields\map\ULTRAWPF_map.php:18

unserialize$data = unserialize( $ultrawpf_rep_value );app\Admin\Options\fields\repeater\ULTRAWPF_repeater.php:26

unserialize$data = ( ! is_array( $this->value ) ) ? unserialize( $this->value ) : $this->value;app\Admin\Options\fields\tab\ULTRAWPF_tab.php:44

Bundled Libraries

DataTablesSelect2

SQL Query Safety

91% prepared11 total queries

Output Escaping

88% escaped1211 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

12 flows2 with unsanitized paths

maybe_handle_oauth_redirect (app\Addons\GoogleSheets\Provider\Account.php:17)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

4 unprotected

Ultra Addons for WPForms Attack Surface

Entry Points16

Unprotected4

AJAX Handlers 16

authwp_ajax_ultrawpfdb_get_table_dataapp\Addons\Database\ULTRAWPF_Database.php:23

authwp_ajax_ultrawpfdb_mark_all_data_as_readapp\Addons\Database\ULTRAWPF_Database.php:24

authwp_ajax_ultrawpfdb_delete_all_dataapp\Addons\Database\ULTRAWPF_Database.php:25

authwp_ajax_ultrawpfdb_view_table_dataapp\Addons\Database\ULTRAWPF_Database.php:28

authwp_ajax_ultrawpfdb_deleted_table_datasapp\Addons\Database\ULTRAWPF_Database.php:30

authwp_ajax_ultrawpf_ajax_database_export_csvapp\Addons\Database\ULTRAWPF_Database.php:32

authwp_ajax_uawpf_google_sheets_get_auth_urlapp\Addons\GoogleSheets\Provider\Settings\PageIntegrations.php:28

authwp_ajax_uawpf_hubspot_popup_oauthapp\Addons\Hubspot\Includes\Provider\Account.php:13

authwp_ajax_ultrawpf_options_saveapp\Admin\Options\Classes\ULTRAWPF_Settings.php:39

authwp_ajax_ultrawpf_themefic_manage_pluginapp\Admin\Options\Classes\ULTRAWPF_Settings.php:41

authwp_ajax_ultrawpf_option_importapp\Admin\Options\ULTRAWPF_Options.php:48

authwp_ajax_tf_black_friday_notice_dismiss_callbackapp\Includes\PromoNotice.php:76

authwp_ajax_uawpf_promo_side_notice_dismiss_callbackapp\Includes\PromoNotice.php:97

authwp_ajax_uawpf_dashboard_widget_dismissapp\Includes\PromoNotice.php:112

authwp_ajax_ultrawpf_onclick_ajax_activate_pluginapp\Includes\SetupWizard.php:36

authwp_ajax_wpform_ajax_install_pluginapp\Includes\SetupWizard.php:39

WordPress Hooks 108

actioninitapp\Addons\AdvancedPhone\AdvancedPhone.php:13

filterultrawpf_settings_optionsapp\Addons\AdvancedPhone\AdvancedPhone.php:14

actionwp_headapp\Addons\AdvancedPhone\AdvancedPhone.php:15

filterwpforms_field_properties_uawpf_phoneapp\Addons\AdvancedPhone\Includes\AdvancedPhoneFiled.php:19

actionwpforms_builder_enqueuesapp\Addons\AdvancedPhone\Includes\AdvancedPhoneFiled.php:20

actionwpforms_frontend_cssapp\Addons\AdvancedPhone\Includes\AdvancedPhoneFiled.php:21

actionwpforms_frontend_jsapp\Addons\AdvancedPhone\Includes\AdvancedPhoneFiled.php:22

actionadmin_menuapp\Addons\Database\ULTRAWPF_Database.php:12

actionadmin_enqueue_scriptsapp\Addons\Database\ULTRAWPF_Database.php:13

actionadmin_initapp\Addons\Database\ULTRAWPF_Database.php:15

actioninitapp\Addons\Database\ULTRAWPF_Database.php:17

actionwpforms_process_entry_saveapp\Addons\Database\ULTRAWPF_Database.php:21

actionadmin_menuapp\Addons\Database\ULTRAWPF_Database.php:34

actioninitapp\Addons\DateTime\DateTime.php:14

actionwpforms_builder_enqueuesapp\Addons\DateTime\DateTime.php:15

filterwpforms_builder_field_option_classapp\Addons\DateTime\Includes\DateTimeField.php:57

