Vedrixa Forms – Contact Form, Registration Form & Drag-and-Drop Form Builder Security & Risk Analysis
wordpress.org/plugins/vedrixa-forms-registration-builderBuild contact and registration forms with a drag-and-drop WordPress form builder and submission manager.
Is Vedrixa Forms – Contact Form, Registration Form & Drag-and-Drop Form Builder Safe to Use in 2026?
Generally Safe
Score 100/100Vedrixa Forms – Contact Form, Registration Form & Drag-and-Drop Form Builder has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The plugin "vedrixa-forms-registration-builder" v1.1.0 exhibits a generally good security posture with several strengths. The extensive use of prepared statements for all SQL queries is a significant positive, mitigating the risk of SQL injection. Furthermore, the vast majority of output is properly escaped, and there are no recorded vulnerabilities, indicating a history of secure development practices. The plugin also correctly implements nonce and capability checks in a substantial number of instances.
However, there are notable areas of concern. The presence of an AJAX handler without authentication checks represents a direct attack vector. While the number of such handlers is small, its unprotected nature poses a significant risk. The taint analysis also reveals two high-severity flows, which, despite not being classified as critical, warrant immediate attention as they suggest potential for data manipulation or unauthorized access if exploited. The plugin's total entry points are low, which is positive, but the existence of even one unprotected entry point is a critical flaw.
In conclusion, while the plugin demonstrates a strong foundation in secure coding, the identified unprotected AJAX handler and high-severity taint flows are critical weaknesses that need to be addressed. The lack of historical vulnerabilities is encouraging, but the current findings necessitate a focused effort to patch these specific security holes to maintain its otherwise positive security standing.
Key Concerns
- AJAX handler without authentication
- High severity taint flows
Vedrixa Forms – Contact Form, Registration Form & Drag-and-Drop Form Builder Security Vulnerabilities
Vedrixa Forms – Contact Form, Registration Form & Drag-and-Drop Form Builder Release Timeline
Vedrixa Forms – Contact Form, Registration Form & Drag-and-Drop Form Builder Code Analysis
SQL Query Safety
Output Escaping
Data Flow Analysis
Vedrixa Forms – Contact Form, Registration Form & Drag-and-Drop Form Builder Attack Surface
AJAX Handlers 1
Shortcodes 1
WordPress Hooks 23
Maintenance & Trust
Vedrixa Forms – Contact Form, Registration Form & Drag-and-Drop Form Builder Maintenance & Trust
Maintenance Signals
Community Trust
Vedrixa Forms – Contact Form, Registration Form & Drag-and-Drop Form Builder Alternatives
Ninja Forms – The Contact Form Builder That Grows With You
ninja-forms
The 100% beginner friendly WordPress form builder. Drag & drop form fields to build beautiful, professional contact forms in minutes.
NEX-Forms – Ultimate Forms Plugin for WordPress
nex-forms-express-wp-form-builder
Build beautiful responsive forms for WordPress. Contact forms, surveys, quizzes, booking forms, payments, popups & more with NEX-Forms...
NEX-Forms ADD ON – Form Themes
nex-forms-form-themes-add-on
Build beautiful responsive forms for WordPress. Contact forms, surveys, quizzes, booking forms, payments, popups & more with NEX-Forms...
VPSUForm – Drag & Drop Contact Form Builder with Email Automation
v-form
A lightweight drag-and-drop WordPress form builder with email automation, conditional logic, spam protection, and full lead management.
NEX-Forms ADD ON – Zapier Integration
nex-forms-zapier-add-on
The NEX-Forms Zapier Integration Add-on enables you to seamlessly connect your form submissions to over 10,000 apps.
Vedrixa Forms – Contact Form, Registration Form & Drag-and-Drop Form Builder Developer Profile
1 plugin · 0 total installs
How We Detect Vedrixa Forms – Contact Form, Registration Form & Drag-and-Drop Form Builder
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/vedrixa-forms-registration-builder/admin/css/jquery-ui.min.css/wp-content/plugins/vedrixa-forms-registration-builder/admin/css/registration-form-builder-admin.css/wp-content/plugins/vedrixa-forms-registration-builder/admin/css/admin.css/wp-content/plugins/vedrixa-forms-registration-builder/admin/css/style.css/wp-content/plugins/vedrixa-forms-registration-builder/admin/css/formbuilder.css/wp-content/plugins/vedrixa-forms-registration-builder/admin/js/registration-form-builder-admin.js/wp-content/plugins/vedrixa-forms-registration-builder/admin/js/formbuilder.jshttps://fonts.googleapis.com/icon?family=Material+Iconsvedrixa-forms-registration-builder/admin/css/jquery-ui.min.css?ver=vedrixa-forms-registration-builder/admin/css/registration-form-builder-admin.css?ver=vedrixa-forms-registration-builder/admin/css/admin.css?ver=vedrixa-forms-registration-builder/admin/css/style.css?ver=vedrixa-forms-registration-builder/admin/css/formbuilder.css?ver=vedrixa-forms-registration-builder/admin/js/registration-form-builder-admin.js?ver=vedrixa-forms-registration-builder/admin/js/formbuilder.js?ver=HTML / DOM Fingerprints
wpefb-prodata-formbuilderwpefb_admin_ajax_object