actionwpforms_frontend_cssapp\Addons\DateTime\Includes\DateTimeField.php:62

actionwpforms_frontend_jsapp\Addons\DateTime\Includes\DateTimeField.php:63

filterwpforms_frontend_stringsapp\Addons\DateTime\Includes\DateTimeField.php:64

actionwpforms_process_entry_saveapp\Addons\FileUpload\Includes\Move_Upload.php:25

filterwpforms_get_form_fields_allowedapp\Addons\FileUpload\Includes\Upload_File_Field.php:32

actionwpforms_ajax_submit_before_processingapp\Addons\FileUpload\Includes\Upload_File_Field.php:33

filterwpforms_emails_send_email_dataapp\Addons\FileUpload\Includes\Upload_File_Field.php:34

actioninitapp\Addons\FileUpload\ULTRAWPF_File_Upload.php:14

actioninitapp\Addons\FileUpload\ULTRAWPF_File_Upload.php:15

actionadmin_enqueue_scriptsapp\Addons\FileUpload\ULTRAWPF_File_Upload.php:16

actionwp_enqueue_scriptsapp\Addons\FileUpload\ULTRAWPF_File_Upload.php:17

actioninitapp\Addons\GoogleSheets\GoogleSheets.php:27

actionwpforms_builder_enqueuesapp\Addons\GoogleSheets\GoogleSheets.php:28

filterwpforms_builder_settings_sectionsapp\Addons\GoogleSheets\GoogleSheets.php:87

actionwpforms_form_settings_panel_contentapp\Addons\GoogleSheets\GoogleSheets.php:88

actionadmin_initapp\Addons\GoogleSheets\Provider\Account.php:13

filterwpforms_save_form_argsapp\Addons\GoogleSheets\Provider\Settings\FormBuilder.php:34

filterwpforms_providers_status_is_connectedapp\Addons\GoogleSheets\Provider\Settings\FormBuilder.php:35

actionadmin_enqueue_scriptsapp\Addons\GoogleSheets\Provider\Settings\PageIntegrations.php:34

actionwpforms_admin_stringsapp\Addons\GoogleSheets\Provider\Settings\PageIntegrations.php:35

filterwpforms_helpers_templates_include_html_locatedapp\Addons\GoogleSheets\Provider\Template.php:18

actioninitapp\Addons\Hubspot\Hubspot.php:27

actionwpforms_builder_enqueuesapp\Addons\Hubspot\Hubspot.php:28

actionwpforms_settings_enqueueapp\Addons\Hubspot\Hubspot.php:29

filterwpforms_save_form_argsapp\Addons\Hubspot\Includes\Provider\Settings\FormBuilder.php:37

filterwpforms_builder_save_form_response_dataapp\Addons\Hubspot\Includes\Provider\Settings\FormBuilder.php:39

filterwpforms_helpers_templates_include_html_locatedapp\Addons\Hubspot\Includes\Provider\Template.php:13

actioninitapp\Addons\Mailchimp\Mailchimp.php:23

actionwpforms_builder_enqueuesapp\Addons\Mailchimp\Mailchimp.php:24

filterwpforms_save_form_argsapp\Addons\Mailchimp\Provider\Settings\FormBuilder.php:51

filterwpforms_helpers_templates_include_html_locatedapp\Addons\Mailchimp\Provider\Template.php:18

filterwpforms_frontend_form_dataapp\Addons\Multistep\Includes\MultistepField.php:33

actionwpforms_frontend_outputapp\Addons\Multistep\Includes\MultistepField.php:36

actionwpforms_display_fields_beforeapp\Addons\Multistep\Includes\MultistepField.php:37

actionwpforms_display_field_afterapp\Addons\Multistep\Includes\MultistepField.php:38

actionwpforms_display_fields_afterapp\Addons\Multistep\Includes\MultistepField.php:39

actionwpforms_processapp\Addons\Multistep\Includes\MultistepField.php:40

actionwpforms_frontend_cssapp\Addons\Multistep\Includes\MultistepField.php:42

actionwpforms_frontend_jsapp\Addons\Multistep\Includes\MultistepField.php:43

actioninitapp\Addons\Multistep\Multistep.php:15

actionwpforms_builder_enqueuesapp\Addons\Multistep\Multistep.php:16

filterwpforms_entry_single_dataapp\Addons\Multistep\Multistep.php:17

actioninitapp\Addons\Password\Password.php:13

actionwpforms_frontend_jsapp\Addons\Repeater\Includes\Repeater_End.php:24

actionwpforms_frontend_cssapp\Addons\Repeater\Includes\Repeater_End.php:25

filterwpforms_process_before_form_dataapp\Addons\Repeater\Includes\Repeater_End.php:26

actioninitapp\Addons\Repeater\Repeater.php:16

actionwpforms_builder_enqueuesapp\Addons\Repeater\Repeater.php:17

filterwpforms_entry_single_dataapp\Addons\Repeater\Repeater.php:18

filterwpforms_field_properties_uawpf-richtextapp\Addons\RichText\Includes\RichTextField.php:30

filterwpforms_process_format_fieldapp\Addons\RichText\Includes\RichTextField.php:31

actionwpforms_frontend_cssapp\Addons\RichText\Includes\RichTextField.php:32

actionwpforms_frontend_jsapp\Addons\RichText\Includes\RichTextField.php:33

actioninitapp\Addons\RichText\RichText.php:14

actionwpforms_builder_enqueuesapp\Addons\RichText\RichText.php:15

actionwpforms_frontend_jsapp\Addons\WebsiteUrl\Includes\WebsiteUrlField.php:21

actioninitapp\Addons\WebsiteUrl\WebsiteUrl.php:14

actionadmin_menuapp\Admin\Menu\ULTRAWPF_Menu.php:11

actionadmin_menuapp\Admin\Options\Classes\ULTRAWPF_Settings.php:33

actionadmin_initapp\Admin\Options\Classes\ULTRAWPF_Settings.php:36

actionadmin_footerapp\Admin\Options\fields\icon\ULTRAWPF_icon.php:14

actioninitapp\Admin\Options\ULTRAWPF_Options.php:42

actionadmin_enqueue_scriptsapp\Admin\Options\ULTRAWPF_Options.php:44

actionadmin_enqueue_scriptsapp\Admin\Options\ULTRAWPF_Options.php:45

actionadmin_noticesapp\Admin\ULTRAWPF_Admin.php:26

filterultrawpf_settingsapp\Helpers\helpers.php:7

filterwpforms_builder_fields_buttonsapp\Helpers\helpers.php:49

filterwpforms_builder_fields_buttonsapp\Helpers\helpers.php:63

actionadmin_menuapp\Helpers\helpers.php:87

filterwpforms_builder_field_button_attributesapp\Helpers\helpers.php:116

actionadmin_menuapp\Helpers\helpers.php:151

actionadmin_menuapp\Includes\Changelog.php:27

actionin_admin_headerapp\Includes\Changelog.php:28

actionadmin_menuapp\Includes\GetHelp.php:26

actionin_admin_headerapp\Includes\GetHelp.php:27

filtercron_schedulesapp\Includes\PromoNotice.php:58

actionuawpf_promo__scheduleapp\Includes\PromoNotice.php:64

actionadmin_noticesapp\Includes\PromoNotice.php:75

actionuawpf_sidebar_promo_bannerapp\Includes\PromoNotice.php:96

actioninitapp\Includes\PromoNotice.php:111

actionwp_dashboard_setupapp\Includes\PromoNotice.php:125

actionadmin_menuapp\Includes\SetupWizard.php:33

filterultrawpf_settings_optionsapp\Includes\SetupWizard.php:34

actionadmin_initapp\Includes\SetupWizard.php:35

actionin_admin_headerapp\Includes\SetupWizard.php:37

actioninitultra-addons-for-wpforms.php:46

actionadmin_enqueue_scriptsultra-addons-for-wpforms.php:51

actionwpforms_builder_enqueuesultra-addons-for-wpforms.php:52

actionplugins_loadedultra-addons-for-wpforms.php:54

actionadmin_enqueue_scriptsultra-addons-for-wpforms.php:57

actionadmin_enqueue_scriptsultra-addons-for-wpforms.php:94

actionwp_enqueue_scriptsultra-addons-for-wpforms.php:95

Scheduled Events 1

uawpf_promo__schedule

Maintenance & Trust

Ultra Addons for WPForms Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 14, 2026

PHP min version7.4

Downloads718

Community Trust

Rating0/100

Number of ratings0

Active installs20

Alternatives

Ultra Addons for WPForms Alternatives

WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More

wpforms-lite

The best WordPress contact form plugin. Drag & Drop form builder to create beautiful contact forms, payment forms, & other custom forms.

6.0M 13 CVEs

Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder

fluentform

Get a fast contact form plugin. Create advanced forms using drag and drop form builder with all smart features.

600K 27 CVEs

SureForms – Contact Form, Payment Form & Other Custom Form Builder

sureforms

The most beginner-friendly, AI Form Builder for WordPress to create contact forms, payment forms & other custom forms with advanced features, with …

400K 15 CVEs

Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder

everest-forms

The best WordPress form builder. Create contact forms, payment forms, conversational forms, custom forms, surveys, & quizzes using drag and drop.

100K 12 CVEs

Ultra Addons for Contact Form 7

ultimate-addons-for-contact-form-7

50+ Essential Addons for Contact Form 7 - Conditional Fields, Multi Step, Redirection, Columns, WooCommerce, Mailchimp & more

60K 13 CVEs

Developer Profile

Ultra Addons for WPForms Developer Profile

Themefic

11 plugins · 97K total installs

trust score

Avg Security Score

95/100

Avg Patch Time

93 days

View full developer profile

Detection Fingerprints

How We Detect Ultra Addons for WPForms

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/ultra-addons-for-wpforms/assets/admin/css/ultrawpf-admin-form-builder.css/wp-content/plugins/ultra-addons-for-wpforms/assets/admin/css/ultrawpf-admin.min.css/wp-content/plugins/ultra-addons-for-wpforms/assets/admin/css/ultrawpf-admin-custom.css/wp-content/plugins/ultra-addons-for-wpforms/assets/admin/js/admin-script.min.js/wp-content/plugins/ultra-addons-for-wpforms/assets/admin/js/setup-wizard.min.js/wp-content/plugins/ultra-addons-for-wpforms/assets/app/libs/notyf/notyf.min.css/wp-content/plugins/ultra-addons-for-wpforms/assets/app/libs/notyf/notyf.min.js/wp-content/plugins/ultra-addons-for-wpforms/assets/public/css/ultrawpf-public.css

Script Paths

/wp-content/plugins/ultra-addons-for-wpforms/assets/admin/js/admin-script.min.js/wp-content/plugins/ultra-addons-for-wpforms/assets/admin/js/setup-wizard.min.js/wp-content/plugins/ultra-addons-for-wpforms/assets/app/libs/notyf/notyf.min.js

Version Parameters

ultra-addons-for-wpforms/assets/admin/css/ultrawpf-admin-form-builder.css?ver=ultra-addons-for-wpforms/assets/admin/css/ultrawpf-admin.min.css?ver=ultra-addons-for-wpforms/assets/admin/css/ultrawpf-admin-custom.css?ver=ultra-addons-for-wpforms/assets/admin/js/admin-script.min.js?ver=ultra-addons-for-wpforms/assets/admin/js/setup-wizard.min.js?ver=ultra-addons-for-wpforms/assets/app/libs/notyf/notyf.min.css?ver=ultra-addons-for-wpforms/assets/app/libs/notyf/notyf.min.js?ver=ultra-addons-for-wpforms/assets/public/css/ultrawpf-public.css?ver=

HTML / DOM Fingerprints

CSS Classes

ultrawpf-admin-styleultrawpf-admin-custom-styleultrawpf-frontend-styleultrawpf-admin-form-builder

JS Globals

ultrawpf_optionsultrawpf_admin_dataultrawpf_admin_params

FAQ

Ultra Addons for WPForms Security & Risk Analysis

Is Ultra Addons for WPForms Safe to Use in 2026?

Generally Safe

Key Concerns

Ultra Addons for WPForms Security Vulnerabilities

Ultra Addons for WPForms Code Analysis

Dangerous Functions Found

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

Ultra Addons for WPForms Attack Surface

AJAX Handlers 16

Scheduled Events 1

Ultra Addons for WPForms Maintenance & Trust

Maintenance Signals

Community Trust

Ultra Addons for WPForms Alternatives

WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More

Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder

SureForms – Contact Form, Payment Form & Other Custom Form Builder

Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder

Ultra Addons for Contact Form 7

Ultra Addons for WPForms Developer Profile

How We Detect Ultra Addons for WPForms

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Ultra Addons for WPForms